]> cvs.zerfleddert.de Git - proxmark3-svn/commitdiff
Add basic communication shell for Legic RF in reader mode. Needs the new receive...
authorhenryk@ploetzli.ch <henryk@ploetzli.ch@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Fri, 6 Nov 2009 15:37:53 +0000 (15:37 +0000)
committerhenryk@ploetzli.ch <henryk@ploetzli.ch@ef4ab9da-24cd-11de-8aaa-f3a34680c41f>
Fri, 6 Nov 2009 15:37:53 +0000 (15:37 +0000)
armsrc/appmain.c
armsrc/legicrf.c
armsrc/legicrf.h
include/usb_cmd.h
winsrc/command.cpp

index c83400da2d243084661c234516fe0b4cc24c0cd4..fb501304aceafb2eb61608b1287901ffd7a7f74a 100644 (file)
@@ -553,6 +553,10 @@ void UsbPacketReceived(BYTE *packet, int len)
                        ReaderIso15693(c->ext1);\r
                        break;\r
 \r
+               case CMD_READER_LEGIC_RF:\r
+                       LegicRfReader();\r
+                       break;\r
+\r
                case CMD_SIMTAG_ISO_15693:\r
                        SimTagIso15693(c->ext1);\r
                        break;\r
index 00cb52b630300b14fb08f77d48c9725f6fa4d54f..a8c0cd114b39c447bb825ec8af10e62370984dec 100644 (file)
@@ -79,6 +79,108 @@ static void frame_send_tag(uint16_t response, int bits)
 #endif
 }
 
+/* Send a frame in reader mode, the FPGA must have been set up by
+ * LegicRfReader
+ */
+static void frame_send_rwd(uint16_t data, int bits)
+{
+       /* Start clock */
+       timer->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG;
+       while(timer->TC_CV > 1) ; /* Wait till the clock has reset */
+       
+       int i;
+       for(i=0; i<bits; i++) {
+               int starttime = timer->TC_CV;
+               int pause_end = starttime + RWD_TIME_PAUSE, bit_end;
+               int bit = data & 1;
+               data = data >> 1;
+               
+               if(bit) {
+                       bit_end = starttime + RWD_TIME_1;
+               } else {
+                       bit_end = starttime + RWD_TIME_0;
+               }
+               
+               /* RWD_TIME_PAUSE time off, then some time on, so that the complete bit time is
+                * RWD_TIME_x, where x is the bit to be transmitted */
+               AT91C_BASE_PIOA->PIO_CODR = GPIO_SSC_DOUT;
+               while(timer->TC_CV < pause_end) ;
+               AT91C_BASE_PIOA->PIO_SODR = GPIO_SSC_DOUT;
+               while(timer->TC_CV < bit_end) ;
+       }
+       
+       {
+               /* One final pause to mark the end of the frame */
+               int pause_end = timer->TC_CV + RWD_TIME_PAUSE;
+               AT91C_BASE_PIOA->PIO_CODR = GPIO_SSC_DOUT;
+               while(timer->TC_CV < pause_end) ;
+               AT91C_BASE_PIOA->PIO_SODR = GPIO_SSC_DOUT;
+       }
+       
+       /* Reset the timer, to measure time until the start of the tag frame */
+       timer->TC_CCR = AT91C_TC_SWTRG;
+}
+
+/* Receive a frame from the card in reader emulation mode, the FPGA and
+ * timer must have been set up by LegicRfReader and frame_send_rwd.
+ * 
+ * The LEGIC RF protocol from card to reader does not include explicit
+ * frame start/stop information or length information. The reader must
+ * know beforehand how many bits it wants to receive. (Notably: a card
+ * sending a stream of 0-bits is indistinguishable from no card present.)
+ * 
+ * Receive methodology: There is a fancy correlator in hi_read_rx_xcorr, but
+ * I'm not smart enough to use it. Instead I have patched hi_read_tx to output
+ * the ADC signal with hysteresis on SSP_DIN. Bit-bang that signal and look
+ * for edges. Count the edges in each bit interval. If they are approximately
+ * 0 this was a 0-bit, if they are approximately equal to the number of edges
+ * expected for a 212kHz subcarrier, this was a 1-bit. For timing we use the
+ * timer that's still running from frame_send_rwd in order to get a synchronization
+ * with the frame that we just sent.
+ * 
+ * FIXME: Because we're relying on the hysteresis to just do the right thing 
+ * the range is severely reduced (and you'll probably also need a good antenna).
+ * So this should be fixed some time in the future for a proper receiver. 
+ */
+static void frame_receive_rwd(struct legic_frame * const f, int bits)
+{
+       uint16_t the_bit = 1;  /* Use a bitmask to save on shifts */
+       uint16_t data=0;
+       int i, old_level=0, edges=0;
+       int next_bit_at = TAG_TIME_WAIT;
+       
+       
+       if(bits > 16)
+               bits = 16;
+
+       AT91C_BASE_PIOA->PIO_ODR = GPIO_SSC_DIN;
+       AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DIN;
+
+       while(timer->TC_CV < next_bit_at) ;
+       next_bit_at += TAG_TIME_BIT;
+       
+       for(i=0; i<bits; i++) {
+               edges = 0;
+               while(timer->TC_CV < next_bit_at) {
+                       int level = (AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_DIN);
+                       if(level != old_level)
+                               edges++;
+                       old_level = level;
+               }
+               next_bit_at += TAG_TIME_BIT;
+               
+               if(edges > 20 && edges < 60) { /* expected are 42 edges */
+                       data |= the_bit;
+               }
+               
+               
+               the_bit <<= 1;
+       }
+       
+       f->data = data;
+       f->bits = bits;
+}
+
 /* Figure out a response to a frame in tag mode */
 static void frame_respond_tag(struct legic_frame const * const f)
 {
@@ -220,3 +322,39 @@ void LegicRfSimulate(void)
                WDT_HIT();
        }
 }
+
+void LegicRfReader(void)
+{
+       SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+       FpgaSetupSsc();
+       FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_TX);
+       
+       /* Bitbang the transmitter */
+       AT91C_BASE_PIOA->PIO_CODR = GPIO_SSC_DOUT;
+       AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
+       AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
+       
+       setup_timer();
+       
+       while(!BUTTON_PRESS()) {
+               /* Switch on carrier and let the tag charge for 1ms */
+               AT91C_BASE_PIOA->PIO_SODR = GPIO_SSC_DOUT;
+               SpinDelay(1);
+               
+               LED_A_ON();
+               frame_send_rwd(queries[0].data, queries[0].bits);
+               LED_A_OFF();
+               
+               frame_clean(&current_frame);
+               LED_B_ON();
+               frame_receive_rwd(&current_frame, responses[0].bits);
+               LED_B_OFF();
+               
+               /* Switch off carrier, make sure tag is reset */
+               AT91C_BASE_PIOA->PIO_CODR = GPIO_SSC_DOUT;
+               SpinDelay(10);
+               
+               WDT_HIT();
+       }
+       
+}
index 39119dd12557528fd03be54b592c2754f33ec186..0c9e69d98c1f89a77f4de93363fb09160d4962b5 100644 (file)
@@ -8,5 +8,6 @@
 #define LEGICRF_H_
 
 extern void LegicRfSimulate(void);
+extern void LegicRfReader(void);
 
 #endif /* LEGICRF_H_ */
index 5ff2f26097656170963942bbd74c99f5d5cb35c1..6932e45dcf16f36fc6947753598835de5efe3809 100644 (file)
@@ -70,6 +70,7 @@ typedef struct {
 #define CMD_READER_ISO_14443a                                                                                                  0x0385\r
 #define CMD_SIMULATE_MIFARE_CARD                                                                                       0x0386\r
 #define CMD_SIMULATE_TAG_LEGIC_RF                                      0x387\r
+#define CMD_READER_LEGIC_RF                                            0x388\r
 \r
 // For measurements of the antenna tuning\r
 #define CMD_MEASURE_ANTENNA_TUNING                                                                             0x0400\r
index e94c234cce4e572d10ecaf78b3f2455b62a62eee..5892a8e551b50b91c089448d5aa83c8385400d1e 100644 (file)
@@ -214,6 +214,13 @@ static void CmdLegicRfSim(char *str)
        SendCommand(&c, FALSE);\r
 }\r
 \r
+static void CmdLegicRfRead(char *str)\r
+{\r
+       UsbCommand c;\r
+       c.cmd = CMD_READER_LEGIC_RF;\r
+       SendCommand(&c, FALSE);\r
+}\r
+\r
 static void CmdFPGAOff(char *str)              // ## FPGA Control\r
 {\r
        UsbCommand c;\r
@@ -2908,6 +2915,7 @@ static struct {
        {"lcd",                                         CmdLcd,                                                 0, "<HEX command> <count> -- Send command/data to LCD"},\r
        {"lcdreset",                    CmdLcdReset,                            0, "Hardware reset LCD"},\r
        {"legicrfsim",                  CmdLegicRfSim,                                                  0, "Start the LEGIC RF tag simulator"},\r
+       {"legicrfread",                 CmdLegicRfRead,                                                 0, "Start the LEGIC RF reader"},\r
        {"load",                                        CmdLoad,                                                1, "<filename> -- Load trace (to graph window"},\r
        {"locomread",                   CmdLoCommandRead,               0, "<off period> <'0' period> <'1' period> <command> ['h'] -- Modulate LF reader field to send command before read (all periods in microseconds) (option 'h' for 134)"},\r
        {"loread",                              CmdLoread,                                      0, "['h'] -- Read 125/134 kHz LF ID-only tag (option 'h' for 134)"},\r
Impressum, Datenschutz