Harald Welte hwelte@hmw-consulting.de Milosch Meriac meriac@bitmanufaktur.de 2006 Harald Welte <hwelte@hmw-consultin.de> Oct 12, 2006 1 $Revision: 1.0 $ This is the reference documentation for the OpenPICC RFID simulator for ISO 14443.

The OpenPICC project is about desinging and building both hardware and software for a user-programmable simulator of the PICC (Transponder) side of the ISO 14443 A+B (and later ISO15693) RFID protocols. The hardware is based on the Atmel AT91SAM7S256 microcontroller, featuring a 48MHz, 32bit ARM7TDMI core with many integrated peripherals, such as USB device, SSC, ADC, 256kByte Flash, 64kByte SRAM, ... The SAM7 attaches to a host PC using a USB 1.1 interface. The SAM7 firmware implements encoding/decoding, the auxiliary hardware modulation/demodulation. The host PC therefore transmits and sends raw ISO 14443-3 frames, and implements higher protocol levels such as ISO 14443-4 or even a Smartcard OS simulation according to 7816-4. All device firmware and host software source code is released under GNU General Public License. The hardware design (schematics, PCB) is released under "Creative Commons share-alike attribution" License.

FIXME: to be filled by milosch

Using this command, a given OpenPICC register can be written to.

Using this command, a given OpenPICC register can be read.

Using these commands, the host software can request a USB interrupt transfer to be sent once a given GPIO pin changes its level

Most of the behaviour of the OpenPICC simulator can be controlled using the OpenPICC register set. This is not really a register set that corresponds to hardware registers. The registers are actually implemented in software, and act as global variables present in SAM7 RAM, which influence the OpenPICC firmware operation. This interface was chosen because it is something that software developers (more specificially: driver developers) are used to.

This register defines the length of the 14443-A UID or 14443-B PUPI. The length value is specified in bytes. Permitted values for 14443-A are: 4, 7 or 10. Permitted values for 14443-B are: 4.

ISO 14443A synchronous frame delay time in case last bit of PCD->PICC frame was 0. According to the ISO 14443-3 specification, this has to be 1236.

ISO 14443-3A synchronous frame delay time in case last bit of PCD->PICC frame was 1. According to the ISO 14443-3A specification, this has to be 1172.

The ATQA register contains a template for the 14443-3A ATQA. Only the lowest five bits (0...4, bit frame anti-collision) and the bits 8..11 are used, the rest will be masked and or specified by the OpenPICC firmware.

The PICC state according to ISO 14443-3A. Possible values are: ISO14443A_ST_POWEROFF, ISO14443A_ST_IDLE, ISO14443A_ST_READY, ISO14443A_ST_ACTIVE, ISO14443A_ST_HALT, ISO14443A_ST_READY2, ISO14443A_ST_ACTIVE2.

The receive clock divider register. This specifies the relationship between SSC sample clock and re-generated carrier clock. For ISO14443-A at 106kBp/s, this is usually set to 32 in order to produce a four-times oversampled signal. Values for higher baudrtes are TBD.

This register defines the phase of the receive sample clock. Values are given relative to the rx sample clock synchronization pulse caused by the first falling edge within the frame.

The receive control register controls the OpenPICC receive path

The transmit clock divider register determines the sample clock rate of the SSC transmit path. Since 14443-A and -B use a 847.5kHz subcarrier, the sample rate will have to be configured to 1.695MHz, and thus a clock divider of 8 programmed into this register.

The transmit clock phase register defines the phase relationship between carrier clock and SSC Tx clock.

The transmit control register is split in two sections: Lower nibble switches between BPSK (1) and MANCHESTER (2), whereas the higher nibble is used to configure the modulation depth (0..3).

The demodulated Rx signal is digitized using a comparator. Using this register, the comparator reference value can be specified. The value is conveyed as a 7bit value in the range of 0..127.

This string register contains the 14443-3A UID or 14443-3B PUPI.

TBD