]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
3 | // at your option, any later version. See the LICENSE.txt file for the text of | |
4 | // the license. | |
5 | //----------------------------------------------------------------------------- | |
6 | // Miscellaneous routines for low frequency sampling. | |
7 | //----------------------------------------------------------------------------- | |
8 | ||
9 | #include "proxmark3.h" | |
10 | #include "apps.h" | |
11 | #include "util.h" | |
12 | #include "string.h" | |
13 | #include "lfsampling.h" | |
14 | #include "usb_cdc.h" // for usb_poll_validate_length | |
15 | //#include "ticks.h" // for StartTicks | |
16 | ||
17 | sample_config config = { 1, 8, 1, 95, 0 } ; | |
18 | ||
19 | void printConfig() | |
20 | { | |
21 | Dbprintf("LF Sampling config: "); | |
22 | Dbprintf(" [q] divisor: %d ", config.divisor); | |
23 | Dbprintf(" [b] bps: %d ", config.bits_per_sample); | |
24 | Dbprintf(" [d] decimation: %d ", config.decimation); | |
25 | Dbprintf(" [a] averaging: %d ", config.averaging); | |
26 | Dbprintf(" [t] trigger threshold: %d ", config.trigger_threshold); | |
27 | } | |
28 | ||
29 | ||
30 | /** | |
31 | * Called from the USB-handler to set the sampling configuration | |
32 | * The sampling config is used for std reading and snooping. | |
33 | * | |
34 | * Other functions may read samples and ignore the sampling config, | |
35 | * such as functions to read the UID from a prox tag or similar. | |
36 | * | |
37 | * Values set to '0' implies no change (except for averaging) | |
38 | * @brief setSamplingConfig | |
39 | * @param sc | |
40 | */ | |
41 | void setSamplingConfig(sample_config *sc) | |
42 | { | |
43 | if(sc->divisor != 0) config.divisor = sc->divisor; | |
44 | if(sc->bits_per_sample!= 0) config.bits_per_sample= sc->bits_per_sample; | |
45 | if(sc->decimation!= 0) config.decimation= sc->decimation; | |
46 | if(sc->trigger_threshold != -1) config.trigger_threshold= sc->trigger_threshold; | |
47 | ||
48 | config.averaging= sc->averaging; | |
49 | if(config.bits_per_sample > 8) config.bits_per_sample = 8; | |
50 | if(config.decimation < 1) config.decimation = 1; | |
51 | ||
52 | printConfig(); | |
53 | } | |
54 | ||
55 | sample_config* getSamplingConfig() | |
56 | { | |
57 | return &config; | |
58 | } | |
59 | ||
60 | typedef struct { | |
61 | uint8_t * buffer; | |
62 | uint32_t numbits; | |
63 | uint32_t position; | |
64 | } BitstreamOut; | |
65 | ||
66 | /** | |
67 | * @brief Pushes bit onto the stream | |
68 | * @param stream | |
69 | * @param bit | |
70 | */ | |
71 | void pushBit( BitstreamOut* stream, uint8_t bit) | |
72 | { | |
73 | int bytepos = stream->position >> 3; // divide by 8 | |
74 | int bitpos = stream->position & 7; | |
75 | *(stream->buffer+bytepos) |= (bit > 0) << (7 - bitpos); | |
76 | stream->position++; | |
77 | stream->numbits++; | |
78 | } | |
79 | ||
80 | /** | |
81 | * Setup the FPGA to listen for samples. This method downloads the FPGA bitstream | |
82 | * if not already loaded, sets divisor and starts up the antenna. | |
83 | * @param divisor : 1, 88> 255 or negative ==> 134.8 KHz | |
84 | * 0 or 95 ==> 125 KHz | |
85 | * | |
86 | **/ | |
87 | void LFSetupFPGAForADC(int divisor, bool lf_field) | |
88 | { | |
89 | FpgaDownloadAndGo(FPGA_BITSTREAM_LF); | |
90 | if ( (divisor == 1) || (divisor < 0) || (divisor > 255) ) | |
91 | FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz | |
92 | else if (divisor == 0) | |
93 | FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz | |
94 | else | |
95 | FpgaSendCommand(FPGA_CMD_SET_DIVISOR, divisor); | |
96 | ||
97 | FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | (lf_field ? FPGA_LF_ADC_READER_FIELD : 0)); | |
98 | ||
99 | // Connect the A/D to the peak-detected low-frequency path. | |
100 | SetAdcMuxFor(GPIO_MUXSEL_LOPKD); | |
101 | // Give it a bit of time for the resonant antenna to settle. | |
102 | SpinDelay(50); | |
103 | // Now set up the SSC to get the ADC samples that are now streaming at us. | |
104 | FpgaSetupSsc(); | |
105 | } | |
106 | ||
107 | /** | |
108 | * Does the sample acquisition. If threshold is specified, the actual sampling | |
109 | * is not commenced until the threshold has been reached. | |
110 | * This method implements decimation and quantization in order to | |
111 | * be able to provide longer sample traces. | |
112 | * Uses the following global settings: | |
113 | * @param decimation - how much should the signal be decimated. A decimation of N means we keep 1 in N samples, etc. | |
114 | * @param bits_per_sample - bits per sample. Max 8, min 1 bit per sample. | |
115 | * @param averaging If set to true, decimation will use averaging, so that if e.g. decimation is 3, the sample | |
116 | * value that will be used is the average value of the three samples. | |
117 | * @param trigger_threshold - a threshold. The sampling won't commence until this threshold has been reached. Set | |
118 | * to -1 to ignore threshold. | |
119 | * @param silent - is true, now outputs are made. If false, dbprints the status | |
120 | * @return the number of bits occupied by the samples. | |
121 | */ | |
122 | uint32_t DoAcquisition(uint8_t decimation, uint32_t bits_per_sample, bool averaging, int trigger_threshold, bool silent, int bufsize) | |
123 | { | |
124 | //. | |
125 | uint8_t *dest = BigBuf_get_addr(); | |
126 | bufsize = (bufsize > 0 && bufsize < BigBuf_max_traceLen()) ? bufsize : BigBuf_max_traceLen(); | |
127 | ||
128 | //memset(dest, 0, bufsize); //creates issues with cmdread (marshmellow) | |
129 | ||
130 | if(bits_per_sample < 1) bits_per_sample = 1; | |
131 | if(bits_per_sample > 8) bits_per_sample = 8; | |
132 | ||
133 | if(decimation < 1) decimation = 1; | |
134 | ||
135 | // Use a bit stream to handle the output | |
136 | BitstreamOut data = { dest , 0, 0}; | |
137 | int sample_counter = 0; | |
138 | uint8_t sample = 0; | |
139 | //If we want to do averaging | |
140 | uint32_t sample_sum =0 ; | |
141 | uint32_t sample_total_numbers =0 ; | |
142 | uint32_t sample_total_saved =0 ; | |
143 | ||
144 | while(!BUTTON_PRESS() && !usb_poll_validate_length() ) { | |
145 | WDT_HIT(); | |
146 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { | |
147 | AT91C_BASE_SSC->SSC_THR = 0x43; | |
148 | LED_D_ON(); | |
149 | } | |
150 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { | |
151 | sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; | |
152 | LED_D_OFF(); | |
153 | // threshold either high or low values 128 = center 0. if trigger = 178 | |
154 | if ((trigger_threshold > 0) && (sample < (trigger_threshold+128)) && (sample > (128-trigger_threshold))) // | |
155 | continue; | |
156 | ||
157 | trigger_threshold = 0; | |
158 | sample_total_numbers++; | |
159 | ||
160 | if(averaging) | |
161 | { | |
162 | sample_sum += sample; | |
163 | } | |
164 | //Check decimation | |
165 | if(decimation > 1) | |
166 | { | |
167 | sample_counter++; | |
168 | if(sample_counter < decimation) continue; | |
169 | sample_counter = 0; | |
170 | } | |
171 | //Averaging | |
172 | if(averaging && decimation > 1) { | |
173 | sample = sample_sum / decimation; | |
174 | sample_sum =0; | |
175 | } | |
176 | //Store the sample | |
177 | sample_total_saved ++; | |
178 | if(bits_per_sample == 8){ | |
179 | dest[sample_total_saved-1] = sample; | |
180 | data.numbits = sample_total_saved << 3;//Get the return value correct | |
181 | if(sample_total_saved >= bufsize) break; | |
182 | } | |
183 | else{ | |
184 | pushBit(&data, sample & 0x80); | |
185 | if(bits_per_sample > 1) pushBit(&data, sample & 0x40); | |
186 | if(bits_per_sample > 2) pushBit(&data, sample & 0x20); | |
187 | if(bits_per_sample > 3) pushBit(&data, sample & 0x10); | |
188 | if(bits_per_sample > 4) pushBit(&data, sample & 0x08); | |
189 | if(bits_per_sample > 5) pushBit(&data, sample & 0x04); | |
190 | if(bits_per_sample > 6) pushBit(&data, sample & 0x02); | |
191 | //Not needed, 8bps is covered above | |
192 | //if(bits_per_sample > 7) pushBit(&data, sample & 0x01); | |
193 | if((data.numbits >> 3) +1 >= bufsize) break; | |
194 | } | |
195 | } | |
196 | } | |
197 | ||
198 | if(!silent) | |
199 | { | |
200 | Dbprintf("Done, saved %d out of %d seen samples at %d bits/sample",sample_total_saved, sample_total_numbers,bits_per_sample); | |
201 | Dbprintf("buffer samples: %02x %02x %02x %02x %02x %02x %02x %02x ...", | |
202 | dest[0], dest[1], dest[2], dest[3], dest[4], dest[5], dest[6], dest[7]); | |
203 | } | |
204 | return data.numbits; | |
205 | } | |
206 | /** | |
207 | * @brief Does sample acquisition, ignoring the config values set in the sample_config. | |
208 | * This method is typically used by tag-specific readers who just wants to read the samples | |
209 | * the normal way | |
210 | * @param trigger_threshold | |
211 | * @param silent | |
212 | * @return number of bits sampled | |
213 | */ | |
214 | uint32_t DoAcquisition_default(int trigger_threshold, bool silent) | |
215 | { | |
216 | return DoAcquisition(1,8,0,trigger_threshold,silent,0); | |
217 | } | |
218 | uint32_t DoAcquisition_config( bool silent) | |
219 | { | |
220 | return DoAcquisition(config.decimation | |
221 | ,config.bits_per_sample | |
222 | ,config.averaging | |
223 | ,config.trigger_threshold | |
224 | ,silent | |
225 | ,0); | |
226 | } | |
227 | ||
228 | uint32_t DoPartialAcquisition(int trigger_threshold, bool silent, int sample_size) { | |
229 | return DoAcquisition(1,8,0,trigger_threshold,silent,sample_size); | |
230 | } | |
231 | ||
232 | uint32_t ReadLF(bool activeField, bool silent) | |
233 | { | |
234 | if (!silent) printConfig(); | |
235 | LFSetupFPGAForADC(config.divisor, activeField); | |
236 | // Now call the acquisition routine | |
237 | return DoAcquisition_config(silent); | |
238 | } | |
239 | ||
240 | /** | |
241 | * Initializes the FPGA for reader-mode (field on), and acquires the samples. | |
242 | * @return number of bits sampled | |
243 | **/ | |
244 | uint32_t SampleLF(bool printCfg) | |
245 | { | |
246 | uint32_t ret = ReadLF(true, printCfg); | |
247 | FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); | |
248 | return ret; | |
249 | } | |
250 | /** | |
251 | * Initializes the FPGA for snoop-mode (field off), and acquires the samples. | |
252 | * @return number of bits sampled | |
253 | **/ | |
254 | ||
255 | uint32_t SnoopLF() | |
256 | { | |
257 | uint32_t ret = ReadLF(false, true); | |
258 | FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); | |
259 | return ret; | |
260 | } | |
261 | ||
262 | /** | |
263 | * acquisition of T55x7 LF signal. Similart to other LF, but adjusted with @marshmellows thresholds | |
264 | * the data is collected in BigBuf. | |
265 | **/ | |
266 | void doT55x7Acquisition(size_t sample_size) { | |
267 | ||
268 | #define T55xx_READ_UPPER_THRESHOLD 128+60 // 60 grph | |
269 | #define T55xx_READ_LOWER_THRESHOLD 128-60 // -60 grph | |
270 | #define T55xx_READ_TOL 5 | |
271 | ||
272 | uint8_t *dest = BigBuf_get_addr(); | |
273 | uint16_t bufsize = BigBuf_max_traceLen(); | |
274 | ||
275 | if ( bufsize > sample_size ) | |
276 | bufsize = sample_size; | |
277 | ||
278 | uint16_t i = 0; | |
279 | bool startFound = false; | |
280 | bool highFound = false; | |
281 | bool lowFound = false; | |
282 | uint8_t curSample = 0; | |
283 | uint8_t lastSample = 0; | |
284 | uint16_t skipCnt = 0; | |
285 | while(!BUTTON_PRESS() && !usb_poll_validate_length() && skipCnt<1000 && i<bufsize ) { | |
286 | WDT_HIT(); | |
287 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { | |
288 | AT91C_BASE_SSC->SSC_THR = 0x43; | |
289 | LED_D_ON(); | |
290 | } | |
291 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { | |
292 | curSample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; | |
293 | LED_D_OFF(); | |
294 | ||
295 | // skip until the first high sample above threshold | |
296 | if (!startFound && curSample > T55xx_READ_UPPER_THRESHOLD) { | |
297 | //if (curSample > lastSample) | |
298 | // lastSample = curSample; | |
299 | highFound = true; | |
300 | } else if (!highFound) { | |
301 | skipCnt++; | |
302 | continue; | |
303 | } | |
304 | // skip until the first Low sample below threshold | |
305 | if (!startFound && curSample < T55xx_READ_LOWER_THRESHOLD) { | |
306 | //if (curSample > lastSample) | |
307 | lastSample = curSample; | |
308 | lowFound = true; | |
309 | } else if (!lowFound) { | |
310 | skipCnt++; | |
311 | continue; | |
312 | } | |
313 | ||
314 | ||
315 | // skip until first high samples begin to change | |
316 | if (startFound || curSample > T55xx_READ_LOWER_THRESHOLD+T55xx_READ_TOL){ | |
317 | // if just found start - recover last sample | |
318 | if (!startFound) { | |
319 | dest[i++] = lastSample; | |
320 | startFound = true; | |
321 | } | |
322 | // collect samples | |
323 | dest[i++] = curSample; | |
324 | } | |
325 | } | |
326 | } | |
327 | } | |
328 | ||
329 | /** | |
330 | * acquisition of Cotag LF signal. Similart to other LF, since the Cotag has such long datarate RF/384 | |
331 | * and is Manchester?, we directly gather the manchester data into bigbuff | |
332 | **/ | |
333 | #define COTAG_T1 384 | |
334 | #define COTAG_T2 (COTAG_T1>>1) | |
335 | #define COTAG_ONE_THRESHOLD 128+30 | |
336 | #define COTAG_ZERO_THRESHOLD 128-30 | |
337 | #ifndef COTAG_BITS | |
338 | #define COTAG_BITS 264 | |
339 | #endif | |
340 | void doCotagAcquisition(size_t sample_size) { | |
341 | ||
342 | uint8_t *dest = BigBuf_get_addr(); | |
343 | uint16_t bufsize = BigBuf_max_traceLen(); | |
344 | ||
345 | if ( bufsize > sample_size ) | |
346 | bufsize = sample_size; | |
347 | ||
348 | dest[0] = 0; | |
349 | uint8_t sample = 0, firsthigh = 0, firstlow = 0; | |
350 | uint16_t i = 0; | |
351 | ||
352 | while (!BUTTON_PRESS() && !usb_poll_validate_length() && (i < bufsize) ) { | |
353 | WDT_HIT(); | |
354 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { | |
355 | AT91C_BASE_SSC->SSC_THR = 0x43; | |
356 | LED_D_ON(); | |
357 | } | |
358 | ||
359 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { | |
360 | sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; | |
361 | LED_D_OFF(); | |
362 | ||
363 | // find first peak | |
364 | if ( !firsthigh ) { | |
365 | if (sample < COTAG_ONE_THRESHOLD) | |
366 | continue; | |
367 | firsthigh = 1; | |
368 | } | |
369 | if ( !firstlow ){ | |
370 | if (sample > COTAG_ZERO_THRESHOLD ) | |
371 | continue; | |
372 | firstlow = 1; | |
373 | } | |
374 | ||
375 | ++i; | |
376 | ||
377 | if ( sample > COTAG_ONE_THRESHOLD) | |
378 | dest[i] = 255; | |
379 | else if ( sample < COTAG_ZERO_THRESHOLD) | |
380 | dest[i] = 0; | |
381 | else | |
382 | dest[i] = dest[i-1]; | |
383 | } | |
384 | } | |
385 | } | |
386 | ||
387 | uint32_t doCotagAcquisitionManchester() { | |
388 | ||
389 | uint8_t *dest = BigBuf_get_addr(); | |
390 | uint16_t bufsize = BigBuf_max_traceLen(); | |
391 | ||
392 | if ( bufsize > COTAG_BITS ) | |
393 | bufsize = COTAG_BITS; | |
394 | ||
395 | dest[0] = 0; | |
396 | uint8_t sample = 0, firsthigh = 0, firstlow = 0; | |
397 | uint16_t sample_counter = 0, period = 0; | |
398 | uint8_t curr = 0, prev = 0; | |
399 | ||
400 | while (!BUTTON_PRESS() && !usb_poll_validate_length() && (sample_counter < bufsize) ) { | |
401 | WDT_HIT(); | |
402 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXRDY) { | |
403 | AT91C_BASE_SSC->SSC_THR = 0x43; | |
404 | LED_D_ON(); | |
405 | } | |
406 | ||
407 | if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) { | |
408 | sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR; | |
409 | LED_D_OFF(); | |
410 | ||
411 | // find first peak | |
412 | if ( !firsthigh ) { | |
413 | if (sample < COTAG_ONE_THRESHOLD) | |
414 | continue; | |
415 | firsthigh = 1; | |
416 | } | |
417 | ||
418 | if ( !firstlow ){ | |
419 | if (sample > COTAG_ZERO_THRESHOLD ) | |
420 | continue; | |
421 | firstlow = 1; | |
422 | } | |
423 | ||
424 | // set sample 255, 0, or previous | |
425 | if ( sample > COTAG_ONE_THRESHOLD){ | |
426 | prev = curr; | |
427 | curr = 1; | |
428 | } | |
429 | else if ( sample < COTAG_ZERO_THRESHOLD) { | |
430 | prev = curr; | |
431 | curr = 0; | |
432 | } | |
433 | else { | |
434 | curr = prev; | |
435 | } | |
436 | ||
437 | // full T1 periods, | |
438 | if ( period > 0 ) { | |
439 | --period; | |
440 | continue; | |
441 | } | |
442 | ||
443 | dest[sample_counter] = curr; | |
444 | ++sample_counter; | |
445 | period = COTAG_T1; | |
446 | } | |
447 | } | |
448 | return sample_counter; | |
449 | } |