From: pwpiwi Date: Wed, 16 Oct 2019 07:36:37 +0000 (+0200) Subject: fix 'hf iclass reader' X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/c41dd5f fix 'hf iclass reader' * code deduplication. Use functions from iso15693.c * speedup CodeIso15693AsReader() * invert reader command coding. 0 now means 'unmodulated' ( = field on) * decode SOF only as a valid tag response in Handle15693SamplesFromTag() * complete decoding of EOF in Handle15693SamplesFromTag() * determine and write correct times to trace * FPGA-change: generate shorter frame signal to allow proper sync in StartCountSspClk() * modify StartCountSspClk() for 16bit SSC transfers * whitespace in util.c * add specific LogTrace_ISO15693() with scaled down duration. Modify cmdhflist.c accordingly. * allow 'hf 15 raw' with single byte commands * check for buffer overflow, card timeout and single SOF in 'hf 15 raw' --- diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 2533d1f9..392271bd 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -57,14 +57,17 @@ #include "usb_cdc.h" // for usb_poll_validate_length #include "fpgaloader.h" -static int timeout = 4096; - // iCLASS has a slightly different timing compared to ISO15693. According to the picopass data sheet the tag response is expected 330us after // the reader command. This is measured from end of reader EOF to first modulation of the tag's SOF which starts with a 56,64us unmodulated period. // 330us = 140 ssp_clk cycles @ 423,75kHz when simulating. // 56,64us = 24 ssp_clk_cycles -#define DELAY_ICLASS_VCD_TO_VICC_SIM 140 -#define TAG_SOF_UNMODULATED 24 +#define DELAY_ICLASS_VCD_TO_VICC_SIM (140 - 24) +// times in ssp_clk_cycles @ 3,3625MHz when acting as reader +#define DELAY_ICLASS_VICC_TO_VCD_READER DELAY_ISO15693_VICC_TO_VCD_READER +// times in samples @ 212kHz when acting as reader +#define ICLASS_READER_TIMEOUT_ACTALL 330 // 1558us, nominal 330us + 7slots*160us = 1450us +#define ICLASS_READER_TIMEOUT_OTHERS 80 // 380us, nominal 330us + //----------------------------------------------------------------------------- // The software UART that receives commands from the reader, and its state @@ -698,7 +701,7 @@ void RAMFUNC SnoopIClass(void) { //if (!LogTrace(NULL, 0, Uart.endTime*16 - DELAY_READER_AIR2ARM_AS_SNIFFER, 0, true)) break; uint8_t parity[MAX_PARITY_SIZE]; GetParity(Uart.output, Uart.byteCnt, parity); - LogTrace(Uart.output, Uart.byteCnt, time_start, time_stop, parity, true); + LogTrace_ISO15693(Uart.output, Uart.byteCnt, time_start*32, time_stop*32, parity, true); /* And ready to receive another command. */ Uart.state = STATE_UNSYNCD; @@ -723,7 +726,7 @@ void RAMFUNC SnoopIClass(void) { uint8_t parity[MAX_PARITY_SIZE]; GetParity(Demod.output, Demod.len, parity); - LogTrace(Demod.output, Demod.len, time_start, time_stop, parity, false); + LogTrace_ISO15693(Demod.output, Demod.len, time_start*32, time_stop*32, parity, false); // And ready to receive another response. memset(&Demod, 0, sizeof(Demod)); @@ -1230,9 +1233,9 @@ int doIClassSimulation(int simulationMode, uint8_t *reader_mac_buf) { A legit tag has about 273,4us delay between reader EOT and tag SOF. **/ if (modulated_response_size > 0) { - uint32_t response_time = reader_eof_time + DELAY_ICLASS_VCD_TO_VICC_SIM - TAG_SOF_UNMODULATED - DELAY_ARM_TO_READER_SIM; + uint32_t response_time = reader_eof_time + DELAY_ICLASS_VCD_TO_VICC_SIM; TransmitTo15693Reader(modulated_response, modulated_response_size, &response_time, 0, false); - LogTrace(trace_data, trace_data_size, response_time + DELAY_ARM_TO_READER_SIM, response_time + (modulated_response_size << 6) + DELAY_ARM_TO_READER_SIM, NULL, false); + LogTrace_ISO15693(trace_data, trace_data_size, response_time*32, response_time*32 + modulated_response_size/2, NULL, false); } } @@ -1327,214 +1330,22 @@ void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain /// THE READER CODE -//----------------------------------------------------------------------------- -// Transmit the command (to the tag) that was placed in ToSend[]. -//----------------------------------------------------------------------------- -static void TransmitIClassCommand(const uint8_t *cmd, int len, int *samples, int *wait) { - int c; - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - AT91C_BASE_SSC->SSC_THR = 0x00; - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); - - if (wait) { - if (*wait < 10) *wait = 10; +static void ReaderTransmitIClass(uint8_t *frame, int len, uint32_t *start_time) { - for (c = 0; c < *wait;) { - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // For exact timing! - c++; - } - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - } - - uint8_t sendbyte; - bool firstpart = true; - c = 0; - for (;;) { - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { + CodeIso15693AsReader(frame, len); - // DOUBLE THE SAMPLES! - if (firstpart) { - sendbyte = (cmd[c] & 0xf0) | (cmd[c] >> 4); - } else { - sendbyte = (cmd[c] & 0x0f) | (cmd[c] << 4); - c++; - } - if (sendbyte == 0xff) { - sendbyte = 0xfe; - } - AT91C_BASE_SSC->SSC_THR = sendbyte; - firstpart = !firstpart; + TransmitTo15693Tag(ToSend, ToSendMax, start_time); - if (c >= len) { - break; - } - } - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR; - (void)r; - } - WDT_HIT(); - } - if (samples && wait) *samples = (c + *wait) << 3; + uint32_t end_time = *start_time + 32*(8*ToSendMax-4); // substract the 4 padding bits after EOF + LogTrace_ISO15693(frame, len, *start_time*4, end_time*4, NULL, true); } -//----------------------------------------------------------------------------- -// Prepare iClass reader command to send to FPGA -//----------------------------------------------------------------------------- -void CodeIClassCommand(const uint8_t *cmd, int len) { - int i, j, k; - - ToSendReset(); - - // Start of Communication: 1 out of 4 - ToSend[++ToSendMax] = 0xf0; - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0x0f; - ToSend[++ToSendMax] = 0x00; - - // Modulate the bytes - for (i = 0; i < len; i++) { - uint8_t b = cmd[i]; - for (j = 0; j < 4; j++) { - for (k = 0; k < 4; k++) { - if (k == (b & 3)) { - ToSend[++ToSendMax] = 0x0f; - } else { - ToSend[++ToSendMax] = 0x00; - } - } - b >>= 2; - } - } - - // End of Communication - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0x00; - ToSend[++ToSendMax] = 0xf0; - ToSend[++ToSendMax] = 0x00; - - // Convert from last character reference to length - ToSendMax++; -} - -static void ReaderTransmitIClass(uint8_t *frame, int len) { - int wait = 0; - int samples = 0; - - // This is tied to other size changes - CodeIClassCommand(frame, len); - - // Select the card - TransmitIClassCommand(ToSend, ToSendMax, &samples, &wait); - if (trigger) - LED_A_ON(); - - // Store reader command in buffer - uint8_t par[MAX_PARITY_SIZE]; - GetParity(frame, len, par); - LogTrace(frame, len, rsamples, rsamples, par, true); -} - -//----------------------------------------------------------------------------- -// Wait a certain time for tag response -// If a response is captured return true -// If it takes too long return false -//----------------------------------------------------------------------------- -static int GetIClassAnswer(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed) { - //uint8_t *buffer - // buffer needs to be 512 bytes - int c; - - // Set FPGA mode to "reader listen mode", no modulation (listen - // only, since we are receiving, not transmitting). - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_LISTEN); - - // Now get the answer from the card - Demod.output = receivedResponse; - Demod.len = 0; - Demod.state = DEMOD_UNSYNCD; - - uint8_t b; - if (elapsed) *elapsed = 0; - - bool skip = false; - - c = 0; - for (;;) { - WDT_HIT(); - - if (BUTTON_PRESS()) return false; - - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) { - AT91C_BASE_SSC->SSC_THR = 0x00; // To make use of exact timing of next command from reader!! - if (elapsed) (*elapsed)++; - } - if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) { - if (c < timeout) { - c++; - } else { - return false; - } - b = (uint8_t)AT91C_BASE_SSC->SSC_RHR; - skip = !skip; - if (skip) continue; - - if (ManchesterDecoding(b & 0x0f)) { - *samples = c << 3; - return true; - } - } - } -} - -static int ReaderReceiveIClass(uint8_t *receivedAnswer) { - int samples = 0; - if (!GetIClassAnswer(receivedAnswer, 160, &samples, 0)) { - return false; - } - rsamples += samples; - uint8_t parity[MAX_PARITY_SIZE]; - GetParity(receivedAnswer, Demod.len, parity); - LogTrace(receivedAnswer, Demod.len, rsamples, rsamples, parity, false); - if (samples == 0) return false; - return Demod.len; -} - -static void setupIclassReader() { - FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - // Reset trace buffer - set_tracing(true); - clear_trace(); - - // Setup SSC - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_ISO14443A); - // Start from off (no field generated) - // Signal field is off with the appropriate LED - LED_D_OFF(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(200); - - SetAdcMuxFor(GPIO_MUXSEL_HIPKD); - - // Now give it time to spin up. - // Signal field is on with the appropriate LED - FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); - SpinDelay(200); - LED_A_ON(); - -} - -static bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, uint8_t expected_size, uint8_t retries) { +static bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint8_t* resp, size_t max_resp_size, + uint8_t expected_size, uint8_t retries, uint32_t start_time, uint32_t *eof_time) { while (retries-- > 0) { - ReaderTransmitIClass(command, cmdsize); - if (expected_size == ReaderReceiveIClass(resp)) { + ReaderTransmitIClass(command, cmdsize, &start_time); + if (expected_size == GetIso15693AnswerFromTag(resp, max_resp_size, ICLASS_READER_TIMEOUT_OTHERS, eof_time)) { return true; } } @@ -1548,12 +1359,11 @@ static bool sendCmdGetResponseWithRetries(uint8_t* command, size_t cmdsize, uint * 1 = Got CSN * 2 = Got CSN and CC */ -static uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { - static uint8_t act_all[] = { 0x0a }; - //static uint8_t identify[] = { 0x0c }; - static uint8_t identify[] = { 0x0c, 0x00, 0x73, 0x33 }; - static uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - static uint8_t readcheck_cc[]= { 0x88, 0x02 }; +static uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key, uint32_t *eof_time) { + uint8_t act_all[] = { 0x0a }; + uint8_t identify[] = { 0x0c }; + uint8_t select[] = { 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + uint8_t readcheck_cc[] = { 0x88, 0x02 }; if (use_credit_key) readcheck_cc[0] = 0x18; else @@ -1562,24 +1372,28 @@ static uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { uint8_t resp[ICLASS_BUFFER_SIZE]; uint8_t read_status = 0; + uint32_t start_time = GetCountSspClk(); // Send act_all - ReaderTransmitIClass(act_all, 1); + ReaderTransmitIClass(act_all, 1, &start_time); // Card present? - if (!ReaderReceiveIClass(resp)) return read_status;//Fail - + if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_ACTALL, eof_time) < 0) return read_status;//Fail + //Send Identify - ReaderTransmitIClass(identify, 1); + start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + ReaderTransmitIClass(identify, 1, &start_time); + // FpgaDisableTracing(); // DEBUGGING //We expect a 10-byte response here, 8 byte anticollision-CSN and 2 byte CRC - uint8_t len = ReaderReceiveIClass(resp); + uint8_t len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time); if (len != 10) return read_status;//Fail //Copy the Anti-collision CSN to our select-packet memcpy(&select[1], resp, 8); //Select the card - ReaderTransmitIClass(select, sizeof(select)); + start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + ReaderTransmitIClass(select, sizeof(select), &start_time); //We expect a 10-byte response here, 8 byte CSN and 2 byte CRC - len = ReaderReceiveIClass(resp); + len = GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time); if (len != 10) return read_status;//Fail //Success - level 1, we got CSN @@ -1590,8 +1404,9 @@ static uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { read_status = 1; // Card selected, now read e-purse (cc) (only 8 bytes no CRC) - ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc)); - if (ReaderReceiveIClass(resp) == 8) { + start_time = *eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + ReaderTransmitIClass(readcheck_cc, sizeof(readcheck_cc), &start_time); + if (GetIso15693AnswerFromTag(resp, sizeof(resp), ICLASS_READER_TIMEOUT_OTHERS, eof_time) == 8) { //Save CC (e-purse) in response data memcpy(card_data+8, resp, 8); read_status++; @@ -1600,8 +1415,8 @@ static uint8_t handshakeIclassTag_ext(uint8_t *card_data, bool use_credit_key) { return read_status; } -static uint8_t handshakeIclassTag(uint8_t *card_data) { - return handshakeIclassTag_ext(card_data, false); +static uint8_t handshakeIclassTag(uint8_t *card_data, uint32_t *eof_time) { + return handshakeIclassTag_ext(card_data, false, eof_time); } @@ -1633,8 +1448,13 @@ void ReaderIClass(uint8_t arg0) { uint8_t flagReadAA = arg0 & FLAG_ICLASS_READER_AA; set_tracing(true); - setupIclassReader(); + clear_trace(); + Iso15693InitReader(); + StartCountSspClk(); + uint32_t start_time = 0; + uint32_t eof_time = 0; + uint16_t tryCnt = 0; bool userCancelled = BUTTON_PRESS() || usb_poll_validate_length(); while (!userCancelled) { @@ -1649,29 +1469,31 @@ void ReaderIClass(uint8_t arg0) { } WDT_HIT(); - read_status = handshakeIclassTag_ext(card_data, use_credit_key); + read_status = handshakeIclassTag_ext(card_data, use_credit_key, &eof_time); if (read_status == 0) continue; if (read_status == 1) result_status = FLAG_ICLASS_READER_CSN; if (read_status == 2) result_status = FLAG_ICLASS_READER_CSN | FLAG_ICLASS_READER_CC; + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; // handshakeIclass returns CSN|CC, but the actual block // layout is CSN|CONFIG|CC, so here we reorder the data, // moving CC forward 8 bytes memcpy(card_data+16, card_data+8, 8); //Read block 1, config if (flagReadConfig) { - if (sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, 10, 10)) { + if (sendCmdGetResponseWithRetries(readConf, sizeof(readConf), resp, sizeof(resp), 10, 10, start_time, &eof_time)) { result_status |= FLAG_ICLASS_READER_CONF; memcpy(card_data+8, resp, 8); } else { Dbprintf("Failed to dump config block"); } + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; } //Read block 5, AA if (flagReadAA) { - if (sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, 10, 10)) { + if (sendCmdGetResponseWithRetries(readAA, sizeof(readAA), resp, sizeof(resp), 10, 10, start_time, &eof_time)) { result_status |= FLAG_ICLASS_READER_AA; memcpy(card_data + (8*5), resp, 8); } else { @@ -1746,9 +1568,14 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { uint8_t resp[ICLASS_BUFFER_SIZE]; - setupIclassReader(); set_tracing(true); + clear_trace(); + Iso15693InitReader(); + StartCountSspClk(); + uint32_t start_time = 0; + uint32_t eof_time = 0; + while (!BUTTON_PRESS()) { WDT_HIT(); @@ -1758,28 +1585,34 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { break; } - uint8_t read_status = handshakeIclassTag(card_data); + uint8_t read_status = handshakeIclassTag(card_data, &eof_time); + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; + if (read_status < 2) continue; //for now replay captured auth (as cc not updated) memcpy(check+5, MAC, 4); - if (!sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 5)) { + if (!sendCmdGetResponseWithRetries(check, sizeof(check), resp, sizeof(resp), 4, 5, start_time, &eof_time)) { + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; Dbprintf("Error: Authentication Fail!"); continue; } + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; //first get configuration block (block 1) crc = block_crc_LUT[1]; read[1] = 1; read[2] = crc >> 8; read[3] = crc & 0xff; - if (!sendCmdGetResponseWithRetries(read, sizeof(read),resp, 10, 10)) { + if (!sendCmdGetResponseWithRetries(read, sizeof(read), resp, sizeof(resp), 10, 10, start_time, &eof_time)) { + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; Dbprintf("Dump config (block 1) failed"); continue; } + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; mem = resp[5]; memory.k16 = (mem & 0x80); memory.book = (mem & 0x20); @@ -1800,7 +1633,8 @@ void ReaderIClass_Replay(uint8_t arg0, uint8_t *MAC) { read[2] = crc >> 8; read[3] = crc & 0xff; - if (sendCmdGetResponseWithRetries(read, sizeof(read), resp, 10, 10)) { + if (sendCmdGetResponseWithRetries(read, sizeof(read), resp, sizeof(resp), 10, 10, start_time, &eof_time)) { + start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; Dbprintf(" %02x: %02x %02x %02x %02x %02x %02x %02x %02x", block, resp[0], resp[1], resp[2], resp[3], resp[4], resp[5], @@ -1857,7 +1691,8 @@ void iClass_Authentication(uint8_t *MAC) { uint8_t resp[ICLASS_BUFFER_SIZE]; memcpy(check+5, MAC, 4); bool isOK; - isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, 4, 6); + uint32_t eof_time; + isOK = sendCmdGetResponseWithRetries(check, sizeof(check), resp, sizeof(resp), 4, 6, 0, &eof_time); cmd_send(CMD_ACK,isOK, 0, 0, 0, 0); } @@ -1867,11 +1702,12 @@ static bool iClass_ReadBlock(uint8_t blockNo, uint8_t *readdata) { uint16_t rdCrc = iclass_crc16(&bl, 1); readcmd[2] = rdCrc >> 8; readcmd[3] = rdCrc & 0xff; - uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0}; + uint8_t resp[10]; bool isOK = false; - + uint32_t eof_time; + //readcmd[1] = blockNo; - isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, 10, 10); + isOK = sendCmdGetResponseWithRetries(readcmd, sizeof(readcmd), resp, sizeof(resp), 10, 10, 0, &eof_time); memcpy(readdata, resp, sizeof(resp)); return isOK; @@ -1929,16 +1765,18 @@ static bool iClass_WriteBlock_ext(uint8_t blockNo, uint8_t *data) { uint16_t wrCrc = iclass_crc16(wrCmd, 13); write[14] = wrCrc >> 8; write[15] = wrCrc & 0xff; - uint8_t resp[] = {0,0,0,0,0,0,0,0,0,0}; + uint8_t resp[10]; bool isOK = false; - - isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10); + uint32_t eof_time = 0; + + isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10, 10, 0, &eof_time); + uint32_t start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; if (isOK) { //if reader responded correctly //Dbprintf("WriteResp: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",resp[0],resp[1],resp[2],resp[3],resp[4],resp[5],resp[6],resp[7],resp[8],resp[9]); if (memcmp(write+2, resp, 8)) { //if response is not equal to write values if (blockNo != 3 && blockNo != 4) { //if not programming key areas (note key blocks don't get programmed with actual key data it is xor data) //error try again - isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10); + isOK = sendCmdGetResponseWithRetries(write, sizeof(write), resp, sizeof(resp), 10, 10, start_time, &eof_time); } } } diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index 85af0859..fff8b370 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -64,8 +64,26 @@ #define arraylen(x) (sizeof(x)/sizeof((x)[0])) +// Delays in SSP_CLK ticks. +// SSP_CLK runs at 13,56MHz / 32 = 423.75kHz when simulating a tag +#define DELAY_READER_TO_ARM 8 +#define DELAY_ARM_TO_READER 0 +//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when acting as reader. All values should be multiples of 16 +#define DELAY_TAG_TO_ARM 32 +#define DELAY_ARM_TO_TAG 16 + static int DEBUG = 0; + +// specific LogTrace function for ISO15693: the duration needs to be scaled because otherwise it won't fit into a uint16_t +bool LogTrace_ISO15693(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag) { + uint32_t duration = timestamp_end - timestamp_start; + duration /= 32; + timestamp_end = timestamp_start + duration; + return LogTrace(btBytes, iLen, timestamp_start, timestamp_end, parity, readerToTag); +} + + /////////////////////////////////////////////////////////////////////// // ISO 15693 Part 2 - Air Interface // This section basically contains transmission and receiving of bits @@ -84,84 +102,37 @@ static int DEBUG = 0; // resulting data rate is 26.48 kbit/s (fc/512) // cmd ... data // n ... length of data -static void CodeIso15693AsReader(uint8_t *cmd, int n) -{ - int i, j; +void CodeIso15693AsReader(uint8_t *cmd, int n) { ToSendReset(); - // Give it a bit of slack at the beginning - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } - // SOF for 1of4 - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - for(i = 0; i < n; i++) { - for(j = 0; j < 8; j += 2) { - int these = (cmd[i] >> j) & 3; + ToSend[++ToSendMax] = 0x84; //10000100 + + // data + for (int i = 0; i < n; i++) { + for (int j = 0; j < 8; j += 2) { + int these = (cmd[i] >> j) & 0x03; switch(these) { case 0: - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x40; //01000000 break; case 1: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x10; //00010000 break; case 2: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x04; //00000100 break; case 3: - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); + ToSend[++ToSendMax] = 0x01; //00000001 break; } } } - // EOF - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - - // Fill remainder of last byte with 1 - for(i = 0; i < 4; i++) { - ToSendStuffBit(1); - } + // EOF + ToSend[++ToSendMax] = 0x20; //0010 + 0000 padding + ToSendMax++; } @@ -170,46 +141,26 @@ static void CodeIso15693AsReader(uint8_t *cmd, int n) // is designed for more robust communication over longer distances static void CodeIso15693AsReader256(uint8_t *cmd, int n) { - int i, j; - ToSendReset(); - // Give it a bit of slack at the beginning - for(i = 0; i < 24; i++) { - ToSendStuffBit(1); - } - // SOF for 1of256 - ToSendStuffBit(0); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - - for(i = 0; i < n; i++) { - for (j = 0; j<=255; j++) { - if (cmd[i]==j) { - ToSendStuffBit(1); + ToSend[++ToSendMax] = 0x81; //10000001 + + // data + for(int i = 0; i < n; i++) { + for (int j = 0; j <= 255; j++) { + if (cmd[i] == j) { ToSendStuffBit(0); - } else { - ToSendStuffBit(1); ToSendStuffBit(1); + } else { + ToSendStuffBit(0); + ToSendStuffBit(0); } } } + // EOF - ToSendStuffBit(1); - ToSendStuffBit(1); - ToSendStuffBit(0); - ToSendStuffBit(1); - - // Fill remainder of last byte with 1 - for(i = 0; i < 4; i++) { - ToSendStuffBit(1); - } + ToSend[++ToSendMax] = 0x20; //0010 + 0000 padding ToSendMax++; } @@ -295,27 +246,38 @@ void CodeIso15693AsTag(uint8_t *cmd, size_t len) { // Transmit the command (to the tag) that was placed in cmd[]. -static void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t start_time) -{ +void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_FULL_MOD); - FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); + + *start_time = (*start_time - DELAY_ARM_TO_TAG) & 0xfffffff0; + + while (GetCountSspClk() > *start_time) { // we may miss the intended time + *start_time += 16; // next possible time + } - while (GetCountSspClk() < start_time) ; + + while (GetCountSspClk() < *start_time) + /* wait */ ; LED_B_ON(); - for(int c = 0; c < len; c++) { + for (int c = 0; c < len; c++) { uint8_t data = cmd[c]; for (int i = 0; i < 8; i++) { - uint16_t send_word = (data & 0x80) ? 0x0000 : 0xffff; + uint16_t send_word = (data & 0x80) ? 0xffff : 0x0000; while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; AT91C_BASE_SSC->SSC_THR = send_word; while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY))) ; AT91C_BASE_SSC->SSC_THR = send_word; + data <<= 1; } WDT_HIT(); } LED_B_OFF(); + + *start_time = *start_time + DELAY_ARM_TO_TAG; + } @@ -326,7 +288,7 @@ void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, // don't use the FPGA_HF_SIMULATOR_MODULATE_424K_8BIT minor mode. It would spoil GetCountSspClk() FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K); - uint32_t modulation_start_time = *start_time + 3 * 8; // no need to transfer the unmodulated start of SOF + uint32_t modulation_start_time = *start_time - DELAY_ARM_TO_READER + 3 * 8; // no need to transfer the unmodulated start of SOF while (GetCountSspClk() > (modulation_start_time & 0xfffffff8) + 3) { // we will miss the intended time if (slot_time) { @@ -341,7 +303,7 @@ void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint8_t shift_delay = modulation_start_time & 0x00000007; - *start_time = modulation_start_time - 3 * 8; + *start_time = modulation_start_time + DELAY_ARM_TO_READER - 3 * 8; LED_C_ON(); uint8_t bits_to_shift = 0x00; @@ -386,15 +348,18 @@ void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, // false if we are still waiting for some more //============================================================================= -#define NOISE_THRESHOLD 160 // don't try to correlate noise +#define NOISE_THRESHOLD 160 // don't try to correlate noise +#define MAX_PREVIOUS_AMPLITUDE (-1 - NOISE_THRESHOLD) typedef struct DecodeTag { enum { STATE_TAG_SOF_LOW, + STATE_TAG_SOF_RISING_EDGE, STATE_TAG_SOF_HIGH, STATE_TAG_SOF_HIGH_END, STATE_TAG_RECEIVING_DATA, - STATE_TAG_EOF + STATE_TAG_EOF, + STATE_TAG_EOF_TAIL } state; int bitCount; int posCount; @@ -409,6 +374,9 @@ typedef struct DecodeTag { uint8_t *output; int len; int sum1, sum2; + int threshold_sof; + int threshold_half; + uint16_t previous_amplitude; } DecodeTag_t; @@ -416,40 +384,58 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 { switch(DecodeTag->state) { case STATE_TAG_SOF_LOW: - // waiting for 12 times low (11 times low is accepted as well) - if (amplitude < NOISE_THRESHOLD) { - DecodeTag->posCount++; - } else { + // waiting for a rising edge + if (amplitude > NOISE_THRESHOLD + DecodeTag->previous_amplitude) { if (DecodeTag->posCount > 10) { - DecodeTag->posCount = 1; - DecodeTag->sum1 = 0; - DecodeTag->state = STATE_TAG_SOF_HIGH; + DecodeTag->threshold_sof = amplitude - DecodeTag->previous_amplitude; + DecodeTag->threshold_half = 0; + DecodeTag->state = STATE_TAG_SOF_RISING_EDGE; } else { DecodeTag->posCount = 0; } + } else { + DecodeTag->posCount++; + DecodeTag->previous_amplitude = amplitude; } break; + case STATE_TAG_SOF_RISING_EDGE: + if (amplitude - DecodeTag->previous_amplitude > DecodeTag->threshold_sof) { // edge still rising + if (amplitude - DecodeTag->threshold_sof > DecodeTag->threshold_sof) { // steeper edge, take this as time reference + DecodeTag->posCount = 1; + } else { + DecodeTag->posCount = 2; + } + DecodeTag->threshold_sof = (amplitude - DecodeTag->previous_amplitude) / 2; + } else { + DecodeTag->posCount = 2; + DecodeTag->threshold_sof = DecodeTag->threshold_sof/2; + } + // DecodeTag->posCount = 2; + DecodeTag->state = STATE_TAG_SOF_HIGH; + break; + case STATE_TAG_SOF_HIGH: // waiting for 10 times high. Take average over the last 8 - if (amplitude > NOISE_THRESHOLD) { + if (amplitude > DecodeTag->threshold_sof) { DecodeTag->posCount++; if (DecodeTag->posCount > 2) { - DecodeTag->sum1 += amplitude; // keep track of average high value + DecodeTag->threshold_half += amplitude; // keep track of average high value } if (DecodeTag->posCount == 10) { - DecodeTag->sum1 >>= 4; // calculate half of average high value (8 samples) + DecodeTag->threshold_half >>= 2; // (4 times 1/2 average) DecodeTag->state = STATE_TAG_SOF_HIGH_END; } } else { // high phase was too short DecodeTag->posCount = 1; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; } break; case STATE_TAG_SOF_HIGH_END: - // waiting for a falling edge - if (amplitude < DecodeTag->sum1) { // signal drops below 50% average high: a falling edge + // check for falling edge + if (DecodeTag->posCount == 13 && amplitude < DecodeTag->threshold_sof) { DecodeTag->lastBit = SOF_PART1; // detected 1st part of SOF (12 samples low and 12 samples high) DecodeTag->shiftReg = 0; DecodeTag->bitCount = 0; @@ -458,11 +444,18 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 DecodeTag->sum2 = 0; DecodeTag->posCount = 2; DecodeTag->state = STATE_TAG_RECEIVING_DATA; + // FpgaDisableTracing(); // DEBUGGING + // Dbprintf("amplitude = %d, threshold_sof = %d, threshold_half/4 = %d, previous_amplitude = %d", + // amplitude, + // DecodeTag->threshold_sof, + // DecodeTag->threshold_half/4, + // DecodeTag->previous_amplitude); // DEBUGGING LED_C_ON(); } else { DecodeTag->posCount++; if (DecodeTag->posCount > 13) { // high phase too long DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); } @@ -480,18 +473,16 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 DecodeTag->sum2 += amplitude; } if (DecodeTag->posCount == 8) { - int32_t corr_1 = DecodeTag->sum2 - DecodeTag->sum1; - int32_t corr_0 = -corr_1; - int32_t corr_EOF = (DecodeTag->sum1 + DecodeTag->sum2) / 2; - if (corr_EOF > corr_0 && corr_EOF > corr_1) { + if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 > DecodeTag->threshold_half) { // modulation in both halves if (DecodeTag->lastBit == LOGIC0) { // this was already part of EOF DecodeTag->state = STATE_TAG_EOF; } else { DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); } - } else if (corr_1 > corr_0) { + } else if (DecodeTag->sum1 < DecodeTag->threshold_half && DecodeTag->sum2 > DecodeTag->threshold_half) { // modulation in second half // logic 1 if (DecodeTag->lastBit == SOF_PART1) { // still part of SOF DecodeTag->lastBit = SOF_PART2; // SOF completed @@ -503,20 +494,21 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 if (DecodeTag->bitCount == 8) { DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg; DecodeTag->len++; + // if (DecodeTag->shiftReg == 0x12 && DecodeTag->len == 1) FpgaDisableTracing(); // DEBUGGING if (DecodeTag->len > DecodeTag->max_len) { // buffer overflow, give up - DecodeTag->posCount = 0; - DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); + return true; } DecodeTag->bitCount = 0; DecodeTag->shiftReg = 0; } } - } else { + } else if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // modulation in first half // logic 0 if (DecodeTag->lastBit == SOF_PART1) { // incomplete SOF DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); } else { @@ -526,9 +518,11 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 if (DecodeTag->bitCount == 8) { DecodeTag->output[DecodeTag->len] = DecodeTag->shiftReg; DecodeTag->len++; + // if (DecodeTag->shiftReg == 0x12 && DecodeTag->len == 1) FpgaDisableTracing(); // DEBUGGING if (DecodeTag->len > DecodeTag->max_len) { // buffer overflow, give up DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); } @@ -536,6 +530,15 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 DecodeTag->shiftReg = 0; } } + } else { // no modulation + if (DecodeTag->lastBit == SOF_PART2) { // only SOF (this is OK for iClass) + LED_C_OFF(); + return true; + } else { + DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); + } } DecodeTag->posCount = 0; } @@ -553,21 +556,42 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 DecodeTag->sum2 += amplitude; } if (DecodeTag->posCount == 8) { - int32_t corr_1 = DecodeTag->sum2 - DecodeTag->sum1; - int32_t corr_0 = -corr_1; - int32_t corr_EOF = (DecodeTag->sum1 + DecodeTag->sum2) / 2; - if (corr_EOF > corr_0 || corr_1 > corr_0) { + if (DecodeTag->sum1 > DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // modulation in first half DecodeTag->posCount = 0; + DecodeTag->state = STATE_TAG_EOF_TAIL; + } else { + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->state = STATE_TAG_SOF_LOW; LED_C_OFF(); - } else { + } + } + DecodeTag->posCount++; + break; + + case STATE_TAG_EOF_TAIL: + if (DecodeTag->posCount == 1) { + DecodeTag->sum1 = 0; + DecodeTag->sum2 = 0; + } + if (DecodeTag->posCount <= 4) { + DecodeTag->sum1 += amplitude; + } else { + DecodeTag->sum2 += amplitude; + } + if (DecodeTag->posCount == 8) { + if (DecodeTag->sum1 < DecodeTag->threshold_half && DecodeTag->sum2 < DecodeTag->threshold_half) { // no modulation in both halves LED_C_OFF(); return true; + } else { + DecodeTag->posCount = 0; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; + DecodeTag->state = STATE_TAG_SOF_LOW; + LED_C_OFF(); } } DecodeTag->posCount++; break; - } return false; @@ -576,6 +600,7 @@ static int inline __attribute__((always_inline)) Handle15693SamplesFromTag(uint1 static void DecodeTagInit(DecodeTag_t *DecodeTag, uint8_t *data, uint16_t max_len) { + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; DecodeTag->posCount = 0; DecodeTag->state = STATE_TAG_SOF_LOW; DecodeTag->output = data; @@ -587,18 +612,19 @@ static void DecodeTagReset(DecodeTag_t *DecodeTag) { DecodeTag->posCount = 0; DecodeTag->state = STATE_TAG_SOF_LOW; + DecodeTag->previous_amplitude = MAX_PREVIOUS_AMPLITUDE; } /* * Receive and decode the tag response, also log to tracebuffer */ -static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, int timeout) -{ +int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time) { + int samples = 0; - bool gotFrame = false; + int ret = 0; - uint16_t *dmaBuf = (uint16_t*)BigBuf_malloc(ISO15693_DMA_BUFFER_SIZE*sizeof(uint16_t)); + uint16_t dmaBuf[ISO15693_DMA_BUFFER_SIZE]; // the Decoder data structure DecodeTag_t DecodeTag = { 0 }; @@ -613,6 +639,7 @@ static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, int tim // Setup and start DMA. FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER); FpgaSetupSscDma((uint8_t*) dmaBuf, ISO15693_DMA_BUFFER_SIZE); + uint32_t dma_start_time = 0; uint16_t *upTo = dmaBuf; for(;;) { @@ -620,12 +647,19 @@ static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, int tim if (behindBy == 0) continue; + samples++; + if (samples == 1) { + // DMA has transferred the very first data + dma_start_time = GetCountSspClk() & 0xfffffff0; + } + uint16_t tagdata = *upTo++; if(upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) { // we have read all of the DMA buffer content. upTo = dmaBuf; // start reading the circular buffer from the beginning if(behindBy > (9*ISO15693_DMA_BUFFER_SIZE/10)) { Dbprintf("About to blow circular buffer - aborted! behindBy=%d", behindBy); + ret = -1; break; } } @@ -634,30 +668,42 @@ static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, int tim AT91C_BASE_PDC_SSC->PDC_RNCR = ISO15693_DMA_BUFFER_SIZE; // DMA Next Counter registers } - samples++; - if (Handle15693SamplesFromTag(tagdata, &DecodeTag)) { - gotFrame = true; + *eof_time = dma_start_time + samples*16 - DELAY_TAG_TO_ARM; // end of EOF + if (DecodeTag.lastBit == SOF_PART2) { + *eof_time -= 8*16; // needed 8 additional samples to confirm single SOF (iCLASS) + } + if (DecodeTag.len > DecodeTag.max_len) { + ret = -2; // buffer overflow + } break; } if (samples > timeout && DecodeTag.state < STATE_TAG_RECEIVING_DATA) { - DecodeTag.len = 0; + ret = -1; // timeout break; } } FpgaDisableSscDma(); - BigBuf_free(); - if (DEBUG) Dbprintf("samples = %d, gotFrame = %d, Decoder: state = %d, len = %d, bitCount = %d, posCount = %d", - samples, gotFrame, DecodeTag.state, DecodeTag.len, DecodeTag.bitCount, DecodeTag.posCount); + if (DEBUG) Dbprintf("samples = %d, ret = %d, Decoder: state = %d, lastBit = %d, len = %d, bitCount = %d, posCount = %d", + samples, ret, DecodeTag.state, DecodeTag.lastBit, DecodeTag.len, DecodeTag.bitCount, DecodeTag.posCount); - if (DecodeTag.len > 0) { - LogTrace(DecodeTag.output, DecodeTag.len, 0, 0, NULL, false); + if (ret < 0) { + return ret; } + uint32_t sof_time = *eof_time + - DecodeTag.len * 8 * 8 * 16 // time for byte transfers + - 32 * 16 // time for SOF transfer + - (DecodeTag.lastBit != SOF_PART2?32*16:0); // time for EOF transfer + + if (DEBUG) Dbprintf("timing: sof_time = %d, eof_time = %d", sof_time, *eof_time); + + LogTrace_ISO15693(DecodeTag.output, DecodeTag.len, sof_time*4, *eof_time*4, NULL, false); + return DecodeTag.len; } @@ -977,7 +1023,7 @@ int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eo for (int i = 7; i >= 0; i--) { if (Handle15693SampleFromReader((b >> i) & 0x01, &DecodeReader)) { - *eof_time = dma_start_time + samples - DELAY_READER_TO_ARM_SIM; // end of EOF + *eof_time = dma_start_time + samples - DELAY_READER_TO_ARM; // end of EOF gotFrame = true; break; } @@ -1006,7 +1052,7 @@ int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eo - DecodeReader.byteCount * (DecodeReader.Coding==CODING_1_OUT_OF_4?128:2048) // time for byte transfers - 32 // time for SOF transfer - 16; // time for EOF transfer - LogTrace(DecodeReader.output, DecodeReader.byteCount, sof_time, *eof_time, NULL, true); + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, sof_time*32, *eof_time*32, NULL, true); } return DecodeReader.byteCount; @@ -1060,7 +1106,8 @@ void AcquireRawAdcSamplesIso15693(void) SpinDelay(100); // Now send the command - TransmitTo15693Tag(ToSend, ToSendMax, 0); + uint32_t start_time = 0; + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); // wait for last transfer to complete while (!(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_TXEMPTY)) ; @@ -1156,7 +1203,7 @@ void SnoopIso15693(void) if (Handle15693SampleFromReader(snoopdata & 0x02, &DecodeReader)) { FpgaDisableSscDma(); ExpectTagAnswer = true; - LogTrace(DecodeReader.output, DecodeReader.byteCount, samples, samples, NULL, true); + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, samples*64, samples*64, NULL, true); /* And ready to receive another command. */ DecodeReaderReset(&DecodeReader); /* And also reset the demod code, which might have been */ @@ -1168,7 +1215,7 @@ void SnoopIso15693(void) if (Handle15693SampleFromReader(snoopdata & 0x01, &DecodeReader)) { FpgaDisableSscDma(); ExpectTagAnswer = true; - LogTrace(DecodeReader.output, DecodeReader.byteCount, samples, samples, NULL, true); + LogTrace_ISO15693(DecodeReader.output, DecodeReader.byteCount, samples*64, samples*64, NULL, true); /* And ready to receive another command. */ DecodeReaderReset(&DecodeReader); /* And also reset the demod code, which might have been */ @@ -1184,7 +1231,7 @@ void SnoopIso15693(void) if (Handle15693SamplesFromTag(snoopdata >> 2, &DecodeTag)) { FpgaDisableSscDma(); //Use samples as a time measurement - LogTrace(DecodeTag.output, DecodeTag.len, samples, samples, NULL, false); + LogTrace_ISO15693(DecodeTag.output, DecodeTag.len, samples*64, samples*64, NULL, false); // And ready to receive another response. DecodeTagReset(&DecodeTag); DecodeReaderReset(&DecodeReader); @@ -1213,10 +1260,8 @@ void SnoopIso15693(void) // Initialize the proxmark as iso15k reader -static void Iso15693InitReader() { +void Iso15693InitReader() { FpgaDownloadAndGo(FPGA_BITSTREAM_HF); - // Setup SSC - // FpgaSetupSsc(); // Start from off (no field generated) LED_D_OFF(); @@ -1300,17 +1345,20 @@ static void BuildInventoryResponse(uint8_t *uid) // init ... should we initialize the reader? // speed ... 0 low speed, 1 hi speed // *recv will contain the tag's answer -// return: lenght of received data -int SendDataTag(uint8_t *send, int sendlen, bool init, int speed, uint8_t *recv, uint16_t max_recv_len, uint32_t start_time) { +// return: length of received data, or -1 for timeout +int SendDataTag(uint8_t *send, int sendlen, bool init, int speed, uint8_t *recv, uint16_t max_recv_len, uint32_t start_time, uint32_t *eof_time) { LED_A_ON(); LED_B_OFF(); LED_C_OFF(); - if (init) Iso15693InitReader(); - - int answerLen=0; - + if (init) { + Iso15693InitReader(); + StartCountSspClk(); + } + + int answerLen = 0; + if (!speed) { // low speed (1 out of 256) CodeIso15693AsReader256(send, sendlen); @@ -1319,11 +1367,14 @@ int SendDataTag(uint8_t *send, int sendlen, bool init, int speed, uint8_t *recv, CodeIso15693AsReader(send, sendlen); } - TransmitTo15693Tag(ToSend, ToSendMax, start_time); + if (start_time == 0) { + start_time = GetCountSspClk(); + } + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); // Now wait for a response if (recv != NULL) { - answerLen = GetIso15693AnswerFromTag(recv, max_recv_len, DELAY_ISO15693_VCD_TO_VICC_READER * 2); + answerLen = GetIso15693AnswerFromTag(recv, max_recv_len, DELAY_ISO15693_VCD_TO_VICC_READER * 2, eof_time); } LED_A_OFF(); @@ -1445,11 +1496,13 @@ void ReaderIso15693(uint32_t parameter) // Now send the IDENTIFY command BuildIdentifyRequest(); - TransmitTo15693Tag(ToSend, ToSendMax, 0); + uint32_t start_time = 0; + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); // Now wait for a response - answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2) ; - uint32_t start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER; + uint32_t eof_time; + answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2, &eof_time) ; + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; if (answerLen >=12) // we should do a better check than this { @@ -1487,9 +1540,9 @@ void ReaderIso15693(uint32_t parameter) if (answerLen >= 12 && DEBUG) { for (int i = 0; i < 32; i++) { // sanity check, assume max 32 pages BuildReadBlockRequest(TagUID, i); - TransmitTo15693Tag(ToSend, ToSendMax, start_time); - int answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2); - start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER; + TransmitTo15693Tag(ToSend, ToSendMax, &start_time); + int answerLen = GetIso15693AnswerFromTag(answer, sizeof(answer), DELAY_ISO15693_VCD_TO_VICC_READER * 2, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; if (answerLen > 0) { Dbprintf("READ SINGLE BLOCK %d returned %d octets:", i, answerLen); DbdecodeIso15693Answer(answerLen, answer); @@ -1535,7 +1588,7 @@ void SimTagIso15693(uint32_t parameter, uint8_t *uid) if ((cmd_len >= 5) && (cmd[0] & ISO15693_REQ_INVENTORY) && (cmd[1] == ISO15693_INVENTORY)) { // TODO: check more flags bool slow = !(cmd[0] & ISO15693_REQ_DATARATE_HIGH); - start_time = eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM - DELAY_ARM_TO_READER_SIM; + start_time = eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM; TransmitTo15693Reader(ToSend, ToSendMax, &start_time, 0, slow); } @@ -1557,11 +1610,8 @@ void BruteforceIso15693Afi(uint32_t speed) uint8_t data[6]; uint8_t recv[ISO15693_MAX_RESPONSE_LENGTH]; - - int datalen=0, recvlen=0; - - Iso15693InitReader(); - StartCountSspClk(); + int datalen = 0, recvlen = 0; + uint32_t eof_time; // first without AFI // Tags should respond without AFI and with AFI=0 even when AFI is active @@ -1570,8 +1620,9 @@ void BruteforceIso15693Afi(uint32_t speed) data[1] = ISO15693_INVENTORY; data[2] = 0; // mask length datalen = Iso15693AddCrc(data,3); - recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), 0); - uint32_t start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER; + uint32_t start_time = GetCountSspClk(); + recvlen = SendDataTag(data, datalen, true, speed, recv, sizeof(recv), 0, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; WDT_HIT(); if (recvlen>=12) { Dbprintf("NoAFI UID=%s", Iso15693sprintUID(NULL, &recv[2])); @@ -1587,8 +1638,8 @@ void BruteforceIso15693Afi(uint32_t speed) for (int i = 0; i < 256; i++) { data[2] = i & 0xFF; datalen = Iso15693AddCrc(data,4); - recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), start_time); - start_time = GetCountSspClk() + DELAY_ISO15693_VICC_TO_VCD_READER; + recvlen = SendDataTag(data, datalen, false, speed, recv, sizeof(recv), start_time, &eof_time); + start_time = eof_time + DELAY_ISO15693_VICC_TO_VCD_READER; WDT_HIT(); if (recvlen >= 12) { Dbprintf("AFI=%i UID=%s", i, Iso15693sprintUID(NULL, &recv[2])); @@ -1605,7 +1656,8 @@ void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint int recvlen = 0; uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; - + uint32_t eof_time; + LED_A_ON(); if (DEBUG) { @@ -1613,24 +1665,27 @@ void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint Dbhexdump(datalen, data, false); } - recvlen = SendDataTag(data, datalen, true, speed, (recv?recvbuf:NULL), sizeof(recvbuf), 0); + recvlen = SendDataTag(data, datalen, true, speed, (recv?recvbuf:NULL), sizeof(recvbuf), 0, &eof_time); + + // for the time being, switch field off to protect rdv4.0 + // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); if (recv) { if (DEBUG) { Dbprintf("RECV:"); - Dbhexdump(recvlen, recvbuf, false); - DbdecodeIso15693Answer(recvlen, recvbuf); + if (recvlen > 0) { + Dbhexdump(recvlen, recvbuf, false); + DbdecodeIso15693Answer(recvlen, recvbuf); + } } - - cmd_send(CMD_ACK, recvlen>ISO15693_MAX_RESPONSE_LENGTH?ISO15693_MAX_RESPONSE_LENGTH:recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH); - + if (recvlen > ISO15693_MAX_RESPONSE_LENGTH) { + recvlen = ISO15693_MAX_RESPONSE_LENGTH; + } + cmd_send(CMD_ACK, recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH); } - // for the time being, switch field off to protect rdv4.0 - // note: this prevents using hf 15 cmd with s option - which isn't implemented yet anyway - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); - LED_A_OFF(); } @@ -1648,7 +1703,8 @@ void SetTag15693Uid(uint8_t *uid) int recvlen = 0; uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH]; - + uint32_t eof_time; + LED_A_ON(); // Command 1 : 02213E00000000 @@ -1687,7 +1743,7 @@ void SetTag15693Uid(uint8_t *uid) cmd[3][5] = uid[1]; cmd[3][6] = uid[0]; - for (int i=0; i<4; i++) { + for (int i = 0; i < 4; i++) { // Add the CRC crc = Iso15693Crc(cmd[i], 7); cmd[i][7] = crc & 0xff; @@ -1698,12 +1754,14 @@ void SetTag15693Uid(uint8_t *uid) Dbhexdump(sizeof(cmd[i]), cmd[i], false); } - recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), true, 1, recvbuf, sizeof(recvbuf), 0); + recvlen = SendDataTag(cmd[i], sizeof(cmd[i]), true, 1, recvbuf, sizeof(recvbuf), 0, &eof_time); if (DEBUG) { Dbprintf("RECV:"); - Dbhexdump(recvlen, recvbuf, false); - DbdecodeIso15693Answer(recvlen, recvbuf); + if (recvlen > 0) { + Dbhexdump(recvlen, recvbuf, false); + DbdecodeIso15693Answer(recvlen, recvbuf); + } } cmd_send(CMD_ACK, recvlen>ISO15693_MAX_RESPONSE_LENGTH?ISO15693_MAX_RESPONSE_LENGTH:recvlen, 0, 0, recvbuf, ISO15693_MAX_RESPONSE_LENGTH); diff --git a/armsrc/iso15693.h b/armsrc/iso15693.h index 7d2e7598..96a2b39b 100644 --- a/armsrc/iso15693.h +++ b/armsrc/iso15693.h @@ -17,16 +17,18 @@ // Delays in SSP_CLK ticks. // SSP_CLK runs at 13,56MHz / 32 = 423.75kHz when simulating a tag -#define DELAY_READER_TO_ARM_SIM 8 -#define DELAY_ARM_TO_READER_SIM 0 -#define DELAY_ISO15693_VCD_TO_VICC_SIM 132 // 132/423.75kHz = 311.5us from end of command EOF to start of tag response -//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when acting as reader +#define DELAY_ISO15693_VCD_TO_VICC_SIM 132 // 132/423.75kHz = 311.5us from end of command EOF to start of tag response +//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when acting as reader. All values should be multiples of 16 #define DELAY_ISO15693_VCD_TO_VICC_READER 1056 // 1056/3,39MHz = 311.5us from end of command EOF to start of tag response -#define DELAY_ISO15693_VICC_TO_VCD_READER 1017 // 1017/3.39MHz = 300us between end of tag response and next reader command +#define DELAY_ISO15693_VICC_TO_VCD_READER 1024 // 1024/3.39MHz = 302.1us between end of tag response and next reader command +void Iso15693InitReader(); +void CodeIso15693AsReader(uint8_t *cmd, int n); void CodeIso15693AsTag(uint8_t *cmd, size_t len); -int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time); void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow); +int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time); +void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time); +int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time); void SnoopIso15693(void); void AcquireRawAdcSamplesIso15693(void); void ReaderIso15693(uint32_t parameter); @@ -35,5 +37,6 @@ void BruteforceIso15693Afi(uint32_t speed); void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint8_t data[]); void SetTag15693Uid(uint8_t *uid); void SetDebugIso15693(uint32_t flag); +bool LogTrace_ISO15693(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); #endif diff --git a/armsrc/util.c b/armsrc/util.c index aac68a34..4bff3a26 100644 --- a/armsrc/util.c +++ b/armsrc/util.c @@ -21,7 +21,7 @@ void print_result(char *name, uint8_t *buf, size_t len) { if ( len % 16 == 0 ) { for(; p-buf < len; p += 16) - Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", + Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, @@ -30,7 +30,7 @@ void print_result(char *name, uint8_t *buf, size_t len) { } else { for(; p-buf < len; p += 8) - Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); + Dbprintf("[%s:%d/%d] %02x %02x %02x %02x %02x %02x %02x %02x", name, p-buf, len, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); } } @@ -68,17 +68,17 @@ uint64_t bytes_to_num(uint8_t* src, size_t len) // RotateLeft - Ultralight, Desfire void rol(uint8_t *data, const size_t len){ - uint8_t first = data[0]; - for (size_t i = 0; i < len-1; i++) { - data[i] = data[i+1]; - } - data[len-1] = first; + uint8_t first = data[0]; + for (size_t i = 0; i < len-1; i++) { + data[i] = data[i+1]; + } + data[len-1] = first; } void lsl (uint8_t *data, size_t len) { - for (size_t n = 0; n < len - 1; n++) { - data[n] = (data[n] << 1) | (data[n+1] >> 7); - } - data[len - 1] <<= 1; + for (size_t n = 0; n < len - 1; n++) { + data[n] = (data[n] << 1) | (data[n+1] >> 7); + } + data[len - 1] <<= 1; } void LEDsoff() @@ -309,16 +309,16 @@ void FormatVersionInformation(char *dst, int len, const char *prefix, void *vers // ------------------------------------------------------------------------- // test procedure: // -// ti = GetTickCount(); -// SpinDelay(1000); -// ti = GetTickCount() - ti; -// Dbprintf("timer(1s): %d t=%d", ti, GetTickCount()); +// ti = GetTickCount(); +// SpinDelay(1000); +// ti = GetTickCount() - ti; +// Dbprintf("timer(1s): %d t=%d", ti, GetTickCount()); void StartTickCount() { // This timer is based on the slow clock. The slow clock frequency is between 22kHz and 40kHz. // We can determine the actual slow clock frequency by looking at the Main Clock Frequency Register. - uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency + uint16_t mainf = AT91C_BASE_PMC->PMC_MCFR & 0xffff; // = 16 * main clock frequency (16MHz) / slow clock frequency // set RealTimeCounter divider to count at 1kHz: AT91C_BASE_RTTC->RTTC_RTMR = AT91C_RTTC_RTTRST | ((256000 + (mainf/2)) / mainf); // note: worst case precision is approx 2.5% @@ -334,12 +334,12 @@ uint32_t RAMFUNC GetTickCount(){ // ------------------------------------------------------------------------- -// microseconds timer +// microseconds timer // ------------------------------------------------------------------------- void StartCountUS() { AT91C_BASE_PMC->PMC_PCER |= (0x1 << 12) | (0x1 << 13) | (0x1 << 14); -// AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC1XC1S_TIOA0; +// AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC1XC1S_TIOA0; AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_NONE | AT91C_TCB_TC1XC1S_TIOA0 | AT91C_TCB_TC2XC2S_NONE; // fast clock @@ -349,10 +349,10 @@ void StartCountUS() AT91C_TC_ACPC_SET | AT91C_TC_ASWTRG_SET; AT91C_BASE_TC0->TC_RA = 1; AT91C_BASE_TC0->TC_RC = 0xBFFF + 1; // 0xC000 - - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // timer disable + + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // timer disable AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_XC1; // from timer 0 - + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; AT91C_BASE_TCB->TCB_BCR = 1; @@ -375,61 +375,72 @@ uint32_t RAMFUNC GetDeltaCountUS(){ // ------------------------------------------------------------------------- -// Timer for iso14443 commands. Uses ssp_clk from FPGA +// Timer for iso14443 commands. Uses ssp_clk from FPGA // ------------------------------------------------------------------------- void StartCountSspClk() { AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_TC0) | (1 << AT91C_ID_TC1) | (1 << AT91C_ID_TC2); // Enable Clock to all timers - AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 - | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none - | AT91C_TCB_TC2XC2S_TIOA0; // XC2 Clock = TIOA0 + AT91C_BASE_TCB->TCB_BMR = AT91C_TCB_TC0XC0S_TIOA1 // XC0 Clock = TIOA1 + | AT91C_TCB_TC1XC1S_NONE // XC1 Clock = none + | AT91C_TCB_TC2XC2S_TIOA0; // XC2 Clock = TIOA0 // configure TC1 to create a short pulse on TIOA1 when a rising edge on TIOB1 (= ssp_clk from FPGA) occurs: - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // disable TC1 + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; // disable TC1 AT91C_BASE_TC1->TC_CMR = AT91C_TC_CLKS_TIMER_DIV1_CLOCK // TC1 Clock = MCK(48MHz)/2 = 24MHz - | AT91C_TC_CPCSTOP // Stop clock on RC compare - | AT91C_TC_EEVTEDG_RISING // Trigger on rising edge of Event - | AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16 ... 13,56MHz/4) - | AT91C_TC_ENETRG // Enable external trigger event - | AT91C_TC_WAVESEL_UP // Upmode without automatic trigger on RC compare - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_AEEVT_SET // Set TIOA1 on external event - | AT91C_TC_ACPC_CLEAR; // Clear TIOA1 on RC Compare - AT91C_BASE_TC1->TC_RC = 0x02; // RC Compare value = 0x02 + | AT91C_TC_CPCSTOP // Stop clock on RC compare + | AT91C_TC_EEVTEDG_RISING // Trigger on rising edge of Event + | AT91C_TC_EEVT_TIOB // Event-Source: TIOB1 (= ssp_clk from FPGA = 13,56MHz/16 ... 13,56MHz/4) + | AT91C_TC_ENETRG // Enable external trigger event + | AT91C_TC_WAVESEL_UP // Upmode without automatic trigger on RC compare + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_AEEVT_SET // Set TIOA1 on external event + | AT91C_TC_ACPC_CLEAR; // Clear TIOA1 on RC Compare + AT91C_BASE_TC1->TC_RC = 0x02; // RC Compare value = 0x02 // use TC0 to count TIOA1 pulses - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // disable TC0 - AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_XC0 // TC0 clock = XC0 clock = TIOA1 - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_WAVESEL_UP // just count - | AT91C_TC_ACPA_CLEAR // Clear TIOA0 on RA Compare - | AT91C_TC_ACPC_SET; // Set TIOA0 on RC Compare - AT91C_BASE_TC0->TC_RA = 1; // RA Compare value = 1; pulse width to TC2 - AT91C_BASE_TC0->TC_RC = 0; // RC Compare value = 0; increment TC2 on overflow + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; // disable TC0 + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_XC0 // TC0 clock = XC0 clock = TIOA1 + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_WAVESEL_UP // just count + | AT91C_TC_ACPA_CLEAR // Clear TIOA0 on RA Compare + | AT91C_TC_ACPC_SET; // Set TIOA0 on RC Compare + AT91C_BASE_TC0->TC_RA = 1; // RA Compare value = 1; pulse width to TC2 + AT91C_BASE_TC0->TC_RC = 0; // RC Compare value = 0; increment TC2 on overflow // use TC2 to count TIOA0 pulses (giving us a 32bit counter (TC0/TC2) clocked by ssp_clk) - AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; // disable TC2 - AT91C_BASE_TC2->TC_CMR = AT91C_TC_CLKS_XC2 // TC2 clock = XC2 clock = TIOA0 - | AT91C_TC_WAVE // Waveform Mode - | AT91C_TC_WAVESEL_UP; // just count - - AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; // enable TC0 - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; // enable TC1 - AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN; // enable TC2 + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; // disable TC2 + AT91C_BASE_TC2->TC_CMR = AT91C_TC_CLKS_XC2 // TC2 clock = XC2 clock = TIOA0 + | AT91C_TC_WAVE // Waveform Mode + | AT91C_TC_WAVESEL_UP; // just count + + AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN; // enable TC0 + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN; // enable TC1 + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKEN; // enable TC2 // - // synchronize the counter with the ssp_frame signal. Note: FPGA must be in a FPGA mode with SSC transfer, otherwise SSC_FRAME and SSC_CLK signals would not be present + // synchronize the counter with the ssp_frame signal. Note: FPGA must be in a FPGA mode with SSC transfer, otherwise SSC_FRAME and SSC_CLK signals would not be present // - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME)); // wait for ssp_frame to go high (start of frame) - while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME); // wait for ssp_frame to be low - while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high - // note: up to now two ssp_clk rising edges have passed since the rising edge of ssp_frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME); // wait for ssp_frame to be low + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_FRAME)); // wait for ssp_frame to go high (start of frame) + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 1st ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 2nd ssp_clk after start of frame + if ((AT91C_BASE_SSC->SSC_RFMR & SSC_FRAME_MODE_BITS_IN_WORD(32)) == SSC_FRAME_MODE_BITS_IN_WORD(16)) { + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 3rd ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 4th ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 5th ssp_clk after start of frame + while(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK); // wait for ssp_clk to go low; + while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)); // wait for ssp_clk to go high; 6th ssp_clk after start of frame + } // it is now safe to assert a sync signal. This sets all timers to 0 on next active clock edge - AT91C_BASE_TCB->TCB_BCR = 1; // assert Sync (set all timers to 0 on next active clock edge) - // at the next (3rd) ssp_clk rising edge, TC1 will be reset (and not generate a clock signal to TC0) - // at the next (4th) ssp_clk rising edge, TC0 (the low word of our counter) will be reset. From now on, + AT91C_BASE_TCB->TCB_BCR = 1; // assert Sync (set all timers to 0 on next active clock edge) + // at the next (3rd/7th) ssp_clk rising edge, TC1 will be reset (and not generate a clock signal to TC0) + // at the next (4th/8th) ssp_clk rising edge, TC0 (the low word of our counter) will be reset. From now on, // whenever the last three bits of our counter go 0, we can be sure to be in the middle of a frame transfer. - // (just started with the transfer of the 4th Bit). + // (just started with the transfer of the 3rd Bit). // The high word of the counter (TC2) will not reset until the low word (TC0) overflows. Therefore need to wait quite some time before // we can use the counter. while (AT91C_BASE_TC0->TC_CV < 0xFFFF); @@ -445,19 +456,17 @@ void ResetSspClk(void) { while (AT91C_BASE_TC2->TC_CV > 0); } - uint32_t GetCountSspClk(){ uint32_t hi, lo; - do { + do { hi = AT91C_BASE_TC2->TC_CV; lo = AT91C_BASE_TC0->TC_CV; - } while(hi != AT91C_BASE_TC2->TC_CV); - + } while (hi != AT91C_BASE_TC2->TC_CV); + return (hi << 16) | lo; } - // ------------------------------------------------------------------------- // Timer for bitbanging, or LF stuff when you need a very precis timer // 1us = 1.5ticks @@ -476,11 +485,11 @@ void StartTicks(void){ AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // re-enable timer and wait for TC0 // second configure TC0 (lower, 0x0000FFFF) 16 bit counter - AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK(48MHz) / 32 - AT91C_TC_WAVE | AT91C_TC_WAVESEL_UP_AUTO | - AT91C_TC_ACPA_CLEAR | // RA comperator clears TIOA (carry bit) - AT91C_TC_ACPC_SET | // RC comperator sets TIOA (carry bit) - AT91C_TC_ASWTRG_SET; // SWTriger sets TIOA (carry bit) + AT91C_BASE_TC0->TC_CMR = AT91C_TC_CLKS_TIMER_DIV3_CLOCK | // MCK(48MHz) / 32 + AT91C_TC_WAVE | AT91C_TC_WAVESEL_UP_AUTO | + AT91C_TC_ACPA_CLEAR | // RA comperator clears TIOA (carry bit) + AT91C_TC_ACPC_SET | // RC comperator sets TIOA (carry bit) + AT91C_TC_ASWTRG_SET; // SWTriger sets TIOA (carry bit) AT91C_BASE_TC0->TC_RC = 0; // set TIOA (carry bit) on overflow, return to zero AT91C_BASE_TC0->TC_RA = 1; // clear carry bit on next clock cycle AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKEN | AT91C_TC_SWTRG; // reset and re-enable timer @@ -517,7 +526,7 @@ void WaitTicks(uint32_t ticks){ } -// Wait / Spindelay in us (microseconds) +// Wait / Spindelay in us (microseconds) // 1us = 1.5ticks. void WaitUS(uint16_t us){ WaitTicks( (uint32_t)us * 3 / 2 ) ; @@ -546,7 +555,7 @@ void ResetTimer(AT91PS_TC timer){ // stop clock void StopTicks(void){ AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; - AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; } diff --git a/armsrc/util.h b/armsrc/util.h index 7b3d0849..14ac5e10 100644 --- a/armsrc/util.h +++ b/armsrc/util.h @@ -66,7 +66,7 @@ uint32_t RAMFUNC GetDeltaCountUS(); void StartCountSspClk(); void ResetSspClk(void); -uint32_t RAMFUNC GetCountSspClk(); +uint32_t GetCountSspClk(); extern void StartTicks(void); extern uint32_t GetTicks(void); diff --git a/client/cmdhf15.c b/client/cmdhf15.c index c2a13354..6bcad201 100644 --- a/client/cmdhf15.c +++ b/client/cmdhf15.c @@ -464,7 +464,7 @@ int CmdHF15CmdRaw (const char *cmd) { char *hexout; - if (strlen(cmd)<3) { + if (strlen(cmd)<2) { PrintAndLog("Usage: hf 15 cmd raw [-r] [-2] [-c] <0A 0B 0C ... hex>"); PrintAndLog(" -r do not read response"); PrintAndLog(" -2 use slower '1 out of 256' mode"); @@ -526,22 +526,31 @@ int CmdHF15CmdRaw (const char *cmd) { SendCommand(&c); if (reply) { - if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) { + if (WaitForResponseTimeout(CMD_ACK, &resp, 1000)) { recv = resp.d.asBytes; - PrintAndLog("received %i octets",resp.arg[0]); - hexout = (char *)malloc(resp.arg[0] * 3 + 1); - if (hexout != NULL) { - for (int i = 0; i < resp.arg[0]; i++) { // data in hex - sprintf(&hexout[i * 3], "%02X ", recv[i]); + int recv_len = resp.arg[0]; + if (recv_len == 0) { + PrintAndLog("received SOF only. Maybe Picopass/iCLASS?"); + } else if (recv_len > 0) { + PrintAndLog("received %i octets", recv_len); + hexout = (char *)malloc(resp.arg[0] * 3 + 1); + if (hexout != NULL) { + for (int i = 0; i < resp.arg[0]; i++) { // data in hex + sprintf(&hexout[i * 3], "%02X ", recv[i]); + } + PrintAndLog("%s", hexout); + free(hexout); } - PrintAndLog("%s", hexout); - free(hexout); + } else if (recv_len == -1) { + PrintAndLog("card didn't respond"); + } else if (recv_len == -2) { + PrintAndLog("receive buffer overflow"); } } else { PrintAndLog("timeout while waiting for reply."); } - - } // if reply + } + return 0; } diff --git a/client/cmdhflist.c b/client/cmdhflist.c index 07a286cc..29d10d92 100644 --- a/client/cmdhflist.c +++ b/client/cmdhflist.c @@ -903,8 +903,6 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui // adjust for different time scales if (protocol == ICLASS || protocol == ISO_15693) { - first_timestamp *= 32; - timestamp *= 32; duration *= 32; } @@ -1037,10 +1035,6 @@ uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *trace, ui if (showWaitCycles && !isResponse && next_record_is_response(tracepos, trace)) { uint32_t next_timestamp = *((uint32_t *)(trace + tracepos)); - // adjust for different time scales - if (protocol == ICLASS || protocol == ISO_15693) { - next_timestamp *= 32; - } PrintAndLog(" %10d | %10d | %s | fdt (Frame Delay Time): %d", (EndOfTransmissionTimestamp - first_timestamp), diff --git a/fpga/fpga_hf.bit b/fpga/fpga_hf.bit index 44b24280..38990597 100644 Binary files a/fpga/fpga_hf.bit and b/fpga/fpga_hf.bit differ diff --git a/fpga/hi_reader.v b/fpga/hi_reader.v index b0b21e30..aca9132f 100644 --- a/fpga/hi_reader.v +++ b/fpga/hi_reader.v @@ -247,9 +247,9 @@ begin // set ssp_frame signal for corr_i_cnt = 1..3 // (send one frame with 16 Bits) - if (corr_i_cnt == 6'd2) + if (corr_i_cnt == 6'd1) ssp_frame <= 1'b1; - if (corr_i_cnt == 6'd14) + if (corr_i_cnt == 6'd5) ssp_frame <= 1'b0; end