1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
|
<?xml vesion='1.0' encoding='ISO-8859-1'?>
<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'>
<article id="openpicc-reference">
<articleinfo>
<title>OpenPICC - A ISO 14443 A+B PICC RFID simulator</title>
<authorgroup>
<author>
<personname>
<first>Harald</first>
<surname>Welte</surname>
</personname>
<email>hwelte@hmw-consulting.de</email>
</author>
<author>
<personname>
<first>Milosch</first>
<surname>Meriac</surname>
</personname>
<email>meriac@bitmanufaktur.de</email>
</author>
</authorgroup>
<copyright>
<year>2006</year>
<holder>Harald Welte <hwelte@hmw-consultin.de> </holder>
</copyright>
<date>Oct 12, 2006</date>
<edition>1</edition>
<releaseinfo>
$Revision: 1.0 $
</releaseinfo>
<abstract>
<para>
This is the reference documentation for the OpenPICC RFID
simulator for ISO 14443.
</para>
<para>
</para>
</abstract>
</articleinfo>
<section>
<title>Introduction</title>
<para>
The OpenPICC project is about desinging and building both hardware and software
for a user-programmable simulator of the PICC (Transponder) side of the ISO
14443 A+B (and later ISO15693) RFID protocols.
</para>
<para>
The hardware is based on the Atmel AT91SAM7S256 microcontroller, featuring a
48MHz, 32bit ARM7TDMI core with many integrated peripherals, such as USB
device, SSC, ADC, 256kByte Flash, 64kByte SRAM, ...
</para>
<para>
The SAM7 attaches to a host PC using a USB 1.1 interface. The SAM7 firmware
implements encoding/decoding, the auxiliary hardware modulation/demodulation.
The host PC therefore transmits and sends raw ISO 14443-3 frames, and
implements higher protocol levels such as ISO 14443-4 or even a Smartcard OS
simulation according to 7816-4.
</para>
<para>
All device firmware and host software source code is released under GNU General
Public License. The hardware design (schematics, PCB) is released under
"Creative Commons share-alike attribution" License.
</para>
</section> <!-- Introduction -->
<section>
<title>Hardware</title>
<para>
FIXME: to be filled by milosch
</para>
<xi:xinclude href="common-hardware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
</section>
<section>
<title>Software</title>
<xi:include href="common-usbproto.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
<section>
<title>PICC specific commands</title>
<section>
<title>CMD_PICC_REG_WRITE</title>
<para>
Using this command, a given OpenPICC register can be written to.
</para>
</section>
<section>
<title>CMD_PICC_REG_READ</title>
<para>
Using this command, a given OpenPICC register can be read.
</para>
</section>
</section> <!-- PICC specific commands -->
<section>
<title>ADC specific commands</title>
</section> <!-- ADC specific commands -->
<section>
<title>GPIO IRQ commands</title>
<para>
Using these commands, the host software can request a USB interrupt
transfer to be sent once a given GPIO pin changes its level
</para>
</section> <!-- GPIO IRQ commands -->
</section> <!-- USB protocol commands -->
</section> <!-- USB protocol -->
<xi:include href="common-targetsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
<section> <!-- Target Software -->
<section>
<title>The OpenPICC register set</title>
<para>
Most of the behaviour of the OpenPICC simulator can be controlled using the
OpenPICC register set. This is not really a register set that corresponds to
hardware registers. The registers are actually implemented in software, and
act as global variables present in SAM7 RAM, which influence the OpenPICC
firmware operation.
</para>
<para>
This interface was chosen because it is something that software developers
(more specificially: driver developers) are used to.
</para>
<section>
<title>OPICC_REG_14443A_UIDLEN</title>
<para>
This register defines the length of the 14443-A UID or 14443-B PUPI. The
length value is specified in bytes.
</para>
<para>
Permitted values for 14443-A are: 4, 7 or 10.
</para>
<para>
Permitted values for 14443-B are: 4.
</para>
</section>
<section>
<title>OPICC_REG_14443A_FDT0</title>
<para>
ISO 14443A synchronous frame delay time in case last bit of PCD->PICC frame
was 0. According to the ISO 14443-3 specification, this has to be 1236.
</para>
</section>
<section>
<title>OPICC_REG_14443A_FDT1</title>
<para>
ISO 14443-3A synchronous frame delay time in case last bit of PCD->PICC frame
was 1. According to the ISO 14443-3A specification, this has to be 1172.
</para>
</section>
<section>
<title>OPICC_REG_14443A_ATQA</title>
<para>
The ATQA register contains a template for the 14443-3A ATQA. Only the lowest
five bits (0...4, bit frame anti-collision) and the bits 8..11 are used, the
rest will be masked and or specified by the OpenPICC firmware.
</para>
</section>
<section>
<title>OPICC_REG_14443A_STATE</title>
<para>
The PICC state according to ISO 14443-3A. Possible values are:
ISO14443A_ST_POWEROFF, ISO14443A_ST_IDLE, ISO14443A_ST_READY,
ISO14443A_ST_ACTIVE, ISO14443A_ST_HALT, ISO14443A_ST_READY2,
ISO14443A_ST_ACTIVE2.
</para>
</section>
<section>
<title>OPICC_REG_RX_CLK_DIV</title>
<para>
The receive clock divider register. This specifies the relationship
between SSC sample clock and re-generated carrier clock.
</para>
<para>
For ISO14443-A at 106kBp/s, this is usually set to 32 in order to produce
a four-times oversampled signal. Values for higher baudrtes are TBD.
</para>
</section>
<section>
<title>OPICC_REG_RX_CLK_PHASE</title>
<para>
This register defines the phase of the receive sample clock. Values
are given relative to the rx sample clock synchronization pulse caused
by the first falling edge within the frame.
</para>
</section>
<section>
<title>OPICC_REG_RX_CONTROL</title>
<para>
The receive control register controls the OpenPICC receive path
</para>
</section>
<section>
<title>OPICC_REG_TX_CLK_DIV</title>
<para>
The transmit clock divider register determines the sample clock rate of the SSC
transmit path. Since 14443-A and -B use a 847.5kHz subcarrier, the sample
rate will have to be configured to 1.695MHz, and thus a clock divider of 8
programmed into this register.
</para>
</section>
<section>
<title>OPICC_REG_TX_CLK_PHASE</title>
<para>
The transmit clock phase register defines the phase relationship between carrier clock and SSC Tx clock.
</para>
</section>
<section>
<title>OPICC_REG_TX_CONTROL</title>
<para>
The transmit control register is split in two sections: Lower nibble switches between BPSK (1) and MANCHESTER (2), whereas the higher nibble is used to configure the modulation depth (0..3).
</para>
</section>
<section>
<title>OPICC_REG_RX_COMP_LEVEL</title>
<para>
The demodulated Rx signal is digitized using a comparator. Using this
register, the comparator reference value can be specified. The value is
conveyed as a 7bit value in the range of 0..127.
</para>
</section>
<section>
<title>OPICC_SREG_14443A_UID</title>
<para>
This string register contains the 14443-3A UID or 14443-3B PUPI.
</para>
</section>
</section> <!-- The OpenPICC register set -->
</section> <!-- Target Software -->
</section>
</section> <!-- The OpenPICC register set -->
</section> <!-- Target Software -->
<section>
<title>Host Software</title>
<para>
TBD
</para>
<xi:include href="common-hostsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
</section> <!-- Host Software -->
</section> <!-- Software -->
</article>
|