]> cvs.zerfleddert.de Git - proxmark3-svn/blob - fpga/hi_simulate.v
PCF7931: improved read code and implemented a simple password bruteforce (#745)
[proxmark3-svn] / fpga / hi_simulate.v
1 //-----------------------------------------------------------------------------
2 // Pretend to be an ISO 14443 tag. We will do this by alternately short-
3 // circuiting and open-circuiting the antenna coil, with the tri-state
4 // pins.
5 //
6 // We communicate over the SSP, as a bitstream (i.e., might as well be
7 // unframed, though we still generate the word sync signal). The output
8 // (ARM -> FPGA) tells us whether to modulate or not. The input (FPGA
9 // -> ARM) is us using the A/D as a fancy comparator; this is with
10 // (software-added) hysteresis, to undo the high-pass filter.
11 //
12 // At this point only Type A is implemented. This means that we are using a
13 // bit rate of 106 kbit/s, or fc/128. Oversample by 4, which ought to make
14 // things practical for the ARM (fc/32, 423.8 kbits/s, ~50 kbytes/s)
15 //
16 // Jonathan Westhues, October 2006
17 //-----------------------------------------------------------------------------
18
19 // possible mod_types:
20 `define NO_MODULATION 3'b000
21 `define MODULATE_BPSK 3'b001
22 `define MODULATE_212K 3'b010
23 `define MODULATE_424K 3'b100
24 `define MODULATE_424K_8BIT 3'b101
25
26 module hi_simulate(
27 pck0, ck_1356meg, ck_1356megb,
28 pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
29 adc_d, adc_clk,
30 ssp_frame, ssp_din, ssp_dout, ssp_clk,
31 cross_hi, cross_lo,
32 dbg,
33 mod_type
34 );
35 input pck0, ck_1356meg, ck_1356megb;
36 output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
37 input [7:0] adc_d;
38 output adc_clk;
39 input ssp_dout;
40 output ssp_frame, ssp_din, ssp_clk;
41 input cross_hi, cross_lo;
42 output dbg;
43 input [2:0] mod_type;
44
45
46 // The comparator with hysteresis on the output from the peak detector.
47 reg after_hysteresis;
48 assign adc_clk = ck_1356meg;
49
50 always @(negedge adc_clk)
51 begin
52 if(& adc_d[7:5]) after_hysteresis = 1'b1;
53 else if(~(| adc_d[7:5])) after_hysteresis = 1'b0;
54 end
55
56
57 // Divide 13.56 MHz to produce various frequencies for SSP_CLK
58 // and modulation.
59 reg [7:0] ssp_clk_divider;
60
61 always @(posedge adc_clk)
62 ssp_clk_divider <= (ssp_clk_divider + 1);
63
64 reg ssp_clk;
65
66 always @(negedge adc_clk)
67 begin
68 if(mod_type == `MODULATE_424K_8BIT)
69 // Get bit every at 53KHz (every 8th carrier bit of 424kHz)
70 ssp_clk <= ssp_clk_divider[7];
71 else if(mod_type == `MODULATE_212K)
72 // Get next bit at 212kHz
73 ssp_clk <= ssp_clk_divider[5];
74 else
75 // Get next bit at 424Khz
76 ssp_clk <= ssp_clk_divider[4];
77 end
78
79
80 // Divide SSP_CLK by 8 to produce the byte framing signal; the phase of
81 // this is arbitrary, because it's just a bitstream.
82 // One nasty issue, though: I can't make it work with both rx and tx at
83 // once. The phase wrt ssp_clk must be changed. TODO to find out why
84 // that is and make a better fix.
85 reg [2:0] ssp_frame_divider_to_arm;
86 always @(posedge ssp_clk)
87 ssp_frame_divider_to_arm <= (ssp_frame_divider_to_arm + 1);
88 reg [2:0] ssp_frame_divider_from_arm;
89 always @(negedge ssp_clk)
90 ssp_frame_divider_from_arm <= (ssp_frame_divider_from_arm + 1);
91
92
93 reg ssp_frame;
94 always @(ssp_frame_divider_to_arm or ssp_frame_divider_from_arm or mod_type)
95 if(mod_type == `NO_MODULATION) // not modulating, so listening, to ARM
96 ssp_frame = (ssp_frame_divider_to_arm == 3'b000);
97 else
98 ssp_frame = (ssp_frame_divider_from_arm == 3'b000);
99
100 // Synchronize up the after-hysteresis signal, to produce DIN.
101 reg ssp_din;
102 always @(posedge ssp_clk)
103 ssp_din = after_hysteresis;
104
105 // Modulating carrier frequency is fc/64 (212kHz) to fc/16 (848kHz). Reuse ssp_clk divider for that.
106 reg modulating_carrier;
107 always @(mod_type or ssp_clk or ssp_dout)
108 if (mod_type == `NO_MODULATION)
109 modulating_carrier <= 1'b0; // no modulation
110 else if (mod_type == `MODULATE_BPSK)
111 modulating_carrier <= ssp_dout ^ ssp_clk_divider[3]; // XOR means BPSK
112 else if (mod_type == `MODULATE_212K)
113 modulating_carrier <= ssp_dout & ssp_clk_divider[5]; // switch 212kHz subcarrier on/off
114 else if (mod_type == `MODULATE_424K || mod_type == `MODULATE_424K_8BIT)
115 modulating_carrier <= ssp_dout & ssp_clk_divider[4]; // switch 424kHz modulation on/off
116 else
117 modulating_carrier <= 1'b0; // yet unused
118
119
120 // Load modulation. Toggle only one of these, since we are already producing much deeper
121 // modulation than a real tag would.
122 assign pwr_hi = 1'b0; // HF antenna connected to GND
123 assign pwr_oe3 = 1'b0; // 10k Load
124 assign pwr_oe1 = modulating_carrier; // 33 Ohms Load
125 assign pwr_oe4 = modulating_carrier; // 33 Ohms Load
126
127 // This is all LF and doesn't matter
128 assign pwr_lo = 1'b0;
129 assign pwr_oe2 = 1'b0;
130
131
132 assign dbg = ssp_din;
133
134 endmodule
Impressum, Datenschutz