* and enlarge the gap ones.
* Q5 tags seems to have issues when these values changes.
*/
+
+ /*
+ // Original Timings for reference
+
+#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
+#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
+#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
+#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
++=======
++
+ /* Q5 timing datasheet:
+ * Type | MIN | Typical | Max |
+ * Start_Gap | 10*8 | ? | 50*8 |
+ * Write_Gap Normal mode | 8*8 | 14*8 | 20*8 |
+ * Write_Gap Fast Mode | 8*8 | ? | 20*8 |
+ * Write_0 Normal mode | 16*8 | 24*8 | 32*8 |
+ * Write_1 Normal mode | 48*8 | 56*8 | 64*8 |
+ * Write_0 Fast Mode | 8*8 | 12*8 | 16*8 |
+ * Write_1 Fast Mode | 24*8 | 28*8 | 32*8 |
+ */
+
+ /* T5557 timing datasheet:
+ * Type | MIN | Typical | Max |
+ * Start_Gap | 10*8 | ? | 50*8 |
+ * Write_Gap Normal mode | 8*8 |50-150us | 30*8 |
+ * Write_Gap Fast Mode | 8*8 | ? | 20*8 |
+ * Write_0 Normal mode | 16*8 | 24*8 | 31*8 |
+ * Write_1 Normal mode | 48*8 | 54*8 | 63*8 |
+ * Write_0 Fast Mode | 8*8 | 12*8 | 15*8 |
+ * Write_1 Fast Mode | 24*8 | 28*8 | 31*8 |
+ */
+
+ /* T5577C timing datasheet for Fixed-Bit-Length protocol (defualt):
+ * Type | MIN | Typical | Max |
+ * Start_Gap | 8*8 | 15*8 | 50*8 |
+ * Write_Gap Normal mode | 8*8 | 10*8 | 20*8 |
+ * Write_Gap Fast Mode | 8*8 | 10*8 | 20*8 |
+ * Write_0 Normal mode | 16*8 | 24*8 | 32*8 |
+ * Write_1 Normal mode | 48*8 | 56*8 | 64*8 |
+ * Write_0 Fast Mode | 8*8 | 12*8 | 16*8 |
+ * Write_1 Fast Mode | 24*8 | 28*8 | 32*8 |
+ */
+
+ //note startgap must be sent after tag has been powered up for more than 3ms (per T5557 ds)
+ #define START_GAP 31*8 //31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc) - T5557: 10*8 to 50*8
+ #define WRITE_GAP 20*8 //20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc) - T5557: 8*8 to 30*8 typ 50-150us
+ #define WRITE_0 18*8 //18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc) - T5557: 16*8 to 31*8 typ 24*8
+ #define WRITE_1 50*8 //50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) - T5557: 48*8 to 63*8 typ 54*8 432 for T55x7; 448 for E5550
++
#define READ_GAP 15*8
+*/
+
+// Structure to hold Timing values. In future will be simplier to add user changable timings.
+typedef struct {
+ uint16_t START_GAP;
+ uint16_t WRITE_GAP;
+ uint16_t WRITE_0;
+ uint16_t WRITE_1;
+ uint16_t WRITE_2;
+ uint16_t WRITE_3;
+ uint16_t READ_GAP;
+} T55xx_Timing;
+
+
+
+// Set Initial/Default Values. Note: *8 can occure when used. This should keep things simplier here.
+T55xx_Timing T55xx_Timing_FixedBit = { 31 * 8 , 20 * 8 , 18 * 8 , 50 * 8 , 0 , 0 , 15 * 8 };
+T55xx_Timing T55xx_Timing_LLR = { 31 * 8 , 20 * 8 , 18 * 8 , 50 * 8 , 0 , 0 , 15 * 8 };
+T55xx_Timing T55xx_Timing_Leading0 = { 31 * 8 , 20 * 8 , 18 * 8 , 40 * 8 , 0 , 0 , 15 * 8 };
+T55xx_Timing T55xx_Timing_1of4 = { 31 * 8 , 20 * 8 , 18 * 8 , 34 * 8 , 50 * 8 , 66 * 8 , 15 * 8 };
+
+
+// Some defines for readability
+#define T55xx_LongLeadingReference 4 // Value to tell Write Bit to send long reference
+#define T55xx_DLMode_Fixed 0 // Default Mode
+#define T55xx_DLMode_LLR 1 // Long Leading Reference
+#define T55xx_DLMode_Leading0 2 // Leading Zero
+#define T55xx_DLMode_1of4 3 // 1 of 4
void TurnReadLFOn(int delay) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
}
// Read one card block in page [page]
-void T55xxReadBlock(uint16_t arg0, uint8_t Block, uint32_t Pwd) {
+void T55xxReadBlock (uint16_t arg0, uint8_t Block, uint32_t Pwd) {//, struct T55xx_Timing *Timing) {
+
LED_A_ON();
- bool PwdMode = arg0 & 0x1;
- uint8_t Page = (arg0 & 0x2) >> 1;
- uint32_t i = 0;
- bool RegReadMode = (Block == 0xFF);//regular read mode
- //clear buffer now so it does not interfere with timing later
- BigBuf_Clear_ext(false);
+ /*
+ arg bits
+ xxxxxxx1 0x01 PwdMode
+ xxxxxx1x 0x02 Page
+ xxxxx1xx 0x04 testMode
+ xxx11xxx 0x18 downlink mode
+ xx1xxxxx 0x20 reg_readmode
+ x1xxxxxx 0x40 called for a read, so no data packet
+ */
+
+ // Set Read Flag to ensure SendCMD does not add "data" to the packet
+ arg0 |= 0x40;
+
+ if (Block == 0xff) arg0 |= 0x20;
+
//make sure block is at max 7
Block &= 0x7;
-
+
+ //clear buffer now so it does not interfere with timing later
+ BigBuf_Clear_ext(false);
+
+ T55xx_SendCMD (0, Block, Pwd, arg0); //, true);
+
++/*
++// the send has been moved to the above SendCMD Call
++=======
++
+ // Set up FPGA, 125kHz to power up the tag
+ LFSetupFPGAForADC(95, true);
+ StartTicks();
+ // make sure tag is fully powered up...
+ WaitMS(5);
+ // Trigger T55x7 Direct Access Mode with start gap
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+ WaitUS(START_GAP);
+
+ // Opcode 1[page]
+ T55xxWriteBit(1);
+ T55xxWriteBit(Page); //Page 0
+
+ if (PwdMode) {
+ // Send Pwd
+ for (i = 0x80000000; i != 0; i >>= 1)
+ T55xxWriteBit(Pwd & i);
+ }
+ // Send a zero bit separation
+ T55xxWriteBit(0);
+
+ // Send Block number (if direct access mode)
+ if (!RegReadMode)
+ for (i = 0x04; i != 0; i >>= 1)
+ T55xxWriteBit(Block & i);
+
++
++*/
// Turn field on to read the response
// 137*8 seems to get to the start of data pretty well...
// but we want to go past the start and let the repeating data settle in...
projects / proxmark3-svn / commitdiff