| 1 | //----------------------------------------------------------------------------- |
| 2 | // ISO14443-A support for the Proxmark III |
| 3 | // Gerhard de Koning Gans, April 2008 |
| 4 | //----------------------------------------------------------------------------- |
| 5 | |
| 6 | // constants for the different modes: |
| 7 | `define SNIFFER 3'b000 |
| 8 | `define TAGSIM_LISTEN 3'b001 |
| 9 | `define TAGSIM_MOD 3'b010 |
| 10 | `define READER_LISTEN 3'b011 |
| 11 | `define READER_MOD 3'b100 |
| 12 | |
| 13 | module hi_iso14443a( |
| 14 | pck0, ck_1356meg, ck_1356megb, |
| 15 | pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4, |
| 16 | adc_d, adc_clk, |
| 17 | ssp_frame, ssp_din, ssp_dout, ssp_clk, |
| 18 | cross_hi, cross_lo, |
| 19 | dbg, |
| 20 | mod_type |
| 21 | ); |
| 22 | input pck0, ck_1356meg, ck_1356megb; |
| 23 | output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4; |
| 24 | input [7:0] adc_d; |
| 25 | output adc_clk; |
| 26 | input ssp_dout; |
| 27 | output ssp_frame, ssp_din, ssp_clk; |
| 28 | input cross_hi, cross_lo; |
| 29 | output dbg; |
| 30 | input [2:0] mod_type; |
| 31 | |
| 32 | |
| 33 | wire adc_clk = ck_1356meg; |
| 34 | |
| 35 | |
| 36 | |
| 37 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 38 | // Reader -> PM3: |
| 39 | // detecting and shaping the reader's signal. Reader will modulate the carrier by 100% (signal is either on or off). Use a |
| 40 | // hysteresis (Schmitt Trigger) to avoid false triggers during slowly increasing or decreasing carrier amplitudes |
| 41 | reg after_hysteresis; |
| 42 | reg [11:0] has_been_low_for; |
| 43 | |
| 44 | always @(negedge adc_clk) |
| 45 | begin |
| 46 | if(adc_d >= 16) after_hysteresis <= 1'b1; // U >= 1,14V -> after_hysteresis = 1 |
| 47 | else if(adc_d < 8) after_hysteresis <= 1'b0; // U < 1,04V -> after_hysteresis = 0 |
| 48 | // Note: was >= 3,53V and <= 1,19V. The new trigger values allow more reliable detection of the first bit |
| 49 | // (it might not reach 3,53V due to the high time constant of the high pass filter in the analogue RF part). |
| 50 | // In addition, the new values are more in line with ISO14443-2: "The PICC shall detect the ”End of Pause” after the field exceeds |
| 51 | // 5% of H_INITIAL and before it exceeds 60% of H_INITIAL." Depending on the signal strength, 60% might well be less than 3,53V. |
| 52 | |
| 53 | |
| 54 | // detecting a loss of reader's field (adc_d < 192 for 4096 clock cycles). If this is the case, |
| 55 | // set the detected reader signal (after_hysteresis) to '1' (unmodulated) |
| 56 | if(adc_d >= 192) |
| 57 | begin |
| 58 | has_been_low_for <= 12'd0; |
| 59 | end |
| 60 | else |
| 61 | begin |
| 62 | if(has_been_low_for == 12'd4095) |
| 63 | begin |
| 64 | has_been_low_for <= 12'd0; |
| 65 | after_hysteresis <= 1'b1; |
| 66 | end |
| 67 | else |
| 68 | begin |
| 69 | has_been_low_for <= has_been_low_for + 1; |
| 70 | end |
| 71 | end |
| 72 | |
| 73 | end |
| 74 | |
| 75 | |
| 76 | |
| 77 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 78 | // Reader -> PM3 |
| 79 | // detect when a reader is active (modulating). We assume that the reader is active, if we see the carrier off for at least 8 |
| 80 | // carrier cycles. We assume that the reader is inactive, if the carrier stayed high for at least 256 carrier cycles. |
| 81 | reg deep_modulation; |
| 82 | reg [2:0] deep_counter; |
| 83 | reg [8:0] saw_deep_modulation; |
| 84 | |
| 85 | always @(negedge adc_clk) |
| 86 | begin |
| 87 | if(~(| adc_d[7:0])) // if adc_d == 0 (U <= 0,94V) |
| 88 | begin |
| 89 | if(deep_counter == 3'd7) // adc_d == 0 for 8 adc_clk ticks -> deep_modulation (by reader) |
| 90 | begin |
| 91 | deep_modulation <= 1'b1; |
| 92 | saw_deep_modulation <= 8'd0; |
| 93 | end |
| 94 | else |
| 95 | deep_counter <= deep_counter + 1; |
| 96 | end |
| 97 | else |
| 98 | begin |
| 99 | deep_counter <= 3'd0; |
| 100 | if(saw_deep_modulation == 8'd255) // adc_d != 0 for 256 adc_clk ticks -> deep_modulation is over, probably waiting for tag's response |
| 101 | deep_modulation <= 1'b0; |
| 102 | else |
| 103 | saw_deep_modulation <= saw_deep_modulation + 1; |
| 104 | end |
| 105 | end |
| 106 | |
| 107 | |
| 108 | |
| 109 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 110 | // Tag -> PM3 |
| 111 | // filter the input for a tag's signal. The filter box needs the 4 previous input values and is a gaussian derivative filter |
| 112 | // for noise reduction and edge detection. |
| 113 | // store 4 previous samples: |
| 114 | reg [7:0] input_prev_4, input_prev_3, input_prev_2, input_prev_1; |
| 115 | |
| 116 | always @(negedge adc_clk) |
| 117 | begin |
| 118 | input_prev_4 <= input_prev_3; |
| 119 | input_prev_3 <= input_prev_2; |
| 120 | input_prev_2 <= input_prev_1; |
| 121 | input_prev_1 <= adc_d; |
| 122 | end |
| 123 | |
| 124 | // adc_d_filtered = 2*input_prev4 + 1*input_prev3 + 0*input_prev2 - 1*input_prev1 - 2*input |
| 125 | // = (2*input_prev4 + input_prev3) - (2*input + input_prev1) |
| 126 | wire [8:0] input_prev_4_times_2 = input_prev_4 << 1; |
| 127 | wire [8:0] adc_d_times_2 = adc_d << 1; |
| 128 | |
| 129 | wire [9:0] tmp1 = input_prev_4_times_2 + input_prev_3; |
| 130 | wire [9:0] tmp2 = adc_d_times_2 + input_prev_1; |
| 131 | |
| 132 | // convert intermediate signals to signed and calculate the filter output |
| 133 | wire signed [10:0] adc_d_filtered = {1'b0, tmp1} - {1'b0, tmp2}; |
| 134 | |
| 135 | |
| 136 | |
| 137 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 138 | // internal FPGA timing. Maximum required period is 128 carrier clock cycles for a full 8 Bit transfer to ARM. (i.e. we need a |
| 139 | // 7 bit counter). Adjust its frequency to external reader's clock when simulating a tag or sniffing. |
| 140 | reg pre_after_hysteresis; |
| 141 | reg [3:0] reader_falling_edge_time; |
| 142 | reg [6:0] negedge_cnt; |
| 143 | |
| 144 | always @(negedge adc_clk) |
| 145 | begin |
| 146 | // detect a reader signal's falling edge and remember its timing: |
| 147 | pre_after_hysteresis <= after_hysteresis; |
| 148 | if (pre_after_hysteresis && ~after_hysteresis) |
| 149 | begin |
| 150 | reader_falling_edge_time[3:0] <= negedge_cnt[3:0]; |
| 151 | end |
| 152 | |
| 153 | // adjust internal timer counter if necessary: |
| 154 | if (negedge_cnt[3:0] == 4'd13 && (mod_type == `SNIFFER || mod_type == `TAGSIM_LISTEN) && deep_modulation) |
| 155 | begin |
| 156 | if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time. |
| 157 | begin |
| 158 | negedge_cnt <= negedge_cnt + 2; // time warp |
| 159 | end |
| 160 | else if (reader_falling_edge_time == 4'd0) // reader signal changes right before sampling. Better sample later next time. |
| 161 | begin |
| 162 | negedge_cnt <= negedge_cnt; // freeze time |
| 163 | end |
| 164 | else |
| 165 | begin |
| 166 | negedge_cnt <= negedge_cnt + 1; // Continue as usual |
| 167 | end |
| 168 | reader_falling_edge_time[3:0] <= 4'd8; // adjust only once per detected edge |
| 169 | end |
| 170 | else if (negedge_cnt == 7'd127) // normal operation: count from 0 to 127 |
| 171 | begin |
| 172 | negedge_cnt <= 0; |
| 173 | end |
| 174 | else |
| 175 | begin |
| 176 | negedge_cnt <= negedge_cnt + 1; |
| 177 | end |
| 178 | end |
| 179 | |
| 180 | |
| 181 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 182 | // Tag -> PM3: |
| 183 | // determine best possible time for starting/resetting the modulation detector. |
| 184 | reg [3:0] mod_detect_reset_time; |
| 185 | |
| 186 | always @(negedge adc_clk) |
| 187 | begin |
| 188 | if (mod_type == `READER_LISTEN) |
| 189 | // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by |
| 190 | // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks). |
| 191 | // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e. |
| 192 | // at mod_detect_reset_time+4 and mod_detect_reset_time+12 (-4 ticks). |
| 193 | // 9 + 4 + 3 + 7 - 4 = 19. 19 mod 16 = 3 |
| 194 | begin |
| 195 | mod_detect_reset_time <= 4'd4; |
| 196 | end |
| 197 | else |
| 198 | if (mod_type == `SNIFFER) |
| 199 | begin |
| 200 | // detect a rising edge of reader's signal and sync modulation detector to the tag's answer: |
| 201 | if (~pre_after_hysteresis && after_hysteresis && deep_modulation) |
| 202 | // reader signal rising edge detected at negedge_cnt[3:0]. This signal had been delayed |
| 203 | // 9 ticks by the RF part + 3 ticks by the A/D converter + 1 tick to assign to after_hysteresis. |
| 204 | // Then the same as above. |
| 205 | // - 9 - 3 - 1 + 4 + 3 + 7 - 4 = -3 |
| 206 | begin |
| 207 | mod_detect_reset_time <= negedge_cnt[3:0] - 4'd3; |
| 208 | end |
| 209 | end |
| 210 | end |
| 211 | |
| 212 | |
| 213 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 214 | // Tag -> PM3: |
| 215 | // modulation detector. Looks for the steepest falling and rising edges within a 16 clock period. If there is both a significant |
| 216 | // falling and rising edge (in any order), a modulation is detected. |
| 217 | reg signed [10:0] rx_mod_falling_edge_max; |
| 218 | reg signed [10:0] rx_mod_rising_edge_max; |
| 219 | reg curbit; |
| 220 | |
| 221 | `define EDGE_DETECT_THRESHOLD 5 |
| 222 | |
| 223 | always @(negedge adc_clk) |
| 224 | begin |
| 225 | if(negedge_cnt[3:0] == mod_detect_reset_time) |
| 226 | begin |
| 227 | // detect modulation signal: if modulating, there must have been a falling AND a rising edge |
| 228 | if ((rx_mod_falling_edge_max > `EDGE_DETECT_THRESHOLD) && (rx_mod_rising_edge_max < -`EDGE_DETECT_THRESHOLD)) |
| 229 | curbit <= 1'b1; // modulation |
| 230 | else |
| 231 | curbit <= 1'b0; // no modulation |
| 232 | // reset modulation detector |
| 233 | rx_mod_rising_edge_max <= 0; |
| 234 | rx_mod_falling_edge_max <= 0; |
| 235 | end |
| 236 | else // look for steepest edges (slopes) |
| 237 | begin |
| 238 | if (adc_d_filtered > 0) |
| 239 | begin |
| 240 | if (adc_d_filtered > rx_mod_falling_edge_max) |
| 241 | rx_mod_falling_edge_max <= adc_d_filtered; |
| 242 | end |
| 243 | else |
| 244 | begin |
| 245 | if (adc_d_filtered < rx_mod_rising_edge_max) |
| 246 | rx_mod_rising_edge_max <= adc_d_filtered; |
| 247 | end |
| 248 | end |
| 249 | |
| 250 | end |
| 251 | |
| 252 | |
| 253 | |
| 254 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 255 | // Tag+Reader -> PM3 |
| 256 | // sample 4 bits reader data and 4 bits tag data for sniffing |
| 257 | reg [3:0] reader_data; |
| 258 | reg [3:0] tag_data; |
| 259 | |
| 260 | always @(negedge adc_clk) |
| 261 | begin |
| 262 | if(negedge_cnt[3:0] == 4'd0) |
| 263 | begin |
| 264 | reader_data[3:0] <= {reader_data[2:0], after_hysteresis}; |
| 265 | tag_data[3:0] <= {tag_data[2:0], curbit}; |
| 266 | end |
| 267 | end |
| 268 | |
| 269 | |
| 270 | |
| 271 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 272 | // PM3 -> Reader: |
| 273 | // a delay line to ensure that we send the (emulated) tag's answer at the correct time according to ISO14443-3 |
| 274 | reg [31:0] mod_sig_buf; |
| 275 | reg [4:0] mod_sig_ptr; |
| 276 | reg mod_sig; |
| 277 | |
| 278 | always @(negedge adc_clk) |
| 279 | begin |
| 280 | if(negedge_cnt[3:0] == 4'd0) // sample data at rising edge of ssp_clk - ssp_dout changes at the falling edge. |
| 281 | begin |
| 282 | mod_sig_buf[31:2] <= mod_sig_buf[30:1]; // shift |
| 283 | if (~ssp_dout && ~mod_sig_buf[1]) |
| 284 | mod_sig_buf[1] <= 1'b0; // delete the correction bit (a single 1 preceded and succeeded by 0) |
| 285 | else |
| 286 | mod_sig_buf[1] <= mod_sig_buf[0]; |
| 287 | mod_sig_buf[0] <= ssp_dout; // add new data to the delay line |
| 288 | |
| 289 | mod_sig = mod_sig_buf[mod_sig_ptr]; // the delayed signal. |
| 290 | end |
| 291 | end |
| 292 | |
| 293 | |
| 294 | |
| 295 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 296 | // PM3 -> Reader, internal timing: |
| 297 | // a timer for the 1172 cycles fdt (Frame Delay Time). Start the timer with a rising edge of the reader's signal. |
| 298 | // set fdt_elapsed when we no longer need to delay data. Set fdt_indicator when we can start sending data. |
| 299 | // Note: the FPGA only takes care for the 1172 delay. To achieve an additional 1236-1172=64 ticks delay, the ARM must send |
| 300 | // a correction bit (before the start bit). The correction bit will be coded as 00010000, i.e. it adds 4 bits to the |
| 301 | // transmission stream, causing the required additional delay. |
| 302 | reg [10:0] fdt_counter; |
| 303 | reg fdt_indicator, fdt_elapsed; |
| 304 | reg [3:0] mod_sig_flip; |
| 305 | reg [3:0] sub_carrier_cnt; |
| 306 | |
| 307 | // we want to achieve a delay of 1172. The RF part already has delayed the reader signals's rising edge |
| 308 | // by 9 ticks, the ADC took 3 ticks and there is always a delay of 32 ticks by the mod_sig_buf. Therefore need to |
| 309 | // count to 1172 - 9 - 3 - 32 = 1128 |
| 310 | `define FDT_COUNT 11'd1128 |
| 311 | |
| 312 | // The ARM must not send too early, otherwise the mod_sig_buf will overflow, therefore signal that we are ready |
| 313 | // with fdt_indicator. The mod_sig_buf can buffer 29 excess data bits, i.e. a maximum delay of 29 * 16 = 464 adc_clk ticks. |
| 314 | // fdt_indicator could appear at ssp_din after 1 tick, the transfer needs 16 ticks, the ARM can send 128 ticks later. |
| 315 | // 1128 - 464 - 1 - 128 - 8 = 535 |
| 316 | `define FDT_INDICATOR_COUNT 11'd535 |
| 317 | |
| 318 | // reset on a pause in listen mode. I.e. the counter starts when the pause is over: |
| 319 | assign fdt_reset = ~after_hysteresis && mod_type == `TAGSIM_LISTEN; |
| 320 | |
| 321 | always @(negedge adc_clk) |
| 322 | begin |
| 323 | if (fdt_reset) |
| 324 | begin |
| 325 | fdt_counter <= 11'd0; |
| 326 | fdt_elapsed <= 1'b0; |
| 327 | fdt_indicator <= 1'b0; |
| 328 | end |
| 329 | else |
| 330 | begin |
| 331 | if(fdt_counter == `FDT_COUNT) |
| 332 | begin |
| 333 | if(~fdt_elapsed) // just reached fdt. |
| 334 | begin |
| 335 | mod_sig_flip <= negedge_cnt[3:0]; // start modulation at this time |
| 336 | sub_carrier_cnt <= 4'd0; // subcarrier phase in sync with start of modulation |
| 337 | fdt_elapsed <= 1'b1; |
| 338 | end |
| 339 | else |
| 340 | begin |
| 341 | sub_carrier_cnt <= sub_carrier_cnt + 1; |
| 342 | end |
| 343 | end |
| 344 | else |
| 345 | begin |
| 346 | fdt_counter <= fdt_counter + 1; |
| 347 | end |
| 348 | end |
| 349 | |
| 350 | if(fdt_counter == `FDT_INDICATOR_COUNT) fdt_indicator <= 1'b1; |
| 351 | end |
| 352 | |
| 353 | |
| 354 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 355 | // PM3 -> Reader or Tag |
| 356 | // assign a modulation signal to the antenna. This signal is either a delayed signal (to achieve fdt when sending to a reader) |
| 357 | // or undelayed when sending to a tag |
| 358 | reg mod_sig_coil; |
| 359 | |
| 360 | always @(negedge adc_clk) |
| 361 | begin |
| 362 | if (mod_type == `TAGSIM_MOD) // need to take care of proper fdt timing |
| 363 | begin |
| 364 | if(fdt_counter == `FDT_COUNT) |
| 365 | begin |
| 366 | if(fdt_elapsed) |
| 367 | begin |
| 368 | if(negedge_cnt[3:0] == mod_sig_flip) mod_sig_coil <= mod_sig; |
| 369 | end |
| 370 | else |
| 371 | begin |
| 372 | mod_sig_coil <= mod_sig; // just reached fdt. Immediately assign signal to coil |
| 373 | end |
| 374 | end |
| 375 | end |
| 376 | else // other modes: don't delay |
| 377 | begin |
| 378 | mod_sig_coil <= ssp_dout; |
| 379 | end |
| 380 | end |
| 381 | |
| 382 | |
| 383 | |
| 384 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 385 | // PM3 -> Reader |
| 386 | // determine the required delay in the mod_sig_buf (set mod_sig_ptr). |
| 387 | reg temp_buffer_reset; |
| 388 | |
| 389 | always @(negedge adc_clk) |
| 390 | begin |
| 391 | if(fdt_reset) |
| 392 | begin |
| 393 | mod_sig_ptr <= 5'd0; |
| 394 | temp_buffer_reset = 1'b0; |
| 395 | end |
| 396 | else |
| 397 | begin |
| 398 | if(fdt_counter == `FDT_COUNT && ~fdt_elapsed) // if we just reached fdt |
| 399 | if(~(| mod_sig_ptr[4:0])) |
| 400 | mod_sig_ptr <= 5'd8; // ... but didn't buffer a 1 yet, delay next 1 by n*128 ticks. |
| 401 | else |
| 402 | temp_buffer_reset = 1'b1; // else no need for further delays. |
| 403 | |
| 404 | if(negedge_cnt[3:0] == 4'd0) // at rising edge of ssp_clk - ssp_dout changes at the falling edge. |
| 405 | begin |
| 406 | if((ssp_dout || (| mod_sig_ptr[4:0])) && ~fdt_elapsed) // buffer a 1 (and all subsequent data) until fdt is reached. |
| 407 | if (mod_sig_ptr == 5'd31) |
| 408 | mod_sig_ptr <= 5'd0; // buffer overflow - data loss. |
| 409 | else |
| 410 | mod_sig_ptr <= mod_sig_ptr + 1; // increase buffer (= increase delay by 16 adc_clk ticks). mod_sig_ptr always points ahead of first 1. |
| 411 | else if(fdt_elapsed && ~temp_buffer_reset) |
| 412 | begin |
| 413 | // wait for the next 1 after fdt_elapsed before fixing the delay and starting modulation. This ensures that the response can only happen |
| 414 | // at intervals of 8 * 16 = 128 adc_clk ticks (as defined in ISO14443-3) |
| 415 | if(ssp_dout) |
| 416 | temp_buffer_reset = 1'b1; |
| 417 | if(mod_sig_ptr == 5'd1) |
| 418 | mod_sig_ptr <= 5'd8; // still nothing received, need to go for the next interval |
| 419 | else |
| 420 | mod_sig_ptr <= mod_sig_ptr - 1; // decrease buffer. |
| 421 | end |
| 422 | end |
| 423 | end |
| 424 | end |
| 425 | |
| 426 | |
| 427 | |
| 428 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 429 | // FPGA -> ARM communication: |
| 430 | // buffer 8 bits data to be sent to ARM. Shift them out bit by bit. |
| 431 | reg [7:0] to_arm; |
| 432 | |
| 433 | always @(negedge adc_clk) |
| 434 | begin |
| 435 | if (negedge_cnt[5:0] == 6'd63) // fill the buffer |
| 436 | begin |
| 437 | if (mod_type == `SNIFFER) |
| 438 | begin |
| 439 | if(deep_modulation) // a reader is sending (or there's no field at all) |
| 440 | begin |
| 441 | to_arm <= {reader_data[3:0], 4'b0000}; // don't send tag data |
| 442 | end |
| 443 | else |
| 444 | begin |
| 445 | to_arm <= {reader_data[3:0], tag_data[3:0]}; |
| 446 | end |
| 447 | end |
| 448 | else |
| 449 | begin |
| 450 | to_arm[7:0] <= {mod_sig_ptr[4:0], mod_sig_flip[3:1]}; // feedback timing information |
| 451 | end |
| 452 | end |
| 453 | |
| 454 | if(negedge_cnt[2:0] == 3'b000 && mod_type == `SNIFFER) // shift at double speed |
| 455 | begin |
| 456 | // Don't shift if we just loaded new data, obviously. |
| 457 | if(negedge_cnt[5:0] != 6'd0) |
| 458 | begin |
| 459 | to_arm[7:1] <= to_arm[6:0]; |
| 460 | end |
| 461 | end |
| 462 | |
| 463 | if(negedge_cnt[3:0] == 4'b0000 && mod_type != `SNIFFER) |
| 464 | begin |
| 465 | // Don't shift if we just loaded new data, obviously. |
| 466 | if(negedge_cnt[6:0] != 7'd0) |
| 467 | begin |
| 468 | to_arm[7:1] <= to_arm[6:0]; |
| 469 | end |
| 470 | end |
| 471 | |
| 472 | end |
| 473 | |
| 474 | |
| 475 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 476 | // FPGA <-> ARM communication: |
| 477 | // generate a ssp clock and ssp frame signal for the synchronous transfer from/to the ARM |
| 478 | reg ssp_clk; |
| 479 | reg ssp_frame; |
| 480 | |
| 481 | always @(negedge adc_clk) |
| 482 | begin |
| 483 | if(mod_type == `SNIFFER) |
| 484 | // SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)): |
| 485 | begin |
| 486 | if(negedge_cnt[2:0] == 3'd0) |
| 487 | ssp_clk <= 1'b1; |
| 488 | if(negedge_cnt[2:0] == 3'd4) |
| 489 | ssp_clk <= 1'b0; |
| 490 | |
| 491 | if(negedge_cnt[5:0] == 6'd0) // ssp_frame rising edge indicates start of frame |
| 492 | ssp_frame <= 1'b1; |
| 493 | if(negedge_cnt[5:0] == 6'd8) |
| 494 | ssp_frame <= 1'b0; |
| 495 | end |
| 496 | else |
| 497 | // all other modes (ssp_clk = adc_clk / 16, ssp_frame clock = adc_clk / 128): |
| 498 | begin |
| 499 | if(negedge_cnt[3:0] == 4'd0) |
| 500 | ssp_clk <= 1'b1; |
| 501 | if(negedge_cnt[3:0] == 4'd8) |
| 502 | ssp_clk <= 1'b0; |
| 503 | |
| 504 | if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame |
| 505 | ssp_frame <= 1'b1; |
| 506 | if(negedge_cnt[6:0] == 7'd23) |
| 507 | ssp_frame <= 1'b0; |
| 508 | end |
| 509 | end |
| 510 | |
| 511 | |
| 512 | |
| 513 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
| 514 | // FPGA -> ARM communication: |
| 515 | // select the data to be sent to ARM |
| 516 | reg bit_to_arm; |
| 517 | reg sendbit; |
| 518 | |
| 519 | always @(negedge adc_clk) |
| 520 | begin |
| 521 | if(negedge_cnt[3:0] == 4'd0) |
| 522 | begin |
| 523 | // What do we communicate to the ARM |
| 524 | if(mod_type == `TAGSIM_LISTEN) |
| 525 | sendbit = after_hysteresis; |
| 526 | else if(mod_type == `TAGSIM_MOD) |
| 527 | /* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh? |
| 528 | else */ |
| 529 | sendbit = fdt_indicator; |
| 530 | else if (mod_type == `READER_LISTEN) |
| 531 | sendbit = curbit; |
| 532 | else |
| 533 | sendbit = 1'b0; |
| 534 | end |
| 535 | |
| 536 | |
| 537 | if(mod_type == `SNIFFER) |
| 538 | // send sampled reader and tag data: |
| 539 | bit_to_arm = to_arm[7]; |
| 540 | else if (mod_type == `TAGSIM_MOD && fdt_elapsed && temp_buffer_reset) |
| 541 | // send timing information: |
| 542 | bit_to_arm = to_arm[7]; |
| 543 | else |
| 544 | // send data or fdt_indicator |
| 545 | bit_to_arm = sendbit; |
| 546 | end |
| 547 | |
| 548 | |
| 549 | |
| 550 | |
| 551 | assign ssp_din = bit_to_arm; |
| 552 | |
| 553 | // Subcarrier (adc_clk/16, for TAGSIM_MOD only). |
| 554 | wire sub_carrier; |
| 555 | assign sub_carrier = ~sub_carrier_cnt[3]; |
| 556 | |
| 557 | // in READER_MOD: drop carrier for mod_sig_coil==1 (pause); in READER_LISTEN: carrier always on; in other modes: carrier always off |
| 558 | assign pwr_hi = (ck_1356megb & (((mod_type == `READER_MOD) & ~mod_sig_coil) || (mod_type == `READER_LISTEN))); |
| 559 | |
| 560 | |
| 561 | // Enable HF antenna drivers: |
| 562 | assign pwr_oe1 = 1'b0; |
| 563 | assign pwr_oe3 = 1'b0; |
| 564 | |
| 565 | // TAGSIM_MOD: short circuit antenna with different resistances (modulated by sub_carrier modulated by mod_sig_coil) |
| 566 | // for pwr_oe4 = 1 (tristate): antenna load = 10k || 33 = 32,9 Ohms |
| 567 | // for pwr_oe4 = 0 (active): antenna load = 10k || 33 || 33 = 16,5 Ohms |
| 568 | assign pwr_oe4 = mod_sig_coil & sub_carrier & (mod_type == `TAGSIM_MOD); |
| 569 | |
| 570 | // This is all LF, so doesn't matter. |
| 571 | assign pwr_oe2 = 1'b0; |
| 572 | assign pwr_lo = 1'b0; |
| 573 | |
| 574 | |
| 575 | assign dbg = negedge_cnt[3]; |
| 576 | |
| 577 | endmodule |