//#define RWD_TIME_0 90 /* RWD_TIME_PAUSE off, 40us on = 60us */
//#define RWD_TIME_PAUSE 30 /* 20us */
-#define RWD_TIME_1 80 /* READER_TIME_PAUSE off, 80us on = 100us */
-#define RWD_TIME_0 40 /* READER_TIME_PAUSE off, 40us on = 60us */
-#define RWD_TIME_PAUSE 20 /* 20us */
+#define RWD_TIME_1 80-4 /* READER_TIME_PAUSE off, 80us on = 100us */
+#define RWD_TIME_0 40-4 /* READER_TIME_PAUSE off, 40us on = 60us */
+#define RWD_TIME_PAUSE 20-4 /* 20us */
-#define TAG_BIT_PERIOD 100 // 100us for every bit
+#define TAG_BIT_PERIOD 100-8 // 100us for every bit
#define RWD_TIME_FUZZ 20 /* rather generous 13us, since the peak detector + hysteresis fuzz quite a bit */
-
-//#define TAG_TIME_WAIT 490 /* 490 time from READER frame end to TAG frame start, experimentally determined */
-#define TAG_TIME_WAIT 258 // 330us from READER frame end to TAG frame start, experimentally determined
+#define TAG_TIME_WAIT 330 // 330us from READER frame end to TAG frame start, experimentally determined (490)
#define RDW_TIME_WAIT 258 //
#ifndef SHORT_COIL
//#define LOW(x) AT91C_BASE_PIOA->PIO_CODR = (x)
-# define SHORT_COIL() LOW(GPIO_SSC_DOUT);
+# define SHORT_COIL LOW(GPIO_SSC_DOUT);
#endif
#ifndef OPEN_COIL
//#define HIGH(x) AT91C_BASE_PIOA->PIO_SODR = (x)
-# define OPEN_COIL() HIGH(GPIO_SSC_DOUT);
+# define OPEN_COIL HIGH(GPIO_SSC_DOUT);
#endif
uint32_t stop_send_frame_us = 0;
// ~ 258us + 100us*delay
-#define WAIT(delay) SpinDelayUs(delay);
-#define WAIT_100 WAIT(100)
-
-#define COIL_PULSE(delay) \
- SHORT_COIL() \
- SpinDelayUs(RWD_TIME_PAUSE); \
- OPEN_COIL() \
- SpinDelayUs(delay);
+#define WAIT(delay) SpinDelayCountUs((delay));
+#define COIL_PULSE(x) { SHORT_COIL; WAIT(RWD_TIME_PAUSE); OPEN_COIL; WAIT((x)); }
+#define COIL_PULSE_PAUSE { SHORT_COIL; WAIT(RWD_TIME_PAUSE); OPEN_COIL; }
// ToDo: define a meaningful maximum size for auth_table. The bigger this is, the lower will be the available memory for traces.
// Historically it used to be FREE_BUFFER_SIZE, which was 2744.
Reset(timer);
}
+static void frame_append_bit(struct legic_frame * const f, int bit) {
+ // Overflow, won't happen
+ if (f->bits >= 31) return;
+
+ f->data |= (bit << f->bits);
+ f->bits++;
+}
+
+static void frame_clean(struct legic_frame * const f) {
+ f->data = 0;
+ f->bits = 0;
+}
+
// Prng works when waiting in 99.1us cycles.
// and while sending/receiving in bit frames (100, 60)
-static void CalibratePrng( uint32_t time){
+/*static void CalibratePrng( uint32_t time){
// Calculate Cycles based on timer 100us
uint32_t i = (time - stop_send_frame_us) / 100 ;
if ( k > 0 )
legic_prng_forward(k);
}
+*/
/* Generate Keystream */
static uint32_t get_key_stream(int skip, int count)
else
LOW(GPIO_SSC_DOUT);
- WAIT_100
+ WAIT(100)
}
LOW(GPIO_SSC_DOUT);
}
for (; mask < BITMASK(bits); mask <<= 1) {
if (send & mask) {
- COIL_PULSE(RWD_TIME_1)
+ COIL_PULSE(RWD_TIME_1);
} else {
- COIL_PULSE(RWD_TIME_0)
+ COIL_PULSE(RWD_TIME_0);
}
}
// One final pause to mark the end of the frame
- COIL_PULSE(0)
-
- // log
+ COIL_PULSE_PAUSE;
+
stop_send_frame_us = GetCountUS();
uint8_t cmdbytes[] = {
data & 0xFF,
(data >> 8) & 0xFF,
+ bits,
lfsr & 0xFF,
(lfsr >> 8) & 0xFF,
prng1,
*/
static void frame_receiveAsReader(struct legic_frame * const f, uint8_t bits, uint8_t crypt) {
- uint32_t starttime = GetCountUS();
+ frame_clean(f);
- uint8_t i = 0;
- uint32_t the_bit = 1;
- uint32_t next_bit_at;
- uint32_t data;/* Use a bitmask to save on shifts */
-
- int old_level = 0, edges = 0, level = 0;
+ uint8_t i = 0, edges = 0;
+ uint16_t lsfr = 0;
+ uint32_t the_bit = 1, next_bit_at, data;
+ int old_level = 0, level = 0;
if(bits > 32) bits = 32;
- AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_DIN;
- AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DIN;
+ uint32_t starttime = GetCountUS();
- // calibrate the prng.
- // the time between end-of-send and here, div 100us
- CalibratePrng( starttime );
+ // calibrate the prng.
+ legic_prng_forward(2);
+ //CalibratePrng( starttime );
// precompute the cipher
- uint8_t prng1 = legic_prng_count() ;
+ uint8_t prng_before = legic_prng_count() ;
+
if(crypt)
- data = legic_prng_get_bits(bits);
+ lsfr = legic_prng_get_bits(bits);
- uint16_t lsfr = data;
+ data = lsfr;
+
+ next_bit_at = GetCountUS() + TAG_BIT_PERIOD;
+
+ //FIXED time between sending frame and now listening frame. 330us
+ uint32_t icetime = TAG_TIME_WAIT - ( GetCountUS() - stop_send_frame_us );
+ //
+ WAIT( icetime ); // 21.3us inc.
+
+ AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_DIN;
+ AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DIN;
- // FIXED time between sending frame and now listening frame.
- WAIT(TAG_TIME_WAIT)
- //uint32_t iced = GetCountUS() - starttime;
- //uint32_t icetime = TAG_TIME_WAIT - iced;
- // if (icetime > TAG_TIME_WAIT)
- // icetime = TAG_TIME_WAIT;
- //WAIT( icetime )
-
- next_bit_at = GetCountUS();
- next_bit_at += TAG_BIT_PERIOD;
-
for( i = 0; i < bits; i++) {
edges = 0;
while ( GetCountUS() < next_bit_at) {
- level = AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN;
+ level = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
if (level != old_level)
- edges++;
+ ++edges;
+
old_level = level;
}
next_bit_at += TAG_BIT_PERIOD;
// We expect 42 edges == ONE
- if(edges > 20 && edges < 60) {
- DbpString("one");
+ if(edges > 20 && edges < 60)
data ^= the_bit;
- }
+
the_bit <<= 1;
}
+ // output
f->data = data;
f->bits = bits;
uint8_t cmdbytes[] = {
(data & 0xFF),
(data >> 8) & 0xFF,
+ bits,
(lsfr & 0xFF),
(lsfr >> 8) & 0xFF,
- prng1,
- legic_prng_count()
+ prng_before,
+ legic_prng_count(),
+ icetime & 0xff,
+ (icetime >> 8) & 0xFF
};
LogTrace(cmdbytes, sizeof(cmdbytes), starttime, GetCountUS(), NULL, FALSE);
-}
-
-static void frame_append_bit(struct legic_frame * const f, int bit) {
- // Overflow, won't happen
- if (f->bits >= 31) return;
-
- f->data |= (bit << f->bits);
- f->bits++;
-}
-static void frame_clean(struct legic_frame * const f) {
- f->data = 0;
- f->bits = 0;
}
// Setup pm3 as a Legic Reader
// Switch on carrier and let the tag charge for 1ms
HIGH(GPIO_SSC_DOUT);
- SpinDelay(40);
+ SpinDelay(20);
ResetUSClock();
// Now both tag and reader has same IV. Prng can start.
legic_prng_init(iv);
- frame_clean(¤t_frame);
-
frame_receiveAsReader(¤t_frame, 6, 1);
// fixed delay before sending ack.
static void LegicCommonInit(void) {
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
FpgaSetupSsc();
- FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
/* Bitbang the transmitter */
LOW(GPIO_SSC_DOUT);
LOW(GPIO_SSC_DOUT);
SpinDelay(10);
WDT_HIT();
+ set_tracing(FALSE);
}
// calculate crc4 for a legic READ command
// 5,8,10 address size.
-static int LegicCRC(uint16_t byte_index, uint8_t value, uint8_t cmd_sz) {
+static uint32_t LegicCRC(uint16_t byte_index, uint8_t value, uint8_t cmd_sz) {
crc_clear(&legic_crc);
uint32_t temp = (value << cmd_sz) | (byte_index << 1) | LEGIC_READ;
crc_update(&legic_crc, temp, cmd_sz + 8 );
int legic_read_byte(int byte_index, int cmd_sz) {
- int calcCrc = 0;
uint8_t byte = 0, crc = 0;
+ uint32_t calcCrc = 0;
uint32_t cmd = (byte_index << 1) | LEGIC_READ;
legic_prng_forward(3);
- WAIT(300)
-
+ WAIT(TAG_TIME_WAIT)
+
frame_sendAsReader(cmd, cmd_sz);
- frame_clean(¤t_frame);
-
frame_receiveAsReader(¤t_frame, 12, 1);
- byte = current_frame.data & 0xff;
+ byte = current_frame.data & 0xFF;
+
calcCrc = LegicCRC(byte_index, byte, cmd_sz);
crc = (current_frame.data >> 8);
int byte_index = 0, cmd_sz = 0, card_sz = 0;
- if ( MF_DBGLEVEL >= 2) Dbprintf("setting up legic card, IV = %x", iv);
+ if ( MF_DBGLEVEL >= 2) {
+ Dbprintf("setting up legic card, IV = %x", iv);
+
+ Dbprintf("ONE %d ZERO %d PAUSE %d", RWD_TIME_1 , RWD_TIME_0 , RWD_TIME_PAUSE);
+ Dbprintf("TAG BIT PERIOD %d FUZZ %d TAG WAIT TIME %d", TAG_BIT_PERIOD, RWD_TIME_FUZZ, TAG_TIME_WAIT);
+ }
LegicCommonInit();
GetSamplesForLegicDemod(1000, TRUE);
- // frame_clean(¤t_frame);
//frame_receiveAsReader(¤t_frame, 6, 1);
legic_prng_forward(1); /* we wait anyways */
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
LED_D_ON();
if(*(command++) == '0')
- SpinDelayUs(period_0);
+ SpinDelayUs(period_0); // ICEMAN: problem with (us) clock is 21.3us increments
else
- SpinDelayUs(period_1);
+ SpinDelayUs(period_1); // ICEMAN: problem with (us) clock is 21.3us increments
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
- SpinDelayUs(delay_off);
+ SpinDelayUs(delay_off); // ICEMAN: problem with (us) clock is 21.3us increments
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
if (b&(1<<i)) {
// stop modulating antenna
LOW(GPIO_SSC_DOUT);
- SpinDelayUs(1000);
+ SpinDelayUs(1000); // ICEMAN: problem with (us) clock is 21.3us increments
// modulate antenna
HIGH(GPIO_SSC_DOUT);
- SpinDelayUs(1000);
+ SpinDelayUs(1000); // ICEMAN: problem with (us) clock is 21.3us increments
} else {
// stop modulating antenna
LOW(GPIO_SSC_DOUT);
- SpinDelayUs(300);
+ SpinDelayUs(300); // ICEMAN: problem with (us) clock is 21.3us increments
// modulate antenna
HIGH(GPIO_SSC_DOUT);
- SpinDelayUs(1700);
+ SpinDelayUs(1700); // ICEMAN: problem with (us) clock is 21.3us increments
}
}
}
if (gap) {
WDT_HIT();
SHORT_COIL();
- SpinDelayUs(gap);
+ SpinDelayUs(gap); // ICEMAN: problem with (us) clock is 21.3us increments
}
}
}
* Q5 tags seems to have issues when these values changes.
*/
-#define START_GAP 31*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
+#define START_GAP 50*8 // was 250 // SPEC: 1*8 to 50*8 - typ 15*8 (or 15fc)
#define WRITE_GAP 20*8 // was 160 // SPEC: 1*8 to 20*8 - typ 10*8 (or 10fc)
#define WRITE_0 18*8 // was 144 // SPEC: 16*8 to 32*8 - typ 24*8 (or 24fc)
#define WRITE_1 50*8 // was 400 // SPEC: 48*8 to 64*8 - typ 56*8 (or 56fc) 432 for T55x7; 448 for E5550
//int adcval = ((MAX_ADC_LF_VOLTAGE * AvgAdc(ADC_CHAN_LF)) >> 10);
// where to save it
- SpinDelayUs(delay);
+ SpinDelayUs(delay); // ICEMAN: problem with (us) clock is 21.3us increments
}
// Write one bit to card
else
TurnReadLFOn(WRITE_1);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(WRITE_GAP);
+ SpinDelayUs(WRITE_GAP); // ICEMAN: problem with (us) clock is 21.3us increments
}
// Send T5577 reset command then read stream (see if we can identify the start of the stream)
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ SpinDelayUs(START_GAP); // ICEMAN: problem with (us) clock is 21.3us increments
// reset tag - op code 00
T55xxWriteBit(0);
// Trigger T55x7 in mode.
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ SpinDelayUs(START_GAP); // ICEMAN: problem with (us) clock is 21.3us increments
// Opcode 10
T55xxWriteBit(1);
bool RegReadMode = (Block == 0xFF);
//clear buffer now so it does not interfere with timing later
- BigBuf_Clear_ext(false);
+ BigBuf_Clear_keep_EM();
//make sure block is at max 7
Block &= 0x7;
// Set up FPGA, 125kHz to power up the tag
LFSetupFPGAForADC(95, true);
+ SpinDelay(3);
// Trigger T55x7 Direct Access Mode with start gap
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ SpinDelayUs(START_GAP); // ICEMAN: problem with (us) clock is 21.3us increments
// Opcode 1[page]
T55xxWriteBit(1);
// Send Block number (if direct access mode)
if (!RegReadMode)
- for (i = 0x04; i != 0; i >>= 1)
- T55xxWriteBit(Block & i);
+ for (i = 0x04; i != 0; i >>= 1)
+ T55xxWriteBit(Block & i);
// Turn field on to read the response
TurnReadLFOn(READ_GAP);
// Trigger T55x7 Direct Access Mode
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- SpinDelayUs(START_GAP);
+ SpinDelayUs(START_GAP); // ICEMAN: problem with (us) clock is 21.3us increments
// Opcode 10
T55xxWriteBit(1);
fwd_bit_sz--; //prepare next bit modulation
fwd_write_ptr++;
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(55*8); //55 cycles off (8us each)for 4305
+ SpinDelayUs(55*8); //55 cycles off (8us each)for 4305 // ICEMAN: problem with (us) clock is 21.3us increments
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(16*8); //16 cycles on (8us each)
+ SpinDelayUs(16*8); //16 cycles on (8us each) // ICEMAN: problem with (us) clock is 21.3us increments
// now start writting
while(fwd_bit_sz-- > 0) { //prepare next bit modulation
if(((*fwd_write_ptr++) & 1) == 1)
- SpinDelayUs(32*8); //32 cycles at 125Khz (8us each)
+ SpinDelayUs(32*8); //32 cycles at 125Khz (8us each) // ICEMAN: problem with (us) clock is 21.3us increments
else {
//These timings work for 4469/4269/4305 (with the 55*8 above)
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // field off
- SpinDelayUs(23*8); //16-4 cycles off (8us each)
+ SpinDelayUs(23*8); //16-4 cycles off (8us each) // ICEMAN: problem with (us) clock is 21.3us increments
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);//field on
- SpinDelayUs(9*8); //16 cycles on (8us each)
+ SpinDelayUs(9*8); //16 cycles on (8us each) // ICEMAN: problem with (us) clock is 21.3us increments
}
}
}