The great work of Enio hf snoop is now ported into latest version in git

you can find original work here https://github.com/EnioArda/proxmark3
2025-07-16 02:03:00 -07:00 · 2015-10-23 15:29:12 +02:00 · 2015-10-23 15:29:12 +02:00 · 0472d76de4
commit 0472d76de4
parent be6250d31b
12 changed files with 198 additions and 16 deletions
--- a/fpga/Makefile
+++ b/fpga/Makefile
@ -9,7 +9,7 @@ fpga_hf.ngc: fpga_hf.v fpga.ucf xst_hf.scr util.v hi_simulate.v hi_read_tx.v hi_
 	$(DELETE) $@
 	$(XILINX_TOOLS_PREFIX)xst -ifn xst_hf.scr

-fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v
+fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v hi_sniffer.v
 	$(DELETE) $@
 	$(XILINX_TOOLS_PREFIX)xst -ifn xst_lf.scr

--- a/fpga/fpga_hf.bit
+++ b/fpga/fpga_hf.bit
--- a/fpga/fpga_hf.v
+++ b/fpga/fpga_hf.v
@ -17,6 +17,7 @@
 `include "hi_read_rx_xcorr.v"
 `include "hi_simulate.v"
 `include "hi_iso14443a.v"
+`include "hi_sniffer.v"
 `include "util.v"

 module fpga_hf(
@ -122,25 +123,36 @@ hi_iso14443a hisn(
 	hi_simulate_mod_type
 );

+hi_sniffer he(
+       pck0, ck_1356meg, ck_1356megb,
+       he_pwr_lo, he_pwr_hi, he_pwr_oe1, he_pwr_oe2, he_pwr_oe3,       he_pwr_oe4,
+       adc_d, he_adc_clk,
+       he_ssp_frame, he_ssp_din, ssp_dout, he_ssp_clk,
+       cross_hi, cross_lo,
+       he_dbg,
+       hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
+);
+
 // Major modes:

 //   000 --  HF reader, transmitting to tag; modulation depth selectable
 //   001 --  HF reader, receiving from tag, correlating as it goes; frequency selectable
 //   010 --  HF simulated tag
 //   011 --  HF ISO14443-A
+//   100 --  HF Snoop
 //   111 --  everything off

-mux8 mux_ssp_clk		(major_mode, ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_din		(major_mode, ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_ssp_frame		(major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, 1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe1		(major_mode, pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe2		(major_mode, pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe3		(major_mode, pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_oe4		(major_mode, pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_lo			(major_mode, pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_pwr_hi			(major_mode, pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_adc_clk		(major_mode, adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   1'b0, 1'b0, 1'b0, 1'b0);
-mux8 mux_dbg			(major_mode, dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       1'b0, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_clk		(major_mode, ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   he_ssp_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_din		(major_mode, ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   he_ssp_din, 1'b0, 1'b0, 1'b0);
+mux8 mux_ssp_frame		(major_mode, ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, he_ssp_frame, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe1		(major_mode, pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   he_pwr_oe1, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe2		(major_mode, pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   he_pwr_oe2, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe3		(major_mode, pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   he_pwr_oe3, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_oe4		(major_mode, pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   he_pwr_oe4, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_lo			(major_mode, pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    he_pwr_lo, 1'b0, 1'b0, 1'b0);
+mux8 mux_pwr_hi			(major_mode, pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    he_pwr_hi, 1'b0, 1'b0, 1'b0);
+mux8 mux_adc_clk		(major_mode, adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   he_adc_clk, 1'b0, 1'b0, 1'b0);
+mux8 mux_dbg			(major_mode, dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       he_dbg, 1'b0, 1'b0, 1'b0);

 // In all modes, let the ADC's outputs be enabled.
 assign adc_noe = 1'b0;
--- a/fpga/fpga_lf.bit
+++ b/fpga/fpga_lf.bit
--- a/fpga/hi_sniffer.v
+++ b/fpga/hi_sniffer.v
@ -0,0 +1,77 @@
+
+module hi_sniffer(
+    pck0, ck_1356meg, ck_1356megb,
+    pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
+    adc_d, adc_clk,
+    ssp_frame, ssp_din, ssp_dout, ssp_clk,
+    cross_hi, cross_lo,
+    dbg,
+    xcorr_is_848, snoop, xcorr_quarter_freq // not used.
+);
+    input pck0, ck_1356meg, ck_1356megb;
+    output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
+    input [7:0] adc_d;
+    output adc_clk;
+    input ssp_dout;
+    output ssp_frame, ssp_din, ssp_clk;
+    input cross_hi, cross_lo;
+    output dbg;
+    input xcorr_is_848, snoop, xcorr_quarter_freq; // not used.
+
+// We are only snooping, all off.
+assign pwr_hi  = 1'b0;// ck_1356megb & (~snoop);
+assign pwr_oe1 = 1'b0;
+assign pwr_oe2 = 1'b0;
+assign pwr_oe3 = 1'b0;
+assign pwr_oe4 = 1'b0;
+
+reg ssp_clk = 1'b0;
+reg ssp_frame;
+reg adc_clk;
+reg [7:0] adc_d_out = 8'd0;
+reg [7:0] ssp_cnt = 8'd0;
+reg [7:0] pck_divider = 8'd0;
+reg ant_lo = 1'b0;
+reg bit_to_send = 1'b0;
+
+always @(ck_1356meg, pck0) // should synthetisize to a mux..
+  begin
+    adc_clk = ck_1356meg;
+    ssp_clk = ~ck_1356meg;
+  end
+
+reg [7:0] cnt_test = 8'd0; // test
+
+always @(posedge pck0)
+begin
+    ant_lo <= 1'b0;
+end
+
+always @(posedge ssp_clk) // ~1356 (hf)
+begin
+  if(ssp_cnt[7:0] == 8'd255) // SSP counter for divides.
+    ssp_cnt[7:0] <= 8'd0;
+  else
+    ssp_cnt <= ssp_cnt + 1;
+
+      if((ssp_cnt[2:0] == 3'b000) && !ant_lo) // To set frame  length
+        begin
+          adc_d_out[7:0] = adc_d; // disable for test
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b1;
+        end
+      else
+        begin
+          adc_d_out[6:0] = adc_d_out[7:1];
+          adc_d_out[7] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b0;
+        end
+end
+
+assign ssp_din = bit_to_send && !ant_lo;//bit_to_send && !ant_lo; // && .. not needed i guess?
+
+assign pwr_lo = ant_lo;
+      
+
+endmodule