Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2014-08-31 15:35:12

wax
Member
Registered: 2014-08-31
Posts: 3

HF Sniffer

Hi, can someone port the HF Sniffer described in this thread http://proxmark.org/forum/viewtopic.php?id=1945 fork repository: https://github.com/EnioArda/proxmark3 in main repository?
I don't know if the Enio's changes are compatible with the iZh's changes, maybe a third fpga.bit can be a solution. I don't know VHDL otherwise I would have pull request it.

Thank you to all
Andrew

Offline

#2 2014-08-31 19:52:17

thefkboss
Contributor
Registered: 2008-10-26
Posts: 198

Re: HF Sniffer

what is the different with the official repo?

Offline

#3 2014-09-01 15:16:13

wax
Member
Registered: 2014-08-31
Posts: 3

Re: HF Sniffer

Before the iZh's changes this was the patch which I extracted, but I never undestand if the changes on VHDL are compatible with other functions.

diff --git a/armsrc/appmain.c b/armsrc/appmain.c
index 218b50f..2abbd75 100644
--- a/armsrc/appmain.c
+++ b/armsrc/appmain.c
@@ -322,6 +322,82 @@ void SimulateTagHfListen(void)
 	DbpString("simulate tag (now type bitsamples)");
 }
 
+void optimizedSnoop(void) // Declared as RAMFUNC in apps.h!
+{
+	memset(BigBuf, 0, sizeof(BigBuf));
+  int n = sizeof(BigBuf) / sizeof(uint16_t);
+	
+  uint16_t *dest = (uint16_t *)BigBuf;
+  uint16_t *destend = dest + n;
+
+  AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame mode, 16 bits per word
+  // Reading data loop
+  while(dest <= destend)
+  {
+    if(AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY)
+    {
+      *dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
+      dest = dest + 1;
+    }
+  }
+  //Resetting Frame mode (First set in fpgaloader.c)
+	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |	AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); 
+}
+
+
+void HfSnoop(int samplesToSkip, int triggersToSkip)
+{
+  Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
+  bool trigger_cnt;
+  // reset
+  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+  LED_D_OFF();
+  SpinDelay(2000);
+  // Select correct configs
+  SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
+  FpgaSetupSsc();
+  FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_NEW);
+  FpgaWriteConfWordCustomConf(FPGA_CMD_SET_CONFREG2,FPGA_HF_SNOOP_HF);
+  //FpgaWriteEnioConfWord(FPGA_ENIO_SNOOP_HF);
+ 
+  AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16); // Setting Frame Mode For better performance on high speed data transfer.
+  
+  trigger_cnt = 0;
+  uint16_t r;
+	for(;;) {
+		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
+			r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
+     if (!(trigger_cnt == triggersToSkip) && ( (r >> 8) >= 240)) 
+      {
+        Dbprintf("Trigger kicked! Value: %d.", r >> 8);
+        trigger_cnt++;
+        break;
+      } 
+		}
+	}
+  Dbprintf("Trigger kicked! Value: %d, Dumping Samples Hispeed now.", r >> 8);
+  int waitcount = samplesToSkip; // lets wait 40000 ticks of pck0
+	while(waitcount != 0) 
+  {
+		if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) 
+    {
+      waitcount--;
+		}
+	}
+  
+  // Snooooop!!!
+  optimizedSnoop();
+
+  //Resetting Frame mode (First set in fpgaloader.c) /already done in
+  //optimizedSnoop(), it doesnt hurt to do it here too.
+	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |	AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0); 
+	
+  DbpString("Done.");
+  //FpgaWriteEnioConfWord(FPGA_ENIO_SNOOP_LF); // reset back
+  FpgaWriteConfWordCustomConf(FPGA_CMD_SET_CONFREG2,FPGA_HF_SNOOP_LF);
+  LED_D_OFF();
+}
+
 void ReadMem(int addr)
 {
 	const uint8_t *data = ((uint8_t *)addr);
@@ -879,6 +955,10 @@ void UsbPacketReceived(uint8_t *packet, int len)
 		case CMD_SIMULATE_TAG_HF_LISTEN:
 			SimulateTagHfListen();
 			break;
+		
+		case CMD_HF_SNIFFER: // Enio
+			HfSnoop(c->arg[0], c->arg[1]);
+			break;
 
 		case CMD_BUFF_CLEAR:
 			BufferClear();
@@ -1024,7 +1104,7 @@ void  __attribute__((noreturn)) AppMain(void)
 	AT91C_BASE_PMC->PMC_SCER = AT91C_PMC_PCK0;
 	// PCK0 is PLL clock / 4 = 96Mhz / 4 = 24Mhz
 	AT91C_BASE_PMC->PMC_PCKR[0] = AT91C_PMC_CSS_PLL_CLK |
-		AT91C_PMC_PRES_CLK_4;
+		AT91C_PMC_PRES_CLK_4; // Enio original 4 for 24Mhz pck0, set to 2 for 48 MHZ pck0
 	AT91C_BASE_PIOA->PIO_OER = GPIO_PCK0;
 
 	// Reset SPI
diff --git a/armsrc/apps.h b/armsrc/apps.h
index 4c5c7d0..ac4e3d7 100644
--- a/armsrc/apps.h
+++ b/armsrc/apps.h
@@ -63,6 +63,7 @@ void DoAcquisition125k(void);
 extern int ToSendMax;
 extern uint8_t ToSend[];
 extern uint32_t BigBuf[];
+void RAMFUNC optimizedSnoop(void);
 
 /// fpga.h
 void FpgaSendCommand(uint16_t cmd, uint16_t v);
@@ -75,12 +76,18 @@ bool FpgaSetupSscDma(uint8_t *buf, int len);
 #define FpgaDisableSscDma(void)	AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
 #define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
 void SetAdcMuxFor(uint32_t whichGpio);
+#define FpgaWriteConfWordCustomConf(k,v) FpgaSendCommand(k, v);
 
 // Definitions for the FPGA commands.
 #define FPGA_CMD_SET_CONFREG						(1<<12)
 #define FPGA_CMD_SET_DIVISOR						(2<<12)
+#define FPGA_CMD_SET_CONFREG2						(4<<12)
+// Definitions for the Enio Configuration word.
+#define FPGA_HF_SNOOP_HF				(1<<0)
+#define FPGA_HF_SNOOP_LF				(0<<0)
 // Definitions for the FPGA configuration word.
 #define FPGA_MAJOR_MODE_LF_READER					(0<<5)
+#define FPGA_MAJOR_MODE_HF_NEW		      	(0<<5)
 #define FPGA_MAJOR_MODE_LF_EDGE_DETECT				(1<<5)
 #define FPGA_MAJOR_MODE_HF_READER_TX				(2<<5)
 #define FPGA_MAJOR_MODE_HF_READER_RX_XCORR			(3<<5)
diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c
index d63310a..ce16631 100644
--- a/armsrc/fpgaloader.c
+++ b/armsrc/fpgaloader.c
@@ -115,7 +115,7 @@ void FpgaSetupSsc(void)
 	AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
 
 	// 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
-	// pulse, no output sync
+	// pulse, no output sync, start on positive-going edge of sync
 	AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |	AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
 
 	// clock comes from TK pin, no clock output, outputs change on falling
diff --git a/client/cmddata.c b/client/cmddata.c
index a7b8048..35e5613 100644
--- a/client/cmddata.c
+++ b/client/cmddata.c
@@ -818,6 +818,41 @@ int CmdThreshold(const char *Cmd)
   return 0;
 }
 
+int CmdDirectionalThreshold(const char *Cmd)
+{
+	int8_t upThres = param_get8(Cmd, 0);
+	int8_t downThres = param_get8(Cmd, 1);
+  
+  printf("Applying Up Threshold: %d, Down Threshold: %d\n", upThres, downThres);
+  
+  int lastValue = GraphBuffer[0];
+  GraphBuffer[0] = 0; // Will be changed at the end, but init 0 as we adjust to last samples value if no threshold kicks in.
+  
+  for (int i = 1; i < GraphTraceLen; ++i) {
+    // Apply first threshold to samples heading up
+    if (GraphBuffer[i] >= upThres && GraphBuffer[i] > lastValue)
+    {
+      lastValue = GraphBuffer[i]; // Buffer last value as we overwrite it.
+      GraphBuffer[i] = 1;
+    }
+    // Apply second threshold to samples heading down
+    else if (GraphBuffer[i] <= downThres && GraphBuffer[i] < lastValue)
+    {
+      lastValue = GraphBuffer[i]; // Buffer last value as we overwrite it.
+      GraphBuffer[i] = -1;
+    }
+    else
+    {
+      lastValue = GraphBuffer[i]; // Buffer last value as we overwrite it.
+      GraphBuffer[i] = GraphBuffer[i-1];
+
+    }
+  }
+  GraphBuffer[0] = GraphBuffer[1]; // Aline with first edited sample.
+  RepaintGraphWindow();
+  return 0;
+}
+
 int CmdZerocrossings(const char *Cmd)
 {
   // Zero-crossings aren't meaningful unless the signal is zero-mean.
@@ -874,6 +909,7 @@ static command_t CommandTable[] =
   {"scale",         CmdScale,           1, "<int> -- Set cursor display scale"},
   {"threshold",     CmdThreshold,       1, "<threshold> -- Maximize/minimize every value in the graph window depending on threshold"},
   {"zerocrossings", CmdZerocrossings,   1, "Count time between zero-crossings"},
+  {"dirthreshold",  CmdDirectionalThreshold,   1, "<thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev."},
   {NULL, NULL, 0, NULL}
 };
 
diff --git a/client/cmddata.h b/client/cmddata.h
index 2f86a94..94837bd 100644
--- a/client/cmddata.h
+++ b/client/cmddata.h
@@ -11,8 +11,6 @@
 #ifndef CMDDATA_H__
 #define CMDDATA_H__
 
-command_t * CmdDataCommands();
-
 int CmdData(const char *Cmd);
 
 int CmdAmp(const char *Cmd);
@@ -38,6 +36,7 @@ int CmdSamples(const char *Cmd);
 int CmdSave(const char *Cmd);
 int CmdScale(const char *Cmd);
 int CmdThreshold(const char *Cmd);
+int CmdDirectionalThreshold(const char *Cmd);
 int CmdZerocrossings(const char *Cmd);
 
 #endif
diff --git a/client/cmdhf.c b/client/cmdhf.c
index d955fc8..17fd6ba 100644
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@@ -32,6 +32,14 @@ int CmdHFTune(const char *Cmd)
   return 0;
 }
 
+int CmdHFSnoop(const char *Cmd) // Enio
+{
+  char * pEnd;
+  UsbCommand c = {CMD_HF_SNIFFER, {strtol(Cmd, &pEnd,0),strtol(pEnd, &pEnd,0),0}};
+  SendCommand(&c);
+  return 0;
+}
+
 static command_t CommandTable[] = 
 {
   {"help",        CmdHelp,          1, "This help"},
@@ -43,6 +51,7 @@ static command_t CommandTable[] =
   {"iclass",      CmdHFiClass,      1, "{ ICLASS RFIDs... }"},
   {"mf",      		CmdHFMF,		      1, "{ MIFARE RFIDs... }"},
   {"tune",        CmdHFTune,        0, "Continuously measure HF antenna tuning"},
+  {"snoop",       CmdHFSnoop,       0, "<samples to skip (10000)> <triggers to skip (1)> Generic LF/HF Snoop in Testing stage"},
   {NULL, NULL, 0, NULL}
 };
 
diff --git a/client/lualibs/commands.lua b/client/lualibs/commands.lua
index eeaef2a..4a74c74 100644
--- a/client/lualibs/commands.lua
+++ b/client/lualibs/commands.lua
@@ -112,6 +112,8 @@ local _commands = {
 	CMD_MIFARE_CHKKEYS =                                                 0x0623,
 
 	CMD_MIFARE_SNIFFER =                                                 0x0630,
+	
+	CMD_HF_SNIFFER =                                                     0x0631,
 
 	CMD_UNKNOWN =                                                        0xFFFF,
 }
diff --git a/fpga/Makefile b/fpga/Makefile
index 12aeaaa..5386675 100644
--- a/fpga/Makefile
+++ b/fpga/Makefile
@@ -6,7 +6,7 @@ clean:
 	$(DELETE) fpga.map  fpga.ngc           fpga_ngdbuild.xrpt  fpga.pcf         fpga-placed_pad.csv  fpga-placed.ptwx      fpga.rbt          xlnx_auto_0_xdb
 	$(DELETE) fpga.bld  fpga.mrp  fpga.ngc_xst.xrpt  fpga.ngm            fpga-placed.ncd  fpga-placed_pad.txt  fpga-placed.unroutes  fpga_summary.xml  netlist.lst     xst
 
-fpga.ngc: fpga.v fpga.ucf xst.scr util.v lo_edge_detect.v lo_read.v lo_passthru.v hi_simulate.v hi_read_tx.v hi_read_rx_xcorr.v hi_iso14443a.v
+fpga.ngc: fpga.v fpga.ucf xst.scr util.v lo_edge_detect.v lo_read.v lo_passthru.v hi_simulate.v hi_read_tx.v hi_read_rx_xcorr.v hi_sniffer.v hi_iso14443a.v
 	$(DELETE) fpga.ngc
 	$(XILINX_TOOLS_PREFIX)xst -ifn xst.scr
 
diff --git a/fpga/fpga.v b/fpga/fpga.v
index a083ae5..890faa6 100644
--- a/fpga/fpga.v
+++ b/fpga/fpga.v
@@ -17,6 +17,7 @@
 `include "lo_edge_detect.v"
 `include "hi_read_tx.v"
 `include "hi_read_rx_xcorr.v"
+`include "hi_sniffer.v"
 `include "hi_simulate.v"
 `include "hi_iso14443a.v"
 `include "util.v"
@@ -63,6 +64,7 @@ module fpga(
 reg [15:0] shift_reg;
 reg [7:0] divisor;
 reg [7:0] conf_word;
+reg [7:0] conf_new = 8'd0;
 
 // We switch modes between transmitting to the 13.56 MHz tag and receiving
 // from it, which means that we must make sure that we can do so without
@@ -72,6 +74,7 @@ begin
 	case(shift_reg[15:12])
 		4'b0001: conf_word <= shift_reg[7:0];		// FPGA_CMD_SET_CONFREG
 		4'b0010: divisor <= shift_reg[7:0];			// FPGA_CMD_SET_DIVISOR
+		4'b0100: conf_new <= shift_reg[7:0];			// FPGA_CMD_SET_CONFREG2
 	endcase
 end
 
@@ -172,6 +175,17 @@ hi_read_rx_xcorr hrxc(
 	hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter
 );
 
+hi_sniffer he(
+	pck0, ck_1356meg, ck_1356megb,
+	he_pwr_lo, he_pwr_hi, he_pwr_oe1, he_pwr_oe2, he_pwr_oe3,	he_pwr_oe4,
+	adc_d, he_adc_clk,
+	he_ssp_frame, he_ssp_din, ssp_dout, he_ssp_clk,
+	cross_hi, cross_lo,
+	he_dbg,
+	hi_read_rx_xcorr_848, hi_read_rx_xcorr_snoop, hi_read_rx_xcorr_quarter,
+  conf_new, divisor
+);
+
 hi_simulate hs(
 	pck0, ck_1356meg, ck_1356megb,
 	hs_pwr_lo, hs_pwr_hi, hs_pwr_oe1, hs_pwr_oe2, hs_pwr_oe3, hs_pwr_oe4,
@@ -193,7 +207,7 @@ hi_iso14443a hisn(
 );
 
 // Major modes:
-//   000 --  LF reader (generic)
+//   000 --  LF reader (generic) // new:  HF generic snoop
 //   001 --  LF simulated tag (generic)
 //   010 --  HF reader, transmitting to tag; modulation depth selectable
 //   011 --  HF reader, receiving from tag, correlating as it goes; frequency selectable
@@ -201,18 +215,29 @@ hi_iso14443a hisn(
 //   101 --  HF ISO14443-A
 //   110 --  LF passthrough
 //   111 --  everything off
-
-mux8 mux_ssp_clk		(major_mode, ssp_clk,   lr_ssp_clk,   ls_ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   lp_ssp_clk,   1'b0);
-mux8 mux_ssp_din		(major_mode, ssp_din,   lr_ssp_din,   ls_ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   lp_ssp_din,   1'b0);
-mux8 mux_ssp_frame		(major_mode, ssp_frame, lr_ssp_frame, ls_ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, lp_ssp_frame, 1'b0);
-mux8 mux_pwr_oe1		(major_mode, pwr_oe1,   lr_pwr_oe1,   ls_pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   lp_pwr_oe1,   1'b0);
-mux8 mux_pwr_oe2		(major_mode, pwr_oe2,   lr_pwr_oe2,   ls_pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   lp_pwr_oe2,   1'b0);
-mux8 mux_pwr_oe3		(major_mode, pwr_oe3,   lr_pwr_oe3,   ls_pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   lp_pwr_oe3,   1'b0);
-mux8 mux_pwr_oe4		(major_mode, pwr_oe4,   lr_pwr_oe4,   ls_pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   lp_pwr_oe4,   1'b0);
-mux8 mux_pwr_lo			(major_mode, pwr_lo,    lr_pwr_lo,    ls_pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    lp_pwr_lo,    1'b0);
-mux8 mux_pwr_hi			(major_mode, pwr_hi,    lr_pwr_hi,    ls_pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    lp_pwr_hi,    1'b0);
-mux8 mux_adc_clk		(major_mode, adc_clk,   lr_adc_clk,   ls_adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   lp_adc_clk,   1'b0);
-mux8 mux_dbg			(major_mode, dbg,       lr_dbg,       ls_dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       lp_dbg,       1'b0);
+//
+//   // Definitions for the FPGA configuration word.
+//   #define FPGA_MAJOR_MODE_LF_READER					(0<<5) 000
+//   #define FPGA_MAJOR_MODE_LF_EDGE_DETECT		  (1<<5) 001
+//   #define FPGA_MAJOR_MODE_HF_READER_TX				(2<<5) 101
+//   #define FPGA_MAJOR_MODE_HF_READER_RX_XCORR	(3<<5) 011
+//   #define FPGA_MAJOR_MODE_HF_SIMULATOR				(4<<5) 100
+//   #define FPGA_MAJOR_MODE_HF_ISO14443A				(5<<5) 101
+//   #define FPGA_MAJOR_MODE_LF_PASSTHRU				(6<<5) 110
+//   #define FPGA_MAJOR_MODE_OFF							  (7<<5) 111
+
+
+mux8 mux_ssp_clk		(major_mode, ssp_clk,   he_ssp_clk,   ls_ssp_clk,   ht_ssp_clk,   hrxc_ssp_clk,   hs_ssp_clk,   hisn_ssp_clk,   lp_ssp_clk,   1'b0);
+mux8 mux_ssp_din		(major_mode, ssp_din,   he_ssp_din,   ls_ssp_din,   ht_ssp_din,   hrxc_ssp_din,   hs_ssp_din,   hisn_ssp_din,   lp_ssp_din,   1'b0);
+mux8 mux_ssp_frame		(major_mode, ssp_frame, he_ssp_frame, ls_ssp_frame, ht_ssp_frame, hrxc_ssp_frame, hs_ssp_frame, hisn_ssp_frame, lp_ssp_frame, 1'b0);
+mux8 mux_pwr_oe1		(major_mode, pwr_oe1,   he_pwr_oe1,   ls_pwr_oe1,   ht_pwr_oe1,   hrxc_pwr_oe1,   hs_pwr_oe1,   hisn_pwr_oe1,   lp_pwr_oe1,   1'b0);
+mux8 mux_pwr_oe2		(major_mode, pwr_oe2,   he_pwr_oe2,   ls_pwr_oe2,   ht_pwr_oe2,   hrxc_pwr_oe2,   hs_pwr_oe2,   hisn_pwr_oe2,   lp_pwr_oe2,   1'b0);
+mux8 mux_pwr_oe3		(major_mode, pwr_oe3,   he_pwr_oe3,   ls_pwr_oe3,   ht_pwr_oe3,   hrxc_pwr_oe3,   hs_pwr_oe3,   hisn_pwr_oe3,   lp_pwr_oe3,   1'b0);
+mux8 mux_pwr_oe4		(major_mode, pwr_oe4,   he_pwr_oe4,   ls_pwr_oe4,   ht_pwr_oe4,   hrxc_pwr_oe4,   hs_pwr_oe4,   hisn_pwr_oe4,   lp_pwr_oe4,   1'b0);
+mux8 mux_pwr_lo			(major_mode, pwr_lo,    he_pwr_lo,    ls_pwr_lo,    ht_pwr_lo,    hrxc_pwr_lo,    hs_pwr_lo,    hisn_pwr_lo,    lp_pwr_lo,    1'b0);
+mux8 mux_pwr_hi			(major_mode, pwr_hi,    he_pwr_hi,    ls_pwr_hi,    ht_pwr_hi,    hrxc_pwr_hi,    hs_pwr_hi,    hisn_pwr_hi,    lp_pwr_hi,    1'b0);
+mux8 mux_adc_clk		(major_mode, adc_clk,   he_adc_clk,   ls_adc_clk,   ht_adc_clk,   hrxc_adc_clk,   hs_adc_clk,   hisn_adc_clk,   lp_adc_clk,   1'b0);
+mux8 mux_dbg			(major_mode, dbg,       he_dbg,       ls_dbg,       ht_dbg,       hrxc_dbg,       hs_dbg,       hisn_dbg,       lp_dbg,       1'b0);
 
 // In all modes, let the ADC's outputs be enabled.
 assign adc_noe = 1'b0;
diff --git a/include/usb_cmd.h b/include/usb_cmd.h
index 7f11c66..853d167 100644
--- a/include/usb_cmd.h
+++ b/include/usb_cmd.h
@@ -156,6 +156,8 @@ typedef struct {
 
 #define CMD_MIFARE_SNIFFER                                                0x0630
 
+#define CMD_HF_SNIFFER                                                    0x0631
+
 #define CMD_UNKNOWN                                                       0xFFFF
 
diff --git a/fpga/hi_sniffer.v b/fpga/hi_sniffer.v
new file mode 100644
index 0000000..a9bde3d
--- /dev/null
+++ b/fpga/hi_sniffer.v
@@ -0,0 +1,136 @@
+//-----------------------------------------------------------------------------
+//
+// Jonathan Westhues, April 2006
+//-----------------------------------------------------------------------------
+
+module hi_sniffer(
+    pck0, ck_1356meg, ck_1356megb,
+    pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4,
+    adc_d, adc_clk,
+    ssp_frame, ssp_din, ssp_dout, ssp_clk,
+    cross_hi, cross_lo,
+    dbg,
+    xcorr_is_848, snoop, xcorr_quarter_freq, // not used.
+    conf_new, divisor
+);
+    input pck0, ck_1356meg, ck_1356megb;
+    output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4;
+    input [7:0] adc_d;
+    output adc_clk;
+    input ssp_dout;
+    output ssp_frame, ssp_din, ssp_clk;
+    input cross_hi, cross_lo;
+    output dbg;
+    input xcorr_is_848, snoop, xcorr_quarter_freq; // not used.
+    input [7:0] conf_new, divisor;
+
+// We are only snooping, all off.
+assign pwr_hi  = 1'b0;// ck_1356megb & (~snoop);
+assign pwr_oe1 = 1'b0;
+assign pwr_oe2 = 1'b0;
+assign pwr_oe3 = 1'b0;
+assign pwr_oe4 = 1'b0;
+
+reg ssp_clk = 1'b0;
+reg ssp_frame;
+reg adc_clk;
+reg [7:0] adc_d_out = 8'd0;
+reg [7:0] ssp_cnt = 8'd0;
+reg [7:0] pck_divider = 8'd0;
+reg ant_lo = 1'b0;
+reg bit_to_send = 1'b0;
+
+always @(ck_1356meg, pck0) // should synthetisize to a mux..
+  begin
+    if(conf_new[0] == 1'b1) // HF
+    begin
+  	  adc_clk = ck_1356meg;
+	    ssp_clk = ~ck_1356meg;
+    end
+    else if(conf_new[0] == 1'b0) // LF
+     begin
+ 	    adc_clk = pck0;
+ 	    ssp_clk = ~pck0;
+     end
+  end
+
+// reg [1:0] cnt = 2'b0;
+//
+// always @(pck0)
+//  begin
+//    cnt <= cnt + 1;
+//      if(cnt[1:0] == 2'b10)
+//        begin
+//          cnt[1:0] <= 2'b00;
+//          ssp_clk <= ~ssp_clk;//ck_1356meg;
+//        end
+//  end
+
+reg [7:0] cnt_test = 8'd0; // test
+
+always @(posedge pck0)
+begin
+  if (conf_new[0] == 1'b0) // LF
+  begin
+     if(pck_divider == divisor[7:0])
+      begin
+        pck_divider <= 8'd0;
+        ant_lo <= !ant_lo;
+      end
+    else
+    begin
+      pck_divider <= pck_divider + 1;
+    end
+  end
+  else
+  begin
+    ant_lo <= 1'b0;
+  end
+end
+
+always @(posedge ssp_clk) // == pck0 (lf) ~1356 (hf)
+begin
+  if(ssp_cnt[7:0] == 8'd255) // SSP counter for divides.
+    ssp_cnt[7:0] <= 8'd0;
+  else
+    ssp_cnt <= ssp_cnt + 1;
+
+  if (conf_new[0] == 1'b1) // HF
+    begin
+      if((ssp_cnt[2:0] == 3'b000) && !ant_lo) // To set frame  length
+        begin
+          adc_d_out[7:0] = adc_d; // disable for test
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b1;
+        end
+      else
+        begin
+          adc_d_out[6:0] = adc_d_out[7:1];
+          adc_d_out[7] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
+          bit_to_send = adc_d_out[0];
+          ssp_frame <= 1'b0;
+        end
+      end
+  else if (conf_new[0] == 1'b0) // LF
+    begin 
+      if((pck_divider == 8'd7) && !ant_lo) // To set frame  length
+        begin
+          adc_d_out[7:0] = adc_d;
+          bit_to_send = adc_d_out[7];
+        end
+      else // send 8 - 15
+      begin
+        adc_d_out[7:1] = adc_d_out[6:0];
+        adc_d_out[0] = 1'b0; // according to old lf_read.v comment prevents gliches if not set.
+        bit_to_send = adc_d_out[7];
+      end
+      ssp_frame <= (pck_divider[7:0] == 8'd7) && !ant_lo; // Hackish way as frame goes up at END of time step (we want it up at 4'b1000)
+    end
+  end
+
+assign ssp_din = bit_to_send && !ant_lo;//bit_to_send && !ant_lo; // && .. not needed i guess?
+
+assign pwr_lo = ant_lo;
+      
+
+endmodule

Offline

Pages: 1

Board footer

Powered by FluxBB