git.zerfleddert.de Git - proxmark3-svn/blobdiff

//-----------------------------------------------------------------------------

-// Routines to support ISO 15693. This includes both the reader software and

-// the `fake tag' modes, but at the moment I've implemented only the reader

-// stuff, and that barely.

// Jonathan Westhues, split Nov 2006

+// Modified by Greg Jones, Jan 2009

+// Modified by Adrian Dabrowski "atrox", Mar-Sept 2010,Oct 2011

+// Modified by piwi, Oct 2018

+//

+// This code is licensed to you under the terms of the GNU GPL, version 2 or,

+// at your option, any later version. See the LICENSE.txt file for the text of

+// the license.

+//-----------------------------------------------------------------------------

+// Routines to support ISO 15693. This includes both the reader software and

+// the `fake tag' modes.

+//-----------------------------------------------------------------------------

-// Modified by Greg Jones, Jan 2009 to perform modulation onboard in arm rather than on PC

-// Also added additional reader commands (SELECT, READ etc.)

-

+// The ISO 15693 describes two transmission modes from reader to tag, and four

+// transmission modes from tag to reader. As of Oct 2018 this code supports

+// both reader modes and the high speed variant with one subcarrier from card to reader.

+// As long as the card fully support ISO 15693 this is no problem, since the

+// reader chooses both data rates, but some non-standard tags do not.

+// For card simulation, the code supports both high and low speed modes with one subcarrier.

+//

+// VCD (reader) -> VICC (tag)

+// 1 out of 256:

+// data rate: 1,66 kbit/s (fc/8192)

+// used for long range

+// 1 out of 4:

+// data rate: 26,48 kbit/s (fc/512)

+// used for short range, high speed

+//

+// VICC (tag) -> VCD (reader)

+// Modulation:

+// ASK / one subcarrier (423,75 khz)

+// FSK / two subcarriers (423,75 khz && 484,28 khz)

+// Data Rates / Modes:

+// low ASK: 6,62 kbit/s

+// low FSK: 6.67 kbit/s

+// high ASK: 26,48 kbit/s

+// high FSK: 26,69 kbit/s

//-----------------------------------------------------------------------------

+

+// Random Remarks:

+// *) UID is always used "transmission order" (LSB), which is reverse to display order

+

+// TODO / BUGS / ISSUES:

+// *) signal decoding is unable to detect collisions.

+// *) add anti-collision support for inventory-commands

+// *) read security status of a block

+// *) sniffing and simulation do not support two subcarrier modes.

+// *) remove or refactor code under "deprecated"

+// *) document all the functions

+

+#include "iso15693.h"

+

#include "proxmark3.h"

#include "util.h"

#include "apps.h"

#include "proxmark3.h"

#include "util.h"

#include "apps.h"

+#include "string.h"

+#include "iso15693tools.h"

+#include "protocols.h"

+#include "cmd.h"

+#include "BigBuf.h"

+#include "fpgaloader.h"

-// FROM winsrc\prox.h //////////////////////////////////

#define arraylen(x) (sizeof(x)/sizeof((x)[0]))

-//-----------------------------------------------------------------------------

-// Map a sequence of octets (~layer 2 command) into the set of bits to feed

-// to the FPGA, to transmit that command to the tag.

-//-----------------------------------------------------------------------------

+static int DEBUG = 0;

- // The sampling rate is 106.353 ksps/s, for T = 18.8 us

-

- // SOF defined as

- // 1) Unmodulated time of 56.64us

- // 2) 24 pulses of 423.75khz

- // 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz)

-

- static const int FrameSOF[] = {

- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

- -1, -1, -1, -1,

- 1, 1, 1, 1,

- 1, 1, 1, 1

- };

- static const int Logic0[] = {

- 1, 1, 1, 1,

- -1, -1, -1, -1,

- -1, -1, -1, -1

- };

- static const int Logic1[] = {

- -1, -1, -1, -1,

- 1, 1, 1, 1,

- 1, 1, 1, 1

- };

-

- // EOF defined as

- // 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us)

- // 2) 24 pulses of 423.75khz

- // 3) Unmodulated time of 56.64us

-

- static const int FrameEOF[] = {

- 1, 1, 1, 1,

- -1, -1, -1, -1,

- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,

- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1

- };

+///////////////////////////////////////////////////////////////////////

+// ISO 15693 Part 2 - Air Interface

+// This section basically contains transmission and receiving of bits

+///////////////////////////////////////////////////////////////////////

+// buffers

+#define ISO15693_DMA_BUFFER_SIZE 2048 // must be a power of 2

+#define ISO15693_MAX_RESPONSE_LENGTH 36 // allows read single block with the maximum block size of 256bits. Read multiple blocks not supported yet

+#define ISO15693_MAX_COMMAND_LENGTH 45 // allows write single block with the maximum block size of 256bits. Write multiple blocks not supported yet

+

+// ---------------------------

+// Signal Processing

+// ---------------------------

+

+// prepare data using "1 out of 4" code for later transmission

+// resulting data rate is 26.48 kbit/s (fc/512)

+// cmd ... data

+// n ... length of data

static void CodeIso15693AsReader(uint8_t *cmd, int n)

{

int i, j;

static void CodeIso15693AsReader(uint8_t *cmd, int n)

{

int i, j;

ToSendStuffBit(1);

}

ToSendStuffBit(1);

}

+ // SOF for 1of4

ToSendStuffBit(0);

ToSendStuffBit(1);

ToSendStuffBit(0);

ToSendStuffBit(1);

}

+ // EOF

ToSendStuffBit(1);

ToSendStuffBit(0);

ToSendStuffBit(1);

ToSendStuffBit(0);

ToSendStuffBit(1);

- // And slack at the end, too.

- for(i = 0; i < 24; i++) {

+ // Fill remainder of last byte with 1

+ for(i = 0; i < 4; i++) {

ToSendStuffBit(1);

}

ToSendStuffBit(1);

}

+

+ ToSendMax++;

}

-//-----------------------------------------------------------------------------

-// The CRC used by ISO 15693.

-//-----------------------------------------------------------------------------

-static uint16_t Crc(uint8_t *v, int n)

+// encode data using "1 out of 256" scheme

+// data rate is 1,66 kbit/s (fc/8192)

+// is designed for more robust communication over longer distances

+static void CodeIso15693AsReader256(uint8_t *cmd, int n)

{

- uint32_t reg;

int i, j;

- reg = 0xffff;

+ ToSendReset();

+

+ // Give it a bit of slack at the beginning

+ for(i = 0; i < 24; i++) {

+ ToSendStuffBit(1);

+ }

+

+ // SOF for 1of256

+ ToSendStuffBit(0);

+ ToSendStuffBit(1);

+ ToSendStuffBit(0);

+

for(i = 0; i < n; i++) {

- reg = reg ^ ((uint32_t)v[i]);

- for (j = 0; j < 8; j++) {

- if (reg & 0x0001) {

- reg = (reg >> 1) ^ 0x8408;

+ for (j = 0; j<=255; j++) {

+ if (cmd[i]==j) {

+ ToSendStuffBit(1);

+ ToSendStuffBit(0);

} else {

- reg = (reg >> 1);

+ ToSendStuffBit(1);

}

+ // EOF

+ ToSendStuffBit(1);

+ ToSendStuffBit(0);

+ ToSendStuffBit(1);

+

+ // Fill remainder of last byte with 1

+ for(i = 0; i < 4; i++) {

+ ToSendStuffBit(1);

+ }

- return ~reg;

+ ToSendMax++;

}

-char *strcat(char *dest, const char *src)

-{

- size_t dest_len = strlen(dest);

- size_t i;

- for (i = 0 ; src[i] != '\0' ; i++)

- dest[dest_len + i] = src[i];

- dest[dest_len + i] = '\0';

+// static uint8_t encode4Bits(const uint8_t b) {

+ // uint8_t c = b & 0xF;

+ // // OTA, the least significant bits first

+ // // The columns are

+ // // 1 - Bit value to send

+ // // 2 - Reversed (big-endian)

+ // // 3 - Manchester Encoded

+ // // 4 - Hex values

+

+ // switch(c){

+ // // 1 2 3 4

+ // case 15: return 0x55; // 1111 -> 1111 -> 01010101 -> 0x55

+ // case 14: return 0x95; // 1110 -> 0111 -> 10010101 -> 0x95

+ // case 13: return 0x65; // 1101 -> 1011 -> 01100101 -> 0x65

+ // case 12: return 0xa5; // 1100 -> 0011 -> 10100101 -> 0xa5

+ // case 11: return 0x59; // 1011 -> 1101 -> 01011001 -> 0x59

+ // case 10: return 0x99; // 1010 -> 0101 -> 10011001 -> 0x99

+ // case 9: return 0x69; // 1001 -> 1001 -> 01101001 -> 0x69

+ // case 8: return 0xa9; // 1000 -> 0001 -> 10101001 -> 0xa9

+ // case 7: return 0x56; // 0111 -> 1110 -> 01010110 -> 0x56

+ // case 6: return 0x96; // 0110 -> 0110 -> 10010110 -> 0x96

+ // case 5: return 0x66; // 0101 -> 1010 -> 01100110 -> 0x66

+ // case 4: return 0xa6; // 0100 -> 0010 -> 10100110 -> 0xa6

+ // case 3: return 0x5a; // 0011 -> 1100 -> 01011010 -> 0x5a

+ // case 2: return 0x9a; // 0010 -> 0100 -> 10011010 -> 0x9a

+ // case 1: return 0x6a; // 0001 -> 1000 -> 01101010 -> 0x6a

+ // default: return 0xaa; // 0000 -> 0000 -> 10101010 -> 0xaa

+

+ // }

+// }

+

+static const uint8_t encode_4bits[16] = { 0xaa, 0x6a, 0x9a, 0x5a, 0xa6, 0x66, 0x96, 0x56, 0xa9, 0x69, 0x99, 0x59, 0xa5, 0x65, 0x95, 0x55 };

+

+void CodeIso15693AsTag(uint8_t *cmd, size_t len) {

+ /*

+ * SOF comprises 3 parts;

+ * * An unmodulated time of 56.64 us

+ * * 24 pulses of 423.75 kHz (fc/32)

+ * * A logic 1, which starts with an unmodulated time of 18.88us

+ * followed by 8 pulses of 423.75kHz (fc/32)

+ *

+ * EOF comprises 3 parts:

+ * - A logic 0 (which starts with 8 pulses of fc/32 followed by an unmodulated

+ * time of 18.88us.

+ * - 24 pulses of fc/32

+ * - An unmodulated time of 56.64 us

+ *

+ * A logic 0 starts with 8 pulses of fc/32

+ * followed by an unmodulated time of 256/fc (~18,88us).

+ *

+ * A logic 0 starts with unmodulated time of 256/fc (~18,88us) followed by

+ * 8 pulses of fc/32 (also 18.88us)

+ *

+ * A bit here becomes 8 pulses of fc/32. Therefore:

+ * The SOF can be written as 00011101 = 0x1D

+ * The EOF can be written as 10111000 = 0xb8

+ * A logic 1 is 01

+ * A logic 0 is 10

+ *

+ * */

- return dest;

-}

+ ToSendReset();

-////////////////////////////////////////// code to do 'itoa'

+ // SOF

+ ToSend[++ToSendMax] = 0x1D; // 00011101

-/* reverse: reverse string s in place */

-void reverse(char s[])

-{

- int c, i, j;

+ // data

+ for (int i = 0; i < len; i++) {

+ ToSend[++ToSendMax] = encode_4bits[cmd[i] & 0xF];

+ ToSend[++ToSendMax] = encode_4bits[cmd[i] >> 4];

+ }

- for (i = 0, j = strlen(s)-1; i<j; i++, j--) {

- c = s[i];

- s[i] = s[j];

- s[j] = c;

- }

+ // EOF

+ ToSend[++ToSendMax] = 0xB8; // 10111000

+

+ ToSendMax++;

}

-/* itoa: convert n to characters in s */

-void itoa(int n, char s[])

+

+// Transmit the command (to the tag) that was placed in cmd[].

+static void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t start_time)

{

- int i, sign;

-

- if ((sign = n) < 0) /* record sign */

- n = -n; /* make n positive */

- i = 0;

- do { /* generate digits in reverse order */

- s[i++] = n % 10 + '0'; /* get next digit */

- } while ((n /= 10) > 0); /* delete it */

- if (sign < 0)

- s[i++] = '-';

- s[i] = '\0';

- reverse(s);

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_FULL_MOD);

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

+

+ while (GetCountSspClk() < start_time) ;

+

+ LED_B_ON();

+ for(int c = 0; c < len; c++) {

+ uint8_t data = cmd[c];

+ for (int i = 0; i < 8; i++) {

+ uint16_t send_word = (data & 0x80) ? 0x0000 : 0xffff;

+ while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ;

+ AT91C_BASE_SSC->SSC_THR = send_word;

+ while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ;

+ AT91C_BASE_SSC->SSC_THR = send_word;

+ data <<= 1;

+ }

+ WDT_HIT();

+ }

+ LED_B_OFF();

}

-//////////////////////////////////////// END 'itoa' CODE

//-----------------------------------------------------------------------------

-// Encode (into the ToSend buffers) an identify request, which is the first

-// thing that you must send to a tag to get a response.

+// Transmit the tag response (to the reader) that was placed in cmd[].

//-----------------------------------------------------------------------------

-static void BuildIdentifyRequest(void)

-{

- uint8_t cmd[5];

-

- uint16_t crc;

- // one sub-carrier, inventory, 1 slot, fast rate

- // AFI is at bit 5 (1<<4) when doing an INVENTORY

- cmd[0] = (1 << 2) | (1 << 5) | (1 << 1);

- // inventory command code

- cmd[1] = 0x01;

- // no mask

- cmd[2] = 0x00;

- //Now the CRC

- crc = Crc(cmd, 3);

- cmd[3] = crc & 0xff;

- cmd[4] = crc >> 8;

+void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow) {

+ // don't use the FPGA_HF_SIMULATOR_MODULATE_424K_8BIT minor mode. It would spoil GetCountSspClk()

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K);

+

+ uint32_t modulation_start_time = *start_time + 3 * 8; // no need to transfer the unmodulated start of SOF

+

+ while (GetCountSspClk() > (modulation_start_time & 0xfffffff8) + 3) { // we will miss the intended time

+ if (slot_time) {

+ modulation_start_time += slot_time; // use next available slot

+ } else {

+ modulation_start_time = (modulation_start_time & 0xfffffff8) + 8; // next possible time

+ }

- CodeIso15693AsReader(cmd, sizeof(cmd));

-}

+ while (GetCountSspClk() < (modulation_start_time & 0xfffffff8))

+ /* wait */ ;

-static void __attribute__((unused)) BuildSysInfoRequest(uint8_t *uid)

-{

- uint8_t cmd[12];

+ uint8_t shift_delay = modulation_start_time & 0x00000007;

- uint16_t crc;

- // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block

- // followed by teh block data

- // one sub-carrier, inventory, 1 slot, fast rate

- cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

- // System Information command code

- cmd[1] = 0x2B;

- // UID may be optionally specified here

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

- //Now the CRC

- crc = Crc(cmd, 10); // the crc needs to be calculated over 2 bytes

- cmd[10] = crc & 0xff;

- cmd[11] = crc >> 8;

+ *start_time = modulation_start_time - 3 * 8;

- CodeIso15693AsReader(cmd, sizeof(cmd));

+ LED_C_ON();

+ uint8_t bits_to_shift = 0x00;

+ uint8_t bits_to_send = 0x00;

+ for (size_t c = 0; c < len; c++) {

+ for (int i = (c==0?4:7); i >= 0; i--) {

+ uint8_t cmd_bits = ((cmd[c] >> i) & 0x01) ? 0xff : 0x00;

+ for (int j = 0; j < (slow?4:1); ) {

+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {

+ bits_to_send = bits_to_shift << (8 - shift_delay) | cmd_bits >> shift_delay;

+ AT91C_BASE_SSC->SSC_THR = bits_to_send;

+ bits_to_shift = cmd_bits;

+ j++;

+ }

+ WDT_HIT();

+ }

+ // send the remaining bits, padded with 0:

+ bits_to_send = bits_to_shift << (8 - shift_delay);

+ for ( ; ; ) {

+ if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) {

+ AT91C_BASE_SSC->SSC_THR = bits_to_send;

+ break;

+ }

+ LED_C_OFF();

}

-static void BuildSelectRequest( uint8_t uid[])

+

+//=============================================================================

+// An ISO 15693 decoder for tag responses (one subcarrier only).

+// Uses cross correlation to identify each bit and EOF.

+// This function is called 8 times per bit (every 2 subcarrier cycles).

+// Subcarrier frequency fs is 424kHz, 1/fs = 2,36us,

+// i.e. function is called every 4,72us

+// LED handling:

+// LED C -> ON once we have received the SOF and are expecting the rest.

+// LED C -> OFF once we have received EOF or are unsynced

+//

+// Returns: true if we received a EOF

+// false if we are still waiting for some more

+//=============================================================================

+

+#define NOISE_THRESHOLD 160 // don't try to correlate noise

+

+typedef struct DecodeTag {

+ enum {

+ STATE_TAG_SOF_LOW,

+ STATE_TAG_SOF_HIGH,

+ STATE_TAG_SOF_HIGH_END,

+ STATE_TAG_RECEIVING_DATA,

+ STATE_TAG_EOF

+ } state;

+ int bitCount;

+ int posCount;

+ enum {

+ LOGIC0,

+ LOGIC1,

+ SOF_PART1,

+ SOF_PART2

+ } lastBit;

+ uint16_t shiftReg;

+ uint16_t max_len;

+ uint8_t *output;

+ int len;

+ int sum1, sum2;

+} DecodeTag_t;

+

+static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint16_t amplitude, DecodeTag_t *DecodeTag)

{

+ switch(DecodeTag->state) {

+ case STATE_TAG_SOF_LOW:

+ // waiting for 12 times low (11 times low is accepted as well)

+ if (amplitude < NOISE_THRESHOLD) {

+ DecodeTag->posCount++;

+ } else {

+ if (DecodeTag->posCount > 10) {

+ DecodeTag->posCount = 1;

+ DecodeTag->sum1 = 0;

+ DecodeTag->state = STATE_TAG_SOF_HIGH;

+ } else {

+ DecodeTag->posCount = 0;

+ }

+ break;

-// uid[6]=0x31; // this is getting ignored - the uid array is not happening...

- uint8_t cmd[12];

+ case STATE_TAG_SOF_HIGH:

+ // waiting for 10 times high. Take average over the last 8

+ if (amplitude > NOISE_THRESHOLD) {

+ DecodeTag->posCount++;

+ if (DecodeTag->posCount > 2) {

+ DecodeTag->sum1 += amplitude; // keep track of average high value

+ }

+ if (DecodeTag->posCount == 10) {

+ DecodeTag->sum1 >>= 4; // calculate half of average high value (8 samples)

+ DecodeTag->state = STATE_TAG_SOF_HIGH_END;

+ }

+ } else { // high phase was too short

+ DecodeTag->posCount = 1;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ }

+ break;

- uint16_t crc;

- // one sub-carrier, inventory, 1 slot, fast rate

- //cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); // INVENTROY FLAGS

- cmd[0] = (1 << 4) | (1 << 5) | (1 << 1); // Select and addressed FLAGS

- // SELECT command code

- cmd[1] = 0x25;

- // 64-bit UID

-// cmd[2] = uid[0];//0x32;

-// cmd[3]= uid[1];//0x4b;

-// cmd[4] = uid[2];//0x03;

-// cmd[5] = uid[3];//0x01;

-// cmd[6] = uid[4];//0x00;

-// cmd[7] = uid[5];//0x10;

-// cmd[8] = uid[6];//0x05;

- cmd[2] = 0x32;//

- cmd[3] = 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05; // infineon?

+ case STATE_TAG_SOF_HIGH_END:

+ // waiting for a falling edge

+ if (amplitude < DecodeTag->sum1) { // signal drops below 50% average high: a falling edge

+ DecodeTag->lastBit = SOF_PART1; // detected 1st part of SOF (12 samples low and 12 samples high)

+ DecodeTag->shiftReg = 0;

+ DecodeTag->bitCount = 0;

+ DecodeTag->len = 0;

+ DecodeTag->sum1 = amplitude;

+ DecodeTag->sum2 = 0;

+ DecodeTag->posCount = 2;

+ DecodeTag->state = STATE_TAG_RECEIVING_DATA;

+ LED_C_ON();

+ } else {

+ DecodeTag->posCount++;

+ if (DecodeTag->posCount > 13) { // high phase too long

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ }

+ break;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

+ case STATE_TAG_RECEIVING_DATA:

+ if (DecodeTag->posCount == 1) {

+ DecodeTag->sum1 = 0;

+ DecodeTag->sum2 = 0;

+ }

+ if (DecodeTag->posCount <= 4) {

+ DecodeTag->sum1 += amplitude;

+ } else {

+ DecodeTag->sum2 += amplitude;

+ }

+ if (DecodeTag->posCount == 8) {

+ int32_t corr_1 = DecodeTag->sum2 - DecodeTag->sum1;

+ int32_t corr_0 = -corr_1;

+ int32_t corr_EOF = (DecodeTag->sum1 + DecodeTag->sum2) / 2;

+ if (corr_EOF > corr_0 && corr_EOF > corr_1) {

+ if (DecodeTag->lastBit == LOGIC0) { // this was already part of EOF

+ DecodeTag->state = STATE_TAG_EOF;

+ } else {

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ }

+ } else if (corr_1 > corr_0) {

+ // logic 1

+ if (DecodeTag->lastBit == SOF_PART1) { // still part of SOF

+ DecodeTag->lastBit = SOF_PART2; // SOF completed

+ } else {

+ DecodeTag->lastBit = LOGIC1;

+ DecodeTag->shiftReg >>= 1;

+ DecodeTag->shiftReg |= 0x80;

+ DecodeTag->bitCount++;

+ if (DecodeTag->bitCount == 8) {

+ DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg;

+ DecodeTag->len++;

+ if (DecodeTag->len > DecodeTag->max_len) {

+ // buffer overflow, give up

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ }

+ DecodeTag->bitCount = 0;

+ DecodeTag->shiftReg = 0;

+ }

+ } else {

+ // logic 0

+ if (DecodeTag->lastBit == SOF_PART1) { // incomplete SOF

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ } else {

+ DecodeTag->lastBit = LOGIC0;

+ DecodeTag->shiftReg >>= 1;

+ DecodeTag->bitCount++;

+ if (DecodeTag->bitCount == 8) {

+ DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg;

+ DecodeTag->len++;

+ if (DecodeTag->len > DecodeTag->max_len) {

+ // buffer overflow, give up

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ }

+ DecodeTag->bitCount = 0;

+ DecodeTag->shiftReg = 0;

+ }

+ DecodeTag->posCount = 0;

+ }

+ DecodeTag->posCount++;

+ break;

-// DbpIntegers(cmd[8],cmd[7],cmd[6]);

- // Now the CRC

- crc = Crc(cmd, 10); // the crc needs to be calculated over 10 bytes

- cmd[10] = crc & 0xff;

- cmd[11] = crc >> 8;

+ case STATE_TAG_EOF:

+ if (DecodeTag->posCount == 1) {

+ DecodeTag->sum1 = 0;

+ DecodeTag->sum2 = 0;

+ }

+ if (DecodeTag->posCount <= 4) {

+ DecodeTag->sum1 += amplitude;

+ } else {

+ DecodeTag->sum2 += amplitude;

+ }

+ if (DecodeTag->posCount == 8) {

+ int32_t corr_1 = DecodeTag->sum2 - DecodeTag->sum1;

+ int32_t corr_0 = -corr_1;

+ int32_t corr_EOF = (DecodeTag->sum1 + DecodeTag->sum2) / 2;

+ if (corr_EOF > corr_0 || corr_1 > corr_0) {

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ LED_C_OFF();

+ } else {

+ LED_C_OFF();

+ return true;

+ }

+ DecodeTag->posCount++;

+ break;

- CodeIso15693AsReader(cmd, sizeof(cmd));

+ }

+

+ return false;

}

-static void __attribute__((unused)) BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )

+

+static void DecodeTagInit(DecodeTag_t *DecodeTag, uint8_t *data, uint16_t max_len)

{

- uint8_t cmd[13];

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

+ DecodeTag->output = data;

+ DecodeTag->max_len = max_len;

+}

- uint16_t crc;

- // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block

- // followed by teh block data

- // one sub-carrier, inventory, 1 slot, fast rate

- cmd[0] = (1 << 6)| (1 << 5) | (1 << 1); // no SELECT bit

- // READ BLOCK command code

- cmd[1] = 0x20;

- // UID may be optionally specified here

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

- // Block number to read

- cmd[10] = blockNumber;//0x00;

- //Now the CRC

- crc = Crc(cmd, 11); // the crc needs to be calculated over 2 bytes

- cmd[11] = crc & 0xff;

- cmd[12] = crc >> 8;

- CodeIso15693AsReader(cmd, sizeof(cmd));

+static void DecodeTagReset(DecodeTag_t *DecodeTag)

+{

+ DecodeTag->posCount = 0;

+ DecodeTag->state = STATE_TAG_SOF_LOW;

}

-static void __attribute__((unused)) BuildReadMultiBlockRequest(uint8_t *uid)

+

+/*

+ * Receive and decode the tag response, also log to tracebuffer

+ */

+static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, int timeout)

{

- uint8_t cmd[14];

+ int samples = 0;

+ bool gotFrame = false;

- uint16_t crc;

- // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block

- // followed by teh block data

- // one sub-carrier, inventory, 1 slot, fast rate

- cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

- // READ Multi BLOCK command code

- cmd[1] = 0x23;

- // UID may be optionally specified here

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

- // First Block number to read

- cmd[10] = 0x00;

- // Number of Blocks to read

- cmd[11] = 0x2f; // read quite a few

- //Now the CRC

- crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

- cmd[12] = crc & 0xff;

- cmd[13] = crc >> 8;

+ uint16_t *dmaBuf = (uint16_t*)BigBuf_malloc(ISO15693_DMA_BUFFER_SIZE*sizeof(uint16_t));

- CodeIso15693AsReader(cmd, sizeof(cmd));

-}

+ // the Decoder data structure

+ DecodeTag_t DecodeTag = { 0 };

+ DecodeTagInit(&DecodeTag, response, max_len);

-static void __attribute__((unused)) BuildArbitraryRequest(uint8_t *uid,uint8_t CmdCode)

-{

- uint8_t cmd[14];

+ // wait for last transfer to complete

+ while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY));

- uint16_t crc;

- // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block

- // followed by teh block data

- // one sub-carrier, inventory, 1 slot, fast rate

- cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

- // READ BLOCK command code

- cmd[1] = CmdCode;

- // UID may be optionally specified here

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

- // Parameter

- cmd[10] = 0x00;

- cmd[11] = 0x0a;

+ // And put the FPGA in the appropriate mode

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_424_KHZ | FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE);

-// cmd[12] = 0x00;

-// cmd[13] = 0x00; //Now the CRC

- crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

- cmd[12] = crc & 0xff;

- cmd[13] = crc >> 8;

+ // Setup and start DMA.

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

+ FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE);

+ uint16_t *upTo = dmaBuf;

- CodeIso15693AsReader(cmd, sizeof(cmd));

-}

+ for(;;) {

+ uint16_t behindBy = ((uint16_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1);

-static void __attribute__((unused)) BuildArbitraryCustomRequest(uint8_t uid[], uint8_t CmdCode)

-{

- uint8_t cmd[14];

+ if (behindBy == 0) continue;

- uint16_t crc;

- // If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block

- // followed by teh block data

- // one sub-carrier, inventory, 1 slot, fast rate

- cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

- // READ BLOCK command code

- cmd[1] = CmdCode;

- // UID may be optionally specified here

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0; // always e0 (not exactly unique)

- // Parameter

- cmd[10] = 0x05; // for custom codes this must be manufcturer code

- cmd[11] = 0x00;

+ uint16_t tagdata = *upTo++;

-// cmd[12] = 0x00;

-// cmd[13] = 0x00; //Now the CRC

- crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

- cmd[12] = crc & 0xff;

- cmd[13] = crc >> 8;

+ if(upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content.

+ upTo = dmaBuf; // start reading the circular buffer from the beginning

+ if(behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) {

+ Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy);

+ break;

+ }

+ if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated.

+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and

+ AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers

+ }

- CodeIso15693AsReader(cmd, sizeof(cmd));

-}

+ samples++;

-/////////////////////////////////////////////////////////////////////////

-// Now the VICC>VCD responses when we are simulating a tag

-////////////////////////////////////////////////////////////////////

+ if (Handle15693SamplesFromTag(tagdata, &DecodeTag)) {

+ gotFrame = true;

+ break;

+ }

- static void BuildInventoryResponse(void)

-{

- uint8_t cmd[12];

+ if (samples > timeout && DecodeTag.state < STATE_TAG_RECEIVING_DATA) {

+ DecodeTag.len = 0;

+ break;

+ }

- uint16_t crc;

- // one sub-carrier, inventory, 1 slot, fast rate

- // AFI is at bit 5 (1<<4) when doing an INVENTORY

- cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);

- cmd[1] = 0;

- // 64-bit UID

- cmd[2] = 0x32;

- cmd[3]= 0x4b;

- cmd[4] = 0x03;

- cmd[5] = 0x01;

- cmd[6] = 0x00;

- cmd[7] = 0x10;

- cmd[8] = 0x05;

- cmd[9]= 0xe0;

- //Now the CRC

- crc = Crc(cmd, 10);

- cmd[10] = crc & 0xff;

- cmd[11] = crc >> 8;

+ }

- CodeIso15693AsReader(cmd, sizeof(cmd));

+ FpgaDisableSscDma();

+ BigBuf_free();

+

+ if (DEBUG) Dbprintf("samples = %d, gotFrame = %d, Decoder: state = %d, len = %d, bitCount = %d, posCount = %d",

+ samples, gotFrame, DecodeTag.state, DecodeTag.len, DecodeTag.bitCount, DecodeTag.posCount);

+

+ if (DecodeTag.len > 0) {

+ LogTrace(DecodeTag.output, DecodeTag.len, 0, 0, NULL, false);

+ }

+

+ return DecodeTag.len;

}

-//-----------------------------------------------------------------------------

-// Transmit the command (to the tag) that was placed in ToSend[].

-//-----------------------------------------------------------------------------

-static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *wait)

+

+//=============================================================================

+// An ISO15693 decoder for reader commands.

+//

+// This function is called 4 times per bit (every 2 subcarrier cycles).

+// Subcarrier frequency fs is 848kHz, 1/fs = 1,18us, i.e. function is called every 2,36us

+// LED handling:

+// LED B -> ON once we have received the SOF and are expecting the rest.

+// LED B -> OFF once we have received EOF or are in error state or unsynced

+//

+// Returns: true if we received a EOF

+// false if we are still waiting for some more

+//=============================================================================

+

+typedef struct DecodeReader {

+ enum {

+ STATE_READER_UNSYNCD,

+ STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF,

+ STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF,

+ STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF,

+ STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF,

+ STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4,

+ STATE_READER_RECEIVE_DATA_1_OUT_OF_4,

+ STATE_READER_RECEIVE_DATA_1_OUT_OF_256

+ } state;

+ enum {

+ CODING_1_OUT_OF_4,

+ CODING_1_OUT_OF_256

+ } Coding;

+ uint8_t shiftReg;

+ uint8_t bitCount;

+ int byteCount;

+ int byteCountMax;

+ int posCount;

+ int sum1, sum2;

+ uint8_t *output;

+} DecodeReader_t;

+

+static void DecodeReaderInit(DecodeReader_t* DecodeReader, uint8_t *data, uint16_t max_len)

{

- int c;

-

-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);

- if(*wait < 10) { *wait = 10; }

-

-// for(c = 0; c < *wait;) {

-// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

-// AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing!

-// c++;

-// }

-// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

-// volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;

-// (void)r;

-// }

-// WDT_HIT();

-// }

-

- c = 0;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = cmd[c];

- c++;

- if(c >= len) {

- break;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;

- (void)r;

- }

- WDT_HIT();

- }

- *samples = (c + *wait) << 3;

+ DecodeReader->output = data;

+ DecodeReader->byteCountMax = max_len;

+ DecodeReader->state = STATE_READER_UNSYNCD;

+ DecodeReader->byteCount = 0;

+ DecodeReader->bitCount = 0;

+ DecodeReader->posCount = 1;

+ DecodeReader->shiftReg = 0;

}

-//-----------------------------------------------------------------------------

-// Transmit the command (to the reader) that was placed in ToSend[].

-//-----------------------------------------------------------------------------

-static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)

+

+static void DecodeReaderReset(DecodeReader_t* DecodeReader)

{

- int c;

-

-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR); // No requirement to energise my coils

- if(*wait < 10) { *wait = 10; }

-

- c = 0;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = cmd[c];

- c++;

- if(c >= len) {

- break;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;

- (void)r;

- }

- WDT_HIT();

- }

- *samples = (c + *wait) << 3;

+ DecodeReader->state = STATE_READER_UNSYNCD;

}

-static int GetIso15693AnswerFromTag(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed)

+

+static int inline __attribute__((always_inline)) Handle15693SampleFromReader(uint8_t bit, DecodeReader_t *restrict DecodeReader)

{

- int c = 0;

- uint8_t *dest = (uint8_t *)BigBuf;

- int getNext = 0;

+ switch (DecodeReader->state) {

+ case STATE_READER_UNSYNCD:

+ // wait for unmodulated carrier

+ if (bit) {

+ DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF;

+ }

+ break;

- int8_t prev = 0;

+ case STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF:

+ if (!bit) {

+ // we went low, so this could be the beginning of a SOF

+ DecodeReader->posCount = 1;

+ DecodeReader->state = STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF;

+ }

+ break;

-// NOW READ RESPONSE

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

- //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads

- c = 0;

- getNext = FALSE;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = 0x43;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- int8_t b;

- b = (int8_t)AT91C_BASE_SSC->SSC_RHR;

-

- // The samples are correlations against I and Q versions of the

- // tone that the tag AM-modulates, so every other sample is I,

- // every other is Q. We just want power, so abs(I) + abs(Q) is

- // close to what we want.

- if(getNext) {

- int8_t r;

-

- if(b < 0) {

- r = -b;

+ case STATE_READER_AWAIT_1ST_RISING_EDGE_OF_SOF:

+ DecodeReader->posCount++;

+ if (bit) { // detected rising edge

+ if (DecodeReader->posCount < 4) { // rising edge too early (nominally expected at 5)

+ DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF;

+ } else { // SOF

+ DecodeReader->state = STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF;

+ }

+ } else {

+ if (DecodeReader->posCount > 5) { // stayed low for too long

+ DecodeReaderReset(DecodeReader);

} else {

- r = b;

+ // do nothing, keep waiting

+ }

+ break;

+

+ case STATE_READER_AWAIT_2ND_FALLING_EDGE_OF_SOF:

+ DecodeReader->posCount++;

+ if (!bit) { // detected a falling edge

+ if (DecodeReader->posCount < 20) { // falling edge too early (nominally expected at 21 earliest)

+ DecodeReaderReset(DecodeReader);

+ } else if (DecodeReader->posCount < 23) { // SOF for 1 out of 4 coding

+ DecodeReader->Coding = CODING_1_OUT_OF_4;

+ DecodeReader->state = STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF;

+ } else if (DecodeReader->posCount < 28) { // falling edge too early (nominally expected at 29 latest)

+ DecodeReaderReset(DecodeReader);

+ } else { // SOF for 1 out of 256 coding

+ DecodeReader->Coding = CODING_1_OUT_OF_256;

+ DecodeReader->state = STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF;

}

- if(prev < 0) {

- r -= prev;

+ } else {

+ if (DecodeReader->posCount > 29) { // stayed high for too long

+ DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF;

} else {

- r += prev;

+ // do nothing, keep waiting

}

+ }

+ break;

- dest[c++] = (uint8_t)r;

+ case STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF:

+ DecodeReader->posCount++;

+ if (bit) { // detected rising edge

+ if (DecodeReader->Coding == CODING_1_OUT_OF_256) {

+ if (DecodeReader->posCount < 32) { // rising edge too early (nominally expected at 33)

+ DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF;

+ } else {

+ DecodeReader->posCount = 1;

+ DecodeReader->bitCount = 0;

+ DecodeReader->byteCount = 0;

+ DecodeReader->sum1 = 1;

+ DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_256;

+ LED_B_ON();

+ }

+ } else { // CODING_1_OUT_OF_4

+ if (DecodeReader->posCount < 24) { // rising edge too early (nominally expected at 25)

+ DecodeReader->state = STATE_READER_AWAIT_1ST_FALLING_EDGE_OF_SOF;

+ } else {

+ DecodeReader->posCount = 1;

+ DecodeReader->state = STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4;

+ }

+ } else {

+ if (DecodeReader->Coding == CODING_1_OUT_OF_256) {

+ if (DecodeReader->posCount > 34) { // signal stayed low for too long

+ DecodeReaderReset(DecodeReader);

+ } else {

+ // do nothing, keep waiting

+ }

+ } else { // CODING_1_OUT_OF_4

+ if (DecodeReader->posCount > 26) { // signal stayed low for too long

+ DecodeReaderReset(DecodeReader);

+ } else {

+ // do nothing, keep waiting

+ }

+ break;

- if(c >= 2000) {

- break;

+ case STATE_READER_AWAIT_END_OF_SOF_1_OUT_OF_4:

+ DecodeReader->posCount++;

+ if (bit) {

+ if (DecodeReader->posCount == 9) {

+ DecodeReader->posCount = 1;

+ DecodeReader->bitCount = 0;

+ DecodeReader->byteCount = 0;

+ DecodeReader->sum1 = 1;

+ DecodeReader->state = STATE_READER_RECEIVE_DATA_1_OUT_OF_4;

+ LED_B_ON();

+ } else {

+ // do nothing, keep waiting

+ }

+ } else { // unexpected falling edge

+ DecodeReaderReset(DecodeReader);

+ }

+ break;

+

+ case STATE_READER_RECEIVE_DATA_1_OUT_OF_4:

+ bit = !!bit;

+ DecodeReader->posCount++;

+ if (DecodeReader->posCount == 1) {

+ DecodeReader->sum1 = bit;

+ } else if (DecodeReader->posCount <= 4) {

+ DecodeReader->sum1 += bit;

+ } else if (DecodeReader->posCount == 5) {

+ DecodeReader->sum2 = bit;

+ } else {

+ DecodeReader->sum2 += bit;

+ }

+ if (DecodeReader->posCount == 8) {

+ DecodeReader->posCount = 0;

+ if (DecodeReader->sum1 <= 1 && DecodeReader->sum2 >= 3) { // EOF

+ LED_B_OFF(); // Finished receiving

+ DecodeReaderReset(DecodeReader);

+ if (DecodeReader->byteCount != 0) {

+ return true;

+ }

}

+ if (DecodeReader->sum1 >= 3 && DecodeReader->sum2 <= 1) { // detected a 2bit position

+ DecodeReader->shiftReg >>= 2;

+ DecodeReader->shiftReg |= (DecodeReader->bitCount << 6);

+ }

+ if (DecodeReader->bitCount == 15) { // we have a full byte

+ DecodeReader->output[DecodeReader->byteCount++] = DecodeReader->shiftReg;

+ if (DecodeReader->byteCount > DecodeReader->byteCountMax) {

+ // buffer overflow, give up

+ LED_B_OFF();

+ DecodeReaderReset(DecodeReader);

+ }

+ DecodeReader->bitCount = 0;

+ DecodeReader->shiftReg = 0;

+ } else {

+ DecodeReader->bitCount++;

+ }

+ break;

+

+ case STATE_READER_RECEIVE_DATA_1_OUT_OF_256:

+ bit = !!bit;

+ DecodeReader->posCount++;

+ if (DecodeReader->posCount == 1) {

+ DecodeReader->sum1 = bit;

+ } else if (DecodeReader->posCount <= 4) {

+ DecodeReader->sum1 += bit;

+ } else if (DecodeReader->posCount == 5) {

+ DecodeReader->sum2 = bit;

} else {

- prev = b;

+ DecodeReader->sum2 += bit;

+ }

+ if (DecodeReader->posCount == 8) {

+ DecodeReader->posCount = 0;

+ if (DecodeReader->sum1 <= 1 && DecodeReader->sum2 >= 3) { // EOF

+ LED_B_OFF(); // Finished receiving

+ DecodeReaderReset(DecodeReader);

+ if (DecodeReader->byteCount != 0) {

+ return true;

+ }

+ if (DecodeReader->sum1 >= 3 && DecodeReader->sum2 <= 1) { // detected the bit position

+ DecodeReader->shiftReg = DecodeReader->bitCount;

+ }

+ if (DecodeReader->bitCount == 255) { // we have a full byte

+ DecodeReader->output[DecodeReader->byteCount++] = DecodeReader->shiftReg;

+ if (DecodeReader->byteCount > DecodeReader->byteCountMax) {

+ // buffer overflow, give up

+ LED_B_OFF();

+ DecodeReaderReset(DecodeReader);

+ }

+ DecodeReader->bitCount++;

}

+ break;

- getNext = !getNext;

- }

+ default:

+ LED_B_OFF();

+ DecodeReaderReset(DecodeReader);

+ break;

}

-//////////////////////////////////////////

-/////////// DEMODULATE ///////////////////

-//////////////////////////////////////////

+ return false;

+}

- int i, j;

- int max = 0, maxPos=0;

- int skip = 4;

+//-----------------------------------------------------------------------------

+// Receive a command (from the reader to us, where we are the simulated tag),

+// and store it in the given buffer, up to the given maximum length. Keeps

+// spinning, waiting for a well-framed command, until either we get one

+// (returns len) or someone presses the pushbutton on the board (returns -1).

+//

+// Assume that we're called with the SSC (to the FPGA) and ADC path set

+// correctly.

+//-----------------------------------------------------------------------------

-// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL

+int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time) {

+ int samples = 0;

+ bool gotFrame = false;

+ uint8_t b;

- // First, correlate for SOF

- for(i = 0; i < 100; i++) {

- int corr = 0;

- for(j = 0; j < arraylen(FrameSOF); j += skip) {

- corr += FrameSOF[j]*dest[i+(j/skip)];

- }

- if(corr > max) {

- max = corr;

- maxPos = i;

- }

-// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip));

+ uint8_t dmaBuf[ISO15693_DMA_BUFFER_SIZE];

- int k = 0; // this will be our return value

+ // the decoder data structure

+ DecodeReader_t DecodeReader = {0};

+ DecodeReaderInit(&DecodeReader, received, max_len);

- // greg - If correlation is less than 1 then there's little point in continuing

- if ((max/(arraylen(FrameSOF)/skip)) >= 1)

- {

+ // wait for last transfer to complete

+ while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY));

- i = maxPos + arraylen(FrameSOF)/skip;

+ LED_D_OFF();

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);

- uint8_t outBuf[20];

- memset(outBuf, 0, sizeof(outBuf));

- uint8_t mask = 0x01;

- for(;;) {

- int corr0 = 0, corr1 = 0, corrEOF = 0;

- for(j = 0; j < arraylen(Logic0); j += skip) {

- corr0 += Logic0[j]*dest[i+(j/skip)];

+ // clear receive register and wait for next transfer

+ uint32_t temp = AT91C_BASE_SSC->SSC_RHR;

+ (void) temp;

+ while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)) ;

+

+ uint32_t dma_start_time = GetCountSspClk() & 0xfffffff8;

+

+ // Setup and start DMA.

+ FpgaSetupSscDma(dmaBuf, ISO15693_DMA_BUFFER_SIZE);

+ uint8_t *upTo = dmaBuf;

+

+ for (;;) {

+ uint16_t behindBy = ((uint8_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1);

+

+ if (behindBy == 0) continue;

+

+ b = *upTo++;

+ if (upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content.

+ upTo = dmaBuf; // start reading the circular buffer from the beginning

+ if (behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) {

+ Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy);

+ break;

+ }

}

- for(j = 0; j < arraylen(Logic1); j += skip) {

- corr1 += Logic1[j]*dest[i+(j/skip)];

+ if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated.

+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and

+ AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers

}

- for(j = 0; j < arraylen(FrameEOF); j += skip) {

- corrEOF += FrameEOF[j]*dest[i+(j/skip)];

+

+ for (int i = 7; i >= 0; i--) {

+ if (Handle15693SampleFromReader((b >> i) & 0x01, &DecodeReader)) {

+ *eof_time = dma_start_time + samples - DELAY_READER_TO_ARM_SIM; // end of EOF

+ gotFrame = true;

+ break;

+ }

+ samples++;

}

- // Even things out by the length of the target waveform.

- corr0 *= 4;

- corr1 *= 4;

- if(corrEOF > corr1 && corrEOF > corr0) {

-// DbpString("EOF at %d", i);

+ if (gotFrame) {

break;

- } else if(corr1 > corr0) {

- i += arraylen(Logic1)/skip;

- outBuf[k] |= mask;

- } else {

- i += arraylen(Logic0)/skip;

}

- mask <<= 1;

- if(mask == 0) {

- k++;

- mask = 0x01;

- }

- if((i+(int)arraylen(FrameEOF)) >= 2000) {

- DbpString("ran off end!");

+

+ if (BUTTON_PRESS()) {

+ DecodeReader.byteCount = -1;

break;

}

break;

}

+

+ WDT_HIT();

}

- if(mask != 0x01) {

- DbpString("error, uneven octet! (discard extra bits!)");

-/// DbpString(" mask=%02x", mask);

- }

-// uint8_t str1 [8];

-// itoa(k,str1);

-// strcat(str1," octets read");

-// DbpString( str1); // DbpString("%d octets", k);

+ FpgaDisableSscDma();

-// for(i = 0; i < k; i+=3) {

-// //DbpString("# %2d: %02x ", i, outBuf[i]);

-// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]);

-// }

+ if (DEBUG) Dbprintf("samples = %d, gotFrame = %d, Decoder: state = %d, len = %d, bitCount = %d, posCount = %d",

+ samples, gotFrame, DecodeReader.state, DecodeReader.byteCount, DecodeReader.bitCount, DecodeReader.posCount);

- for(i = 0; i < k; i++) {

- receivedResponse[i] = outBuf[i];

+ if (DecodeReader.byteCount > 0) {

+ uint32_t sof_time = *eof_time

+ - DecodeReader.byteCount * (DecodeReader.Coding==CODING_1_OUT_OF_4?128:2048) // time for byte transfers

+ - 32 // time for SOF transfer

+ - 16; // time for EOF transfer

+ LogTrace(DecodeReader.output, DecodeReader.byteCount, sof_time, *eof_time, NULL, true);

}

- } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip))

- return k; // return the number of bytes demodulated

-/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2));

+ return DecodeReader.byteCount;

+}

+

+// Encode (into the ToSend buffers) an identify request, which is the first

+// thing that you must send to a tag to get a response.

+static void BuildIdentifyRequest(void)

+{

+ uint8_t cmd[5];

+

+ uint16_t crc;

+ // one sub-carrier, inventory, 1 slot, fast rate

+ // AFI is at bit 5 (1<<4) when doing an INVENTORY

+ cmd[0] = (1 << 2) | (1 << 5) | (1 << 1);

+ // inventory command code

+ cmd[1] = 0x01;

+ // no mask

+ cmd[2] = 0x00;

+ //Now the CRC

+ crc = Iso15693Crc(cmd, 3);

+ cmd[3] = crc & 0xff;

+ cmd[4] = crc >> 8;

+

+ CodeIso15693AsReader(cmd, sizeof(cmd));

}

-// Now the GetISO15693 message from sniffing command

-static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed)

+

+//-----------------------------------------------------------------------------

+// Start to read an ISO 15693 tag. We send an identify request, then wait

+// for the response. The response is not demodulated, just left in the buffer

+// so that it can be downloaded to a PC and processed there.

+//-----------------------------------------------------------------------------

+void AcquireRawAdcSamplesIso15693(void)

{

- int c = 0;

- uint8_t *dest = (uint8_t *)BigBuf;

- int getNext = 0;

+ LEDsoff();

+ LED_A_ON();

- int8_t prev = 0;

+ uint8_t *dest = BigBuf_get_addr();

-// NOW READ RESPONSE

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

- //spindelay(60); // greg - experiment to get rid of some of the 0 byte/failed reads

- c = 0;

- getNext = FALSE;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = 0x43;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- int8_t b;

- b = (int8_t)AT91C_BASE_SSC->SSC_RHR;

-

- // The samples are correlations against I and Q versions of the

- // tone that the tag AM-modulates, so every other sample is I,

- // every other is Q. We just want power, so abs(I) + abs(Q) is

- // close to what we want.

- if(getNext) {

- int8_t r;

-

- if(b < 0) {

- r = -b;

- } else {

- r = b;

- }

- if(prev < 0) {

- r -= prev;

- } else {

- r += prev;

- }

+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER);

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

- dest[c++] = (uint8_t)r;

+ BuildIdentifyRequest();

- if(c >= 20000) {

- break;

- }

- } else {

- prev = b;

- }

+ // Give the tags time to energize

+ LED_D_ON();

+ SpinDelay(100);

+

+ // Now send the command

+ TransmitTo15693Tag(ToSend, ToSendMax, 0);

- getNext = !getNext;

+ // wait for last transfer to complete

+ while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)) ;

+

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_SUBCARRIER_424_KHZ | FPGA_HF_READER_MODE_RECEIVE_AMPLITUDE);

+

+ for(int c = 0; c < 4000; ) {

+ if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

+ uint16_t r = AT91C_BASE_SSC->SSC_RHR;

+ dest[c++] = r >> 5;

}

-//////////////////////////////////////////

-/////////// DEMODULATE ///////////////////

-//////////////////////////////////////////

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ LEDsoff();

+}

- int i, j;

- int max = 0, maxPos=0;

- int skip = 4;

+void SnoopIso15693(void)

+{

+ LED_A_ON();

+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

+ BigBuf_free();

+

+ clear_trace();

+ set_tracing(true);

-// if(GraphTraceLen < 1000) return; // THIS CHECKS FOR A BUFFER TO SMALL

+ // The DMA buffer, used to stream samples from the FPGA

+ uint16_t* dmaBuf = (uint16_t*)BigBuf_malloc(ISO15693_DMA_BUFFER_SIZE*sizeof(uint16_t));

+ uint16_t *upTo;

- // First, correlate for SOF

- for(i = 0; i < 19000; i++) {

- int corr = 0;

- for(j = 0; j < arraylen(FrameSOF); j += skip) {

- corr += FrameSOF[j]*dest[i+(j/skip)];

- }

- if(corr > max) {

- max = corr;

- maxPos = i;

- }

+ // Count of samples received so far, so that we can include timing

+ // information in the trace buffer.

+ int samples = 0;

+

+ DecodeTag_t DecodeTag = {0};

+ uint8_t response[ISO15693_MAX_RESPONSE_LENGTH];

+ DecodeTagInit(&DecodeTag, response, sizeof(response));

+

+ DecodeReader_t DecodeReader = {0};;

+ uint8_t cmd[ISO15693_MAX_COMMAND_LENGTH];

+ DecodeReaderInit(&DecodeReader, cmd, sizeof(cmd));

+

+ // Print some debug information about the buffer sizes

+ if (DEBUG) {

+ Dbprintf("Snooping buffers initialized:");

+ Dbprintf(" Trace: %i bytes", BigBuf_max_traceLen());

+ Dbprintf(" Reader -> tag: %i bytes", ISO15693_MAX_COMMAND_LENGTH);

+ Dbprintf(" tag -> Reader: %i bytes", ISO15693_MAX_RESPONSE_LENGTH);

+ Dbprintf(" DMA: %i bytes", ISO15693_DMA_BUFFER_SIZE * sizeof(uint16_t));

}

-// DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip));

+ Dbprintf("Snoop started. Press PM3 Button to stop.");

- int k = 0; // this will be our return value

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE);

+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

- // greg - If correlation is less than 1 then there's little point in continuing

- if ((max/(arraylen(FrameSOF)/skip)) >= 1) // THIS SHOULD BE 1

- {

+ // Setup for the DMA.

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

+ upTo = dmaBuf;

+ FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE);

- i = maxPos + arraylen(FrameSOF)/skip;

+ bool TagIsActive = false;

+ bool ReaderIsActive = false;

+ bool ExpectTagAnswer = false;

- uint8_t outBuf[20];

- memset(outBuf, 0, sizeof(outBuf));

- uint8_t mask = 0x01;

+ // And now we loop, receiving samples.

for(;;) {

- int corr0 = 0, corr1 = 0, corrEOF = 0;

- for(j = 0; j < arraylen(Logic0); j += skip) {

- corr0 += Logic0[j]*dest[i+(j/skip)];

- }

- for(j = 0; j < arraylen(Logic1); j += skip) {

- corr1 += Logic1[j]*dest[i+(j/skip)];

- }

- for(j = 0; j < arraylen(FrameEOF); j += skip) {

- corrEOF += FrameEOF[j]*dest[i+(j/skip)];

- }

- // Even things out by the length of the target waveform.

- corr0 *= 4;

- corr1 *= 4;

+ uint16_t behindBy = ((uint16_t*)AT91C_BASE_PDC_SSC->PDC_RPR - upTo) & (ISO15693_DMA_BUFFER_SIZE-1);

- if(corrEOF > corr1 && corrEOF > corr0) {

-// DbpString("EOF at %d", i);

- break;

- } else if(corr1 > corr0) {

- i += arraylen(Logic1)/skip;

- outBuf[k] |= mask;

- } else {

- i += arraylen(Logic0)/skip;

+ if (behindBy == 0) continue;

+

+ uint16_t snoopdata = *upTo++;

+

+ if(upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content.

+ upTo = dmaBuf; // start reading the circular buffer from the beginning

+ if(behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) {

+ Dbprintf("About to blow circular buffer - aborted! behindBy=%d, samples=%d", behindBy, samples);

+ break;

+ }

+ if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX)) { // DMA Counter Register had reached 0, already rotated.

+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) dmaBuf; // refresh the DMA Next Buffer and

+ AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers

+ WDT_HIT();

+ if(BUTTON_PRESS()) {

+ DbpString("Snoop stopped.");

+ break;

+ }

}

- mask <<= 1;

- if(mask == 0) {

- k++;

- mask = 0x01;

+ samples++;

+

+ if (!TagIsActive) { // no need to try decoding reader data if the tag is sending

+ if (Handle15693SampleFromReader(snoopdata & 0x02, &DecodeReader)) {

+ FpgaDisableSscDma();

+ ExpectTagAnswer = true;

+ LogTrace(DecodeReader.output, DecodeReader.byteCount, samples, samples, NULL, true);

+ /* And ready to receive another command. */

+ DecodeReaderReset(&DecodeReader);

+ /* And also reset the demod code, which might have been */

+ /* false-triggered by the commands from the reader. */

+ DecodeTagReset(&DecodeTag);

+ upTo = dmaBuf;

+ FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE);

+ }

+ if (Handle15693SampleFromReader(snoopdata & 0x01, &DecodeReader)) {

+ FpgaDisableSscDma();

+ ExpectTagAnswer = true;

+ LogTrace(DecodeReader.output, DecodeReader.byteCount, samples, samples, NULL, true);

+ /* And ready to receive another command. */

+ DecodeReaderReset(&DecodeReader);

+ /* And also reset the demod code, which might have been */

+ /* false-triggered by the commands from the reader. */

+ DecodeTagReset(&DecodeTag);

+ upTo = dmaBuf;

+ FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE);

+ }

+ ReaderIsActive = (DecodeReader.state >= STATE_READER_AWAIT_2ND_RISING_EDGE_OF_SOF);

}

- if((i+(int)arraylen(FrameEOF)) >= 2000) {

- DbpString("ran off end!");

- break;

+

+ if (!ReaderIsActive && ExpectTagAnswer) { // no need to try decoding tag data if the reader is currently sending or no answer expected yet

+ if (Handle15693SamplesFromTag(snoopdata >> 2, &DecodeTag)) {

+ FpgaDisableSscDma();

+ //Use samples as a time measurement

+ LogTrace(DecodeTag.output, DecodeTag.len, samples, samples, NULL, false);

+ // And ready to receive another response.

+ DecodeTagReset(&DecodeTag);

+ DecodeReaderReset(&DecodeReader);

+ ExpectTagAnswer = false;

+ upTo = dmaBuf;

+ FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE);

+ }

+ TagIsActive = (DecodeTag.state >= STATE_TAG_RECEIVING_DATA);

}

- }

- if(mask != 0x01) {

- DbpString("error, uneven octet! (discard extra bits!)");

-/// DbpString(" mask=%02x", mask);

- }

-// uint8_t str1 [8];

-// itoa(k,str1);

-// strcat(str1," octets read");

-// DbpString( str1); // DbpString("%d octets", k);

+ }

-// for(i = 0; i < k; i+=3) {

-// //DbpString("# %2d: %02x ", i, outBuf[i]);

-// DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]);

-// }

+ FpgaDisableSscDma();

+ BigBuf_free();

- for(i = 0; i < k; i++) {

- receivedResponse[i] = outBuf[i];

- }

- } // "end if correlation > 0" (max/(arraylen(FrameSOF)/skip))

- return k; // return the number of bytes demodulated

+ LEDsoff();

-/// DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2));

+ DbpString("Snoop statistics:");

+ Dbprintf(" ExpectTagAnswer: %d", ExpectTagAnswer);

+ Dbprintf(" DecodeTag State: %d", DecodeTag.state);

+ Dbprintf(" DecodeTag byteCnt: %d", DecodeTag.len);

+ Dbprintf(" DecodeReader State: %d", DecodeReader.state);

+ Dbprintf(" DecodeReader byteCnt: %d", DecodeReader.byteCount);

+ Dbprintf(" Trace length: %d", BigBuf_get_traceLen());

}

-//-----------------------------------------------------------------------------

-// Start to read an ISO 15693 tag. We send an identify request, then wait

-// for the response. The response is not demodulated, just left in the buffer

-// so that it can be downloaded to a PC and processed there.

-//-----------------------------------------------------------------------------

-void AcquireRawAdcSamplesIso15693(void)

-{

- int c = 0;

- uint8_t *dest = (uint8_t *)BigBuf;

- int getNext = 0;

- int8_t prev = 0;

+// Initialize the proxmark as iso15k reader

+static void Iso15693InitReader() {

+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

+ // Setup SSC

+ // FpgaSetupSsc();

- BuildIdentifyRequest();

+ // Start from off (no field generated)

+ LED_D_OFF();

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ SpinDelay(10);

SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

// Give the tags time to energize

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

- SpinDelay(100);

+ LED_D_ON();

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER);

+ SpinDelay(250);

+}

- // Now send the command

- FpgaSetupSsc();

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);

+///////////////////////////////////////////////////////////////////////

+// ISO 15693 Part 3 - Air Interface

+// This section basically contains transmission and receiving of bits

+///////////////////////////////////////////////////////////////////////

- c = 0;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = ToSend[c];

- c++;

- if(c == ToSendMax+3) {

- break;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;

- (void)r;

- }

- WDT_HIT();

+

+// uid is in transmission order (which is reverse of display order)

+static void BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )

+{

+ uint8_t cmd[13];

+

+ uint16_t crc;

+ // If we set the Option_Flag in this request, the VICC will respond with the security status of the block

+ // followed by the block data

+ cmd[0] = ISO15693_REQ_OPTION | ISO15693_REQ_ADDRESS | ISO15693_REQ_DATARATE_HIGH;

+ // READ BLOCK command code

+ cmd[1] = ISO15693_READBLOCK;

+ // UID may be optionally specified here

+ // 64-bit UID

+ cmd[2] = uid[0];

+ cmd[3] = uid[1];

+ cmd[4] = uid[2];

+ cmd[5] = uid[3];

+ cmd[6] = uid[4];

+ cmd[7] = uid[5];

+ cmd[8] = uid[6];

+ cmd[9] = uid[7]; // 0xe0; // always e0 (not exactly unique)

+ // Block number to read

+ cmd[10] = blockNumber;

+ //Now the CRC

+ crc = Iso15693Crc(cmd, 11); // the crc needs to be calculated over 11 bytes

+ cmd[11] = crc & 0xff;

+ cmd[12] = crc >> 8;

+

+ CodeIso15693AsReader(cmd, sizeof(cmd));

+}

+

+// Now the VICC>VCD responses when we are simulating a tag

+static void BuildInventoryResponse(uint8_t *uid)

+{

+ uint8_t cmd[12];

+

+ uint16_t crc;

+

+ cmd[0] = 0; // No error, no protocol format extension

+ cmd[1] = 0; // DSFID (data storage format identifier). 0x00 = not supported

+ // 64-bit UID

+ cmd[2] = uid[7]; //0x32;

+ cmd[3] = uid[6]; //0x4b;

+ cmd[4] = uid[5]; //0x03;

+ cmd[5] = uid[4]; //0x01;

+ cmd[6] = uid[3]; //0x00;

+ cmd[7] = uid[2]; //0x10;

+ cmd[8] = uid[1]; //0x05;

+ cmd[9] = uid[0]; //0xe0;

+ //Now the CRC

+ crc = Iso15693Crc(cmd, 10);

+ cmd[10] = crc & 0xff;

+ cmd[11] = crc >> 8;

+

+ CodeIso15693AsTag(cmd, sizeof(cmd));

+}

+

+// Universal Method for sending to and recv bytes from a tag

+// init ... should we initialize the reader?

+// speed ... 0 low speed, 1 hi speed

+// *recv will contain the tag's answer

+// return: lenght of received data

+int SendDataTag(uint8_t *send, int sendlen, bool init, int speed, uint8_t *recv, uint16_t max_recv_len, uint32_t start_time) {

+

+ LED_A_ON();

+ LED_B_OFF();

+ LED_C_OFF();

+

+ if (init) Iso15693InitReader();

+

+ int answerLen=0;

+

+ if (!speed) {

+ // low speed (1 out of 256)

+ CodeIso15693AsReader256(send, sendlen);

+ } else {

+ // high speed (1 out of 4)

+ CodeIso15693AsReader(send, sendlen);

}

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

+ TransmitTo15693Tag(ToSend, ToSendMax, start_time);

+

+ // Now wait for a response

+ if (recv != NULL) {

+ answerLen = GetIso15693AnswerFromTag(recv, max_recv_len, DELAY_ISO15693_VCD_TO_VICC_READER * 2);

+ }

+

+ LED_A_OFF();

+

+ return answerLen;

+}

- c = 0;

- getNext = FALSE;

- for(;;) {

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {

- AT91C_BASE_SSC->SSC_THR = 0x43;

- }

- if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {

- int8_t b;

- b = (int8_t)AT91C_BASE_SSC->SSC_RHR;

-

- // The samples are correlations against I and Q versions of the

- // tone that the tag AM-modulates, so every other sample is I,

- // every other is Q. We just want power, so abs(I) + abs(Q) is

- // close to what we want.

- if(getNext) {

- int8_t r;

-

- if(b < 0) {

- r = -b;

- } else {

- r = b;

- }

- if(prev < 0) {

- r -= prev;

- } else {

- r += prev;

- }

- dest[c++] = (uint8_t)r;

+// --------------------------------------------------------------------

+// Debug Functions

+// --------------------------------------------------------------------

- if(c >= 2000) {

+// Decodes a message from a tag and displays its metadata and content

+#define DBD15STATLEN 48

+void DbdecodeIso15693Answer(int len, uint8_t *d) {

+ char status[DBD15STATLEN+1]={0};

+ uint16_t crc;

+

+ if (len > 3) {

+ if (d[0] & ISO15693_RES_EXT)

+ strncat(status,"ProtExt ", DBD15STATLEN);

+ if (d[0] & ISO15693_RES_ERROR) {

+ // error

+ strncat(status,"Error ", DBD15STATLEN);

+ switch (d[1]) {

+ case 0x01:

+ strncat(status,"01:notSupp", DBD15STATLEN);

break;

- }

- } else {

- prev = b;

+ case 0x02:

+ strncat(status,"02:notRecog", DBD15STATLEN);

+ break;

+ case 0x03:

+ strncat(status,"03:optNotSupp", DBD15STATLEN);

+ break;

+ case 0x0f:

+ strncat(status,"0f:noInfo", DBD15STATLEN);

+ break;

+ case 0x10:

+ strncat(status,"10:doesn'tExist", DBD15STATLEN);

+ break;

+ case 0x11:

+ strncat(status,"11:lockAgain", DBD15STATLEN);

+ break;

+ case 0x12:

+ strncat(status,"12:locked", DBD15STATLEN);

+ break;

+ case 0x13:

+ strncat(status,"13:progErr", DBD15STATLEN);

+ break;

+ case 0x14:

+ strncat(status,"14:lockErr", DBD15STATLEN);

+ break;

+ default:

+ strncat(status,"unknownErr", DBD15STATLEN);

}

-

- getNext = !getNext;

+ strncat(status," ", DBD15STATLEN);

+ } else {

+ strncat(status,"NoErr ", DBD15STATLEN);

}

+

+ crc=Iso15693Crc(d,len-2);

+ if ( (( crc & 0xff ) == d[len-2]) && (( crc >> 8 ) == d[len-1]) )

+ strncat(status,"CrcOK",DBD15STATLEN);

+ else

+ strncat(status,"CrcFail!",DBD15STATLEN);

+

+ Dbprintf("%s",status);

}

-//-----------------------------------------------------------------------------

-// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector

+

+///////////////////////////////////////////////////////////////////////

+// Functions called via USB/Client

+///////////////////////////////////////////////////////////////////////

+

+void SetDebugIso15693(uint32_t debug) {

+ DEBUG=debug;

+ Dbprintf("Iso15693 Debug is now %s",DEBUG?"on":"off");

+ return;

+}

+

+//---------------------------------------------------------------------------------------

+// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector.

// all demodulation performed in arm rather than host. - greg

-//-----------------------------------------------------------------------------

+//---------------------------------------------------------------------------------------

void ReaderIso15693(uint32_t parameter)

{

void ReaderIso15693(uint32_t parameter)

{

+ LEDsoff();

LED_A_ON();

- LED_B_ON();

- LED_C_OFF();

- LED_D_OFF();

-//DbpString(parameter);

+ set_tracing(true);

- //uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)

- uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //

- uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);

- uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);

- //uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960); // where we hold the uid for hi15reader

-// int answerLen0 = 0;

- int answerLen1 = 0;

- int answerLen2 = 0;

- int answerLen3 = 0;

+ int answerLen = 0;

+ uint8_t TagUID[8] = {0x00};

- // Blank arrays

- memset(BigBuf + 3660, 0, 300);

+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

+ uint8_t answer[ISO15693_MAX_RESPONSE_LENGTH];

+

+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

// Setup SSC

- FpgaSetupSsc();

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);

// Start from off (no field generated)

- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

- SpinDelay(200);

-

- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

- FpgaSetupSsc();

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ SpinDelay(200);

// Give the tags time to energize

- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

+ LED_D_ON();

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER);

SpinDelay(200);

+ StartCountSspClk();

- LED_A_ON();

- LED_B_OFF();

- LED_C_OFF();

- LED_D_OFF();

-

- int samples = 0;

- int tsamples = 0;

- int wait = 0;

- int elapsed = 0;

// FIRST WE RUN AN INVENTORY TO GET THE TAG UID

// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME

// FIRST WE RUN AN INVENTORY TO GET THE TAG UID

// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME

- uint8_t TagUID[7]; // where we hold the uid for hi15reader

-

-// BuildIdentifyRequest();

-// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);

-// TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3

-// // Now wait for a response

-// responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;

-// if (responseLen0 >=12) // we should do a better check than this

-// {

-// // really we should check it is a valid mesg

-// // but for now just grab what we think is the uid

-// TagUID[0] = receivedAnswer0[2];

-// TagUID[1] = receivedAnswer0[3];

-// TagUID[2] = receivedAnswer0[4];

-// TagUID[3] = receivedAnswer0[5];

-// TagUID[4] = receivedAnswer0[6];

-// TagUID[5] = receivedAnswer0[7];

-// TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code

-// DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);

-//}

// Now send the IDENTIFY command

BuildIdentifyRequest();

// Now send the IDENTIFY command

BuildIdentifyRequest();

- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);

- TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3

+ TransmitTo15693Tag(ToSend, ToSendMax, 0);

+

// Now wait for a response

- answerLen1 = GetIso15693AnswerFromTag(answer1, 100, &samples, &elapsed) ;

+ answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2) ;

+ uint32_t start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER;

- if (answerLen1 >=12) // we should do a better check than this

+ if (answerLen >=12) // we should do a better check than this

{

+ TagUID[0] = answer[2];

+ TagUID[1] = answer[3];

+ TagUID[2] = answer[4];

+ TagUID[3] = answer[5];

+ TagUID[4] = answer[6];

+ TagUID[5] = answer[7];

+ TagUID[6] = answer[8]; // IC Manufacturer code

+ TagUID[7] = answer[9]; // always E0

- TagUID[0] = answer1[2];

- TagUID[1] = answer1[3];

- TagUID[2] = answer1[4];

- TagUID[3] = answer1[5];

- TagUID[4] = answer1[6];

- TagUID[5] = answer1[7];

- TagUID[6] = answer1[8]; // IC Manufacturer code

-

- // Now send the SELECT command

- BuildSelectRequest(TagUID);

- TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3

- // Now wait for a response

- answerLen2 = GetIso15693AnswerFromTag(answer2, 100, &samples, &elapsed);

-

- // Now send the MULTI READ command

-// BuildArbitraryRequest(*TagUID,parameter);

- BuildArbitraryCustomRequest(TagUID,parameter);

-// BuildReadBlockRequest(*TagUID,parameter);

-// BuildSysInfoRequest(*TagUID);

- //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);

- TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait); // No longer ToSendMax+3

- // Now wait for a response

- answerLen3 = GetIso15693AnswerFromTag(answer3, 100, &samples, &elapsed) ;

+ }

+ Dbprintf("%d octets read from IDENTIFY request:", answerLen);

+ DbdecodeIso15693Answer(answerLen, answer);

+ Dbhexdump(answerLen, answer, false);

+

+ // UID is reverse

+ if (answerLen >= 12)

+ Dbprintf("UID = %02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",

+ TagUID[7],TagUID[6],TagUID[5],TagUID[4],

+ TagUID[3],TagUID[2],TagUID[1],TagUID[0]);

+

+ // Dbprintf("%d octets read from SELECT request:", answerLen2);

+ // DbdecodeIso15693Answer(answerLen2,answer2);

+ // Dbhexdump(answerLen2,answer2,true);

+

+ // Dbprintf("%d octets read from XXX request:", answerLen3);

+ // DbdecodeIso15693Answer(answerLen3,answer3);

+ // Dbhexdump(answerLen3,answer3,true);

+

+ // read all pages

+ if (answerLen >= 12 && DEBUG) {

+ for (int i = 0; i < 32; i++) { // sanity check, assume max 32 pages

+ BuildReadBlockRequest(TagUID, i);

+ TransmitTo15693Tag(ToSend, ToSendMax, start_time);

+ int answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2);

+ start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER;

+ if (answerLen > 0) {

+ Dbprintf("READ SINGLE BLOCK %d returned %d octets:", i, answerLen);

+ DbdecodeIso15693Answer(answerLen, answer);

+ Dbhexdump(answerLen, answer, false);

+ if ( *((uint32_t*) answer) == 0x07160101 ) break; // exit on NoPageErr

+ }

}

- Dbprintf("%d octets read from IDENTIFY request: %x %x %x %x %x %x %x %x %x", answerLen1,

- answer1[0], answer1[1], answer1[2],

- answer1[3], answer1[4], answer1[5],

- answer1[6], answer1[7], answer1[8]);

+ // for the time being, switch field off to protect rdv4.0

+ // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ LED_D_OFF();

- Dbprintf("%d octets read from SELECT request: %x %x %x %x %x %x %x %x %x", answerLen2,

- answer2[0], answer2[1], answer2[2],

- answer2[3], answer2[4], answer2[5],

- answer2[6], answer2[7], answer2[8]);

+ LED_A_OFF();

+}

- Dbprintf("%d octets read from XXX request: %x %x %x %x %x %x %x %x %x", answerLen3,

- answer3[0], answer3[1], answer3[2],

- answer3[3], answer3[4], answer3[5],

- answer3[6], answer3[7], answer3[8]);

+// Simulate an ISO15693 TAG.

+// For Inventory command: print command and send Inventory Response with given UID

+// TODO: interpret other reader commands and send appropriate response

+void SimTagIso15693(uint32_t parameter, uint8_t *uid)

+{

+ LEDsoff();

+ LED_A_ON();

-// str2[0]=0;

-// for(i = 0; i < responseLen3; i++) {

-// itoa(str1,receivedAnswer3[i]);

-// strcat(str2,str1);

-// }

-// DbpString(str2);

+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);

+ SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);

+ FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR);

- LED_A_OFF();

- LED_B_OFF();

- LED_C_OFF();

+ StartCountSspClk();

+

+ uint8_t cmd[ISO15693_MAX_COMMAND_LENGTH];

+

+ // Build a suitable response to the reader INVENTORY command

+ BuildInventoryResponse(uid);

+

+ // Listen to reader

+ while (!BUTTON_PRESS()) {

+ uint32_t eof_time = 0, start_time = 0;

+ int cmd_len = GetIso15693CommandFromReader(cmd, sizeof(cmd), &eof_time);

+

+ if ((cmd_len >= 5) && (cmd[0] & ISO15693_REQ_INVENTORY) && (cmd[1] == ISO15693_INVENTORY)) { // TODO: check more flags

+ bool slow = !(cmd[0] & ISO15693_REQ_DATARATE_HIGH);

+ start_time = eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM - DELAY_ARM_TO_READER_SIM;

+ TransmitTo15693Reader(ToSend, ToSendMax, &start_time, 0, slow);

+ }

+

+ Dbprintf("%d bytes read from reader:", cmd_len);

+ Dbhexdump(cmd_len, cmd, false);

+ }

+

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ LEDsoff();

+}

+

+// Since there is no standardized way of reading the AFI out of a tag, we will brute force it

+// (some manufactures offer a way to read the AFI, though)

+void BruteforceIso15693Afi(uint32_t speed)

+{

+ LEDsoff();

+ LED_A_ON();

+

+ uint8_t data[6];

+ uint8_t recv[ISO15693_MAX_RESPONSE_LENGTH];

+

+ int datalen=0, recvlen=0;

+

+ Iso15693InitReader();

+ StartCountSspClk();

+

+ // first without AFI

+ // Tags should respond without AFI and with AFI=0 even when AFI is active

+

+ data[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_SLOT1;

+ data[1] = ISO15693_INVENTORY;

+ data[2] = 0; // mask length

+ datalen = Iso15693AddCrc(data,3);

+ recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), 0);

+ uint32_t start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER;

+ WDT_HIT();

+ if (recvlen>=12) {

+ Dbprintf("NoAFI UID=%s", Iso15693sprintUID(NULL, &recv[2]));

+ }

+

+ // now with AFI

+

+ data[0] = ISO15693_REQ_DATARATE_HIGH | ISO15693_REQ_INVENTORY | ISO15693_REQINV_AFI | ISO15693_REQINV_SLOT1;

+ data[1] = ISO15693_INVENTORY;

+ data[2] = 0; // AFI

+ data[3] = 0; // mask length

+

+ for (int i = 0; i < 256; i++) {

+ data[2] = i & 0xFF;

+ datalen = Iso15693AddCrc(data,4);

+ recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), start_time);

+ start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER;

+ WDT_HIT();

+ if (recvlen >= 12) {

+ Dbprintf("AFI=%i UID=%s", i, Iso15693sprintUID(NULL, &recv[2]));

+ }

+ Dbprintf("AFI Bruteforcing done.");

+

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

+ LEDsoff();

+}

+

+// Allows to directly send commands to the tag via the client

+void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint8_t data[]) {

+

+ int recvlen = 0;

+ uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];

+

+ LED_A_ON();

+

+ if (DEBUG) {

+ Dbprintf("SEND:");

+ Dbhexdump(datalen, data, false);

+ }

+

+ recvlen = SendDataTag(data, datalen, true, speed, (recv?recvbuf:NULL), sizeof(recvbuf), 0);

+

+ if (recv) {

+ if (DEBUG) {

+ Dbprintf("RECV:");

+ Dbhexdump(recvlen, recvbuf, false);

+ DbdecodeIso15693Answer(recvlen, recvbuf);

+ }

+

+ cmd_send(CMD_ACK, recvlen>ISO15693_MAX_RESPONSE_LENGTH?ISO15693_MAX_RESPONSE_LENGTH:recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH);

+

+ }

+

+ // for the time being, switch field off to protect rdv4.0

+ // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway

+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

LED_D_OFF();

+

+ LED_A_OFF();

}

//-----------------------------------------------------------------------------

}

//-----------------------------------------------------------------------------

-// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands

-// all demodulation performed in arm rather than host. - greg

+// Work with "magic Chinese" card.

+//

//-----------------------------------------------------------------------------

-void SimTagIso15693(uint32_t parameter)

+

+// Set the UID to the tag (based on Iceman work).

+void SetTag15693Uid(uint8_t *uid)

{

+ uint8_t cmd[4][9] = {0x00};

+

+ uint16_t crc;

+

+ int recvlen = 0;

+ uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];

+

LED_A_ON();

- LED_B_ON();

- LED_C_OFF();

+

+ // Command 1 : 02213E00000000

+ cmd[0][0] = 0x02;

+ cmd[0][1] = 0x21;

+ cmd[0][2] = 0x3e;

+ cmd[0][3] = 0x00;

+ cmd[0][4] = 0x00;

+ cmd[0][5] = 0x00;

+ cmd[0][6] = 0x00;

+

+ // Command 2 : 02213F69960000

+ cmd[1][0] = 0x02;

+ cmd[1][1] = 0x21;

+ cmd[1][2] = 0x3f;

+ cmd[1][3] = 0x69;

+ cmd[1][4] = 0x96;

+ cmd[1][5] = 0x00;

+ cmd[1][6] = 0x00;

+

+ // Command 3 : 022138u8u7u6u5 (where uX = uid byte X)

+ cmd[2][0] = 0x02;

+ cmd[2][1] = 0x21;

+ cmd[2][2] = 0x38;

+ cmd[2][3] = uid[7];

+ cmd[2][4] = uid[6];

+ cmd[2][5] = uid[5];

+ cmd[2][6] = uid[4];

+

+ // Command 4 : 022139u4u3u2u1 (where uX = uid byte X)

+ cmd[3][0] = 0x02;

+ cmd[3][1] = 0x21;

+ cmd[3][2] = 0x39;

+ cmd[3][3] = uid[3];

+ cmd[3][4] = uid[2];

+ cmd[3][5] = uid[1];

+ cmd[3][6] = uid[0];

+

+ for (int i=0; i<4; i++) {

+ // Add the CRC

+ crc = Iso15693Crc(cmd[i], 7);

+ cmd[i][7] = crc & 0xff;

+ cmd[i][8] = crc >> 8;

+

+ if (DEBUG) {

+ Dbprintf("SEND:");

+ Dbhexdump(sizeof(cmd[i]), cmd[i], false);

+ }

+

+ recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), true, 1, recvbuf, sizeof(recvbuf), 0);

+

+ if (DEBUG) {

+ Dbprintf("RECV:");

+ Dbhexdump(recvlen, recvbuf, false);

+ DbdecodeIso15693Answer(recvlen, recvbuf);

+ }

+

+ cmd_send(CMD_ACK, recvlen>ISO15693_MAX_RESPONSE_LENGTH?ISO15693_MAX_RESPONSE_LENGTH:recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH);

+ }

+

LED_D_OFF();

- uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //

- int answerLen1 = 0;

+ LED_A_OFF();

+}

- // Blank arrays

- memset(answer1, 0, 100);

- // Setup SSC

- FpgaSetupSsc();

- // Start from off (no field generated)

- FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

- SpinDelay(200);

+// --------------------------------------------------------------------

+// -- Misc & deprecated functions

+// --------------------------------------------------------------------

- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);

- FpgaSetupSsc();

+/*

- // Give the tags time to energize

-// FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR); // NO GOOD FOR SIM TAG!!!!

- SpinDelay(200);

+// do not use; has a fix UID

+static void __attribute__((unused)) BuildSysInfoRequest(uint8_t *uid)

+{

+ uint8_t cmd[12];

- LED_A_OFF();

- LED_B_OFF();

- LED_C_ON();

- LED_D_OFF();

+ uint16_t crc;

+ // If we set the Option_Flag in this request, the VICC will respond with the security status of the block

+ // followed by the block data

+ // one sub-carrier, inventory, 1 slot, fast rate

+ cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

+ // System Information command code

+ cmd[1] = 0x2B;

+ // UID may be optionally specified here

+ // 64-bit UID

+ cmd[2] = 0x32;

+ cmd[3]= 0x4b;

+ cmd[4] = 0x03;

+ cmd[5] = 0x01;

+ cmd[6] = 0x00;

+ cmd[7] = 0x10;

+ cmd[8] = 0x05;

+ cmd[9]= 0xe0; // always e0 (not exactly unique)

+ //Now the CRC

+ crc = Iso15693Crc(cmd, 10); // the crc needs to be calculated over 2 bytes

+ cmd[10] = crc & 0xff;

+ cmd[11] = crc >> 8;

- int samples = 0;

- int tsamples = 0;

- int wait = 0;

- int elapsed = 0;

+ CodeIso15693AsReader(cmd, sizeof(cmd));

+}

- answerLen1 = GetIso15693AnswerFromSniff(answer1, 100, &samples, &elapsed) ;

- if (answerLen1 >=1) // we should do a better check than this

- {

- // Build a suitable reponse to the reader INVENTORY cocmmand

- BuildInventoryResponse();

- TransmitTo15693Reader(ToSend,ToSendMax, &tsamples, &wait);

- }

+// do not use; has a fix UID

+static void __attribute__((unused)) BuildReadMultiBlockRequest(uint8_t *uid)

+{

+ uint8_t cmd[14];

- Dbprintf("%d octets read from reader command: %x %x %x %x %x %x %x %x %x", answerLen1,

- answer1[0], answer1[1], answer1[2],

- answer1[3], answer1[4], answer1[5],

- answer1[6], answer1[7], answer1[8]);

+ uint16_t crc;

+ // If we set the Option_Flag in this request, the VICC will respond with the security status of the block

+ // followed by the block data

+ // one sub-carrier, inventory, 1 slot, fast rate

+ cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

+ // READ Multi BLOCK command code

+ cmd[1] = 0x23;

+ // UID may be optionally specified here

+ // 64-bit UID

+ cmd[2] = 0x32;

+ cmd[3]= 0x4b;

+ cmd[4] = 0x03;

+ cmd[5] = 0x01;

+ cmd[6] = 0x00;

+ cmd[7] = 0x10;

+ cmd[8] = 0x05;

+ cmd[9]= 0xe0; // always e0 (not exactly unique)

+ // First Block number to read

+ cmd[10] = 0x00;

+ // Number of Blocks to read

+ cmd[11] = 0x2f; // read quite a few

+ //Now the CRC

+ crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

+ cmd[12] = crc & 0xff;

+ cmd[13] = crc >> 8;

- LED_A_OFF();

- LED_B_OFF();

- LED_C_OFF();

- LED_D_OFF();

+ CodeIso15693AsReader(cmd, sizeof(cmd));

}

+

+// do not use; has a fix UID

+static void __attribute__((unused)) BuildArbitraryRequest(uint8_t *uid,uint8_t CmdCode)

+{

+ uint8_t cmd[14];

+

+ uint16_t crc;

+ // If we set the Option_Flag in this request, the VICC will respond with the security status of the block

+ // followed by the block data

+ // one sub-carrier, inventory, 1 slot, fast rate

+ cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

+ // READ BLOCK command code

+ cmd[1] = CmdCode;

+ // UID may be optionally specified here

+ // 64-bit UID

+ cmd[2] = 0x32;

+ cmd[3]= 0x4b;

+ cmd[4] = 0x03;

+ cmd[5] = 0x01;

+ cmd[6] = 0x00;

+ cmd[7] = 0x10;

+ cmd[8] = 0x05;

+ cmd[9]= 0xe0; // always e0 (not exactly unique)

+ // Parameter

+ cmd[10] = 0x00;

+ cmd[11] = 0x0a;

+

+// cmd[12] = 0x00;

+// cmd[13] = 0x00; //Now the CRC

+ crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

+ cmd[12] = crc & 0xff;

+ cmd[13] = crc >> 8;

+

+ CodeIso15693AsReader(cmd, sizeof(cmd));

+}

+

+// do not use; has a fix UID

+static void __attribute__((unused)) BuildArbitraryCustomRequest(uint8_t uid[], uint8_t CmdCode)

+{

+ uint8_t cmd[14];

+

+ uint16_t crc;

+ // If we set the Option_Flag in this request, the VICC will respond with the security status of the block

+ // followed by the block data

+ // one sub-carrier, inventory, 1 slot, fast rate

+ cmd[0] = (1 << 5) | (1 << 1); // no SELECT bit

+ // READ BLOCK command code

+ cmd[1] = CmdCode;

+ // UID may be optionally specified here

+ // 64-bit UID

+ cmd[2] = 0x32;

+ cmd[3]= 0x4b;

+ cmd[4] = 0x03;

+ cmd[5] = 0x01;

+ cmd[6] = 0x00;

+ cmd[7] = 0x10;

+ cmd[8] = 0x05;

+ cmd[9]= 0xe0; // always e0 (not exactly unique)

+ // Parameter

+ cmd[10] = 0x05; // for custom codes this must be manufacturer code

+ cmd[11] = 0x00;

+

+// cmd[12] = 0x00;

+// cmd[13] = 0x00; //Now the CRC

+ crc = Iso15693Crc(cmd, 12); // the crc needs to be calculated over 2 bytes

+ cmd[12] = crc & 0xff;

+ cmd[13] = crc >> 8;

+

+ CodeIso15693AsReader(cmd, sizeof(cmd));

+}

+

+*/

+