]> cvs.zerfleddert.de Git - proxmark3-svn/blame - fpga/hi_simulate.v
fix 'hf iclass replay' (#888)
[proxmark3-svn] / fpga / hi_simulate.v
CommitLineData
ba06a4b6 1//-----------------------------------------------------------------------------
2// Pretend to be an ISO 14443 tag. We will do this by alternately short-
3// circuiting and open-circuiting the antenna coil, with the tri-state
4// pins.
5//
6// We communicate over the SSP, as a bitstream (i.e., might as well be
7// unframed, though we still generate the word sync signal). The output
8// (ARM -> FPGA) tells us whether to modulate or not. The input (FPGA
9// -> ARM) is us using the A/D as a fancy comparator; this is with
10// (software-added) hysteresis, to undo the high-pass filter.
11//
12// At this point only Type A is implemented. This means that we are using a
13// bit rate of 106 kbit/s, or fc/128. Oversample by 4, which ought to make
14// things practical for the ARM (fc/32, 423.8 kbits/s, ~50 kbytes/s)
15//
16// Jonathan Westhues, October 2006
17//-----------------------------------------------------------------------------
18
19module hi_simulate(
5ea2a248 20 ck_1356meg,
ba06a4b6 21 pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
22 adc_d, adc_clk,
23 ssp_frame, ssp_din, ssp_dout, ssp_clk,
ba06a4b6 24 dbg,
25 mod_type
26);
5ea2a248 27 input ck_1356meg;
ba06a4b6 28 output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
29 input [7:0] adc_d;
30 output adc_clk;
31 input ssp_dout;
32 output ssp_frame, ssp_din, ssp_clk;
ba06a4b6 33 output dbg;
cd028159 34 input [3:0] mod_type;
ba06a4b6 35
5b12974a 36assign adc_clk = ck_1356meg;
ba06a4b6 37
38// The comparator with hysteresis on the output from the peak detector.
39reg after_hysteresis;
5b12974a 40reg [11:0] has_been_low_for;
ba06a4b6 41
42always @(negedge adc_clk)
43begin
5b12974a 44 if (& adc_d[7:5]) after_hysteresis <= 1'b1; // if (adc_d >= 224)
45 else if (~(| adc_d[7:5])) after_hysteresis <= 1'b0; // if (adc_d <= 31)
46
47 if (adc_d >= 224)
48 begin
49 has_been_low_for <= 12'd0;
50 end
51 else
52 begin
53 if (has_been_low_for == 12'd4095)
54 begin
55 has_been_low_for <= 12'd0;
56 after_hysteresis <= 1'b1;
57 end
58 else
59 begin
60 has_been_low_for <= has_been_low_for + 1;
61 end
62 end
ba06a4b6 63end
64
645c960f 65
1b902aa0 66// Divide 13.56 MHz to produce various frequencies for SSP_CLK
8c6cca0b 67// and modulation.
a66f26da 68reg [8:0] ssp_clk_divider;
645c960f 69
a66f26da 70always @(negedge adc_clk)
ba06a4b6 71 ssp_clk_divider <= (ssp_clk_divider + 1);
645c960f
MHS
72
73reg ssp_clk;
1b902aa0 74
645c960f
MHS
75always @(negedge adc_clk)
76begin
a66f26da 77 if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_424K_8BIT)
1b902aa0 78 // Get bit every at 53KHz (every 8th carrier bit of 424kHz)
a66f26da 79 ssp_clk <= ~ssp_clk_divider[7];
80 else if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K)
1b902aa0 81 // Get next bit at 212kHz
a66f26da 82 ssp_clk <= ~ssp_clk_divider[5];
645c960f 83 else
1b902aa0 84 // Get next bit at 424Khz
a66f26da 85 ssp_clk <= ~ssp_clk_divider[4];
645c960f
MHS
86end
87
88
a66f26da 89// Produce the byte framing signal; the phase of this signal
90// is arbitrary, because it's just a bit stream in this module.
1b902aa0 91reg ssp_frame;
a66f26da 92always @(negedge adc_clk)
93begin
94 if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K)
95 begin
96 if (ssp_clk_divider[8:5] == 4'd1)
97 ssp_frame <= 1'b1;
98 if (ssp_clk_divider[8:5] == 4'd5)
99 ssp_frame <= 1'b0;
100 end
101 else
102 begin
103 if (ssp_clk_divider[7:4] == 4'd1)
104 ssp_frame <= 1'b1;
105 if (ssp_clk_divider[7:4] == 4'd5)
106 ssp_frame <= 1'b0;
107 end
108end
109
ba06a4b6 110
111// Synchronize up the after-hysteresis signal, to produce DIN.
112reg ssp_din;
113always @(posedge ssp_clk)
114 ssp_din = after_hysteresis;
115
1b902aa0 116// Modulating carrier frequency is fc/64 (212kHz) to fc/16 (848kHz). Reuse ssp_clk divider for that.
ba06a4b6 117reg modulating_carrier;
5ea2a248 118always @(*)
119 if (mod_type == `FPGA_HF_SIMULATOR_NO_MODULATION)
ba06a4b6 120 modulating_carrier <= 1'b0; // no modulation
5ea2a248 121 else if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_BPSK)
ba06a4b6 122 modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK
5ea2a248 123 else if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_212K)
1b902aa0 124 modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off
5ea2a248 125 else if (mod_type == `FPGA_HF_SIMULATOR_MODULATE_424K || mod_type == `FPGA_HF_SIMULATOR_MODULATE_424K_8BIT)
1b902aa0 126 modulating_carrier <= ssp_dout & ssp_clk_divider[4]; // switch 424kHz modulation on/off
ba06a4b6 127 else
128 modulating_carrier <= 1'b0; // yet unused
129
ba06a4b6 130
8c6cca0b 131// Load modulation. Toggle only one of these, since we are already producing much deeper
ba06a4b6 132// modulation than a real tag would.
8c6cca0b 133assign pwr_hi = 1'b0; // HF antenna connected to GND
134assign pwr_oe3 = 1'b0; // 10k Load
8efd0b80 135assign pwr_oe1 = 1'b0; // 33 Ohms Load
8c6cca0b 136assign pwr_oe4 = modulating_carrier; // 33 Ohms Load
137
138// This is all LF and doesn't matter
139assign pwr_lo = 1'b0;
140assign pwr_oe2 = 1'b0;
ba06a4b6 141
ba06a4b6 142
a66f26da 143assign dbg = ssp_frame;
ba06a4b6 144
145endmodule
Impressum, Datenschutz