]> cvs.zerfleddert.de Git - proxmark3-svn/blame - fpga/hi_simulate.v
There's no painless way to do this, but it needs to be done --
[proxmark3-svn] / fpga / hi_simulate.v
CommitLineData
6658905f 1//-----------------------------------------------------------------------------\r
2// Pretend to be an ISO 14443 tag. We will do this by alternately short-\r
3// circuiting and open-circuiting the antenna coil, with the tri-state\r
4// pins. \r
5//\r
6// We communicate over the SSP, as a bitstream (i.e., might as well be\r
7// unframed, though we still generate the word sync signal). The output\r
8// (ARM -> FPGA) tells us whether to modulate or not. The input (FPGA\r
9// -> ARM) is us using the A/D as a fancy comparator; this is with\r
10// (software-added) hysteresis, to undo the high-pass filter.\r
11//\r
12// At this point only Type A is implemented. This means that we are using a\r
13// bit rate of 106 kbit/s, or fc/128. Oversample by 4, which ought to make\r
14// things practical for the ARM (fc/32, 423.8 kbits/s, ~50 kbytes/s)\r
15//\r
16// Jonathan Westhues, October 2006\r
17//-----------------------------------------------------------------------------\r
18\r
19module hi_simulate(\r
20 pck0, ck_1356meg, ck_1356megb,\r
21 pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,\r
22 adc_d, adc_clk,\r
23 ssp_frame, ssp_din, ssp_dout, ssp_clk,\r
24 cross_hi, cross_lo,\r
25 dbg,\r
26 mod_type\r
27);\r
28 input pck0, ck_1356meg, ck_1356megb;\r
29 output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;\r
30 input [7:0] adc_d;\r
31 output adc_clk;\r
32 input ssp_dout;\r
33 output ssp_frame, ssp_din, ssp_clk;\r
34 input cross_hi, cross_lo;\r
35 output dbg;\r
36 input [2:0] mod_type;\r
37\r
38// Power amp goes between LOW and tri-state, so pwr_hi (and pwr_lo) can\r
39// always be low.\r
40assign pwr_hi = 1'b0;\r
41assign pwr_lo = 1'b0;\r
42\r
43// The comparator with hysteresis on the output from the peak detector.\r
44reg after_hysteresis;\r
45assign adc_clk = ck_1356meg;\r
46\r
47always @(negedge adc_clk)\r
48begin\r
49 if(& adc_d[7:5]) after_hysteresis = 1'b1;\r
50 else if(~(| adc_d[7:5])) after_hysteresis = 1'b0;\r
51end\r
52\r
53// Divide 13.56 MHz by 32 to produce the SSP_CLK\r
ecf53cb2 54// The register is bigger to allow higher division factors of up to /128\r
55reg [6:0] ssp_clk_divider;\r
6658905f 56always @(posedge adc_clk)\r
57 ssp_clk_divider <= (ssp_clk_divider + 1);\r
58assign ssp_clk = ssp_clk_divider[4];\r
59\r
60// Divide SSP_CLK by 8 to produce the byte framing signal; the phase of\r
61// this is arbitrary, because it's just a bitstream.\r
62// One nasty issue, though: I can't make it work with both rx and tx at\r
63// once. The phase wrt ssp_clk must be changed. TODO to find out why\r
64// that is and make a better fix.\r
65reg [2:0] ssp_frame_divider_to_arm;\r
66always @(posedge ssp_clk)\r
67 ssp_frame_divider_to_arm <= (ssp_frame_divider_to_arm + 1);\r
68reg [2:0] ssp_frame_divider_from_arm;\r
69always @(negedge ssp_clk)\r
70 ssp_frame_divider_from_arm <= (ssp_frame_divider_from_arm + 1);\r
71\r
72reg ssp_frame;\r
73always @(ssp_frame_divider_to_arm or ssp_frame_divider_from_arm or mod_type)\r
74 if(mod_type == 3'b000) // not modulating, so listening, to ARM\r
75 ssp_frame = (ssp_frame_divider_to_arm == 3'b000);\r
76 else\r
77 ssp_frame = (ssp_frame_divider_from_arm == 3'b000);\r
78\r
79// Synchronize up the after-hysteresis signal, to produce DIN.\r
80reg ssp_din;\r
81always @(posedge ssp_clk)\r
82 ssp_din = after_hysteresis;\r
83\r
84// Modulating carrier frequency is fc/16, reuse ssp_clk divider for that\r
85reg modulating_carrier;\r
86always @(mod_type or ssp_clk or ssp_dout)\r
87 if(mod_type == 3'b000)\r
88 modulating_carrier <= 1'b0; // no modulation\r
89 else if(mod_type == 3'b001)\r
90 modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK\r
ecf53cb2 91 else if(mod_type == 3'b010)\r
92 modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off\r
6658905f 93 else\r
94 modulating_carrier <= 1'b0; // yet unused\r
95\r
96// This one is all LF, so doesn't matter\r
97assign pwr_oe2 = modulating_carrier;\r
98\r
99// Toggle only one of these, since we are already producing much deeper\r
100// modulation than a real tag would.\r
101assign pwr_oe1 = modulating_carrier;\r
102assign pwr_oe4 = modulating_carrier;\r
103\r
104// This one is always on, so that we can watch the carrier.\r
105assign pwr_oe3 = 1'b0;\r
106\r
107assign dbg = after_hysteresis;\r
108\r
109endmodule\r
Impressum, Datenschutz