/doc/openpcd.xml - Annotate - SIMtrace - Open Source Mobile Communications

ea1423e7

laforge

<?xml vesion='1.0' encoding='ISO-8859-1'?>

2

<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbook.dtd'>

3

4

<article id="openpcd-reference">

5

6

<articleinfo>

7

	<title>OpenPCD - A 13.56MHz RFID reader</title>

8

	<authorgroup>

9

		<author>

10

			<personname>

11

				<first>Harald</first>

12

				<surname>Welte</surname>

13

			</personname>

14

			<email>hwelte@hmw-consulting.de</email>

15

		</author>

16

		<author>

17

			<personname>

18

				<first>Milosch</first>

19

				<surname>Meriac</surname>

20

			</personname>

21

			<email>meriac@bitmanufaktur.de</email>

22

		</author>

23

	</authorgroup>

24

	<copyright>

25

		<year>2006</year>

26

		<holder>Harald Welte &lt;hwelte@hmw-consultin.de&gt; </holder>

27

	</copyright>

28

	<date>Oct 12, 2006</date>

29

	<edition>1</edition>

30

	<releaseinfo>

31

		$Revision: 1.0 $

32

	</releaseinfo>

33

34

	<abstract>

35

		<para>

36

		This is the reference documentation for the OpenPCD RFID

37

		reader.

38

		</para>

39

		<para>

40

41

		</para>

42

	</abstract>

43

</articleinfo>

44

45

<section>

46

<title>Introduction</title>

47

<para>

48

The OpenPCD project is about desinging and building both hardware and software

49

for a user-programmable reader (proximity coupling device, PCD) of the ISO

50

14443 A+B (and later ISO15693) RFID protocols.

51

</para>

52

<para>

53

The hardware is based on the Atmel AT91SAM7S128 microcontroller, featuring a

54

48MHz, 32bit ARM7TDMI core with many integrated peripherals, such as USB

55

device, SSC, ADC, 128kByte Flash, 32kByte SRAM, ...

56

</para>

57

<para>

58

Next to the AT91SAM7, there is the Pilips CL RC 632 RFID reader ASIC. It

59

is attached via SPI (Serial Peripheral Interface) to the AT91SAM7.

60

</para>

61

<para>

62

The SAM7 attaches to a host PC using a USB 1.1 interface. The SAM7 firmware

63

implements various forms of interface between the RC632 and the host PC.

64

There are multiple firmware images available, some of them acting as a dumb

65

transceiver, while others implement the full ISO 14443 protocol suite inside

66

the SAM7 firmware.

67

</para>

68

<para>

69

All device firmware and host software source code is released under GNU General

70

Public License.  The hardware design (schematics, PCB) is released under

71

"Creative Commons share-alike attribution" License.

72

</para>

73

</section> <!-- Introduction -->

74

75

<section>

76

<title>Hardware</title>

77

<para>

78

FIXME: to be filled by milosch

79

</para>

80

81

<xi:xinclude href="common-hardware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>

82

83

</section>

84

85

86

<section>

87

<title>Software</title>

88

89

<xi:include href="common-usbproto.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>

90

91

<section>

92

<title>PICC specific commands</title>

93

<section>

94

<title>CMD_PICC_REG_WRITE</title>

95

<para>

96

Using this command, a given OpenPICC register can be written to.

97

</para>

98

</section>

99

<section>

100

<title>CMD_PICC_REG_READ</title>

101

<para>

102

Using this command, a given OpenPICC register can be read.

103

</para>

104

</section>

105

</section> <!-- PICC specific commands -->

106

107

<section>

108

<title>ADC specific commands</title>

109

</section> <!-- ADC specific commands -->

110

111

<section>

112

<title>GPIO IRQ commands</title>

113

<para>

114

Using these commands, the host software can request a USB interrupt

115

transfer to be sent once a given GPIO pin changes its level

116

</para>

117

</section> <!-- GPIO IRQ commands -->

118

119

</section> <!-- USB protocol commands -->

120

</section> <!-- USB protocol -->

121

122

<xi:include href="common-targetsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>

123

124

<section>

125

<title>The main_dumbreader firmware</title>

126

<para>

127

The main_dumbreader firmware implements a very basic PCD/VCD firmware, where

128

the USB device only implements an access layer to the RC632 registers and

129

FIFO.  All protocol and application logic has to be implemented on the host

130

PC.

131

</para>

132

<para>

133

This provides the greatest flexibility to the host software, since it can

134

easily alter the behaviour of the device completely.  Host development is

135

easier than cross-compilation and remote debugging required for firmware

136

development.

137

</para>

138

<para>

139

Therefore, this firmware is the choice for most security researchers, since

140

all timing and every bit of the protocol can be dealt with on the host.

141

</para>

142

</section> <!-- main_dumbreader -->

143

144

<section>

145

<title>The main_librfid firmware</title>

146

<para>

147

This firmware is called 'main_librfid' because it contains a full copy of the

148

librfid library, cross compiled for ARM.  The librfid library implements

149

various 13.56MHz RFID protocols from layer 2 to layer 4 and higher, including

150

ISO 14443, ISO 15693, Mifare classic, Mifare ultralight and others.

151

</para>

152

<para>

153

The USB protocol of this firmware has not yet been fully speicified, also

154

there currently is no finished host software that could interface this

155

firmware yet.  Stay tuned for upcoming news on this subject.

156

</para>

157

158

</section> <!-- Target Software -->

159

160

<section>

161

<title>Host Software</title>

162

<para>

163

TBD

164

</para>

165

166

<xi:include href="common-hostsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>

167

168

</section> <!-- Host Software -->

169

170

</section> <!-- Software -->

171

172

</article>

Project

General

Profile

SIM card related Projects » SIMtrace

Project

General

Profile

SIM card related Projects » SIMtrace

openpcd/doc/openpcd.xml @ master