prettify tune output

[proxmark3-svn] / armsrc / iso15693.c

//-----------------------------------------------------------------------------\r
// Routines to support ISO 15693. This includes both the reader software and\r
// the `fake tag' modes, but at the moment I've implemented only the reader\r
// stuff, and that barely.\r
// Jonathan Westhues, split Nov 2006\r
\r
// Modified by Greg Jones, Jan 2009 to perform modulation onboard in arm rather than on PC\r
// Also added additional reader commands (SELECT, READ etc.)\r
\r
//-----------------------------------------------------------------------------\r
#include <proxmark3.h>\r
#include "apps.h"\r
#include <stdio.h>\r
#include <stdlib.h>\r
\r
// FROM winsrc\prox.h //////////////////////////////////\r
#define arraylen(x) (sizeof(x)/sizeof((x)[0]))\r
\r
//-----------------------------------------------------------------------------\r
// Map a sequence of octets (~layer 2 command) into the set of bits to feed\r
// to the FPGA, to transmit that command to the tag.\r
//-----------------------------------------------------------------------------\r
\r
	\r
\r
\r
	// The sampling rate is 106.353 ksps/s, for T = 18.8 us\r
\r
	// SOF defined as \r
	// 1) Unmodulated time of 56.64us\r
	// 2) 24 pulses of 423.75khz\r
	// 3) logic '1' (unmodulated for 18.88us followed by 8 pulses of 423.75khz)\r
\r
	static const int FrameSOF[] = {\r
		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,\r
		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,\r
		 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,\r
		 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,\r
		-1, -1, -1, -1,\r
		-1, -1, -1, -1,\r
		 1,  1,  1,  1,\r
		 1,  1,  1,  1\r
	};\r
	static const int Logic0[] = {\r
		 1,  1,  1,  1,\r
		 1,  1,  1,  1,\r
		-1, -1, -1, -1,\r
		-1, -1, -1, -1\r
	};\r
	static const int Logic1[] = {\r
		-1, -1, -1, -1,\r
		-1, -1, -1, -1,\r
		 1,  1,  1,  1,\r
		 1,  1,  1,  1\r
	};\r
\r
	// EOF defined as \r
	// 1) logic '0' (8 pulses of 423.75khz followed by unmodulated for 18.88us)\r
	// 2) 24 pulses of 423.75khz\r
	// 3) Unmodulated time of 56.64us\r
\r
	static const int FrameEOF[] = {\r
		 1,  1,  1,  1,\r
		 1,  1,  1,  1,\r
		-1, -1, -1, -1,\r
		-1, -1, -1, -1,\r
		 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,\r
		 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,\r
		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,\r
		-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1\r
	};\r
\r
\r
\r
\r
static void CodeIso15693AsReader(BYTE *cmd, int n)\r
{\r
	int i, j;\r
\r
	ToSendReset();\r
\r
	// Give it a bit of slack at the beginning\r
	for(i = 0; i < 24; i++) {\r
		ToSendStuffBit(1);\r
	}\r
\r
	ToSendStuffBit(0);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(0);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(1);\r
	for(i = 0; i < n; i++) {\r
		for(j = 0; j < 8; j += 2) {\r
			int these = (cmd[i] >> j) & 3;\r
			switch(these) {\r
				case 0:\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(0);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					break;\r
				case 1:\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(0);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					break;\r
				case 2:\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(0);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					break;\r
				case 3:\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(1);\r
					ToSendStuffBit(0);\r
					break;\r
			}\r
		}\r
	}\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(1);\r
	ToSendStuffBit(0);\r
	ToSendStuffBit(1);\r
\r
	// And slack at the end, too.\r
	for(i = 0; i < 24; i++) {\r
		ToSendStuffBit(1);\r
	}\r
}\r
\r
//-----------------------------------------------------------------------------\r
// The CRC used by ISO 15693.\r
//-----------------------------------------------------------------------------\r
static WORD Crc(BYTE *v, int n)\r
{\r
	DWORD reg;\r
	int i, j;\r
\r
	reg = 0xffff;\r
	for(i = 0; i < n; i++) {\r
		reg = reg ^ ((DWORD)v[i]);\r
		for (j = 0; j < 8; j++) {\r
			if (reg & 0x0001) {\r
				reg = (reg >> 1) ^ 0x8408;\r
			} else {\r
				reg = (reg >> 1);\r
			}\r
		}\r
	}\r
\r
	return ~reg;\r
}\r
\r
////////////////////////////////////////// code to do 'itoa'\r
 \r
\r
\r
/* reverse:  reverse string s in place */\r
void reverse(char s[])\r
{\r
    int c, i, j;\r
\r
    for (i = 0, j = strlen(s)-1; i<j; i++, j--) {\r
        c = s[i];\r
        s[i] = s[j];\r
        s[j] = c;\r
    }\r
}\r
\r
/* itoa:  convert n to characters in s */\r
void itoa(int n, char s[])\r
{\r
    int i, sign;\r
\r
    if ((sign = n) < 0)  /* record sign */\r
        n = -n;          /* make n positive */\r
    i = 0;\r
    do {       /* generate digits in reverse order */\r
        s[i++] = n % 10 + '0';   /* get next digit */\r
    } while ((n /= 10) > 0);     /* delete it */\r
    if (sign < 0)\r
        s[i++] = '-';\r
    s[i] = '\0';\r
    reverse(s);\r
} \r
\r
//////////////////////////////////////// END 'itoa' CODE\r
\r
\r
//-----------------------------------------------------------------------------\r
// Encode (into the ToSend buffers) an identify request, which is the first\r
// thing that you must send to a tag to get a response.\r
//-----------------------------------------------------------------------------\r
static void BuildIdentifyRequest(void)\r
{\r
	BYTE cmd[5];\r
\r
	WORD crc;\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	// AFI is at bit 5 (1<<4) when doing an INVENTORY\r
	cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); \r
	// inventory command code\r
	cmd[1] = 0x01;\r
	// no mask\r
	cmd[2] = 0x00;\r
	//Now the CRC\r
	crc = Crc(cmd, 3);\r
	cmd[3] = crc & 0xff;\r
	cmd[4] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
static void BuildSysInfoRequest(BYTE *uid)\r
{\r
	BYTE cmd[12];\r
\r
	WORD crc;\r
	// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block\r
	// followed by teh block data\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	cmd[0] =  (1 << 5) | (1 << 1); // no SELECT bit\r
	// System Information command code\r
	cmd[1] = 0x2B;\r
	// UID may be optionally specified here\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0; // always e0 (not exactly unique) 	\r
	//Now the CRC\r
	crc = Crc(cmd, 10); // the crc needs to be calculated over 2 bytes \r
	cmd[10] = crc & 0xff;\r
	cmd[11] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
static void BuildSelectRequest( BYTE uid[])\r
{\r
	\r
//	uid[6]=0x31;  // this is getting ignored - the uid array is not happening...\r
	BYTE cmd[12];\r
\r
	WORD crc;\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	//cmd[0] = (1 << 2) | (1 << 5) | (1 << 1);	// INVENTROY FLAGS\r
	cmd[0] = (1 << 4) | (1 << 5) | (1 << 1);	// Select and addressed FLAGS\r
	// SELECT command code\r
	cmd[1] = 0x25;\r
	// 64-bit UID\r
//	cmd[2] = uid[0];//0x32;\r
//	cmd[3]= uid[1];//0x4b;\r
//	cmd[4] = uid[2];//0x03;\r
//	cmd[5] = uid[3];//0x01;\r
//	cmd[6] = uid[4];//0x00;\r
//	cmd[7] = uid[5];//0x10;\r
//	cmd[8] = uid[6];//0x05; \r
	cmd[2] = 0x32;//\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; // infineon?\r
\r
	cmd[9]= 0xe0; // always e0 (not exactly unique) \r
\r
//	DbpIntegers(cmd[8],cmd[7],cmd[6]);\r
	// Now the CRC\r
	crc = Crc(cmd, 10); // the crc needs to be calculated over 10 bytes \r
	cmd[10] = crc & 0xff;\r
	cmd[11] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
static void BuildReadBlockRequest(BYTE *uid, BYTE blockNumber )\r
{\r
	BYTE cmd[13];\r
\r
	WORD crc;\r
	// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block\r
	// followed by teh block data\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	cmd[0] = (1 << 6)| (1 << 5) | (1 << 1); // no SELECT bit\r
	// READ BLOCK command code\r
	cmd[1] = 0x20;\r
	// UID may be optionally specified here\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0; // always e0 (not exactly unique) 	\r
	// Block number to read\r
	cmd[10] = blockNumber;//0x00;\r
	//Now the CRC\r
	crc = Crc(cmd, 11); // the crc needs to be calculated over 2 bytes \r
	cmd[11] = crc & 0xff;\r
	cmd[12] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
\r
static void BuildReadMultiBlockRequest(BYTE *uid)\r
{\r
	BYTE cmd[14];\r
\r
	WORD crc;\r
	// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block\r
	// followed by teh block data\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	cmd[0] =  (1 << 5) | (1 << 1); // no SELECT bit\r
	// READ Multi BLOCK command code\r
	cmd[1] = 0x23;\r
	// UID may be optionally specified here\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0; // always e0 (not exactly unique) 	\r
	// First Block number to read\r
	cmd[10] = 0x00;\r
	// Number of Blocks to read\r
	cmd[11] = 0x2f; // read quite a few\r
	//Now the CRC\r
	crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes \r
	cmd[12] = crc & 0xff;\r
	cmd[13] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
static void BuildArbitraryRequest(BYTE *uid,BYTE CmdCode)\r
{\r
	BYTE cmd[14];\r
\r
	WORD crc;\r
	// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block\r
	// followed by teh block data\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	cmd[0] =   (1 << 5) | (1 << 1); // no SELECT bit\r
	// READ BLOCK command code\r
	cmd[1] = CmdCode;\r
	// UID may be optionally specified here\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0; // always e0 (not exactly unique) 	\r
	// Parameter\r
	cmd[10] = 0x00;\r
	cmd[11] = 0x0a;\r
\r
//	cmd[12] = 0x00;\r
//	cmd[13] = 0x00;	//Now the CRC\r
	crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes \r
	cmd[12] = crc & 0xff;\r
	cmd[13] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
static void BuildArbitraryCustomRequest(BYTE *uid,BYTE CmdCode)\r
{\r
	BYTE cmd[14];\r
\r
	WORD crc;\r
	// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block\r
	// followed by teh block data\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	cmd[0] =   (1 << 5) | (1 << 1); // no SELECT bit\r
	// READ BLOCK command code\r
	cmd[1] = CmdCode;\r
	// UID may be optionally specified here\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0; // always e0 (not exactly unique) 	\r
	// Parameter\r
	cmd[10] = 0x05; // for custom codes this must be manufcturer code\r
	cmd[11] = 0x00;\r
\r
//	cmd[12] = 0x00;\r
//	cmd[13] = 0x00;	//Now the CRC\r
	crc = Crc(cmd, 12); // the crc needs to be calculated over 2 bytes \r
	cmd[12] = crc & 0xff;\r
	cmd[13] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
/////////////////////////////////////////////////////////////////////////\r
// Now the VICC>VCD responses when we are simulating a tag\r
////////////////////////////////////////////////////////////////////\r
\r
 static void BuildInventoryResponse(void)\r
{\r
	BYTE cmd[12];\r
\r
	WORD crc;\r
	// one sub-carrier, inventory, 1 slot, fast rate\r
	// AFI is at bit 5 (1<<4) when doing an INVENTORY\r
	cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1); \r
	cmd[1] = 0;\r
	// 64-bit UID\r
	cmd[2] = 0x32;\r
	cmd[3]= 0x4b;\r
	cmd[4] = 0x03;\r
	cmd[5] = 0x01;\r
	cmd[6] = 0x00;\r
	cmd[7] = 0x10;\r
	cmd[8] = 0x05; \r
	cmd[9]= 0xe0;\r
	//Now the CRC\r
	crc = Crc(cmd, 10);\r
	cmd[10] = crc & 0xff;\r
	cmd[11] = crc >> 8;\r
\r
	CodeIso15693AsReader(cmd, sizeof(cmd));\r
}\r
\r
\r
//-----------------------------------------------------------------------------\r
// Transmit the command (to the tag) that was placed in ToSend[].\r
//-----------------------------------------------------------------------------\r
static void TransmitTo15693Tag(const BYTE *cmd, int len, int *samples, int *wait)\r
{\r
    int c;\r
\r
//    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);\r
	if(*wait < 10) { *wait = 10; }\r
\r
//    for(c = 0; c < *wait;) {\r
//        if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
//            SSC_TRANSMIT_HOLDING = 0x00;		// For exact timing!\r
//            c++;\r
//        }\r
//        if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
//            volatile DWORD r = SSC_RECEIVE_HOLDING;\r
//            (void)r;\r
//        }\r
//        WDT_HIT();\r
//    }\r
\r
    c = 0;\r
    for(;;) {\r
        if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
            SSC_TRANSMIT_HOLDING = cmd[c];\r
            c++;\r
            if(c >= len) {\r
                break;\r
            }\r
        }\r
        if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
            volatile DWORD r = SSC_RECEIVE_HOLDING;\r
            (void)r;\r
        }\r
        WDT_HIT();\r
    }\r
	*samples = (c + *wait) << 3;\r
}\r
\r
\r
//-----------------------------------------------------------------------------\r
// Transmit the command (to the reader) that was placed in ToSend[].\r
//-----------------------------------------------------------------------------\r
static void TransmitTo15693Reader(const BYTE *cmd, int len, int *samples, int *wait)\r
{\r
    int c;\r
\r
//	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR);	// No requirement to energise my coils\r
	if(*wait < 10) { *wait = 10; }\r
\r
    c = 0;\r
    for(;;) {\r
        if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
            SSC_TRANSMIT_HOLDING = cmd[c];\r
            c++;\r
            if(c >= len) {\r
                break;\r
            }\r
        }\r
        if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
            volatile DWORD r = SSC_RECEIVE_HOLDING;\r
            (void)r;\r
        }\r
        WDT_HIT();\r
    }\r
	*samples = (c + *wait) << 3;\r
}\r
\r
\r
\r
\r
\r
\r
static int GetIso15693AnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) \r
{\r
	int c = 0;\r
	BYTE *dest = (BYTE *)BigBuf;\r
	int getNext = 0;\r
\r
\r
	SBYTE prev = 0;\r
\r
// NOW READ RESPONSE\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);\r
	//spindelay(60);	// greg - experiment to get rid of some of the 0 byte/failed reads\r
	c = 0;\r
	getNext = FALSE;\r
	for(;;) {\r
		if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
			SSC_TRANSMIT_HOLDING = 0x43;\r
		}\r
		if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
			SBYTE b;\r
			b = (SBYTE)SSC_RECEIVE_HOLDING;\r
\r
			// The samples are correlations against I and Q versions of the\r
			// tone that the tag AM-modulates, so every other sample is I,\r
			// every other is Q. We just want power, so abs(I) + abs(Q) is\r
			// close to what we want.\r
			if(getNext) {\r
				SBYTE r;\r
\r
				if(b < 0) {\r
					r = -b;\r
				} else {\r
					r = b;\r
				}\r
				if(prev < 0) {\r
					r -= prev;\r
				} else {\r
					r += prev;\r
				}\r
\r
				dest[c++] = (BYTE)r;\r
\r
				if(c >= 2000) {\r
					break;\r
				}\r
			} else {\r
				prev = b;\r
			}\r
\r
			getNext = !getNext;\r
		}\r
	}\r
\r
//////////////////////////////////////////\r
/////////// DEMODULATE ///////////////////\r
//////////////////////////////////////////\r
\r
	int i, j;\r
	int max = 0, maxPos;\r
\r
	int skip = 4;\r
\r
\r
//	if(GraphTraceLen < 1000) return;	// THIS CHECKS FOR A BUFFER TO SMALL\r
\r
	// First, correlate for SOF\r
	for(i = 0; i < 100; i++) {\r
		int corr = 0;\r
		for(j = 0; j < arraylen(FrameSOF); j += skip) {\r
			corr += FrameSOF[j]*dest[i+(j/skip)];\r
		}\r
		if(corr > max) {\r
			max = corr;\r
			maxPos = i;\r
		}\r
	}\r
//	DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip));\r
\r
	int k = 0; // this will be our return value\r
\r
	// greg - If correlation is less than 1 then there's little point in continuing\r
	if ((max/(arraylen(FrameSOF)/skip)) >= 1) \r
	{\r
\r
	i = maxPos + arraylen(FrameSOF)/skip;\r
	\r
	BYTE outBuf[20];\r
	memset(outBuf, 0, sizeof(outBuf));\r
	BYTE mask = 0x01;\r
	for(;;) {\r
		int corr0 = 0, corr1 = 0, corrEOF = 0;\r
		for(j = 0; j < arraylen(Logic0); j += skip) {\r
			corr0 += Logic0[j]*dest[i+(j/skip)];\r
		}\r
		for(j = 0; j < arraylen(Logic1); j += skip) {\r
			corr1 += Logic1[j]*dest[i+(j/skip)];\r
		}\r
		for(j = 0; j < arraylen(FrameEOF); j += skip) {\r
			corrEOF += FrameEOF[j]*dest[i+(j/skip)];\r
		}\r
		// Even things out by the length of the target waveform.\r
		corr0 *= 4;\r
		corr1 *= 4;\r
\r
		if(corrEOF > corr1 && corrEOF > corr0) {\r
//			DbpString("EOF at %d", i);\r
			break;\r
		} else if(corr1 > corr0) {\r
			i += arraylen(Logic1)/skip;\r
			outBuf[k] |= mask;\r
		} else {\r
			i += arraylen(Logic0)/skip;\r
		}\r
		mask <<= 1;\r
		if(mask == 0) {\r
			k++;\r
			mask = 0x01;\r
		}\r
		if((i+(int)arraylen(FrameEOF)) >= 2000) {\r
			DbpString("ran off end!");\r
			break;\r
		}\r
	}\r
	if(mask != 0x01) {\r
		DbpString("error, uneven octet! (discard extra bits!)");\r
///		DbpString("   mask=%02x", mask);\r
	}\r
//	BYTE str1 [8];\r
//	itoa(k,str1);\r
//	strcat(str1," octets read");\r
\r
//	DbpString(  str1);    // DbpString("%d octets", k);\r
\r
//	for(i = 0; i < k; i+=3) {\r
//		//DbpString("# %2d: %02x ", i, outBuf[i]);\r
//		DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]);\r
//	}\r
\r
	for(i = 0; i < k; i++) {\r
		receivedResponse[i] = outBuf[i];\r
	}	\r
	} // "end if correlation > 0" 	(max/(arraylen(FrameSOF)/skip))\r
	return k; // return the number of bytes demodulated\r
\r
///	DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2));\r
\r
\r
}\r
\r
// Now the GetISO15693 message from sniffing command\r
static int GetIso15693AnswerFromSniff(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed) \r
{\r
	int c = 0;\r
	BYTE *dest = (BYTE *)BigBuf;\r
	int getNext = 0;\r
\r
\r
	SBYTE prev = 0;\r
\r
// NOW READ RESPONSE\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);\r
	//spindelay(60);	// greg - experiment to get rid of some of the 0 byte/failed reads\r
	c = 0;\r
	getNext = FALSE;\r
	for(;;) {\r
		if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
			SSC_TRANSMIT_HOLDING = 0x43;\r
		}\r
		if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
			SBYTE b;\r
			b = (SBYTE)SSC_RECEIVE_HOLDING;\r
\r
			// The samples are correlations against I and Q versions of the\r
			// tone that the tag AM-modulates, so every other sample is I,\r
			// every other is Q. We just want power, so abs(I) + abs(Q) is\r
			// close to what we want.\r
			if(getNext) {\r
				SBYTE r;\r
\r
				if(b < 0) {\r
					r = -b;\r
				} else {\r
					r = b;\r
				}\r
				if(prev < 0) {\r
					r -= prev;\r
				} else {\r
					r += prev;\r
				}\r
\r
				dest[c++] = (BYTE)r;\r
\r
				if(c >= 20000) {\r
					break;\r
				}\r
			} else {\r
				prev = b;\r
			}\r
\r
			getNext = !getNext;\r
		}\r
	}\r
\r
//////////////////////////////////////////\r
/////////// DEMODULATE ///////////////////\r
//////////////////////////////////////////\r
\r
	int i, j;\r
	int max = 0, maxPos;\r
\r
	int skip = 4;\r
\r
\r
//	if(GraphTraceLen < 1000) return;	// THIS CHECKS FOR A BUFFER TO SMALL\r
\r
	// First, correlate for SOF\r
	for(i = 0; i < 19000; i++) {\r
		int corr = 0;\r
		for(j = 0; j < arraylen(FrameSOF); j += skip) {\r
			corr += FrameSOF[j]*dest[i+(j/skip)];\r
		}\r
		if(corr > max) {\r
			max = corr;\r
			maxPos = i;\r
		}\r
	}\r
//	DbpString("SOF at %d, correlation %d", maxPos,max/(arraylen(FrameSOF)/skip));\r
\r
	int k = 0; // this will be our return value\r
\r
	// greg - If correlation is less than 1 then there's little point in continuing\r
	if ((max/(arraylen(FrameSOF)/skip)) >= 1)	// THIS SHOULD BE 1 \r
	{\r
\r
	i = maxPos + arraylen(FrameSOF)/skip;\r
	\r
	BYTE outBuf[20];\r
	memset(outBuf, 0, sizeof(outBuf));\r
	BYTE mask = 0x01;\r
	for(;;) {\r
		int corr0 = 0, corr1 = 0, corrEOF = 0;\r
		for(j = 0; j < arraylen(Logic0); j += skip) {\r
			corr0 += Logic0[j]*dest[i+(j/skip)];\r
		}\r
		for(j = 0; j < arraylen(Logic1); j += skip) {\r
			corr1 += Logic1[j]*dest[i+(j/skip)];\r
		}\r
		for(j = 0; j < arraylen(FrameEOF); j += skip) {\r
			corrEOF += FrameEOF[j]*dest[i+(j/skip)];\r
		}\r
		// Even things out by the length of the target waveform.\r
		corr0 *= 4;\r
		corr1 *= 4;\r
\r
		if(corrEOF > corr1 && corrEOF > corr0) {\r
//			DbpString("EOF at %d", i);\r
			break;\r
		} else if(corr1 > corr0) {\r
			i += arraylen(Logic1)/skip;\r
			outBuf[k] |= mask;\r
		} else {\r
			i += arraylen(Logic0)/skip;\r
		}\r
		mask <<= 1;\r
		if(mask == 0) {\r
			k++;\r
			mask = 0x01;\r
		}\r
		if((i+(int)arraylen(FrameEOF)) >= 2000) {\r
			DbpString("ran off end!");\r
			break;\r
		}\r
	}\r
	if(mask != 0x01) {\r
		DbpString("error, uneven octet! (discard extra bits!)");\r
///		DbpString("   mask=%02x", mask);\r
	}\r
//	BYTE str1 [8];\r
//	itoa(k,str1);\r
//	strcat(str1," octets read");\r
\r
//	DbpString(  str1);    // DbpString("%d octets", k);\r
\r
//	for(i = 0; i < k; i+=3) {\r
//		//DbpString("# %2d: %02x ", i, outBuf[i]);\r
//		DbpIntegers(outBuf[i],outBuf[i+1],outBuf[i+2]);\r
//	}\r
\r
	for(i = 0; i < k; i++) {\r
		receivedResponse[i] = outBuf[i];\r
	}	\r
	} // "end if correlation > 0" 	(max/(arraylen(FrameSOF)/skip))\r
	return k; // return the number of bytes demodulated\r
\r
///	DbpString("CRC=%04x", Iso15693Crc(outBuf, k-2));\r
\r
\r
}\r
\r
\r
\r
//-----------------------------------------------------------------------------\r
// Start to read an ISO 15693 tag. We send an identify request, then wait\r
// for the response. The response is not demodulated, just left in the buffer\r
// so that it can be downloaded to a PC and processed there.\r
//-----------------------------------------------------------------------------\r
void AcquireRawAdcSamplesIso15693(void)\r
{\r
	int c = 0;\r
	BYTE *dest = (BYTE *)BigBuf;\r
	int getNext = 0;\r
\r
	SBYTE prev = 0;\r
\r
	BuildIdentifyRequest();\r
\r
	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
\r
	// Give the tags time to energize\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);\r
	SpinDelay(100);\r
\r
	// Now send the command\r
	FpgaSetupSsc();\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);\r
\r
	c = 0;\r
	for(;;) {\r
		if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
			SSC_TRANSMIT_HOLDING = ToSend[c];\r
			c++;\r
			if(c == ToSendMax+3) {\r
				break;\r
			}\r
		}\r
		if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
			volatile DWORD r = SSC_RECEIVE_HOLDING;\r
			(void)r;\r
		}\r
		WDT_HIT();\r
	}\r
\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);\r
\r
	c = 0;\r
	getNext = FALSE;\r
	for(;;) {\r
		if(SSC_STATUS & (SSC_STATUS_TX_READY)) {\r
			SSC_TRANSMIT_HOLDING = 0x43;\r
		}\r
		if(SSC_STATUS & (SSC_STATUS_RX_READY)) {\r
			SBYTE b;\r
			b = (SBYTE)SSC_RECEIVE_HOLDING;\r
\r
			// The samples are correlations against I and Q versions of the\r
			// tone that the tag AM-modulates, so every other sample is I,\r
			// every other is Q. We just want power, so abs(I) + abs(Q) is\r
			// close to what we want.\r
			if(getNext) {\r
				SBYTE r;\r
\r
				if(b < 0) {\r
					r = -b;\r
				} else {\r
					r = b;\r
				}\r
				if(prev < 0) {\r
					r -= prev;\r
				} else {\r
					r += prev;\r
				}\r
\r
				dest[c++] = (BYTE)r;\r
\r
				if(c >= 2000) {\r
					break;\r
				}\r
			} else {\r
				prev = b;\r
			}\r
\r
			getNext = !getNext;\r
		}\r
	}\r
}\r
\r
\r
\r
//-----------------------------------------------------------------------------\r
// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector\r
// all demodulation performed in arm rather than host. - greg\r
//-----------------------------------------------------------------------------\r
void ReaderIso15693(DWORD parameter)\r
{\r
	LED_A_ON();\r
	LED_B_ON();\r
	LED_C_OFF();\r
	LED_D_OFF();\r
\r
\r
//DbpString(parameter);\r
\r
	BYTE *receivedAnswer0 = (((BYTE *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)\r
	BYTE *receivedAnswer1 = (((BYTE *)BigBuf) + 3660); // \r
	BYTE *receivedAnswer2 = (((BYTE *)BigBuf) + 3760);\r
	BYTE *receivedAnswer3 = (((BYTE *)BigBuf) + 3860);\r
	//BYTE *TagUID= (((BYTE *)BigBuf) + 3960);		// where we hold the uid for hi15reader	\r
	int responseLen0 = 0;\r
	int responseLen1 = 0;\r
	int responseLen2 = 0;\r
	int responseLen3 = 0;\r
\r
	// Blank arrays\r
	int j;\r
	for(j = 0; j < 100; j++) {\r
		receivedAnswer3[j] = 0;\r
		receivedAnswer2[j] =0;\r
		receivedAnswer1[j] = 0;\r
		receivedAnswer0[j] = 0;\r
	}\r
\r
	// Setup SSC\r
	FpgaSetupSsc();\r
\r
	// Start from off (no field generated)\r
    	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
    	SpinDelay(200);\r
\r
	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
	FpgaSetupSsc();\r
\r
	// Give the tags time to energize\r
	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);\r
	SpinDelay(200);\r
\r
	LED_A_ON();\r
	LED_B_OFF();\r
	LED_C_OFF();\r
	LED_D_OFF();\r
\r
	int samples = 0;\r
	int tsamples = 0;\r
	int wait = 0;\r
	int elapsed = 0;\r
\r
	// FIRST WE RUN AN INVENTORY TO GET THE TAG UID\r
	// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME\r
 BYTE TagUID[7];		// where we hold the uid for hi15reader	\r
\r
\r
//	BuildIdentifyRequest();\r
//	//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);	\r
//	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3\r
//	// Now wait for a response\r
//	responseLen0 = GetIso15693AnswerFromTag(receivedAnswer0, 100, &samples, &elapsed) ;	\r
//	if (responseLen0 >=12) // we should do a better check than this\r
//	{\r
//		// really we should check it is a valid mesg\r
//		// but for now just grab what we think is the uid\r
//		TagUID[0] = receivedAnswer0[2];\r
//		TagUID[1] = receivedAnswer0[3];\r
//		TagUID[2] = receivedAnswer0[4];\r
//		TagUID[3] = receivedAnswer0[5];\r
//		TagUID[4] = receivedAnswer0[6];\r
//		TagUID[5] = receivedAnswer0[7];\r
//		TagUID[6] = receivedAnswer0[8]; // IC Manufacturer code\r
//	DbpIntegers(TagUID[6],TagUID[5],TagUID[4]);	\r
//}\r
\r
	// Now send the IDENTIFY command\r
	BuildIdentifyRequest();\r
	//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);	\r
	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3\r
	// Now wait for a response\r
	responseLen1 = GetIso15693AnswerFromTag(receivedAnswer1, 100, &samples, &elapsed) ;\r
	\r
	if (responseLen1 >=12) // we should do a better check than this\r
	{\r
		\r
		TagUID[0] = receivedAnswer1[2];\r
		TagUID[1] = receivedAnswer1[3];\r
		TagUID[2] = receivedAnswer1[4];\r
		TagUID[3] = receivedAnswer1[5];\r
		TagUID[4] = receivedAnswer1[6];\r
		TagUID[5] = receivedAnswer1[7];\r
		TagUID[6] = receivedAnswer1[8]; // IC Manufacturer code\r
		\r
		// Now send the SELECT command\r
		BuildSelectRequest(*TagUID);\r
		TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3\r
		// Now wait for a response\r
		responseLen2 = GetIso15693AnswerFromTag(receivedAnswer2, 100, &samples, &elapsed); \r
\r
		// Now send the MULTI READ command\r
//		BuildArbitraryRequest(*TagUID,parameter);\r
		BuildArbitraryCustomRequest(*TagUID,parameter);\r
//		BuildReadBlockRequest(*TagUID,parameter);\r
//		BuildSysInfoRequest(*TagUID);\r
		//TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);	\r
		TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3	\r
		// Now wait for a response\r
		responseLen3 = GetIso15693AnswerFromTag(receivedAnswer3, 100, &samples, &elapsed) ;\r
\r
	}\r
\r
\r
\r
	BYTE str1 [4];\r
	//char str2 [200];\r
	int i;\r
\r
	itoa(responseLen1,str1);\r
	strcat(str1," octets read from IDENTIFY request");\r
	DbpString(str1);\r
	for(i = 0; i < responseLen1; i+=3) {\r
		DbpIntegers(receivedAnswer1[i],receivedAnswer1[i+1],receivedAnswer1[i+2]);\r
	}\r
\r
	itoa(responseLen2,str1);\r
	strcat(str1," octets read from SELECT request");\r
	DbpString(str1);\r
	for(i = 0; i < responseLen2; i+=3) {\r
		DbpIntegers(receivedAnswer2[i],receivedAnswer2[i+1],receivedAnswer2[i+2]);\r
	}\r
\r
	itoa(responseLen3,str1);\r
	strcat(str1," octets read from XXX request");\r
	DbpString(str1);\r
	for(i = 0; i < responseLen3; i+=3) {\r
		DbpIntegers(receivedAnswer3[i],receivedAnswer3[i+1],receivedAnswer3[i+2]);\r
	}\r
	\r
\r
//	str2[0]=0;\r
//	for(i = 0; i < responseLen3; i++) {\r
//		itoa(str1,receivedAnswer3[i]);\r
//		strcat(str2,str1);\r
//	}\r
//	DbpString(str2);	\r
\r
	LED_A_OFF();\r
	LED_B_OFF();\r
	LED_C_OFF();\r
	LED_D_OFF();\r
\r
\r
}\r
\r
\r
\r
//-----------------------------------------------------------------------------\r
// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands\r
// all demodulation performed in arm rather than host. - greg\r
//-----------------------------------------------------------------------------\r
void SimTagIso15693(DWORD parameter)\r
{\r
	LED_A_ON();\r
	LED_B_ON();\r
	LED_C_OFF();\r
	LED_D_OFF();\r
\r
\r
//DbpString(parameter);\r
\r
	BYTE *receivedAnswer0 = (((BYTE *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)\r
	BYTE *receivedAnswer1 = (((BYTE *)BigBuf) + 3660); // \r
	BYTE *receivedAnswer2 = (((BYTE *)BigBuf) + 3760);\r
	BYTE *receivedAnswer3 = (((BYTE *)BigBuf) + 3860);\r
	//BYTE *TagUID= (((BYTE *)BigBuf) + 3960);		// where we hold the uid for hi15reader	\r
	int responseLen0 = 0;\r
	int responseLen1 = 0;\r
	int responseLen2 = 0;\r
	int responseLen3 = 0;\r
\r
	// Blank arrays\r
	int j;\r
	for(j = 0; j < 100; j++) {\r
		receivedAnswer3[j] = 0;\r
		receivedAnswer2[j] =0;\r
		receivedAnswer1[j] = 0;\r
		receivedAnswer0[j] = 0;\r
	}\r
\r
	// Setup SSC\r
	FpgaSetupSsc();\r
\r
	// Start from off (no field generated)\r
    	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
    	SpinDelay(200);\r
\r
	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);\r
	FpgaSetupSsc();\r
\r
	// Give the tags time to energize\r
//	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);	// NO GOOD FOR SIM TAG!!!!\r
	SpinDelay(200);\r
\r
	LED_A_OFF();\r
	LED_B_OFF();\r
	LED_C_ON();\r
	LED_D_OFF();\r
\r
	int samples = 0;\r
	int tsamples = 0;\r
	int wait = 0;\r
	int elapsed = 0;\r
\r
	// FIRST WE RUN AN INVENTORY TO GET THE TAG UID\r
	// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME\r
 BYTE TagUID[7];		// where we hold the uid for hi15reader	\r
\r
\r
\r
	// Now send the IDENTIFY command\r
//	BuildIdentifyRequest();\r
//	TransmitTo15693Tag(ToSend,ToSendMax,&tsamples, &wait);	// No longer ToSendMax+3\r
\r
\r
	// Now wait for a command from the reader\r
	responseLen1=0;\r
//	while(responseLen1=0) {\r
//		if(BUTTON_PRESS()) break;\r
		responseLen1 = GetIso15693AnswerFromSniff(receivedAnswer1, 100, &samples, &elapsed) ;\r
//		}\r
\r
	\r
	if (responseLen1 >=1) // we should do a better check than this\r
	{\r
		// Build a suitable reponse to the reader INVENTORY cocmmand\r
		BuildInventoryResponse;\r
		TransmitTo15693Reader(ToSend,ToSendMax,&tsamples, &wait);\r
\r
		// Now wait for a command from the reader\r
//		responseLen2 = GetIso15693AnswerFromTag(receivedAnswer2, 100, &samples, &elapsed); \r
\r
	\r
		// Now wait for a command from the reader\r
//		responseLen3 = GetIso15693AnswerFromTag(receivedAnswer3, 100, &samples, &elapsed) ;\r
\r
	}\r
\r
\r
\r
	BYTE str1 [4];\r
	//char str2 [200];\r
	int i;\r
\r
	itoa(responseLen1,str1);\r
	strcat(str1," octets read from reader command");\r
	DbpString(str1);\r
	for(i = 0; i < responseLen1; i+=3) {\r
		DbpIntegers(receivedAnswer1[i],receivedAnswer1[i+1],receivedAnswer1[i+2]);\r
	}\r
\r
//	itoa(responseLen2,str1);\r
//	strcat(str1," octets read from SELECT request");\r
//	DbpString(str1);\r
//	for(i = 0; i < responseLen2; i+=3) {\r
//		DbpIntegers(receivedAnswer2[i],receivedAnswer2[i+1],receivedAnswer2[i+2]);\r
//	}\r
//\r
//	itoa(responseLen3,str1);\r
//	strcat(str1," octets read from XXX request");\r
//	DbpString(str1);\r
//	for(i = 0; i < responseLen3; i+=3) {\r
//		DbpIntegers(receivedAnswer3[i],receivedAnswer3[i+1],receivedAnswer3[i+2]);\r
//	}\r
	\r
\r
//	str2[0]=0;\r
//	for(i = 0; i < responseLen3; i++) {\r
//		itoa(str1,receivedAnswer3[i]);\r
//		strcat(str2,str1);\r
//	}\r
//	DbpString(str2);	\r
\r
	LED_A_OFF();\r
	LED_B_OFF();\r
	LED_C_OFF();\r
	LED_D_OFF();\r
\r
\r
}