// if not provided a valid crc will be computed from the data and written.
void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc)
{
- StartTicks();
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
if(crc == 0) {
crc = update_crc16(crc, (idlo)&0xff);
// whether we're modulating the antenna (high)
// or listening to the antenna (low)
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
+ StartTicks();
+
LED_A_ON();
-
+
// steal this pin from the SSP and use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
// then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer)
// finally end with 0x0300 (write frame)
// all data is sent lsb first
- // finish with 15ms programming time
+ // finish with 50ms programming time
// modulate antenna
HIGH(GPIO_SSC_DOUT);
int i = 0;
uint8_t *buf = BigBuf_get_addr();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
+ //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
//FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD);
//FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE );
AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK;
// power on antenna
- // OPEN_COIL();
- // SpinDelay(50);
+ OPEN_COIL();
+ // charge time
+ WaitMS(50);
for(;;) {
WDT_HIT();
errCnt = Em410xDecode(dest, &size, &idx, &hi, &lo);
if (errCnt){
- if (size>64){
+ if (size == 128){
Dbprintf("EM XL TAG ID: %06x%08x%08x - (%05d_%03d_%08d)",
hi,
(uint32_t)(lo>>32),
// Give it a bit of time for the resonant antenna to settle.
WaitUS(delay);
}
+void TurnReadLF_off(uint32_t delay) {
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ WaitUS(delay);
+}
// Write one bit to card
void T55xxWriteBit(int bit) {
// 55FC * 8us == 440us / 21.3 === 20.65 steps. could be too short. Go for 56FC instead
// 32FC * 8us == 256us / 21.3 == 12.018 steps. ok
// 16FC * 8us == 128us / 21.3 == 6.009 steps. ok
-
#ifndef EM_START_GAP
-#define EM_START_GAP 60*8
-#endif
-#ifndef EM_ONE_GAP
-#define EM_ONE_GAP 32*8
-#endif
-#ifndef EM_ZERO_GAP
-# define EM_ZERO_GAP 16*8
+#define EM_START_GAP 55*8
#endif
fwd_write_ptr = forwardLink_data;
fwd_bit_sz--; //prepare next bit modulation
fwd_write_ptr++;
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- WaitUS(EM_START_GAP);
- TurnReadLFOn(16);
+ TurnReadLF_off(EM_START_GAP);
+ TurnReadLFOn(18*8);
// now start writting with bitbanging the antenna.
while(fwd_bit_sz-- > 0) { //prepare next bit modulation
- if(((*fwd_write_ptr++) & 1) == 1)
- WaitUS(EM_ONE_GAP);
- else {
- //These timings work for 4469/4269/4305
- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- WaitUS(20);
- TurnReadLFOn(12);
+ if(((*fwd_write_ptr++) & 1) == 1) {
+ WaitUS(32);
+ } else {
+ TurnReadLF_off(23*8);
+ TurnReadLFOn(16*8);
}
}
}
len = Prepare_Cmd( FWD_CMD_LOGIN );
len += Prepare_Data( pwd & 0xFFFF, pwd >> 16 );
SendForward(len);
- WaitMS(20); // no wait for login command.
+ //WaitUS(20); // no wait for login command.
// should receive
// 0000 1010 ok.
// 0000 0001 fail
void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) {
LED_A_ON();
-
uint8_t len;
//clear buffer now so it does not interfere with timing later
SendForward(len);
- DoAcquisition_default(0, TRUE);
+ WaitUS(400);
+
+ DoPartialAcquisition(20, true, 6000);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,0,0,0,0,0);
SendForward(len);
//Wait 20ms for write to complete?
- WaitMS(10);
+ WaitMS(7);
//Capture response if one exists
- DoAcquisition_default(20, TRUE);
+ DoPartialAcquisition(20, true, 6000);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
cmd_send(CMD_ACK,0,0,0,0,0);
projects / proxmark3-svn / blobdiff