X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/ff9c043da29150aa785723326537ba93ddac0614..9833360b251571f82749c352f49d712c9c8322ad:/armsrc/lfops.c diff --git a/armsrc/lfops.c b/armsrc/lfops.c index c8eed468..c0c24787 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -326,7 +326,6 @@ void AcquireTiType(void) // if not provided a valid crc will be computed from the data and written. void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) { - StartTicks(); FpgaDownloadAndGo(FPGA_BITSTREAM_LF); if(crc == 0) { crc = update_crc16(crc, (idlo)&0xff); @@ -347,8 +346,10 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) // whether we're modulating the antenna (high) // or listening to the antenna (low) FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + StartTicks(); + LED_A_ON(); - + // steal this pin from the SSP and use it to control the modulation AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT; AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT; @@ -361,7 +362,7 @@ void WriteTItag(uint32_t idhi, uint32_t idlo, uint16_t crc) // then write 80 bits of data (or 64 bit data + 16 bit crc if you prefer) // finally end with 0x0300 (write frame) // all data is sent lsb first - // finish with 15ms programming time + // finish with 50ms programming time // modulate antenna HIGH(GPIO_SSC_DOUT); @@ -399,7 +400,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) int i = 0; uint8_t *buf = BigBuf_get_addr(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); + FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU); + //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT); //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_READER_FIELD); //FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT | FPGA_LF_EDGE_DETECT_TOGGLE_MODE ); @@ -420,8 +422,9 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol) AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_CLK; // power on antenna - // OPEN_COIL(); - // SpinDelay(50); + OPEN_COIL(); + // charge time + WaitMS(50); for(;;) { WDT_HIT(); @@ -1176,6 +1179,10 @@ void TurnReadLFOn(uint32_t delay) { // Give it a bit of time for the resonant antenna to settle. WaitUS(delay); } +void TurnReadLF_off(uint32_t delay) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + WaitUS(delay); +} // Write one bit to card void T55xxWriteBit(int bit) { @@ -1646,15 +1653,8 @@ void SendForward(uint8_t fwd_bit_count) { // 55FC * 8us == 440us / 21.3 === 20.65 steps. could be too short. Go for 56FC instead // 32FC * 8us == 256us / 21.3 == 12.018 steps. ok // 16FC * 8us == 128us / 21.3 == 6.009 steps. ok - #ifndef EM_START_GAP -#define EM_START_GAP 60*8 -#endif -#ifndef EM_ONE_GAP -#define EM_ONE_GAP 32*8 -#endif -#ifndef EM_ZERO_GAP -# define EM_ZERO_GAP 16*8 +#define EM_START_GAP 55*8 #endif fwd_write_ptr = forwardLink_data; @@ -1667,19 +1667,16 @@ void SendForward(uint8_t fwd_bit_count) { fwd_bit_sz--; //prepare next bit modulation fwd_write_ptr++; - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(EM_START_GAP); - TurnReadLFOn(16); + TurnReadLF_off(EM_START_GAP); + TurnReadLFOn(18*8); // now start writting with bitbanging the antenna. while(fwd_bit_sz-- > 0) { //prepare next bit modulation - if(((*fwd_write_ptr++) & 1) == 1) - WaitUS(EM_ONE_GAP); - else { - //These timings work for 4469/4269/4305 - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - WaitUS(20); - TurnReadLFOn(12); + if(((*fwd_write_ptr++) & 1) == 1) { + WaitUS(32); + } else { + TurnReadLF_off(23*8); + TurnReadLFOn(18*8); } } } @@ -1690,7 +1687,7 @@ void EM4xLogin(uint32_t pwd) { len = Prepare_Cmd( FWD_CMD_LOGIN ); len += Prepare_Data( pwd & 0xFFFF, pwd >> 16 ); SendForward(len); - //WaitMS(20); - no wait for login command. + //WaitUS(20); // no wait for login command. // should receive // 0000 1010 ok. // 0000 0001 fail @@ -1699,7 +1696,6 @@ void EM4xLogin(uint32_t pwd) { void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) { LED_A_ON(); - uint8_t len; //clear buffer now so it does not interfere with timing later @@ -1719,7 +1715,9 @@ void EM4xReadWord(uint8_t addr, uint32_t pwd, uint8_t usepwd) { SendForward(len); - DoAcquisition_config(TRUE); + WaitUS(400); + + DoPartialAcquisition(20, true, 6000); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); cmd_send(CMD_ACK,0,0,0,0,0); @@ -1752,8 +1750,12 @@ void EM4xWriteWord(uint32_t flag, uint32_t data, uint32_t pwd) { SendForward(len); - //Wait 20ms for write to complete - WaitMS(20); + //Wait 20ms for write to complete? + WaitMS(7); + + //Capture response if one exists + DoPartialAcquisition(20, true, 6000); + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); cmd_send(CMD_ACK,0,0,0,0,0); LED_A_OFF();