BYTE *output;\r
} Uart;\r
\r
+/* Receive & handle a bit coming from the reader.\r
+ *\r
+ * LED handling:\r
+ * LED A -> ON once we have received the SOF and are expecting the rest.\r
+ * LED A -> OFF once we have received EOF or are in error state or unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ */\r
static BOOL Handle14443UartBit(int bit)\r
{\r
switch(Uart.state) {\r
case STATE_UNSYNCD:\r
+ LED_A_OFF();\r
if(!bit) {\r
// we went low, so this could be the beginning\r
// of an SOF\r
Uart.posCnt = 0;\r
Uart.byteCnt = 0;\r
Uart.state = STATE_AWAITING_START_BIT;\r
+ LED_A_ON(); // Indicate we got a valid SOF\r
} else {\r
// didn't stay down long enough\r
// before going high, error\r
Uart.bitCnt = 0;\r
Uart.shiftReg = 0;\r
Uart.state = STATE_RECEIVING_DATA;\r
+ LED_A_ON(); // Indicate we're receiving\r
}\r
break;\r
\r
}\r
} else if(Uart.shiftReg == 0x000) {\r
// this is an EOF byte\r
+ LED_A_OFF(); // Finished receiving\r
return TRUE;\r
} else {\r
// this is an error\r
break;\r
}\r
\r
+ if (Uart.state == STATE_ERROR_WAIT) LED_A_OFF(); // Error\r
+\r
return FALSE;\r
}\r
\r
\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);\r
\r
if(respLen <= 0) continue;\r
\r
// Modulate BPSK\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_BPSK);\r
SSC_TRANSMIT_HOLDING = 0xff;\r
int sumQ;\r
} Demod;\r
\r
+/*\r
+ * Handles reception of a bit from the tag\r
+ *\r
+ * LED handling:\r
+ * LED C -> ON once we have received the SOF and are expecting the rest.\r
+ * LED C -> OFF once we have received EOF or are unsynced\r
+ *\r
+ * Returns: true if we received a EOF\r
+ * false if we are still waiting for some more\r
+ *
+ */\r
static BOOL Handle14443SamplesDemod(int ci, int cq)\r
{\r
int v;\r
if(Demod.posCount < 12) {\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
+ LED_C_ON(); // Got SOF\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
Demod.posCount = 0;\r
Demod.len = 0;\r
Demod.state = DEMOD_AWAITING_START_BIT;\r
} else if(s == 0x000) {\r
// This is EOF\r
+ LED_C_OFF();\r
return TRUE;\r
Demod.state = DEMOD_UNSYNCD;\r
} else {\r
break;\r
}\r
\r
+ if (Demod.state == DEMOD_UNSYNCD) LED_C_OFF(); // Not synchronized...\r
return FALSE;\r
}\r
\r
+/*\r
+ * Demodulate the samples we received from the tag\r
+ * weTx: set to 'TRUE' if we behave like a reader\r
+ * set to 'FALSE' if we behave like a snooper\r
+ * quiet: set to 'TRUE' to disable debug output
+ */\r
static void GetSamplesFor14443Demod(BOOL weTx, int n, BOOL quiet)\r
{\r
int max = 0;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
\r
+ // Signal field is ON with the appropriate LED:\r
+ if (weTx) LED_D_ON(); else LED_D_OFF();\r
// And put the FPGA in the appropriate mode\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
int behindBy = lastRxCounter - PDC_RX_COUNTER(SSC_BASE);\r
if(behindBy > max) max = behindBy;\r
\r
- LED_D_ON();\r
while(((lastRxCounter-PDC_RX_COUNTER(SSC_BASE)) & (DMA_BUFFER_SIZE-1))\r
> 2)\r
{\r
gotFrame = 1;\r
}\r
}\r
- LED_D_OFF();\r
\r
if(samples > 2000) {\r
break;\r
SSC_TRANSMIT_HOLDING = 0xff;\r
}\r
\r
- FpgaWriteConfWord(\r
+ // Signal field is ON with the appropriate Red LED\r
+ LED_D_ON();\r
+ // Signal we are transmitting with the Green LED\r
+ LED_B_ON();\r
+ FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_TX | FPGA_HF_READER_TX_SHALLOW_MOD);\r
\r
for(c = 0; c < 10;) {\r
}\r
WDT_HIT();\r
}\r
+ LED_B_OFF(); // Finished sending\r
}\r
\r
//-----------------------------------------------------------------------------\r
\r
// Make sure that we start from off, since the tags are stateful;\r
// confusing things will happen if we don't reset them between reads.\r
- LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LED_D_OFF();\r
SpinDelay(200);\r
\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000, FALSE);\r
- LED_A_OFF();\r
+// LED_A_OFF();\r
}\r
//-----------------------------------------------------------------------------\r
// Read a SRI512 ISO 14443 tag.\r
-//
+//
// SRI512 tags are just simple memory tags, here we're looking at making a dump
// of the contents of the memory. No anticollision algorithm is done, we assume
// we have a single tag in the field.
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ);\r
SpinDelay(200);\r
BYTE cmd1[] = { 0x06, 0x00, 0x97, 0x5b};\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
+// LED_A_OFF();\r
if (Demod.len == 0) {
DbpString("No response from tag");
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
+// LED_A_OFF();\r
if (Demod.len != 3) {
DbpString("Expected 3 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
ComputeCrc14443(CRC_14443_B, cmd1, 1 , &cmd1[1], &cmd1[2]);
CodeIso14443bAsReader(cmd1, 3); // Only first three bytes for this one\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();\r
+// LED_A_OFF();\r
if (Demod.len != 10) {
DbpString("Expected 10 bytes from tag, got:");
DbpIntegers(Demod.len,0x0,0x0);
ComputeCrc14443(CRC_14443_B, cmd1, 2, &cmd1[2], &cmd1[3]);\r
CodeIso14443bAsReader(cmd1, sizeof(cmd1));\r
TransmitFor14443();\r
- LED_A_ON();\r
+// LED_A_ON();\r
GetSamplesFor14443Demod(TRUE, 2000,TRUE);\r
- LED_A_OFF();
+// LED_A_OFF();
if (Demod.len != 6) { // Check if we got an answer from the tag
DbpString("Expected 6 bytes from tag, got less...");
return;
// triggering so that we start recording at the point that the tag is moved\r
// near the reader.\r
//-----------------------------------------------------------------------------\r
+/*\r
+ * Memory usage for this function, (within BigBuf)\r
+ * 0-1023 : Demodulated samples receive (1024 bytes)\r
+ * 1024-1535 : Last Received command, 512 bytes (reader->tag)\r
+ * 1536-2047 : Last Received command, 512 bytes(tag->reader)\r
+ * 2048-2304 : DMA Buffer, 256 bytes (samples)
+ */\r
void SnoopIso14443(void)\r
{\r
// We won't start recording the frames that we acquire until we trigger;\r
BOOL triggered = FALSE;\r
\r
// The command (reader -> tag) that we're working on receiving.\r
- BYTE *receivedCmd = (((BYTE *)BigBuf) + 1024);\r
+ BYTE *receivedCmd = (BYTE *)(BigBuf) + 1024;\r
// The response (tag -> reader) that we're working on receiving.\r
- BYTE *receivedResponse = (((BYTE *)BigBuf) + 1536);\r
+ BYTE *receivedResponse = (BYTE *)(BigBuf) + 1536;\r
\r
// As we receive stuff, we copy it from receivedCmd or receivedResponse\r
// into trace, along with its length and other annotations.\r
int traceLen = 0;\r
\r
// The DMA buffer, used to stream samples from the FPGA.\r
-//# define DMA_BUFFER_SIZE 256\r
- SBYTE *dmaBuf = ((SBYTE *)BigBuf) + 2048;\r
+ SBYTE *dmaBuf = (SBYTE *)(BigBuf) + 2048;\r
int lastRxCounter;\r
SBYTE *upTo;\r
int ci, cq;\r
// information in the trace buffer.\r
int samples = 0;\r
\r
- memset(trace, 0x44, 1000);\r
+ // Initialize the trace buffer\r
+ memset(trace, 0x44, 1024);\r
\r
// Set up the demodulator for tag -> reader responses.\r
Demod.output = receivedResponse;\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(\r
FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ |\r
FPGA_HF_READER_RX_XCORR_SNOOP);\r
upTo = dmaBuf;\r
lastRxCounter = DMA_BUFFER_SIZE;\r
FpgaSetupSscDma((BYTE *)dmaBuf, DMA_BUFFER_SIZE);\r
-\r
- LED_A_ON();\r
-\r
// And now we loop, receiving samples.\r
for(;;) {\r
- int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) &\r
+ int behindBy = (lastRxCounter - PDC_RX_COUNTER(SSC_BASE)) &\r
(DMA_BUFFER_SIZE-1);\r
if(behindBy > maxBehindBy) {\r
maxBehindBy = behindBy;\r
- if(behindBy > 100) {\r
+ if(behindBy > (DMA_BUFFER_SIZE-2)) { // TODO: understand whether we can increase/decrease as we want or not?\r
DbpString("blew circular buffer!");\r
+ DbpIntegers(behindBy,0,0);\r
goto done;\r
}\r
}\r
if(upTo - dmaBuf > DMA_BUFFER_SIZE) {\r
upTo -= DMA_BUFFER_SIZE;\r
lastRxCounter += DMA_BUFFER_SIZE;\r
- PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)upTo;\r
+ PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD) upTo;\r
PDC_RX_NEXT_COUNTER(SSC_BASE) = DMA_BUFFER_SIZE;\r
}\r
\r
if(traceLen > 1000) break;\r
\r
triggered = TRUE;\r
- LED_A_OFF();\r
- LED_B_ON();\r
\r
// And ready to receive another response.\r
memset(&Demod, 0, sizeof(Demod));\r
Demod.output = receivedResponse;\r
Demod.state = DEMOD_UNSYNCD;\r
}\r
+ WDT_HIT();\r
\r
if(BUTTON_PRESS()) {\r
DbpString("cancelled");\r
DbpIntegers(Uart.byteCntMax, traceLen, 0x23);\r
\r
done:\r
+ LED_D_OFF();\r
PDC_CONTROL(SSC_BASE) = PDC_RX_DISABLE;\r
- LED_A_OFF();\r
- LED_B_OFF();\r
}\r
#define RECV_RES_OFFSET 3096\r
#define DMA_BUFFER_OFFSET 3160\r
#define DMA_BUFFER_SIZE 4096\r
- #define TRACE_LENGTH 3000 \r
- \r
+ #define TRACE_LENGTH 3000\r
+\r
// #define RECV_CMD_OFFSET 2032 // original (working as of 21/2/09) values\r
// #define RECV_RES_OFFSET 2096 // original (working as of 21/2/09) values\r
// #define DMA_BUFFER_OFFSET 2160 // original (working as of 21/2/09) values\r
Uart.state = STATE_UNSYNCD;\r
\r
// And put the FPGA in the appropriate mode\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);\r
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
\r
{\r
// Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_TAGSIM_LISTEN);\r
\r
// Now run a `software UART' on the stream of incoming samples.\r
\r
// my desfire\r
static const BYTE response2[] = { 0x88, 0x04, 0x21, 0x3f, 0x4d }; // known uid - note cascade (0x88), 2nd byte (0x04) = NXP/Phillips\r
- \r
- \r
+\r
+\r
// When reader selects us during cascade1 it will send cmd3\r
//BYTE response3[] = { 0x04, 0x00, 0x00 }; // SAK Select (cascade1) successful response (ULTRALITE)\r
BYTE response3[] = { 0x24, 0x00, 0x00 }; // SAK Select (cascade1) successful response (DESFire)\r
//BYTE response3a[] = { 0x00, 0x00, 0x00 }; // SAK Select (cascade2) successful response (ULTRALITE)\r
BYTE response3a[] = { 0x20, 0x00, 0x00 }; // SAK Select (cascade2) successful response (DESFire)\r
ComputeCrc14443(CRC_14443_A, response3a, 1, &response3a[1], &response3a[2]);\r
- \r
+\r
// When reader tries to authenticate\r
// static const BYTE cmd5[] = { 0x60, 0x00, 0xf5, 0x7b };\r
static const BYTE response5[] = { 0x00, 0x00, 0x00, 0x00 }; // Very random tag nonce\r
// buffer needs to be 512 bytes\r
int c;\r
\r
- // Set FPGA mode to "simulated ISO 14443 tag", no modulation (listen\r
+ // Set FPGA mode to "reader listen mode", no modulation (listen\r
// only, since we are receiving, not transmitting).\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN);\r
\r
// Now get the answer from the card\r
int traceLen = 0;\r
int rsamples = 0;\r
\r
- memset(trace, 0x44, 2000); // was 2000 - tied to oter size chnages \r
+ memset(trace, 0x44, 2000); // was 2000 - tied to oter size chnages\r
// setting it to 3000 causes no tag responses to be detected (2900 is ok)\r
// setting it to 1000 causes no tag responses to be detected\r
\r
FpgaSetupSsc();\r
\r
// Start from off (no field generated)\r
+ // Signal field is off with the appropriate LED\r
+ LED_D_OFF();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
SpinDelay(200);\r
\r
FpgaSetupSsc();\r
\r
// Now give it time to spin up.\r
+ // Signal field is on with the appropriate LED\r
+ LED_D_ON();\r
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
SpinDelay(200);\r
\r
LED_A_ON();\r
LED_B_OFF();\r
LED_C_OFF();\r
- LED_D_OFF();\r
\r
int samples = 0;\r
int tsamples = 0;\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
-// OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in \r
+// OK we have selected at least at cascade 1, lets see if first byte of UID was 0x88 in\r
// which case we need to make a cascade 2 request and select - this is a long UID\r
if (receivedAnswer[0] == 0x88)\r
{\r
traceLen += Demod.len;\r
if(traceLen > TRACE_LENGTH) goto done;\r
\r
-\r
-\r
-\r
-\r
-\r
- } \r
-\r
- \r
+ }\r
\r
// Secondly compute the two CRC bytes at the end\r
ComputeCrc14443(CRC_14443_A, cmd5, 2, &cmd5[2], &cmd5[3]);\r
LED_A_OFF();\r
LED_B_OFF();\r
LED_C_OFF();\r
- LED_D_OFF();\r
DbpIntegers(rsamples, 0xCC, 0xCC);\r
DbpString("ready..");\r
}\r