X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/1a093c19b52e541d3cfe21e0d31e3c199da441d7..393c3ef933553e628635590ca2b8237d07e9e0e3:/armsrc/iso14443.c diff --git a/armsrc/iso14443.c b/armsrc/iso14443.c index 7271b9d0..b20d1be9 100644 --- a/armsrc/iso14443.c +++ b/armsrc/iso14443.c @@ -6,12 +6,15 @@ //----------------------------------------------------------------------------- #include #include "apps.h" -#include "../common/iso14443_crc.c" +#include "iso14443crc.h" //static void GetSamplesFor14443(BOOL weTx, int n); -#define DMA_BUFFER_SIZE 256 +#define DEMOD_TRACE_SIZE 4096 +#define READER_TAG_BUFFER_SIZE 2048 +#define TAG_READER_BUFFER_SIZE 2048 +#define DMA_BUFFER_SIZE 1024 //============================================================================= // An ISO 14443 Type B tag. We listen for commands from the reader, using @@ -131,10 +134,20 @@ static struct { BYTE *output; } Uart; +/* Receive & handle a bit coming from the reader. + * + * LED handling: + * LED A -> ON once we have received the SOF and are expecting the rest. + * LED A -> OFF once we have received EOF or are in error state or unsynced + * + * Returns: true if we received a EOF + * false if we are still waiting for some more + */ static BOOL Handle14443UartBit(int bit) { switch(Uart.state) { case STATE_UNSYNCD: + LED_A_OFF(); if(!bit) { // we went low, so this could be the beginning // of an SOF @@ -154,6 +167,7 @@ static BOOL Handle14443UartBit(int bit) Uart.posCnt = 0; Uart.byteCnt = 0; Uart.state = STATE_AWAITING_START_BIT; + LED_A_ON(); // Indicate we got a valid SOF } else { // didn't stay down long enough // before going high, error @@ -186,6 +200,7 @@ static BOOL Handle14443UartBit(int bit) Uart.bitCnt = 0; Uart.shiftReg = 0; Uart.state = STATE_RECEIVING_DATA; + LED_A_ON(); // Indicate we're receiving } break; @@ -221,6 +236,7 @@ static BOOL Handle14443UartBit(int bit) } } else if(Uart.shiftReg == 0x000) { // this is an EOF byte + LED_A_OFF(); // Finished receiving return TRUE; } else { // this is an error @@ -245,6 +261,8 @@ static BOOL Handle14443UartBit(int bit) break; } + if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error + return FALSE; } @@ -264,6 +282,8 @@ static BOOL GetIso14443CommandFromReader(BYTE *received, int *len, int maxLen) // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen // only, since we are receiving, not transmitting). + // Signal field is off with the appropriate LED + LED_D_OFF(); FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION); @@ -278,11 +298,11 @@ static BOOL GetIso14443CommandFromReader(BYTE *received, int *len, int maxLen) if(BUTTON_PRESS()) return FALSE; - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0x00; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x00; } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - BYTE b = (BYTE)SSC_RECEIVE_HOLDING; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; mask = 0x80; for(i = 0; i < 8; i++, mask >>= 1) { @@ -336,9 +356,8 @@ void SimulateIso14443Tag(void) BYTE b1, b2; if(!GetIso14443CommandFromReader(receivedCmd, &len, 100)) { - DbpIntegers(cmdsRecvd, 0, 0); - DbpString("button press"); - break; + Dbprintf("button pressed, received %d commands", cmdsRecvd); + break; } // Good, look at the command now. @@ -346,8 +365,7 @@ void SimulateIso14443Tag(void) if(len == sizeof(cmd1) && memcmp(receivedCmd, cmd1, len)==0) { resp = resp1; respLen = resp1Len; } else { - DbpString("new cmd from reader:"); - DbpIntegers(len, 0x1234, cmdsRecvd); + Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsRecvd); // And print whether the CRC fails, just for good measure ComputeCrc14443(CRC_14443_B, receivedCmd, len-2, &b1, &b2); if(b1 != receivedCmd[len-2] || b2 != receivedCmd[len-1]) { @@ -371,26 +389,28 @@ void SimulateIso14443Tag(void) if(respLen <= 0) continue; // Modulate BPSK + // Signal field is off with the appropriate LED + LED_D_OFF(); FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK); - SSC_TRANSMIT_HOLDING = 0xff; + AT91C_BASE_SSC->SSC_THR = 0xff; FpgaSetupSsc(); // Transmit the response. i = 0; for(;;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { BYTE b = resp[i]; - SSC_TRANSMIT_HOLDING = b; + AT91C_BASE_SSC->SSC_THR = b; i++; if(i > respLen) { break; } } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - volatile BYTE b = (BYTE)SSC_RECEIVE_HOLDING; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile BYTE b = (BYTE)AT91C_BASE_SSC->SSC_RHR; (void)b; } } @@ -426,6 +446,17 @@ static struct { int sumQ; } Demod; +/* + * Handles reception of a bit from the tag + * + * LED handling: + * LED C -> ON once we have received the SOF and are expecting the rest. + * LED C -> OFF once we have received EOF or are unsynced + * + * Returns: true if we received a EOF + * false if we are still waiting for some more + * + */ static BOOL Handle14443SamplesDemod(int ci, int cq) { int v; @@ -498,6 +529,7 @@ static BOOL Handle14443SamplesDemod(int ci, int cq) if(Demod.posCount < 12) { Demod.state = DEMOD_UNSYNCD; } else { + LED_C_ON(); // Got SOF Demod.state = DEMOD_AWAITING_START_BIT; Demod.posCount = 0; Demod.len = 0; @@ -557,6 +589,7 @@ static BOOL Handle14443SamplesDemod(int ci, int cq) Demod.state = DEMOD_AWAITING_START_BIT; } else if(s == 0x000) { // This is EOF + LED_C_OFF(); return TRUE; Demod.state = DEMOD_UNSYNCD; } else { @@ -572,9 +605,16 @@ static BOOL Handle14443SamplesDemod(int ci, int cq) break; } + if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized... return FALSE; } +/* + * Demodulate the samples we received from the tag + * weTx: set to 'TRUE' if we behave like a reader + * set to 'FALSE' if we behave like a snooper + * quiet: set to 'TRUE' to disable debug output + */ static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) { int max = 0; @@ -607,17 +647,18 @@ static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) lastRxCounter = DMA_BUFFER_SIZE; FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); + // Signal field is ON with the appropriate LED: + if (weTx) LED_D_ON(); else LED_D_OFF(); // And put the FPGA in the appropriate mode FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | (weTx ? 0 : FPGA_HF_READER_RX_XCORR_SNOOP)); for(;;) { - int behindBy = lastRxCounter - PDC_RX_COUNTER(SSC_BASE); + int behindBy = lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR; if(behindBy > max) max = behindBy; - LED_D_ON(); - while(((lastRxCounter-PDC_RX_COUNTER(SSC_BASE)) & (DMA_BUFFER_SIZE-1)) + while(((lastRxCounter-AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1)) > 2) { ci = upTo[0]; @@ -625,8 +666,8 @@ static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) upTo += 2; if(upTo - dmaBuf > DMA_BUFFER_SIZE) { upTo -= DMA_BUFFER_SIZE; - PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo; - PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)upTo; + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; } lastRxCounter -= 2; if(lastRxCounter <= 0) { @@ -642,14 +683,13 @@ static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) gotFrame = 1; } } - LED_D_OFF(); if(samples > 2000) { break; } } - PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE; - if (!quiet) DbpIntegers(max, gotFrame, Demod.len); + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; + if (!quiet) Dbprintf("%x %x %x", max, gotFrame, Demod.len); } //----------------------------------------------------------------------------- @@ -668,12 +708,12 @@ static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet) c = 0; for(;;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0x43; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0x43; } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { SBYTE b; - b = (SBYTE)SSC_RECEIVE_HOLDING; + b = (SBYTE)AT91C_BASE_SSC->SSC_RHR; dest[c++] = (BYTE)b; @@ -693,20 +733,24 @@ static void TransmitFor14443(void) FpgaSetupSsc(); - while(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0xff; + while(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0xff; } - FpgaWriteConfWord( + // Signal field is ON with the appropriate Red LED + LED_D_ON(); + // Signal we are transmitting with the Green LED + LED_B_ON(); + FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD); for(c = 0; c < 10;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = 0xff; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = 0xff; c++; } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - volatile DWORD r = SSC_RECEIVE_HOLDING; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; (void)r; } WDT_HIT(); @@ -714,19 +758,20 @@ static void TransmitFor14443(void) c = 0; for(;;) { - if(SSC_STATUS & (SSC_STATUS_TX_READY)) { - SSC_TRANSMIT_HOLDING = ToSend[c]; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + AT91C_BASE_SSC->SSC_THR = ToSend[c]; c++; if(c >= ToSendMax) { break; } } - if(SSC_STATUS & (SSC_STATUS_RX_READY)) { - volatile DWORD r = SSC_RECEIVE_HOLDING; + if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { + volatile DWORD r = AT91C_BASE_SSC->SSC_RHR; (void)r; } WDT_HIT(); } + LED_B_OFF(); // Finished sending } //----------------------------------------------------------------------------- @@ -787,8 +832,8 @@ void CodeIso14443bAsReader(const BYTE *cmd, int len) //----------------------------------------------------------------------------- // Read an ISO 14443 tag. We send it some set of commands, and record the -// responses. -// The command name is misleading, it actually decodes the reponse in HEX +// responses. +// The command name is misleading, it actually decodes the reponse in HEX // into the output buffer (read the result using hexsamples, not hisamples) //----------------------------------------------------------------------------- void AcquireRawAdcSamplesIso14443(DWORD parameter) @@ -797,37 +842,48 @@ void AcquireRawAdcSamplesIso14443(DWORD parameter) // Make sure that we start from off, since the tags are stateful; // confusing things will happen if we don't reset them between reads. - LED_D_OFF(); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); SpinDelay(200); SetAdcMuxFor(GPIO_MUXSEL_HIPKD); FpgaSetupSsc(); // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); SpinDelay(200); CodeIso14443bAsReader(cmd1, sizeof(cmd1)); TransmitFor14443(); - LED_A_ON(); +// LED_A_ON(); GetSamplesFor14443Demod(TRUE, 2000, FALSE); - LED_A_OFF(); +// LED_A_OFF(); } - + //----------------------------------------------------------------------------- // Read a SRI512 ISO 14443 tag. -// -// SRI512 tags are just simple memory tags, here we're looking at making a dump -// of the contents of the memory. No anticollision algorithm is done, we assume -// we have a single tag in the field. -// +// +// SRI512 tags are just simple memory tags, here we're looking at making a dump +// of the contents of the memory. No anticollision algorithm is done, we assume +// we have a single tag in the field. +// // I tried to be systematic and check every answer of the tag, every CRC, etc... //----------------------------------------------------------------------------- void ReadSRI512Iso14443(DWORD parameter) { - BYTE i = 0x00; + ReadSTMemoryIso14443(parameter,0x0F); +} +void ReadSRIX4KIso14443(DWORD parameter) +{ + ReadSTMemoryIso14443(parameter,0x7F); +} + +void ReadSTMemoryIso14443(DWORD parameter,DWORD dwLast) +{ + BYTE i = 0x00; // Make sure that we start from off, since the tags are stateful; // confusing things will happen if we don't reset them between reads. @@ -839,113 +895,115 @@ void ReadSRI512Iso14443(DWORD parameter) FpgaSetupSsc(); // Now give it time to spin up. + // Signal field is on with the appropriate LED + LED_D_ON(); FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ); SpinDelay(200); - + // First command: wake up the tag using the INITIATE command BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b}; CodeIso14443bAsReader(cmd1, sizeof(cmd1)); TransmitFor14443(); - LED_A_ON(); +// LED_A_ON(); GetSamplesFor14443Demod(TRUE, 2000,TRUE); - LED_A_OFF(); - - if (Demod.len == 0) { - DbpString("No response from tag"); - return; - } else { - DbpString("Randomly generated UID from tag (+ 2 byte CRC):"); - DbpIntegers(Demod.output[0], Demod.output[1],Demod.output[2]); - } - // There is a response, SELECT the uid - DbpString("Now SELECT tag:"); - cmd1[0] = 0x0E; // 0x0E is SELECT - cmd1[1] = Demod.output[0]; +// LED_A_OFF(); + + if (Demod.len == 0) { + DbpString("No response from tag"); + return; + } else { + Dbprintf("Randomly generated UID from tag (+ 2 byte CRC): %x %x %x", + Demod.output[0], Demod.output[1],Demod.output[2]); + } + // There is a response, SELECT the uid + DbpString("Now SELECT tag:"); + cmd1[0] = 0x0E; // 0x0E is SELECT + cmd1[1] = Demod.output[0]; ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); CodeIso14443bAsReader(cmd1, sizeof(cmd1)); TransmitFor14443(); - LED_A_ON(); +// LED_A_ON(); GetSamplesFor14443Demod(TRUE, 2000,TRUE); - LED_A_OFF(); - if (Demod.len != 3) { - DbpString("Expected 3 bytes from tag, got:"); - DbpIntegers(Demod.len,0x0,0x0); - return; - } - // Check the CRC of the answer: +// LED_A_OFF(); + if (Demod.len != 3) { + Dbprintf("Expected 3 bytes from tag, got %d", Demod.len); + return; + } + // Check the CRC of the answer: ComputeCrc14443(CRC_14443_B, Demod.output, 1 , &cmd1[2], &cmd1[3]); if(cmd1[2] != Demod.output[1] || cmd1[3] != Demod.output[2]) { - DbpString("CRC Error reading select response."); - return; - } - // Check response from the tag: should be the same UID as the command we just sent: - if (cmd1[1] != Demod.output[0]) { - DbpString("Bad response to SELECT from Tag, aborting:"); - DbpIntegers(cmd1[1],Demod.output[0],0x0); - return; - } - // Tag is now selected, - // First get the tag's UID: - cmd1[0] = 0x0B; - ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]); + DbpString("CRC Error reading select response."); + return; + } + // Check response from the tag: should be the same UID as the command we just sent: + if (cmd1[1] != Demod.output[0]) { + Dbprintf("Bad response to SELECT from Tag, aborting: %x %x", cmd1[1], Demod.output[0]); + return; + } + // Tag is now selected, + // First get the tag's UID: + cmd1[0] = 0x0B; + ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]); CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one TransmitFor14443(); - LED_A_ON(); +// LED_A_ON(); GetSamplesFor14443Demod(TRUE, 2000,TRUE); - LED_A_OFF(); - if (Demod.len != 10) { - DbpString("Expected 10 bytes from tag, got:"); - DbpIntegers(Demod.len,0x0,0x0); - return; - } - // The check the CRC of the answer (use cmd1 as temporary variable): +// LED_A_OFF(); + if (Demod.len != 10) { + Dbprintf("Expected 10 bytes from tag, got %d", Demod.len); + return; + } + // The check the CRC of the answer (use cmd1 as temporary variable): ComputeCrc14443(CRC_14443_B, Demod.output, 8, &cmd1[2], &cmd1[3]); if(cmd1[2] != Demod.output[8] || cmd1[3] != Demod.output[9]) { - DbpString("CRC Error reading block! - Below: expected, got"); - DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9],0); - // Do not return;, let's go on... (we should retry, maybe ?) - } - DbpString("Tag UID (64 bits):"); - DbpIntegers((Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], 0); - - // Now loop to read all 16 blocks, address from 0 to 15 - DbpString("Tag memory dump, block 0 to 15"); - cmd1[0] = 0x08; - i = 0x00; - for (;;) { - if (i == 0x10) { - DbpString("System area block (0xff):"); - i = 0xff; - } - cmd1[1] = i; + Dbprintf("CRC Error reading block! - Below: expected, got %x %x", + (cmd1[2]<<8)+cmd1[3], (Demod.output[8]<<8)+Demod.output[9]); + // Do not return;, let's go on... (we should retry, maybe ?) + } + Dbprintf("Tag UID (64 bits): %08x %08x", + (Demod.output[7]<<24) + (Demod.output[6]<<16) + (Demod.output[5]<<8) + Demod.output[4], + (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0]); + + // Now loop to read all 16 blocks, address from 0 to 15 + DbpString("Tag memory dump, block 0 to 15"); + cmd1[0] = 0x08; + i = 0x00; + dwLast++; + for (;;) { + if (i == dwLast) { + DbpString("System area block (0xff):"); + i = 0xff; + } + cmd1[1] = i; ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]); CodeIso14443bAsReader(cmd1, sizeof(cmd1)); TransmitFor14443(); - LED_A_ON(); +// LED_A_ON(); GetSamplesFor14443Demod(TRUE, 2000,TRUE); - LED_A_OFF(); - if (Demod.len != 6) { // Check if we got an answer from the tag - DbpString("Expected 6 bytes from tag, got less..."); - return; - } - // The check the CRC of the answer (use cmd1 as temporary variable): +// LED_A_OFF(); + if (Demod.len != 6) { // Check if we got an answer from the tag + DbpString("Expected 6 bytes from tag, got less..."); + return; + } + // The check the CRC of the answer (use cmd1 as temporary variable): ComputeCrc14443(CRC_14443_B, Demod.output, 4, &cmd1[2], &cmd1[3]); if(cmd1[2] != Demod.output[4] || cmd1[3] != Demod.output[5]) { - DbpString("CRC Error reading block! - Below: expected, got"); - DbpIntegers( (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5],0); - // Do not return;, let's go on... (we should retry, maybe ?) - } - // Now print out the memory location: - DbpString("Address , Contents, CRC"); - DbpIntegers(i, (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], (Demod.output[4]<<8)+Demod.output[5]); - if (i == 0xff) { - break; - } - i++; - } + Dbprintf("CRC Error reading block! - Below: expected, got %x %x", + (cmd1[2]<<8)+cmd1[3], (Demod.output[4]<<8)+Demod.output[5]); + // Do not return;, let's go on... (we should retry, maybe ?) + } + // Now print out the memory location: + Dbprintf("Address=%x, Contents=%x, CRC=%x", i, + (Demod.output[3]<<24) + (Demod.output[2]<<16) + (Demod.output[1]<<8) + Demod.output[0], + (Demod.output[4]<<8)+Demod.output[5]); + if (i == 0xff) { + break; + } + i++; + } } - + //============================================================================= // Finally, the `sniffer' combines elements from both the reader and @@ -957,6 +1015,13 @@ void ReadSRI512Iso14443(DWORD parameter) // triggering so that we start recording at the point that the tag is moved // near the reader. //----------------------------------------------------------------------------- +/* + * Memory usage for this function, (within BigBuf) + * 0-4095 : Demodulated samples receive (4096 bytes) - DEMOD_TRACE_SIZE + * 4096-6143 : Last Received command, 2048 bytes (reader->tag) - READER_TAG_BUFFER_SIZE + * 6144-8191 : Last Received command, 2048 bytes(tag->reader) - TAG_READER_BUFFER_SIZE + * 8192-9215 : DMA Buffer, 1024 bytes (samples) - DMA_BUFFER_SIZE + */ void SnoopIso14443(void) { // We won't start recording the frames that we acquire until we trigger; @@ -965,9 +1030,9 @@ void SnoopIso14443(void) BOOL triggered = FALSE; // The command (reader -> tag) that we're working on receiving. - BYTE *receivedCmd = (((BYTE *)BigBuf) + 1024); + BYTE *receivedCmd = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE; // The response (tag -> reader) that we're working on receiving. - BYTE *receivedResponse = (((BYTE *)BigBuf) + 1536); + BYTE *receivedResponse = (BYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE; // As we receive stuff, we copy it from receivedCmd or receivedResponse // into trace, along with its length and other annotations. @@ -975,8 +1040,7 @@ void SnoopIso14443(void) int traceLen = 0; // The DMA buffer, used to stream samples from the FPGA. -//# define DMA_BUFFER_SIZE 256 - SBYTE *dmaBuf = ((SBYTE *)BigBuf) + 2048; + SBYTE *dmaBuf = (SBYTE *)(BigBuf) + DEMOD_TRACE_SIZE + READER_TAG_BUFFER_SIZE + TAG_READER_BUFFER_SIZE; int lastRxCounter; SBYTE *upTo; int ci, cq; @@ -986,7 +1050,8 @@ void SnoopIso14443(void) // information in the trace buffer. int samples = 0; - memset(trace, 0x44, 1000); + // Initialize the trace buffer + memset(trace, 0x44, DEMOD_TRACE_SIZE); // Set up the demodulator for tag -> reader responses. Demod.output = receivedResponse; @@ -999,7 +1064,20 @@ void SnoopIso14443(void) Uart.byteCntMax = 100; Uart.state = STATE_UNSYNCD; + // Print some debug information about the buffer sizes + Dbprintf("Snooping buffers initialized:"); + Dbprintf(" Trace: %i bytes", DEMOD_TRACE_SIZE); + Dbprintf(" Reader -> tag: %i bytes", READER_TAG_BUFFER_SIZE); + Dbprintf(" tag -> Reader: %i bytes", TAG_READER_BUFFER_SIZE); + Dbprintf(" DMA: %i bytes", DMA_BUFFER_SIZE); + + // Use a counter for blinking the LED + long ledCount=0; + long ledFlashAt=200000; + // And put the FPGA in the appropriate mode + // Signal field is off with the appropriate LED + LED_D_OFF(); FpgaWriteConfWord( FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP); @@ -1010,17 +1088,24 @@ void SnoopIso14443(void) upTo = dmaBuf; lastRxCounter = DMA_BUFFER_SIZE; FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE); - - LED_A_ON(); - // And now we loop, receiving samples. for(;;) { - int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) & + // Blink the LED while Snooping + ledCount++; + if (ledCount == ledFlashAt) { + LED_D_ON(); + } + if (ledCount >= 2*ledFlashAt) { + LED_D_OFF(); + ledCount=0; + } + + int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) & (DMA_BUFFER_SIZE-1); if(behindBy > maxBehindBy) { maxBehindBy = behindBy; - if(behindBy > 100) { - DbpString("blew circular buffer!"); + if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not? + Dbprintf("blew circular buffer! behindBy=%x", behindBy); goto done; } } @@ -1033,14 +1118,15 @@ void SnoopIso14443(void) if(upTo - dmaBuf > DMA_BUFFER_SIZE) { upTo -= DMA_BUFFER_SIZE; lastRxCounter += DMA_BUFFER_SIZE; - PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo; - PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE; + AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD) upTo; + AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE; } samples += 2; #define HANDLE_BIT_IF_BODY \ if(triggered) { \ + ledFlashAt=30000; \ trace[traceLen++] = ((samples >> 0) & 0xff); \ trace[traceLen++] = ((samples >> 8) & 0xff); \ trace[traceLen++] = ((samples >> 16) & 0xff); \ @@ -1090,17 +1176,19 @@ void SnoopIso14443(void) trace[traceLen++] = Demod.len; memcpy(trace+traceLen, receivedResponse, Demod.len); traceLen += Demod.len; - if(traceLen > 1000) break; + if(traceLen > DEMOD_TRACE_SIZE) { + DbpString("Reached trace limit"); + goto done; + } triggered = TRUE; - LED_A_OFF(); - LED_B_ON(); // And ready to receive another response. memset(&Demod, 0, sizeof(Demod)); Demod.output = receivedResponse; Demod.state = DEMOD_UNSYNCD; } + WDT_HIT(); if(BUTTON_PRESS()) { DbpString("cancelled"); @@ -1108,13 +1196,13 @@ void SnoopIso14443(void) } } - DbpString("in done pt"); - - DbpIntegers(maxBehindBy, Uart.state, Uart.byteCnt); - DbpIntegers(Uart.byteCntMax, traceLen, 0x23); - done: - PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE; - LED_A_OFF(); - LED_B_OFF(); + LED_D_OFF(); + AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; + DbpString("Snoop statistics:"); + Dbprintf(" Max behind by: %i", maxBehindBy); + Dbprintf(" Uart State: %x", Uart.state); + Dbprintf(" Uart ByteCnt: %i", Uart.byteCnt); + Dbprintf(" Uart ByteCntMax: %i", Uart.byteCntMax); + Dbprintf(" Trace length: %i", traceLen); }