Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2009-03-18 21:28:11

Brink
Member
Registered: 2008-12-29
Posts: 2

2 questions about the 14443a fpga implementation

First off excuse me if this isn't the right section, but the forums seems quite scattered with all sorts of information in all sections that I'm not really sure where to put this.

I've started looking into the proxmark, in special the 14443a implementation, to understand it's working. Without any computer engineering or hardware background it's been a rough ride so far looking at the fpga code.

I hope somebody can enlighten me on this small snippet.

  if(negedge_cnt == 7'd63)
    begin
    if(deep_modulation)
    begin
      to_arm <= {after_hysteresis_prev1,after_hysteresis_prev2,after_hysteresis_prev3,after_hysteresis,1'b0,1'b0,1'b0,1'b0};
    end
    else
    begin
      to_arm <= {after_hysteresis_prev1,after_hysteresis_prev2,after_hysteresis_prev3,after_hysteresis,bit1,bit2,bit3,curbit};
    end

From the 14443 specs I understand that 1 bit period equals 128 cycles of the carrier. A logic 1 is represented by the sequence_d which equal to 1111 0000 (according to the ARM src). So every 16 cycles of the carrier we get 1 bit of the sequence right?
At least looking a bit down in the code we see, which seems to confirm this.

    if(negedge_cnt == 6'd15)
  begin
        after_hysteresis_prev1 <= after_hysteresis;
    bit1 <= curbit;
  end
    if(negedge_cnt == 6'd31)
  begin
        after_hysteresis_prev2 <= after_hysteresis;
    bit2 <= curbit;
  end
    if(negedge_cnt == 6'd47)
  begin
        after_hysteresis_prev3 <= after_hysteresis;
    bit3 <= curbit;
  end

So meaning after 64 cycles (half bit period) we'd have 4 bits of the sequence. Yet when I look at the code above we're sending 8 bits to the arm after half a bit period?! Anyone able to explain why this happens?


The second question is:
What do reg [8:0] saw_deep_modulation and reg deep_modulation; exactly stand for?
I'm guessing it has something to do with the modulation depth?

Any help would be greatly appreciated as I've been breaking my head over it for the past 2 days without much success and the lack of comments in the code isn't really helping either sad

Cheers,

Offline

#2 2009-03-19 09:56:20

rule
Administrator
Registered: 2008-05-21
Posts: 416

Re: 2 questions about the 14443a fpga implementation

You are right, there is no real place for questions like this. Therefor I created a new forum wink
I'll let Gerhard know you have posted a question about his FPGA firmware, I think he can answers to this better.

Offline

#3 2009-03-19 11:38:24

Brink
Member
Registered: 2008-12-29
Posts: 2

Re: 2 questions about the 14443a fpga implementation

roel wrote:

You are right, there is no real place for questions like this. Therefor I created a new forum wink
I'll let Gerhard know you have posted a question about his FPGA firmware, I think he can answers to this better.

Good to hear. Thanks.

Offline

#4 2009-03-24 11:48:55

gerhard
Contributor
Registered: 2008-05-21
Posts: 5

Re: 2 questions about the 14443a fpga implementation

Brink wrote:

From the 14443 specs I understand that 1 bit period equals 128 cycles of the carrier. A logic 1 is represented by the sequence_d which equal to 1111 0000 (according to the ARM src). So every 16 cycles of the carrier we get 1 bit of the sequence right?

Right.

Brink wrote:

So meaning after 64 cycles (half bit period) we'd have 4 bits of the sequence. Yet when I look at the code above we're sending 8 bits to the arm after half a bit period?! Anyone able to explain why this happens?

Yes, what you have analyzed so far is correct. The code that updates the after_hysteresis variables takes care of the reader modulation while we also want to get information about the tag modulation which is done with the curbit variables. These are send together, reader and tag signal.

Brink wrote:

The second question is:
What do reg [8:0] saw_deep_modulation and reg deep_modulation; exactly stand for?
I'm guessing it has something to do with the modulation depth?

saw_deep_modulation is used to set deep_modulation and tells if recently any deep modulation (so a dip in the carrier of 13.56MHz) has appeared. When this is the case you can be sure that the reader is 'talking' and by this code

    if(deep_modulation)
    begin
      to_arm <= {after_hysteresis_prev1,after_hysteresis_prev2,after_hysteresis_prev3,after_hysteresis,1'b0,1'b0,1'b0,1'b0};
    end
    else
    begin
      to_arm <= {after_hysteresis_prev1,after_hysteresis_prev2,after_hysteresis_prev3,after_hysteresis,bit1,bit2,bit3,curbit};
    end

the four last information bits are put to zero because the tag is probably not communicating. This prevents any disturbance in the demodulation process of the ARM. In practice the curbit variables were filled with noise bits when the reader was communicating. Now they are silenced explicitly.

If you have any more questions about this code, do not hesitate to ask them.

Regards,
Gerhard

Offline

Board footer

Powered by FluxBB