X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3ad48540d4d77f50cc62d16acb78f17019ef431d..refs/pull/861/head:/fpga/hi_iso14443a.v
diff --git a/fpga/hi_iso14443a.v b/fpga/hi_iso14443a.v
index 3f614fdd..e460a2cc 100644
--- a/fpga/hi_iso14443a.v
+++ b/fpga/hi_iso14443a.v
@@ -3,29 +3,20 @@
// Gerhard de Koning Gans, April 2008
//-----------------------------------------------------------------------------
-// constants for the different modes:
-`define SNIFFER 3'b000
-`define TAGSIM_LISTEN 3'b001
-`define TAGSIM_MOD 3'b010
-`define READER_LISTEN 3'b011
-`define READER_MOD 3'b100
-
module hi_iso14443a(
- pck0, ck_1356meg, ck_1356megb,
+ ck_1356meg,
pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
adc_d, adc_clk,
ssp_frame, ssp_din, ssp_dout, ssp_clk,
- cross_hi, cross_lo,
dbg,
mod_type
);
- input pck0, ck_1356meg, ck_1356megb;
+ input ck_1356meg;
output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
input [7:0] adc_d;
output adc_clk;
input ssp_dout;
output ssp_frame, ssp_din, ssp_clk;
- input cross_hi, cross_lo;
output dbg;
input [2:0] mod_type;
@@ -112,34 +103,26 @@ end
// for noise reduction and edge detection.
// store 4 previous samples:
reg [7:0] input_prev_4, input_prev_3, input_prev_2, input_prev_1;
-// convert to signed signals (and multiply by two for samples at t-4 and t)
-wire signed [10:0] input_prev_4_times_2 = {0, 0, input_prev_4, 0};
-wire signed [10:0] input_prev_3_times_1 = {0, 0, 0, input_prev_3};
-wire signed [10:0] input_prev_1_times_1 = {0, 0, 0, input_prev_1};
-wire signed [10:0] adc_d_times_2 = {0, 0, adc_d, 0};
-
-wire signed [10:0] tmp_1, tmp_2;
-wire signed [10:0] adc_d_filtered;
-integer i;
-
-assign tmp_1 = input_prev_4_times_2 + input_prev_3_times_1;
-assign tmp_2 = input_prev_1_times_1 + adc_d_times_2;
-
+
always @(negedge adc_clk)
begin
- // for (i = 3; i > 0; i = i - 1)
- // begin
- // input_shift[i] <= input_shift[i-1];
- // end
- // input_shift[0] <= adc_d;
input_prev_4 <= input_prev_3;
input_prev_3 <= input_prev_2;
input_prev_2 <= input_prev_1;
input_prev_1 <= adc_d;
end
-// assign adc_d_filtered = (input_shift[3] << 1) + input_shift[2] - input_shift[0] - (adc_d << 1);
-assign adc_d_filtered = tmp_1 - tmp_2;
+// adc_d_filtered = 2*input_prev4 + 1*input_prev3 + 0*input_prev2 - 1*input_prev1 - 2*input
+// = (2*input_prev4 + input_prev3) - (2*input + input_prev1)
+wire [8:0] input_prev_4_times_2 = input_prev_4 << 1;
+wire [8:0] adc_d_times_2 = adc_d << 1;
+
+wire [9:0] tmp1 = input_prev_4_times_2 + input_prev_3;
+wire [9:0] tmp2 = adc_d_times_2 + input_prev_1;
+
+// convert intermediate signals to signed and calculate the filter output
+wire signed [10:0] adc_d_filtered = {1'b0, tmp1} - {1'b0, tmp2};
+
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -159,7 +142,7 @@ begin
end
// adjust internal timer counter if necessary:
- if (negedge_cnt[3:0] == 4'd13 && (mod_type == `SNIFFER || mod_type == `TAGSIM_LISTEN) && deep_modulation)
+ if (negedge_cnt[3:0] == 4'd13 && (mod_type == `FPGA_HF_ISO14443A_SNIFFER || mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN) && deep_modulation)
begin
if (reader_falling_edge_time == 4'd1) // reader signal changes right after sampling. Better sample earlier next time.
begin
@@ -193,24 +176,26 @@ reg [3:0] mod_detect_reset_time;
always @(negedge adc_clk)
begin
- if (mod_type == `READER_LISTEN)
- // (our) reader signal changes at t=1, tag response expected n*16+4 ticks later, further delayed by
- // 3 ticks ADC conversion.
- // 1 + 4 + 3 = 8
+ if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN)
+ // (our) reader signal changes at negedge_cnt[3:0]=9, tag response expected to start n*16+4 ticks later, further delayed by
+ // 3 ticks ADC conversion. The maximum filter output (edge detected) will be detected after subcarrier zero crossing (+7 ticks).
+ // To allow some timing variances, we want to have the maximum filter outputs well within the detection window, i.e.
+ // at mod_detect_reset_time+4 and mod_detect_reset_time+12 (-4 ticks).
+ // 9 + 4 + 3 + 7 - 4 = 19. 19 mod 16 = 3
begin
- mod_detect_reset_time <= 4'd8;
+ mod_detect_reset_time <= 4'd4;
end
else
- if (mod_type == `SNIFFER)
+ if (mod_type == `FPGA_HF_ISO14443A_SNIFFER)
begin
// detect a rising edge of reader's signal and sync modulation detector to the tag's answer:
if (~pre_after_hysteresis && after_hysteresis && deep_modulation)
// reader signal rising edge detected at negedge_cnt[3:0]. This signal had been delayed
// 9 ticks by the RF part + 3 ticks by the A/D converter + 1 tick to assign to after_hysteresis.
- // The tag will respond n*16 + 4 ticks later + 3 ticks A/D converter delay.
- // - 9 - 3 - 1 + 4 + 3 = -6
+ // Then the same as above.
+ // - 9 - 3 - 1 + 4 + 3 + 7 - 4 = -3
begin
- mod_detect_reset_time <= negedge_cnt[3:0] - 4'd4;
+ mod_detect_reset_time <= negedge_cnt[3:0] - 4'd3;
end
end
end
@@ -224,12 +209,14 @@ reg signed [10:0] rx_mod_falling_edge_max;
reg signed [10:0] rx_mod_rising_edge_max;
reg curbit;
+`define EDGE_DETECT_THRESHOLD 5
+
always @(negedge adc_clk)
begin
if(negedge_cnt[3:0] == mod_detect_reset_time)
begin
// detect modulation signal: if modulating, there must have been a falling AND a rising edge
- if (rx_mod_falling_edge_max > 5 && rx_mod_rising_edge_max > 5)
+ if ((rx_mod_falling_edge_max > `EDGE_DETECT_THRESHOLD) && (rx_mod_rising_edge_max < -`EDGE_DETECT_THRESHOLD))
curbit <= 1'b1; // modulation
else
curbit <= 1'b0; // no modulation
@@ -246,8 +233,8 @@ begin
end
else
begin
- if (-adc_d_filtered > rx_mod_rising_edge_max)
- rx_mod_rising_edge_max <= -adc_d_filtered;
+ if (adc_d_filtered < rx_mod_rising_edge_max)
+ rx_mod_rising_edge_max <= adc_d_filtered;
end
end
@@ -273,7 +260,7 @@ end
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// PM3 -> Tag:
+// PM3 -> Reader:
// a delay line to ensure that we send the (emulated) tag's answer at the correct time according to ISO14443-3
reg [31:0] mod_sig_buf;
reg [4:0] mod_sig_ptr;
@@ -297,7 +284,7 @@ end
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// PM3 -> Tag, internal timing:
+// PM3 -> Reader, internal timing:
// a timer for the 1172 cycles fdt (Frame Delay Time). Start the timer with a rising edge of the reader's signal.
// set fdt_elapsed when we no longer need to delay data. Set fdt_indicator when we can start sending data.
// Note: the FPGA only takes care for the 1172 delay. To achieve an additional 1236-1172=64 ticks delay, the ARM must send
@@ -315,12 +302,16 @@ reg [3:0] sub_carrier_cnt;
// The ARM must not send too early, otherwise the mod_sig_buf will overflow, therefore signal that we are ready
// with fdt_indicator. The mod_sig_buf can buffer 29 excess data bits, i.e. a maximum delay of 29 * 16 = 464 adc_clk ticks.
-// fdt_indicator could appear at ssp_din after 1 tick, the transfer needs 16 ticks, the ARM can send 128 ticks later.
-// 1128 - 464 - 1 - 128 - 8 = 535
-`define FDT_INDICATOR_COUNT 11'd535
+// fdt_indicator is assigned to sendbit after at least 1 tick, the transfer to ARM needs minimum 8 ticks. Response from
+// ARM could appear at ssp_dout 8 ticks later.
+// 1128 - 464 - 1 - 8 - 8 = 647
+`define FDT_INDICATOR_COUNT 11'd647
+// Note: worst case, assignment to sendbit takes 15 ticks more, and transfer to ARM needs 7*16 = 112 ticks more.
+// When the ARM's response then appears, the fdt_count is already 647 + 15 + 112 = 774, which still allows the ARM a possible
+// response window of 1128 - 774 = 354 ticks.
// reset on a pause in listen mode. I.e. the counter starts when the pause is over:
-assign fdt_reset = ~after_hysteresis && mod_type == `TAGSIM_LISTEN;
+assign fdt_reset = ~after_hysteresis && mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN;
always @(negedge adc_clk)
begin
@@ -363,7 +354,7 @@ reg mod_sig_coil;
always @(negedge adc_clk)
begin
- if (mod_type == `TAGSIM_MOD) // need to take care of proper fdt timing
+ if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD) // need to take care of proper fdt timing
begin
if(fdt_counter == `FDT_COUNT)
begin
@@ -438,7 +429,7 @@ always @(negedge adc_clk)
begin
if (negedge_cnt[5:0] == 6'd63) // fill the buffer
begin
- if (mod_type == `SNIFFER)
+ if (mod_type == `FPGA_HF_ISO14443A_SNIFFER)
begin
if(deep_modulation) // a reader is sending (or there's no field at all)
begin
@@ -455,7 +446,7 @@ begin
end
end
- if(negedge_cnt[2:0] == 3'b000 && mod_type == `SNIFFER) // shift at double speed
+ if(negedge_cnt[2:0] == 3'b000 && mod_type == `FPGA_HF_ISO14443A_SNIFFER) // shift at double speed
begin
// Don't shift if we just loaded new data, obviously.
if(negedge_cnt[5:0] != 6'd0)
@@ -464,7 +455,7 @@ begin
end
end
- if(negedge_cnt[3:0] == 4'b0000 && mod_type != `SNIFFER)
+ if(negedge_cnt[3:0] == 4'b0000 && mod_type != `FPGA_HF_ISO14443A_SNIFFER)
begin
// Don't shift if we just loaded new data, obviously.
if(negedge_cnt[6:0] != 7'd0)
@@ -477,16 +468,15 @@ end
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// FPGA -> ARM communication:
+// FPGA <-> ARM communication:
// generate a ssp clock and ssp frame signal for the synchronous transfer from/to the ARM
reg ssp_clk;
reg ssp_frame;
-reg [2:0] ssp_frame_counter;
always @(negedge adc_clk)
begin
- if(mod_type == `SNIFFER)
- // SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)):
+ if(mod_type == `FPGA_HF_ISO14443A_SNIFFER)
+ // FPGA_HF_ISO14443A_SNIFFER mode (ssp_clk = adc_clk / 8, ssp_frame clock = adc_clk / 64)):
begin
if(negedge_cnt[2:0] == 3'd0)
ssp_clk <= 1'b1;
@@ -506,7 +496,7 @@ begin
if(negedge_cnt[3:0] == 4'd8)
ssp_clk <= 1'b0;
- if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame
+ if(negedge_cnt[6:0] == 7'd7) // ssp_frame rising edge indicates start of frame, sampled on falling edge of ssp_clk
ssp_frame <= 1'b1;
if(negedge_cnt[6:0] == 7'd23)
ssp_frame <= 1'b0;
@@ -526,23 +516,23 @@ begin
if(negedge_cnt[3:0] == 4'd0)
begin
// What do we communicate to the ARM
- if(mod_type == `TAGSIM_LISTEN)
+ if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_LISTEN)
sendbit = after_hysteresis;
- else if(mod_type == `TAGSIM_MOD)
+ else if(mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD)
/* if(fdt_counter > 11'd772) sendbit = mod_sig_coil; // huh?
else */
sendbit = fdt_indicator;
- else if (mod_type == `READER_LISTEN)
+ else if (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN)
sendbit = curbit;
else
sendbit = 1'b0;
end
- if(mod_type == `SNIFFER)
+ if(mod_type == `FPGA_HF_ISO14443A_SNIFFER)
// send sampled reader and tag data:
bit_to_arm = to_arm[7];
- else if (mod_type == `TAGSIM_MOD && fdt_elapsed && temp_buffer_reset)
+ else if (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD && fdt_elapsed && temp_buffer_reset)
// send timing information:
bit_to_arm = to_arm[7];
else
@@ -555,22 +545,22 @@ end
assign ssp_din = bit_to_arm;
-// Subcarrier (adc_clk/16, for TAGSIM_MOD only).
+// Subcarrier (adc_clk/16, for FPGA_HF_ISO14443A_TAGSIM_MOD only).
wire sub_carrier;
assign sub_carrier = ~sub_carrier_cnt[3];
-// in READER_MOD: drop carrier for mod_sig_coil==1 (pause); in READER_LISTEN: carrier always on; in other modes: carrier always off
-assign pwr_hi = (ck_1356megb & (((mod_type == `READER_MOD) & ~mod_sig_coil) || (mod_type == `READER_LISTEN)));
+// in FPGA_HF_ISO14443A_READER_MOD: drop carrier for mod_sig_coil==1 (pause); in FPGA_HF_ISO14443A_READER_LISTEN: carrier always on; in other modes: carrier always off
+assign pwr_hi = (ck_1356meg & (((mod_type == `FPGA_HF_ISO14443A_READER_MOD) & ~mod_sig_coil) || (mod_type == `FPGA_HF_ISO14443A_READER_LISTEN)));
// Enable HF antenna drivers:
assign pwr_oe1 = 1'b0;
assign pwr_oe3 = 1'b0;
-// TAGSIM_MOD: short circuit antenna with different resistances (modulated by sub_carrier modulated by mod_sig_coil)
+// FPGA_HF_ISO14443A_TAGSIM_MOD: short circuit antenna with different resistances (modulated by sub_carrier modulated by mod_sig_coil)
// for pwr_oe4 = 1 (tristate): antenna load = 10k || 33 = 32,9 Ohms
// for pwr_oe4 = 0 (active): antenna load = 10k || 33 || 33 = 16,5 Ohms
-assign pwr_oe4 = ~(mod_sig_coil & sub_carrier & (mod_type == `TAGSIM_MOD));
+assign pwr_oe4 = mod_sig_coil & sub_carrier & (mod_type == `FPGA_HF_ISO14443A_TAGSIM_MOD);
// This is all LF, so doesn't matter.
assign pwr_oe2 = 1'b0;