]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/appmain.c
c8462649697f54a827adeb43d40ce35fc47bdbfe
[proxmark3-svn] / armsrc / appmain.c
1 //-----------------------------------------------------------------------------
2 // The main application code. This is the first thing called after start.c
3 // executes.
4 // Jonathan Westhues, Mar 2006
5 // Edits by Gerhard de Koning Gans, Sep 2007 (##)
6 //-----------------------------------------------------------------------------
7
8
9 #include <proxmark3.h>
10 #include <stdlib.h>
11 #include "apps.h"
12 #ifdef WITH_LCD
13 #include "fonts.h"
14 #include "LCD.h"
15 #endif
16
17 // The large multi-purpose buffer, typically used to hold A/D samples,
18 // maybe pre-processed in some way.
19 DWORD BigBuf[16000];
20
21 //=============================================================================
22 // A buffer where we can queue things up to be sent through the FPGA, for
23 // any purpose (fake tag, as reader, whatever). We go MSB first, since that
24 // is the order in which they go out on the wire.
25 //=============================================================================
26
27 BYTE ToSend[256];
28 int ToSendMax;
29 static int ToSendBit;
30
31
32 void BufferClear(void)
33 {
34 memset(BigBuf,0,sizeof(BigBuf));
35 DbpString("Buffer cleared");
36 }
37
38 void ToSendReset(void)
39 {
40 ToSendMax = -1;
41 ToSendBit = 8;
42 }
43
44 void ToSendStuffBit(int b)
45 {
46 if(ToSendBit >= 8) {
47 ToSendMax++;
48 ToSend[ToSendMax] = 0;
49 ToSendBit = 0;
50 }
51
52 if(b) {
53 ToSend[ToSendMax] |= (1 << (7 - ToSendBit));
54 }
55
56 ToSendBit++;
57
58 if(ToSendBit >= sizeof(ToSend)) {
59 ToSendBit = 0;
60 DbpString("ToSendStuffBit overflowed!");
61 }
62 }
63
64 //=============================================================================
65 // Debug print functions, to go out over USB, to the usual PC-side client.
66 //=============================================================================
67
68 void DbpString(char *str)
69 {
70 UsbCommand c;
71 c.cmd = CMD_DEBUG_PRINT_STRING;
72 c.ext1 = strlen(str);
73 memcpy(c.d.asBytes, str, c.ext1);
74
75 UsbSendPacket((BYTE *)&c, sizeof(c));
76 // TODO fix USB so stupid things like this aren't req'd
77 SpinDelay(50);
78 }
79
80 void DbpIntegers(int x1, int x2, int x3)
81 {
82 UsbCommand c;
83 c.cmd = CMD_DEBUG_PRINT_INTEGERS;
84 c.ext1 = x1;
85 c.ext2 = x2;
86 c.ext3 = x3;
87
88 UsbSendPacket((BYTE *)&c, sizeof(c));
89 // XXX
90 SpinDelay(50);
91 }
92
93 void AcquireRawAdcSamples125k(BOOL at134khz)
94 {
95 if(at134khz) {
96 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
97 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
98 } else {
99 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
100 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
101 }
102
103 // Connect the A/D to the peak-detected low-frequency path.
104 SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
105
106 // Give it a bit of time for the resonant antenna to settle.
107 SpinDelay(50);
108
109 // Now set up the SSC to get the ADC samples that are now streaming at us.
110 FpgaSetupSsc();
111
112 // Now call the acquisition routine
113 DoAcquisition125k(at134khz);
114 }
115
116 // split into two routines so we can avoid timing issues after sending commands //
117 void DoAcquisition125k(BOOL at134khz)
118 {
119 BYTE *dest = (BYTE *)BigBuf;
120 int n = sizeof(BigBuf);
121 int i;
122
123 memset(dest,0,n);
124 i = 0;
125 for(;;) {
126 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
127 SSC_TRANSMIT_HOLDING = 0x43;
128 LED_D_ON();
129 }
130 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
131 dest[i] = (BYTE)SSC_RECEIVE_HOLDING;
132 i++;
133 LED_D_OFF();
134 if(i >= n) {
135 break;
136 }
137 }
138 }
139 DbpIntegers(dest[0], dest[1], at134khz);
140 }
141
142 void ModThenAcquireRawAdcSamples125k(int delay_off,int period_0,int period_1,BYTE *command)
143 {
144 BOOL at134khz;
145
146 // see if 'h' was specified
147 if(command[strlen(command) - 1] == 'h')
148 at134khz= TRUE;
149 else
150 at134khz= FALSE;
151
152 if(at134khz) {
153 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
154 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
155 } else {
156 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
157 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
158 }
159
160 // Give it a bit of time for the resonant antenna to settle.
161 SpinDelay(50);
162
163 // Now set up the SSC to get the ADC samples that are now streaming at us.
164 FpgaSetupSsc();
165
166 // now modulate the reader field
167 while(*command != '\0' && *command != ' ')
168 {
169 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
170 LED_D_OFF();
171 SpinDelayUs(delay_off);
172 if(at134khz) {
173 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
174 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
175 } else {
176 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
177 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
178 }
179 LED_D_ON();
180 if(*(command++) == '0')
181 SpinDelayUs(period_0);
182 else
183 SpinDelayUs(period_1);
184 }
185 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
186 LED_D_OFF();
187 SpinDelayUs(delay_off);
188 if(at134khz) {
189 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
190 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
191 } else {
192 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
193 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
194 }
195
196 // now do the read
197 DoAcquisition125k(at134khz);
198 }
199
200 //-----------------------------------------------------------------------------
201 // Read an ADC channel and block till it completes, then return the result
202 // in ADC units (0 to 1023). Also a routine to average 32 samples and
203 // return that.
204 //-----------------------------------------------------------------------------
205 static int ReadAdc(int ch)
206 {
207 DWORD d;
208
209 ADC_CONTROL = ADC_CONTROL_RESET;
210 ADC_MODE = ADC_MODE_PRESCALE(32) | ADC_MODE_STARTUP_TIME(16) |
211 ADC_MODE_SAMPLE_HOLD_TIME(8);
212 ADC_CHANNEL_ENABLE = ADC_CHANNEL(ch);
213
214 ADC_CONTROL = ADC_CONTROL_START;
215 while(!(ADC_STATUS & ADC_END_OF_CONVERSION(ch)))
216 ;
217 d = ADC_CHANNEL_DATA(ch);
218
219 return d;
220 }
221
222 static int AvgAdc(int ch)
223 {
224 int i;
225 int a = 0;
226
227 for(i = 0; i < 32; i++) {
228 a += ReadAdc(ch);
229 }
230
231 return (a + 15) >> 5;
232 }
233
234 /*
235 * Sweeps the useful LF range of the proxmark from
236 * 46.8kHz (divisor=255) to 600kHz (divisor=19) and
237 * reads the voltage in the antenna: the result is a graph
238 * which should clearly show the resonating frequency of your
239 * LF antenna ( hopefully around 90 if it is tuned to 125kHz!)
240 */
241 void SweepLFrange()
242 {
243 BYTE *dest = (BYTE *)BigBuf;
244 BYTE dummy[12];
245 int i, peak= 0, ptr= 0;
246 double freq;
247
248 // clear buffer
249 memset(BigBuf,0,sizeof(BigBuf));
250
251 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
252 for (i=255; i>19; i--) {
253 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
254 SpinDelay(20);
255 dest[i] = (137500 * AvgAdc(ADC_CHAN_LF)) >> 18;
256 if(dest[i] > peak) {
257 peak= dest[i];
258 ptr= i;
259 }
260 }
261 dummy[11]= '\0';
262 dummy[10]= 'z';
263 dummy[9]= 'H';
264 dummy[8]= 'k';
265 dummy[7]= ' ';
266 freq= 12000000/(ptr + 1);
267 for(i= 6; i > 3 ; --i) {
268 dummy[i]= '0' + ((int) freq) % 10;
269 freq /= 10;
270 }
271 dummy[3]= '.';
272 for(i= 2; i >= 0 ; --i) {
273 dummy[i]= '0' + ((int) freq) % 10;
274 freq /= 10;
275 }
276 DbpString("Antenna resonates at:");
277 DbpString(dummy);
278 }
279
280 void MeasureAntennaTuning(void)
281 {
282 // Impedances are Zc = 1/(j*omega*C), in ohms
283 #define LF_TUNING_CAP_Z 1273 // 1 nF @ 125 kHz
284 #define HF_TUNING_CAP_Z 235 // 50 pF @ 13.56 MHz
285
286 int vLf125, vLf134, vHf; // in mV
287
288 UsbCommand c;
289
290 // Let the FPGA drive the low-frequency antenna around 125 kHz.
291 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
292 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
293 SpinDelay(20);
294 vLf125 = AvgAdc(ADC_CHAN_LF);
295 // Vref = 3.3V, and a 10000:240 voltage divider on the input
296 // can measure voltages up to 137500 mV
297 vLf125 = (137500 * vLf125) >> 10;
298
299 // Let the FPGA drive the low-frequency antenna around 134 kHz.
300 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 88); //134.8Khz
301 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_134_KHZ);
302 SpinDelay(20);
303 vLf134 = AvgAdc(ADC_CHAN_LF);
304 // Vref = 3.3V, and a 10000:240 voltage divider on the input
305 // can measure voltages up to 137500 mV
306 vLf134 = (137500 * vLf134) >> 10;
307
308 // Let the FPGA drive the high-frequency antenna around 13.56 MHz.
309 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
310 SpinDelay(20);
311 vHf = AvgAdc(ADC_CHAN_HF);
312 // Vref = 3300mV, and an 10:1 voltage divider on the input
313 // can measure voltages up to 33000 mV
314 vHf = (33000 * vHf) >> 10;
315
316 c.cmd = CMD_MEASURED_ANTENNA_TUNING;
317 c.ext1 = (vLf125 << 0) | (vLf134 << 16);
318 c.ext2 = vHf;
319 c.ext3 = (LF_TUNING_CAP_Z << 0) | (HF_TUNING_CAP_Z << 16);
320 UsbSendPacket((BYTE *)&c, sizeof(c));
321 }
322
323 void SimulateTagLowFrequency(int period)
324 {
325 int i;
326 BYTE *tab = (BYTE *)BigBuf;
327
328 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_SIMULATOR);
329
330 PIO_ENABLE = (1 << GPIO_SSC_DOUT) | (1 << GPIO_SSC_CLK);
331
332 PIO_OUTPUT_ENABLE = (1 << GPIO_SSC_DOUT);
333 PIO_OUTPUT_DISABLE = (1 << GPIO_SSC_CLK);
334
335 #define SHORT_COIL() LOW(GPIO_SSC_DOUT)
336 #define OPEN_COIL() HIGH(GPIO_SSC_DOUT)
337
338 i = 0;
339 for(;;) {
340 while(!(PIO_PIN_DATA_STATUS & (1<<GPIO_SSC_CLK))) {
341 if(BUTTON_PRESS()) {
342 DbpString("Stopped");
343 return;
344 }
345 WDT_HIT();
346 }
347
348 LED_D_ON();
349 if(tab[i]) {
350 OPEN_COIL();
351 } else {
352 SHORT_COIL();
353 }
354 LED_D_OFF();
355
356 while(PIO_PIN_DATA_STATUS & (1<<GPIO_SSC_CLK)) {
357 if(BUTTON_PRESS()) {
358 DbpString("Stopped");
359 return;
360 }
361 WDT_HIT();
362 }
363
364 i++;
365 if(i == period) i = 0;
366 }
367 }
368
369 // compose fc/8 fc/10 waveform
370 static void fc(int c, int *n) {
371 BYTE *dest = (BYTE *)BigBuf;
372 int idx;
373
374 // for when we want an fc8 pattern every 4 logical bits
375 if(c==0) {
376 dest[((*n)++)]=1;
377 dest[((*n)++)]=1;
378 dest[((*n)++)]=0;
379 dest[((*n)++)]=0;
380 dest[((*n)++)]=0;
381 dest[((*n)++)]=0;
382 dest[((*n)++)]=0;
383 dest[((*n)++)]=0;
384 }
385 // an fc/8 encoded bit is a bit pattern of 11000000 x6 = 48 samples
386 if(c==8) {
387 for (idx=0; idx<6; idx++) {
388 dest[((*n)++)]=1;
389 dest[((*n)++)]=1;
390 dest[((*n)++)]=0;
391 dest[((*n)++)]=0;
392 dest[((*n)++)]=0;
393 dest[((*n)++)]=0;
394 dest[((*n)++)]=0;
395 dest[((*n)++)]=0;
396 }
397 }
398
399 // an fc/10 encoded bit is a bit pattern of 1110000000 x5 = 50 samples
400 if(c==10) {
401 for (idx=0; idx<5; idx++) {
402 dest[((*n)++)]=1;
403 dest[((*n)++)]=1;
404 dest[((*n)++)]=1;
405 dest[((*n)++)]=0;
406 dest[((*n)++)]=0;
407 dest[((*n)++)]=0;
408 dest[((*n)++)]=0;
409 dest[((*n)++)]=0;
410 dest[((*n)++)]=0;
411 dest[((*n)++)]=0;
412 }
413 }
414 }
415
416 // prepare a waveform pattern in the buffer based on the ID given then
417 // simulate a HID tag until the button is pressed
418 static void CmdHIDsimTAG(int hi, int lo)
419 {
420 int n=0, i=0;
421 /*
422 HID tag bitstream format
423 The tag contains a 44bit unique code. This is sent out MSB first in sets of 4 bits
424 A 1 bit is represented as 6 fc8 and 5 fc10 patterns
425 A 0 bit is represented as 5 fc10 and 6 fc8 patterns
426 A fc8 is inserted before every 4 bits
427 A special start of frame pattern is used consisting a0b0 where a and b are neither 0
428 nor 1 bits, they are special patterns (a = set of 12 fc8 and b = set of 10 fc10)
429 */
430
431 if (hi>0xFFF) {
432 DbpString("Tags can only have 44 bits.");
433 return;
434 }
435 fc(0,&n);
436 // special start of frame marker containing invalid bit sequences
437 fc(8, &n); fc(8, &n); // invalid
438 fc(8, &n); fc(10, &n); // logical 0
439 fc(10, &n); fc(10, &n); // invalid
440 fc(8, &n); fc(10, &n); // logical 0
441
442 WDT_HIT();
443 // manchester encode bits 43 to 32
444 for (i=11; i>=0; i--) {
445 if ((i%4)==3) fc(0,&n);
446 if ((hi>>i)&1) {
447 fc(10, &n); fc(8, &n); // low-high transition
448 } else {
449 fc(8, &n); fc(10, &n); // high-low transition
450 }
451 }
452
453 WDT_HIT();
454 // manchester encode bits 31 to 0
455 for (i=31; i>=0; i--) {
456 if ((i%4)==3) fc(0,&n);
457 if ((lo>>i)&1) {
458 fc(10, &n); fc(8, &n); // low-high transition
459 } else {
460 fc(8, &n); fc(10, &n); // high-low transition
461 }
462 }
463
464 LED_A_ON();
465 SimulateTagLowFrequency(n);
466 LED_A_OFF();
467 }
468
469 // loop to capture raw HID waveform then FSK demodulate the TAG ID from it
470 static void CmdHIDdemodFSK(void)
471 {
472 BYTE *dest = (BYTE *)BigBuf;
473 int m=0, n=0, i=0, idx=0, found=0, lastval=0;
474 DWORD hi=0, lo=0;
475
476 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, 95); //125Khz
477 FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER | FPGA_LF_READER_USE_125_KHZ);
478
479 // Connect the A/D to the peak-detected low-frequency path.
480 SetAdcMuxFor(GPIO_MUXSEL_LOPKD);
481
482 // Give it a bit of time for the resonant antenna to settle.
483 SpinDelay(50);
484
485 // Now set up the SSC to get the ADC samples that are now streaming at us.
486 FpgaSetupSsc();
487
488 for(;;) {
489 WDT_HIT();
490 LED_A_ON();
491 if(BUTTON_PRESS()) {
492 DbpString("Stopped");
493 LED_A_OFF();
494 return;
495 }
496
497 i = 0;
498 m = sizeof(BigBuf);
499 memset(dest,128,m);
500 for(;;) {
501 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
502 SSC_TRANSMIT_HOLDING = 0x43;
503 LED_D_ON();
504 }
505 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
506 dest[i] = (BYTE)SSC_RECEIVE_HOLDING;
507 // we don't care about actual value, only if it's more or less than a
508 // threshold essentially we capture zero crossings for later analysis
509 if(dest[i] < 127) dest[i] = 0; else dest[i] = 1;
510 i++;
511 LED_D_OFF();
512 if(i >= m) {
513 break;
514 }
515 }
516 }
517
518 // FSK demodulator
519
520 // sync to first lo-hi transition
521 for( idx=1; idx<m; idx++) {
522 if (dest[idx-1]<dest[idx])
523 lastval=idx;
524 break;
525 }
526 WDT_HIT();
527
528 // count cycles between consecutive lo-hi transitions, there should be either 8 (fc/8)
529 // or 10 (fc/10) cycles but in practice due to noise etc we may end up with with anywhere
530 // between 7 to 11 cycles so fuzz it by treat anything <9 as 8 and anything else as 10
531 for( i=0; idx<m; idx++) {
532 if (dest[idx-1]<dest[idx]) {
533 dest[i]=idx-lastval;
534 if (dest[i] <= 8) {
535 dest[i]=1;
536 } else {
537 dest[i]=0;
538 }
539
540 lastval=idx;
541 i++;
542 }
543 }
544 m=i;
545 WDT_HIT();
546
547 // we now have a set of cycle counts, loop over previous results and aggregate data into bit patterns
548 lastval=dest[0];
549 idx=0;
550 i=0;
551 n=0;
552 for( idx=0; idx<m; idx++) {
553 if (dest[idx]==lastval) {
554 n++;
555 } else {
556 // a bit time is five fc/10 or six fc/8 cycles so figure out how many bits a pattern width represents,
557 // an extra fc/8 pattern preceeds every 4 bits (about 200 cycles) just to complicate things but it gets
558 // swallowed up by rounding
559 // expected results are 1 or 2 bits, any more and it's an invalid manchester encoding
560 // special start of frame markers use invalid manchester states (no transitions) by using sequences
561 // like 111000
562 if (dest[idx-1]) {
563 n=(n+1)/6; // fc/8 in sets of 6
564 } else {
565 n=(n+1)/5; // fc/10 in sets of 5
566 }
567 switch (n) { // stuff appropriate bits in buffer
568 case 0:
569 case 1: // one bit
570 dest[i++]=dest[idx-1];
571 break;
572 case 2: // two bits
573 dest[i++]=dest[idx-1];
574 dest[i++]=dest[idx-1];
575 break;
576 case 3: // 3 bit start of frame markers
577 dest[i++]=dest[idx-1];
578 dest[i++]=dest[idx-1];
579 dest[i++]=dest[idx-1];
580 break;
581 // When a logic 0 is immediately followed by the start of the next transmisson
582 // (special pattern) a pattern of 4 bit duration lengths is created.
583 case 4:
584 dest[i++]=dest[idx-1];
585 dest[i++]=dest[idx-1];
586 dest[i++]=dest[idx-1];
587 dest[i++]=dest[idx-1];
588 break;
589 default: // this shouldn't happen, don't stuff any bits
590 break;
591 }
592 n=0;
593 lastval=dest[idx];
594 }
595 }
596 m=i;
597 WDT_HIT();
598
599 // final loop, go over previously decoded manchester data and decode into usable tag ID
600 // 111000 bit pattern represent start of frame, 01 pattern represents a 1 and 10 represents a 0
601 for( idx=0; idx<m-6; idx++) {
602 // search for a start of frame marker
603 if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) )
604 {
605 found=1;
606 idx+=6;
607 if (found && (hi|lo)) {
608 DbpString("TAG ID");
609 DbpIntegers(hi, lo, (lo>>1)&0xffff);
610 hi=0;
611 lo=0;
612 found=0;
613 }
614 }
615 if (found) {
616 if (dest[idx] && (!dest[idx+1]) ) {
617 hi=(hi<<1)|(lo>>31);
618 lo=(lo<<1)|0;
619 } else if ( (!dest[idx]) && dest[idx+1]) {
620 hi=(hi<<1)|(lo>>31);
621 lo=(lo<<1)|1;
622 } else {
623 found=0;
624 hi=0;
625 lo=0;
626 }
627 idx++;
628 }
629 if ( dest[idx] && dest[idx+1] && dest[idx+2] && (!dest[idx+3]) && (!dest[idx+4]) && (!dest[idx+5]) )
630 {
631 found=1;
632 idx+=6;
633 if (found && (hi|lo)) {
634 DbpString("TAG ID");
635 DbpIntegers(hi, lo, (lo>>1)&0xffff);
636 hi=0;
637 lo=0;
638 found=0;
639 }
640 }
641 }
642 WDT_HIT();
643 }
644 }
645
646 void SimulateTagHfListen(void)
647 {
648 BYTE *dest = (BYTE *)BigBuf;
649 int n = sizeof(BigBuf);
650 BYTE v = 0;
651 int i;
652 int p = 0;
653
654 // We're using this mode just so that I can test it out; the simulated
655 // tag mode would work just as well and be simpler.
656 FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR | FPGA_HF_READER_RX_XCORR_848_KHZ | FPGA_HF_READER_RX_XCORR_SNOOP);
657
658 // We need to listen to the high-frequency, peak-detected path.
659 SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
660
661 FpgaSetupSsc();
662
663 i = 0;
664 for(;;) {
665 if(SSC_STATUS & (SSC_STATUS_TX_READY)) {
666 SSC_TRANSMIT_HOLDING = 0xff;
667 }
668 if(SSC_STATUS & (SSC_STATUS_RX_READY)) {
669 BYTE r = (BYTE)SSC_RECEIVE_HOLDING;
670
671 v <<= 1;
672 if(r & 1) {
673 v |= 1;
674 }
675 p++;
676
677 if(p >= 8) {
678 dest[i] = v;
679 v = 0;
680 p = 0;
681 i++;
682
683 if(i >= n) {
684 break;
685 }
686 }
687 }
688 }
689 DbpString("simulate tag (now type bitsamples)");
690 }
691
692 void UsbPacketReceived(BYTE *packet, int len)
693 {
694 UsbCommand *c = (UsbCommand *)packet;
695
696 switch(c->cmd) {
697 case CMD_ACQUIRE_RAW_ADC_SAMPLES_125K:
698 AcquireRawAdcSamples125k(c->ext1);
699 break;
700
701 case CMD_MOD_THEN_ACQUIRE_RAW_ADC_SAMPLES_125K:
702 ModThenAcquireRawAdcSamples125k(c->ext1,c->ext2,c->ext3,c->d.asBytes);
703 break;
704
705 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_15693:
706 AcquireRawAdcSamplesIso15693();
707 break;
708
709 case CMD_BUFF_CLEAR:
710 BufferClear();
711 break;
712
713 case CMD_READER_ISO_15693:
714 ReaderIso15693(c->ext1);
715 break;
716
717 case CMD_SIMTAG_ISO_15693:
718 SimTagIso15693(c->ext1);
719 break;
720
721 case CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443:
722 AcquireRawAdcSamplesIso14443(c->ext1);
723 break;
724
725 case CMD_READ_SRI512_TAG:
726 ReadSRI512Iso14443(c->ext1);
727 break;
728
729 case CMD_READER_ISO_14443a:
730 ReaderIso14443a(c->ext1);
731 break;
732
733 case CMD_SNOOP_ISO_14443:
734 SnoopIso14443();
735 break;
736
737 case CMD_SNOOP_ISO_14443a:
738 SnoopIso14443a();
739 break;
740
741 case CMD_SIMULATE_TAG_HF_LISTEN:
742 SimulateTagHfListen();
743 break;
744
745 case CMD_SIMULATE_TAG_ISO_14443:
746 SimulateIso14443Tag();
747 break;
748
749 case CMD_SIMULATE_TAG_ISO_14443a:
750 SimulateIso14443aTag(c->ext1, c->ext2); // ## Simulate iso14443a tag - pass tag type & UID
751 break;
752
753 case CMD_MEASURE_ANTENNA_TUNING:
754 MeasureAntennaTuning();
755 break;
756
757 case CMD_LISTEN_READER_FIELD:
758 ListenReaderField(c->ext1);
759 break;
760
761 case CMD_HID_DEMOD_FSK:
762 CmdHIDdemodFSK(); // Demodulate HID tag
763 break;
764
765 case CMD_HID_SIM_TAG:
766 CmdHIDsimTAG(c->ext1, c->ext2); // Simulate HID tag by ID
767 break;
768
769 case CMD_FPGA_MAJOR_MODE_OFF: // ## FPGA Control
770 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
771 SpinDelay(200);
772 LED_D_OFF(); // LED D indicates field ON or OFF
773 break;
774
775 case CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K:
776 case CMD_DOWNLOAD_RAW_BITS_TI_TYPE: {
777 UsbCommand n;
778 if(c->cmd == CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K) {
779 n.cmd = CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K;
780 } else {
781 n.cmd = CMD_DOWNLOADED_RAW_BITS_TI_TYPE;
782 }
783 n.ext1 = c->ext1;
784 memcpy(n.d.asDwords, BigBuf+c->ext1, 12*sizeof(DWORD));
785 UsbSendPacket((BYTE *)&n, sizeof(n));
786 break;
787 }
788 case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
789 BYTE *b = (BYTE *)BigBuf;
790 memcpy(b+c->ext1, c->d.asBytes, 48);
791 break;
792 }
793 case CMD_SIMULATE_TAG_125K:
794 LED_A_ON();
795 SimulateTagLowFrequency(c->ext1);
796 LED_A_OFF();
797 break;
798 #ifdef WITH_LCD
799 case CMD_LCD_RESET:
800 LCDReset();
801 break;
802 #endif
803 case CMD_SWEEP_LF:
804 SweepLFrange();
805 break;
806
807 case CMD_SET_LF_DIVISOR:
808 FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->ext1);
809 break;
810 #ifdef WITH_LCD
811 case CMD_LCD:
812 LCDSend(c->ext1);
813 break;
814 #endif
815 case CMD_SETUP_WRITE:
816 case CMD_FINISH_WRITE:
817 case CMD_HARDWARE_RESET:
818 USB_D_PLUS_PULLUP_OFF();
819 SpinDelay(1000);
820 SpinDelay(1000);
821 RSTC_CONTROL = RST_CONTROL_KEY | RST_CONTROL_PROCESSOR_RESET;
822 for(;;) {
823 // We're going to reset, and the bootrom will take control.
824 }
825 break;
826
827
828 default:
829 DbpString("unknown command");
830 break;
831 }
832 }
833
834 void AppMain(void)
835 {
836 memset(BigBuf,0,sizeof(BigBuf));
837 SpinDelay(100);
838
839 LED_D_OFF();
840 LED_C_OFF();
841 LED_B_OFF();
842 LED_A_OFF();
843
844 UsbStart();
845
846 // The FPGA gets its clock from us from PCK0 output, so set that up.
847 PIO_PERIPHERAL_B_SEL = (1 << GPIO_PCK0);
848 PIO_DISABLE = (1 << GPIO_PCK0);
849 PMC_SYS_CLK_ENABLE = PMC_SYS_CLK_PROGRAMMABLE_CLK_0;
850 // PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
851 PMC_PROGRAMMABLE_CLK_0 = PMC_CLK_SELECTION_PLL_CLOCK |
852 PMC_CLK_PRESCALE_DIV_4;
853 PIO_OUTPUT_ENABLE = (1 << GPIO_PCK0);
854
855 // Reset SPI
856 SPI_CONTROL = SPI_CONTROL_RESET;
857 // Reset SSC
858 SSC_CONTROL = SSC_CONTROL_RESET;
859
860 // Load the FPGA image, which we have stored in our flash.
861 FpgaDownloadAndGo();
862
863 #ifdef WITH_LCD
864
865 LCDInit();
866
867 // test text on different colored backgrounds
868 LCDString(" The quick brown fox ", &FONT6x8,1,1+8*0,WHITE ,BLACK );
869 LCDString(" jumped over the ", &FONT6x8,1,1+8*1,BLACK ,WHITE );
870 LCDString(" lazy dog. ", &FONT6x8,1,1+8*2,YELLOW ,RED );
871 LCDString(" AaBbCcDdEeFfGgHhIiJj ", &FONT6x8,1,1+8*3,RED ,GREEN );
872 LCDString(" KkLlMmNnOoPpQqRrSsTt ", &FONT6x8,1,1+8*4,MAGENTA,BLUE );
873 LCDString("UuVvWwXxYyZz0123456789", &FONT6x8,1,1+8*5,BLUE ,YELLOW);
874 LCDString("`-=[]_;',./~!@#$%^&*()", &FONT6x8,1,1+8*6,BLACK ,CYAN );
875 LCDString(" _+{}|:\\\"<>? ",&FONT6x8,1,1+8*7,BLUE ,MAGENTA);
876
877 // color bands
878 LCDFill(0, 1+8* 8, 132, 8, BLACK);
879 LCDFill(0, 1+8* 9, 132, 8, WHITE);
880 LCDFill(0, 1+8*10, 132, 8, RED);
881 LCDFill(0, 1+8*11, 132, 8, GREEN);
882 LCDFill(0, 1+8*12, 132, 8, BLUE);
883 LCDFill(0, 1+8*13, 132, 8, YELLOW);
884 LCDFill(0, 1+8*14, 132, 8, CYAN);
885 LCDFill(0, 1+8*15, 132, 8, MAGENTA);
886
887 #endif
888
889 for(;;) {
890 UsbPoll(FALSE);
891 WDT_HIT();
892 }
893 }
894
895 void SpinDelayUs(int us)
896 {
897 int ticks = (48*us) >> 10;
898
899 // Borrow a PWM unit for my real-time clock
900 PWM_ENABLE = PWM_CHANNEL(0);
901 // 48 MHz / 1024 gives 46.875 kHz
902 PWM_CH_MODE(0) = PWM_CH_MODE_PRESCALER(10);
903 PWM_CH_DUTY_CYCLE(0) = 0;
904 PWM_CH_PERIOD(0) = 0xffff;
905
906 WORD start = (WORD)PWM_CH_COUNTER(0);
907
908 for(;;) {
909 WORD now = (WORD)PWM_CH_COUNTER(0);
910 if(now == (WORD)(start + ticks)) {
911 return;
912 }
913 WDT_HIT();
914 }
915 }
916
917 void SpinDelay(int ms)
918 {
919 int ticks = (48000*ms) >> 10;
920
921 // Borrow a PWM unit for my real-time clock
922 PWM_ENABLE = PWM_CHANNEL(0);
923 // 48 MHz / 1024 gives 46.875 kHz
924 PWM_CH_MODE(0) = PWM_CH_MODE_PRESCALER(10);
925 PWM_CH_DUTY_CYCLE(0) = 0;
926 PWM_CH_PERIOD(0) = 0xffff;
927
928 WORD start = (WORD)PWM_CH_COUNTER(0);
929
930 for(;;) {
931 WORD now = (WORD)PWM_CH_COUNTER(0);
932 if(now == (WORD)(start + ticks)) {
933 return;
934 }
935 WDT_HIT();
936 }
937 }
938
939 // listen for external reader
940 void ListenReaderField(int limit)
941 {
942 int lf_av, lf_av_new, lf_baseline= -1, lf_count= 0;
943 int hf_av, hf_av_new, hf_baseline= -1, hf_count= 0;
944
945 #define LF_ONLY 1
946 #define HF_ONLY 2
947
948 LED_A_OFF();
949 LED_B_OFF();
950 LED_C_OFF();
951 LED_D_OFF();
952
953 lf_av= ReadAdc(ADC_CHAN_LF);
954
955 if(limit != HF_ONLY && lf_baseline == -1)
956 {
957 DbpString("LF 125/134 Baseline:");
958 DbpIntegers(lf_av,0,0);
959 lf_baseline= lf_av;
960 }
961
962 hf_av= ReadAdc(ADC_CHAN_HF);
963
964
965 if (limit != LF_ONLY && hf_baseline == -1)
966 {
967 DbpString("HF 13.56 Baseline:");
968 DbpIntegers(hf_av,0,0);
969 hf_baseline= hf_av;
970 }
971
972 for(;;)
973 {
974 if(BUTTON_PRESS())
975 {
976 DbpString("Stopped");
977 LED_B_OFF();
978 LED_D_OFF();
979 return;
980 }
981 WDT_HIT();
982
983
984 if (limit != HF_ONLY)
985 {
986 if (abs(lf_av - lf_baseline) > 10)
987 LED_D_ON();
988 else
989 LED_D_OFF();
990 ++lf_count;
991 lf_av_new= ReadAdc(ADC_CHAN_LF);
992 // see if there's a significant change
993 if(abs(lf_av - lf_av_new) > 10)
994 {
995 DbpString("LF 125/134 Field Change:");
996 DbpIntegers(lf_av,lf_av_new,lf_count);
997 lf_av= lf_av_new;
998 lf_count= 0;
999 }
1000 }
1001
1002 if (limit != LF_ONLY)
1003 {
1004 if (abs(hf_av - hf_baseline) > 10)
1005 LED_B_ON();
1006 else
1007 LED_B_OFF();
1008 ++hf_count;
1009 hf_av_new= ReadAdc(ADC_CHAN_HF);
1010 // see if there's a significant change
1011 if(abs(hf_av - hf_av_new) > 10)
1012 {
1013 DbpString("HF 13.56 Field Change:");
1014 DbpIntegers(hf_av,hf_av_new,hf_count);
1015 hf_av= hf_av_new;
1016 hf_count= 0;
1017 }
1018 }
1019 }
1020 }
Impressum, Datenschutz