- } // end (state != UNSYNCED)
-
- return FALSE;
-}
-
-//=============================================================================
-// Finally, a `sniffer' for iClass communication
-// Both sides of communication!
-//=============================================================================
-
-//-----------------------------------------------------------------------------
-// Record the sequence of commands sent by the reader to the tag, with
-// triggering so that we start recording at the point that the tag is moved
-// near the reader.
-//-----------------------------------------------------------------------------
-void RAMFUNC SnoopIClass(void)
-{
-
-
- // We won't start recording the frames that we acquire until we trigger;
- // a good trigger condition to get started is probably when we see a
- // response from the tag.
- //int triggered = FALSE; // FALSE to wait first for card
-
- // The command (reader -> tag) that we're receiving.
- // The length of a received command will in most cases be no more than 18 bytes.
- // So 32 should be enough!
- uint8_t *readerToTagCmd = (((uint8_t *)BigBuf) + RECV_CMD_OFFSET);
- // The response (tag -> reader) that we're receiving.
- uint8_t *tagToReaderResponse = (((uint8_t *)BigBuf) + RECV_RES_OFFSET);
-
- // reset traceLen to 0
- iso14a_set_tracing(TRUE);
- iso14a_clear_trace();
- iso14a_set_trigger(FALSE);
-
- // The DMA buffer, used to stream samples from the FPGA
- int8_t *dmaBuf = ((int8_t *)BigBuf) + DMA_BUFFER_OFFSET;
- int lastRxCounter;
- int8_t *upTo;
- int smpl;
- int maxBehindBy = 0;
-
- // Count of samples received so far, so that we can include timing
- // information in the trace buffer.
- int samples = 0;
- rsamples = 0;
-
- memset(trace, 0x44, RECV_CMD_OFFSET);
-
- // Set up the demodulator for tag -> reader responses.
- Demod.output = tagToReaderResponse;
- Demod.len = 0;
- Demod.state = DEMOD_UNSYNCD;
-
- // Setup for the DMA.
- FpgaSetupSsc();
- upTo = dmaBuf;
- lastRxCounter = DMA_BUFFER_SIZE;
- FpgaSetupSscDma((uint8_t *)dmaBuf, DMA_BUFFER_SIZE);
-
- // And the reader -> tag commands
- memset(&Uart, 0, sizeof(Uart));
- Uart.output = readerToTagCmd;
- Uart.byteCntMax = 32; // was 100 (greg)////////////////////////////////////////////////////////////////////////
- Uart.state = STATE_UNSYNCD;
-
- // And put the FPGA in the appropriate mode
- // Signal field is off with the appropriate LED
- LED_D_OFF();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_SNIFFER);
- SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
-
- int div = 0;
- //int div2 = 0;
- int decbyte = 0;
- int decbyter = 0;
-
- // And now we loop, receiving samples.
- for(;;) {
- LED_A_ON();
- WDT_HIT();
- int behindBy = (lastRxCounter - AT91C_BASE_PDC_SSC->PDC_RCR) &
- (DMA_BUFFER_SIZE-1);
- if(behindBy > maxBehindBy) {
- maxBehindBy = behindBy;
- if(behindBy > 400) {
- Dbprintf("blew circular buffer! behindBy=0x%x", behindBy);
- goto done;
- }
- }
- if(behindBy < 1) continue;
-
- LED_A_OFF();
- smpl = upTo[0];
- upTo++;
- lastRxCounter -= 1;
- if(upTo - dmaBuf > DMA_BUFFER_SIZE) {
- upTo -= DMA_BUFFER_SIZE;
- lastRxCounter += DMA_BUFFER_SIZE;
- AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) upTo;
- AT91C_BASE_PDC_SSC->PDC_RNCR = DMA_BUFFER_SIZE;
- }
-
- //samples += 4;
- samples += 1;
-
- if(smpl & 0xF) {
- decbyte ^= (1 << (3 - div));
- }
-
- // FOR READER SIDE COMMUMICATION...
projects / proxmark3-svn / blobdiff