+ else
+ Dbprintf ("Too Many Bits to fit into bit buffer");
+ return NextOffset;
+}
+
+// Send T5577 reset command then read stream (see if we can identify the start of the stream)
+void T55xxResetRead(void) {
+ LED_A_ON();
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_keep_EM();
+
+ // Set up FPGA, 125kHz
+ LFSetupFPGAForADC(95, true);
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
+
+ // Trigger T55x7 in mode.
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ WaitUS(T55xx_Timing_FixedBit.START_GAP);
+
+ // reset tag - op code 00
+ T55xxWriteBit(0,&T55xx_Timing_FixedBit);
+ T55xxWriteBit(0,&T55xx_Timing_FixedBit);
+
+ TurnReadLFOn(T55xx_Timing_FixedBit.READ_GAP);
+
+ // Acquisition
+ DoPartialAcquisition(0, true, BigBuf_max_traceLen(), 0);
+
+ // Turn the field off
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ cmd_send(CMD_ACK,0,0,0,0,0);
+ LED_A_OFF();
+}
+
+// Send one downlink command to the card
+void T55xx_SendCMD (uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) { //, bool read_cmd) {//, struct T55xx_Timing *Timing) {
+
+ /*
+ arg bits
+ xxxxxxx1 0x01 PwdMode
+ xxxxxx1x 0x02 Page
+ xxxxx1xx 0x04 testMode
+ xxx11xxx 0x18 downlink mode
+ xx1xxxxx 0x20 reg_readmode
+ x1xxxxxx 0x40 called for a read, so no data packet
+
+ */
+ bool PwdMode = ((arg & 0x01) == 0x01);
+ uint8_t Page = (arg & 0x02) >> 1;
+ bool testMode = ((arg & 0x04) == 0x04);
+ uint8_t downlink_mode = (arg >> 3) & 0x03;;
+ bool reg_readmode = ((arg & 0x20) == 0x20);
+ bool read_cmd = ((arg & 0x40) == 0x40);
+
+ int i = 0;
+ uint8_t BitStream[10]; // Max Downlink Command size ~75 bits, so 10 bytes (80 bits)
+ uint8_t BitStreamLen;
+ int byte_idx, bit_idx;
+ T55xx_Timing *Timing;
+
+
+ // Assigning Downlink Timeing for write
+ switch (downlink_mode)
+ {
+ case T55xx_DLMode_Fixed : Timing = &T55xx_Timing_FixedBit; break;
+ case T55xx_DLMode_LLR : Timing = &T55xx_Timing_LLR; break;
+ case T55xx_DLMode_Leading0 : Timing = &T55xx_Timing_Leading0; break;
+ case T55xx_DLMode_1of4 : Timing = &T55xx_Timing_1of4; break;
+ default:
+ Timing = &T55xx_Timing_FixedBit;
+ }
+
+ // Build Bit Stream to send.
+ memset (BitStream,0x00,sizeof(BitStream));
+
+ BitStreamLen = 0;
+
+ // Add Leading 0 and 1 of 4 reference bit
+ if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4))
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream));
+
+ // Add extra reference 0 for 1 of 4
+ if (downlink_mode == T55xx_DLMode_1of4)
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream));
+
+ // Add Opcode
+ if (testMode) Dbprintf("TestMODE");
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,testMode ? 0 : 1 , 1,sizeof(BitStream));
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen,testMode ? 1 : Page , 1,sizeof(BitStream));
+
+ if (PwdMode) {
+
+ // Leading 0 and 1 of 4 00 fixed bits if passsword used
+ if ((downlink_mode == T55xx_DLMode_Leading0) || (downlink_mode == T55xx_DLMode_1of4)) {
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream));
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream));
+ }
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Pwd, 32,sizeof(BitStream));
+
+ }
+ // Add Lock bit
+ BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, 0, 1,sizeof(BitStream));
+
+ // Add Data if a write command
+ if (!read_cmd) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Data, 32,sizeof(BitStream));
+
+ // Add Address
+ if (!reg_readmode) BitStreamLen = T55xx_SetBits (BitStream, BitStreamLen, Block, 3,sizeof(BitStream));
+
+
+
+ // Send Bits to T55xx
+
+ // Set up FPGA, 125kHz
+ LFSetupFPGAForADC(95, true);
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
+ // Trigger T55x7 in mode.
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ WaitUS(Timing->START_GAP);
+
+
+ // If long leading 0 send long reference pulse
+ if (downlink_mode == T55xx_DLMode_LLR)
+ T55xxWriteBit (T55xx_LongLeadingReference,Timing); // Send Long Leading Start Reference
+
+ uint8_t SendBits;
+
+ if (downlink_mode == T55xx_DLMode_1of4) { // 1 of 4 need to send 2 bits at a time
+ for (i = 0; i < BitStreamLen; i+=2) {
+ byte_idx = i / 8;
+ bit_idx = i - (byte_idx * 8);
+ SendBits = ((BitStream[byte_idx] >> bit_idx) & 1) << 1;
+
+ byte_idx = (i+1) / 8;
+ bit_idx = (i+1) - (byte_idx * 8);
+ SendBits += (BitStream[byte_idx] >> bit_idx) & 1;
+
+ T55xxWriteBit (SendBits,Timing);
+ }
+ }
+ else {
+ for (i = 0; i < BitStreamLen; i++) {
+ byte_idx = i / 8;
+ bit_idx = i - (byte_idx * 8);
+ SendBits = (BitStream[byte_idx] >> bit_idx) & 1;
+ T55xxWriteBit (SendBits,Timing);
+ }
+ }
+
+}
+
+// Write one card block in page 0, no lock
+void T55xxWriteBlock(uint32_t Data, uint32_t Block, uint32_t Pwd, uint8_t arg) {
+ /*
+ arg bits
+ xxxxxxx1 0x01 PwdMode
+ xxxxxx1x 0x02 Page
+ xxxxx1xx 0x04 testMode
+ xxx11xxx 0x18 downlink mode
+ xx1xxxxx 0x20 reg_readmode
+ x1xxxxxx 0x40 called for a read, so no data packet
+ */
+
+ bool testMode = ((arg & 0x04) == 0x04);
+ arg &= (0xff ^ 0x40); // Called for a write, so ensure it is clear/0
+
+ LED_A_ON ();
+ T55xx_SendCMD (Data, Block, Pwd, arg) ;//, false);
+
+ // Perform write (nominal is 5.6 ms for T55x7 and 18ms for E5550,
+ // so wait a little more)
+
+ // "there is a clock delay before programming"
+ // - programming takes ~5.6ms for t5577 ~18ms for E5550 or t5567
+ // so we should wait 1 clock + 5.6ms then read response?
+ // but we need to know we are dealing with t5577 vs t5567 vs e5550 (or q5) marshmellow...
+ if (testMode) {
+ //TESTMODE TIMING TESTS:
+ // <566us does nothing
+ // 566-568 switches between wiping to 0s and doing nothing
+ // 5184 wipes and allows 1 block to be programmed.
+ // indefinite power on wipes and then programs all blocks with bitshifted data sent.
+ TurnReadLFOn(5184);
+
+ } else {
+ TurnReadLFOn(20 * 1000);
+ //could attempt to do a read to confirm write took
+ // as the tag should repeat back the new block
+ // until it is reset, but to confirm it we would
+ // need to know the current block 0 config mode for
+ // modulation clock an other details to demod the response...
+ // response should be (for t55x7) a 0 bit then (ST if on)
+ // block data written in on repeat until reset.
+
+ //DoPartialAcquisition(20, true, 12000);
+ }
+ // turn field off
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+
+ cmd_send(CMD_ACK,0,0,0,0,0);
+
+ LED_A_OFF ();
+}
+
+// Read one card block in page [page]
+void T55xxReadBlock (uint16_t arg0, uint8_t Block, uint32_t Pwd) {//, struct T55xx_Timing *Timing) {
+
+ LED_A_ON();
+
+ /*
+ arg bits
+ xxxxxxx1 0x01 PwdMode
+ xxxxxx1x 0x02 Page
+ xxxxx1xx 0x04 testMode
+ xxx11xxx 0x18 downlink mode
+ xx1xxxxx 0x20 reg_readmode
+ x1xxxxxx 0x40 called for a read, so no data packet
+ */
+
+ // Set Read Flag to ensure SendCMD does not add "data" to the packet
+ arg0 |= 0x40;
+
+
+ if (Block == 0xff) arg0 |= 0x20;
+
+ //make sure block is at max 7
+ Block &= 0x7;
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_ext(false);
+
+ T55xx_SendCMD (0, Block, Pwd, arg0); //, true);
+
+
+ // Turn field on to read the response
+ // 137*8 seems to get to the start of data pretty well...
+ // but we want to go past the start and let the repeating data settle in...
+ TurnReadLFOn(210*8);
+
+ // Acquisition
+ // Now do the acquisition
+ DoPartialAcquisition(0, true, 12000, 0);
+
+ // Turn the field off
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
+ cmd_send(CMD_ACK,0,0,0,0,0);
+
+ LED_A_OFF();
+}
+
+void T55xxWakeUp(uint32_t Pwd){
+ LED_B_ON();
+ uint32_t i = 0;
+
+ // Set up FPGA, 125kHz
+ LFSetupFPGAForADC(95, true);
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
+
+ // Trigger T55x7 Direct Access Mode
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ WaitUS(T55xx_Timing_FixedBit.START_GAP);
+
+ // Opcode 10
+ T55xxWriteBit(1,&T55xx_Timing_FixedBit);
+ T55xxWriteBit(0,&T55xx_Timing_FixedBit); //Page 0
+
+ // Send Pwd
+
+ for (i = 0x80000000; i != 0; i >>= 1)
+ T55xxWriteBit(Pwd & i,&T55xx_Timing_FixedBit);
+
+ // Turn and leave field on to let the begin repeating transmission
+ TurnReadLFOn(20*1000);
+}
+
+/*-------------- Cloning routines -----------*/
+
+void WriteT55xx(uint32_t *blockdata, uint8_t startblock, uint8_t numblocks) {
+ // write last block first and config block last (if included)
+ for (uint8_t i = numblocks+startblock; i > startblock; i--) {
+ T55xxWriteBlock(blockdata[i-1],i-1,0,0);//,false); //,&T55xx_Timing_FixedBit);
+ // T55xx_SendCMD (blockdata[i-1],i-1,0,0);//,false); //,&T55xx_Timing_FixedBit);
+ }
+}
+
+// Copy a HID-like card (e.g. HID Proximity, Paradox) to a T55x7 compatible card
+void CopyHIDtoT55x7(uint32_t hi2, uint32_t hi, uint32_t lo, uint8_t longFMT, uint8_t preamble) {
+ uint32_t data[] = {0,0,0,0,0,0,0};
+ uint8_t last_block = 0;
+
+ if (longFMT) {
+ // Ensure no more than 84 bits supplied
+ if (hi2>0xFFFFF) {
+ DbpString("Tags can only have 84 bits.");
+ return;
+ }
+ // Build the 6 data blocks for supplied 84bit ID
+ last_block = 6;
+ // load preamble & long format identifier (9E manchester encoded)
+ data[1] = (preamble << 24) | 0x96A900 | (manchesterEncode2Bytes((hi2 >> 16) & 0xF) & 0xFF);
+ // load raw id from hi2, hi, lo to data blocks (manchester encoded)
+ data[2] = manchesterEncode2Bytes(hi2 & 0xFFFF);
+ data[3] = manchesterEncode2Bytes(hi >> 16);
+ data[4] = manchesterEncode2Bytes(hi & 0xFFFF);
+ data[5] = manchesterEncode2Bytes(lo >> 16);
+ data[6] = manchesterEncode2Bytes(lo & 0xFFFF);
+ } else {
+ // Ensure no more than 44 bits supplied
+ if (hi>0xFFF) {
+ DbpString("Tags can only have 44 bits.");
+ return;
+ }
+ // Build the 3 data blocks for supplied 44bit ID
+ last_block = 3;
+ // load preamble
+ data[1] = (preamble << 24) | (manchesterEncode2Bytes(hi) & 0xFFFFFF);
+ data[2] = manchesterEncode2Bytes(lo >> 16);
+ data[3] = manchesterEncode2Bytes(lo & 0xFFFF);
+ }
+ // load chip config block
+ data[0] = T55x7_BITRATE_RF_50 | T55x7_MODULATION_FSK2a | last_block << T55x7_MAXBLOCK_SHIFT;
+
+ //TODO add selection of chip for Q5 or T55x7
+ // data[0] = (((50-2)/2)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_FSK2 | T5555_INVERT_OUTPUT | last_block << T5555_MAXBLOCK_SHIFT;
+