github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: lf simulation, wrong offsets in majormode

Browse source
This commit is contained in:
iceman1001 2020-01-12 00:30:23 +01:00
commit 621eb12976
5 changed files with 144 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

8
armsrc/felica.c
View file

@ -337,7 +337,7 @@ static void BuildFliteRdblk(uint8_t *idm, int blocknum, uint16_t *blocks) {
} }
static void TransmitFor18092_AsReader(uint8_t *frame, int len, uint32_t *timing, uint8_t power, uint8_t highspeed) { static void TransmitFor18092_AsReader(uint8_t *frame, int len, uint32_t *timing, uint8_t power, uint8_t highspeed) {
uint8_t flags = FPGA_MAJOR_MODE_ISO18092; uint8_t flags = FPGA_MAJOR_MODE_HF_ISO18092;
if (power) if (power)
flags |= FPGA_HF_ISO18092_FLAG_READER; flags |= FPGA_HF_ISO18092_FLAG_READER;
if (highspeed) if (highspeed)
@ -404,7 +404,7 @@ bool WaitForFelicaReply(uint16_t maxbytes) {
Dbprintf("WaitForFelicaReply Start"); Dbprintf("WaitForFelicaReply Start");
uint32_t c = 0; uint32_t c = 0;
// power, no modulation // power, no modulation
FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092 | FPGA_HF_ISO18092_FLAG_READER | FPGA_HF_ISO18092_FLAG_NOMOD); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO18092 | FPGA_HF_ISO18092_FLAG_READER | FPGA_HF_ISO18092_FLAG_NOMOD);
FelicaFrameReset(); FelicaFrameReset();
// clear RXRDY: // clear RXRDY:
@ -471,7 +471,7 @@ static void iso18092_setup(uint8_t fpga_minor_mode) {
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
// Signal field is on with the appropriate LED // Signal field is on with the appropriate LED
FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092 | fpga_minor_mode); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO18092 | fpga_minor_mode);
//20.4 ms generate field, start sending polling command afterwars. //20.4 ms generate field, start sending polling command afterwars.
SpinDelay(100); SpinDelay(100);
@ -720,7 +720,7 @@ void felica_sim_lite(uint64_t uid) {
TransmitFor18092_AsReader(curresp, curlen, NULL, 0, 0); TransmitFor18092_AsReader(curresp, curlen, NULL, 0, 0);
//switch back //switch back
FpgaWriteConfWord(FPGA_MAJOR_MODE_ISO18092 | FPGA_HF_ISO18092_FLAG_NOMOD); FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO18092 | FPGA_HF_ISO18092_FLAG_NOMOD);
FelicaFrameReset(); FelicaFrameReset();
listenmode = true; listenmode = true;

80
armsrc/fpgaloader.h
View file

@ -21,10 +21,35 @@
#define FPGA_BITSTREAM_LF 1 #define FPGA_BITSTREAM_LF 1
#define FPGA_BITSTREAM_HF 2 #define FPGA_BITSTREAM_HF 2
/*
Communication between ARM / FPGA is done inside armsrc/fpgaloader.c (function FpgaSendCommand)
Send 16 bit command / data pair to FPGA
The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
where
C is 4bit command
D is 12bit data
-----+--------- frame layout --------------------
bit | 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
-----+-------------------------------------------
cmd | x x x x
major| x x x
opt | x x
divi | x x x x x x x x
thres| x x x x x x x x
-----+-------------------------------------------
*/
// Definitions for the FPGA commands. // Definitions for the FPGA commands.
#define FPGA_CMD_SET_CONFREG (1<<12) // HF / LF
#define FPGA_CMD_SET_DIVISOR (2<<12) #define FPGA_CMD_SET_CONFREG (1<<12) // C
#define FPGA_CMD_SET_USER_BYTE1 (3<<12)
// LF
#define FPGA_CMD_SET_DIVISOR (2<<12) // C
#define FPGA_CMD_SET_USER_BYTE1 (3<<12) // C
// HF
#define FPGA_CMD_TRACE_ENABLE (2<<12) // C
// Definitions for the FPGA configuration word. // Definitions for the FPGA configuration word.
// LF // LF
@ -32,32 +57,34 @@
#define FPGA_MAJOR_MODE_LF_EDGE_DETECT (1<<5) #define FPGA_MAJOR_MODE_LF_EDGE_DETECT (1<<5)
#define FPGA_MAJOR_MODE_LF_PASSTHRU (2<<5) #define FPGA_MAJOR_MODE_LF_PASSTHRU (2<<5)
#define FPGA_MAJOR_MODE_LF_ADC (3<<5) #define FPGA_MAJOR_MODE_LF_ADC (3<<5)
// HF // HF
#define FPGA_MAJOR_MODE_HF_READER_TX (0<<5) #define FPGA_MAJOR_MODE_HF_READER_TX (0<<5) // D
#define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (1<<5) #define FPGA_MAJOR_MODE_HF_READER_RX_XCORR (1<<5) // D
#define FPGA_MAJOR_MODE_HF_SIMULATOR (2<<5) #define FPGA_MAJOR_MODE_HF_SIMULATOR (2<<5) // D
#define FPGA_MAJOR_MODE_HF_ISO14443A (3<<5) #define FPGA_MAJOR_MODE_HF_ISO14443A (3<<5) // D
#define FPGA_MAJOR_MODE_HF_SNOOP (4<<5) #define FPGA_MAJOR_MODE_HF_SNOOP (4<<5) // D
#define FPGA_MAJOR_MODE_HF_FELICA (5<<5) #define FPGA_MAJOR_MODE_HF_ISO18092 (5<<5) // D
#define FPGA_MAJOR_MODE_HF_GET_TRACE (6<<5) // D
// BOTH // BOTH
#define FPGA_MAJOR_MODE_OFF_LF (6<<5) #define FPGA_MAJOR_MODE_OFF (7<<5) // D
#define FPGA_MAJOR_MODE_OFF (7<<5)
// Options for LF_READER // Options for LF_READER
#define FPGA_LF_ADC_READER_FIELD (1<<0) #define FPGA_LF_ADC_READER_FIELD 0x1
// Options for LF_EDGE_DETECT // Options for LF_EDGE_DETECT
#define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD FPGA_CMD_SET_USER_BYTE1 #define FPGA_CMD_SET_EDGE_DETECT_THRESHOLD FPGA_CMD_SET_USER_BYTE1
#define FPGA_LF_EDGE_DETECT_READER_FIELD (1<<0) #define FPGA_LF_EDGE_DETECT_READER_FIELD 0x1
#define FPGA_LF_EDGE_DETECT_TOGGLE_MODE (1<<1) #define FPGA_LF_EDGE_DETECT_TOGGLE_MODE 0x2
// Options for the HF reader, tx to tag // Options for the HF reader, tx to tag
#define FPGA_HF_READER_TX_SHALLOW_MOD (1<<0) #define FPGA_HF_READER_TX_SHALLOW_MOD 0x1
// Options for the HF reader, correlating against rx from tag // Options for the HF reader, correlating against rx from tag
#define FPGA_HF_READER_RX_XCORR_848_KHZ (1<<0) #define FPGA_HF_READER_RX_XCORR_848_KHZ 0x1
#define FPGA_HF_READER_RX_XCORR_SNOOP (1<<1) #define FPGA_HF_READER_RX_XCORR_SNOOP 0x2
#define FPGA_HF_READER_RX_XCORR_QUARTER (1<<2) #define FPGA_HF_READER_RX_XCORR_QUARTER 0x4
// Options for the HF simulated tag, how to modulate // Options for the HF simulated tag, how to modulate
#define FPGA_HF_SIMULATOR_NO_MODULATION 0x0 // 0000 #define FPGA_HF_SIMULATOR_NO_MODULATION 0x0 // 0000
@ -68,17 +95,16 @@
// no 848K // no 848K
// Options for ISO14443A // Options for ISO14443A
#define FPGA_HF_ISO14443A_SNIFFER (0<<0) #define FPGA_HF_ISO14443A_SNIFFER 0x0
#define FPGA_HF_ISO14443A_TAGSIM_LISTEN (1<<0) #define FPGA_HF_ISO14443A_TAGSIM_LISTEN 0x1
#define FPGA_HF_ISO14443A_TAGSIM_MOD (2<<0) #define FPGA_HF_ISO14443A_TAGSIM_MOD 0x2
#define FPGA_HF_ISO14443A_READER_LISTEN (3<<0) #define FPGA_HF_ISO14443A_READER_LISTEN 0x3
#define FPGA_HF_ISO14443A_READER_MOD (4<<0) #define FPGA_HF_ISO14443A_READER_MOD 0x4
//options for Felica. //options for Felica.
#define FPGA_MAJOR_MODE_ISO18092 (5<<5) // 01010 0000 #define FPGA_HF_ISO18092_FLAG_NOMOD 0x1 // 0001 disable modulation module
#define FPGA_HF_ISO18092_FLAG_NOMOD (1<<0) // 0001 disable modulation module #define FPGA_HF_ISO18092_FLAG_424K 0x2 // 0010 should enable 414k mode (untested). No autodetect
#define FPGA_HF_ISO18092_FLAG_424K (2<<0) // 0010 should enable 414k mode (untested). No autodetect #define FPGA_HF_ISO18092_FLAG_READER 0x4 // 0100 enables antenna power, to act as a reader instead of tag
#define FPGA_HF_ISO18092_FLAG_READER (4<<0) // 0100 enables antenna power, to act as a reader instead of tag
void FpgaSendCommand(uint16_t cmd, uint16_t v); void FpgaSendCommand(uint16_t cmd, uint16_t v);
void FpgaWriteConfWord(uint8_t v); void FpgaWriteConfWord(uint8_t v);

BIN
fpga/fpga_hf.bit
View file

Binary file not shown.

BIN
fpga/fpga_lf.bit
View file

Binary file not shown.

104
fpga/fpga_lf.v
View file

@ -18,7 +18,7 @@
`define FPGA_MAJOR_MODE_LF_PASSTHRU 2 `define FPGA_MAJOR_MODE_LF_PASSTHRU 2
`define FPGA_MAJOR_MODE_LF_ADC 3 `define FPGA_MAJOR_MODE_LF_ADC 3
// Options for LF_ADC // Options for LF_READER
`define FPGA_LF_ADC_READER_FIELD 1 `define FPGA_LF_ADC_READER_FIELD 1
// Options for LF_EDGE_DETECT // Options for LF_EDGE_DETECT
@ -50,32 +50,106 @@ module fpga_lf(
// to the configuration bits, for use below. // to the configuration bits, for use below.
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
/*
Attempt to write up how its hooked up. Iceman 2020.
Communication between ARM / FPGA is done inside armsrc/fpgaloader.c see: function FpgaSendCommand()
Send 16 bit command / data pair to FPGA
The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
where
C is 4bit command
D is 12bit data
shift_reg receive this 16bit frame
LF command
----------
shift_reg[15:12] == 4bit command
LF has three commands (FPGA_CMD_SET_CONFREG, FPGA_CMD_SET_DIVISOR, FPGA_CMD_SET_EDGE_DETECT_THRESHOLD)
Current commands uses only 2bits. We have room for up to 4bits of commands total (7).
LF data
-------
shift_reg[11:0] == 12bit data
lf data is divided into MAJOR MODES and configuration values.
The major modes uses 3bits (0,1,2,3,7 | 000, 001, 010, 011, 111)
000 FPGA_MAJOR_MODE_LF_READER = Act as LF reader (modulate)
001 FPGA_MAJOR_MODE_LF_EDGE_DETECT = Simulate LF
010 FPGA_MAJOR_MODE_LF_PASSTHRU = Passthrough mode, CROSS_LO line connected to SSP_DIN. SSP_DOUT logic level controls if we modulate / listening
011 FPGA_MAJOR_MODE_LF_ADC = refactor hitag2, clear ADC sampling
111 FPGA_MAJOR_MODE_OFF = turn off sampling.
Each one of this major modes can have options. Currently these two major modes uses options.
- FPGA_MAJOR_MODE_LF_READER
- FPGA_MAJOR_MODE_LF_EDGE_DETECT
FPGA_MAJOR_MODE_LF_READER
-------------------------------------
lf_field = 1bit (FPGA_LF_ADC_READER_FIELD)
You can send FPGA_CMD_SET_DIVISOR to set with FREQUENCY the fpga should sample at
divisor = 8bits shift_reg[7:0]
FPGA_MAJOR_MODE_LF_EDGE_DETECT
------------------------------------------
lf_ed_toggle_mode = 1bits
lf_ed_threshold = 8bits threshold defaults to 127
You can send FPGA_CMD_SET_EDGE_DETECT_THRESHOLD to set a custom threshold
lf_ed_threshold = 8bits threshold value.
conf_word 12bits
conf_word[7:5] = 3bit major mode.
conf_word[0] = 1bit lf_field
conf_word[1] = 1bit lf_ed_toggle_mode
conf_word[7:0] = 8bit divisor
conf_word[7:0] = 8bit threshold
-----+--------- frame layout --------------------
bit | 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
-----+-------------------------------------------
cmd | x x x x
major| x x x
opt | x x
divi | x x x x x x x x
thres| x x x x x x x x
-----+-------------------------------------------
*/
reg [15:0] shift_reg; reg [15:0] shift_reg;
reg [7:0] divisor; reg [7:0] divisor;
reg [8:0] conf_word;
// threshold edge detect
reg [7:0] lf_ed_threshold; reg [7:0] lf_ed_threshold;
reg [11:0] conf_word;
wire [2:0] major_mode = conf_word[7:5];
wire lf_field = conf_word[0];
wire lf_ed_toggle_mode = conf_word[1];
// Handles cmd / data frame from ARM
always @(posedge ncs) always @(posedge ncs)
begin begin
// 4 bit command
case (shift_reg[15:12]) case (shift_reg[15:12])
`FPGA_CMD_SET_CONFREG: `FPGA_CMD_SET_CONFREG:
begin begin
conf_word <= shift_reg[8:0]; // 12 bit data
if (shift_reg[8:6] == `FPGA_MAJOR_MODE_LF_EDGE_DETECT) conf_word <= shift_reg[11:0];
if (shift_reg[7:5] == `FPGA_MAJOR_MODE_LF_EDGE_DETECT)
begin begin
lf_ed_threshold <= 127; // default threshold lf_ed_threshold <= 127; // default threshold
end end
end end
`FPGA_CMD_SET_DIVISOR: `FPGA_CMD_SET_DIVISOR:
divisor <= shift_reg[7:0]; divisor <= shift_reg[7:0]; // 8bits
`FPGA_CMD_SET_EDGE_DETECT_THRESHOLD: `FPGA_CMD_SET_EDGE_DETECT_THRESHOLD:
lf_ed_threshold <= shift_reg[7:0]; lf_ed_threshold <= shift_reg[7:0]; // 8 bits
endcase endcase
end end
// // Receive 16bits of data from ARM here.
always @(posedge spck) always @(posedge spck)
begin begin
if (~ncs) if (~ncs)
@ -85,12 +159,6 @@ begin
end end
end end
wire [2:0] major_mode = conf_word[8:6];
// For the low-frequency configuration:
wire lf_field = conf_word[0];
wire lf_ed_toggle_mode = conf_word[1]; // for lo_edge_detect
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// And then we instantiate the modules corresponding to each of the FPGA's // And then we instantiate the modules corresponding to each of the FPGA's
// major modes, and use muxes to connect the outputs of the active mode to // major modes, and use muxes to connect the outputs of the active mode to
@ -142,7 +210,9 @@ lo_adc la(
// 001 -- LF edge detect (generic) // 001 -- LF edge detect (generic)
// 010 -- LF passthrough // 010 -- LF passthrough
// 011 -- LF ADC (read/write) // 011 -- LF ADC (read/write)
// 110 -- FPGA_MAJOR_MODE_OFF_LF (rdv40 specific) // 100 -- unused
// 101 -- unused
// 110 -- unused
// 111 -- FPGA_MAJOR_MODE_OFF // 111 -- FPGA_MAJOR_MODE_OFF
// 000 001 010 011 100 101 110 111 // 000 001 010 011 100 101 110 111
mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, la_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0); mux8 mux_ssp_clk (major_mode, ssp_clk, lr_ssp_clk, le_ssp_clk, 1'b0, la_ssp_clk, 1'b0, 1'b0, 1'b0, 1'b0);