|
1
|
<?xml vesion='1.0' encoding='ISO-8859-1'?>
|
|
2
|
<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'>
|
|
3
|
|
|
4
|
<article id="openpicc-reference">
|
|
5
|
|
|
6
|
<articleinfo>
|
|
7
|
<title>OpenPICC - A ISO 14443 A+B PICC RFID simulator</title>
|
|
8
|
<authorgroup>
|
|
9
|
<author>
|
|
10
|
<personname>
|
|
11
|
<first>Harald</first>
|
|
12
|
<surname>Welte</surname>
|
|
13
|
</personname>
|
|
14
|
<email>hwelte@hmw-consulting.de</email>
|
|
15
|
</author>
|
|
16
|
<author>
|
|
17
|
<personname>
|
|
18
|
<first>Milosch</first>
|
|
19
|
<surname>Meriac</surname>
|
|
20
|
</personname>
|
|
21
|
<email>meriac@bitmanufaktur.de</email>
|
|
22
|
</author>
|
|
23
|
</authorgroup>
|
|
24
|
<copyright>
|
|
25
|
<year>2006</year>
|
|
26
|
<holder>Harald Welte <hwelte@hmw-consultin.de> </holder>
|
|
27
|
</copyright>
|
|
28
|
<date>Oct 12, 2006</date>
|
|
29
|
<edition>1</edition>
|
|
30
|
<releaseinfo>
|
|
31
|
$Revision: 1.0 $
|
|
32
|
</releaseinfo>
|
|
33
|
|
|
34
|
<abstract>
|
|
35
|
<para>
|
|
36
|
This is the reference documentation for the OpenPICC RFID
|
|
37
|
simulator for ISO 14443.
|
|
38
|
</para>
|
|
39
|
<para>
|
|
40
|
|
|
41
|
</para>
|
|
42
|
</abstract>
|
|
43
|
</articleinfo>
|
|
44
|
|
|
45
|
<section>
|
|
46
|
<title>Introduction</title>
|
|
47
|
<para>
|
|
48
|
The OpenPICC project is about desinging and building both hardware and software
|
|
49
|
for a user-programmable simulator of the PICC (Transponder) side of the ISO
|
|
50
|
14443 A+B (and later ISO15693) RFID protocols.
|
|
51
|
</para>
|
|
52
|
<para>
|
|
53
|
The hardware is based on the Atmel AT91SAM7S256 microcontroller, featuring a
|
|
54
|
48MHz, 32bit ARM7TDMI core with many integrated peripherals, such as USB
|
|
55
|
device, SSC, ADC, 256kByte Flash, 64kByte SRAM, ...
|
|
56
|
</para>
|
|
57
|
<para>
|
|
58
|
The SAM7 attaches to a host PC using a USB 1.1 interface. The SAM7 firmware
|
|
59
|
implements encoding/decoding, the auxiliary hardware modulation/demodulation.
|
|
60
|
The host PC therefore transmits and sends raw ISO 14443-3 frames, and
|
|
61
|
implements higher protocol levels such as ISO 14443-4 or even a Smartcard OS
|
|
62
|
simulation according to 7816-4.
|
|
63
|
</para>
|
|
64
|
<para>
|
|
65
|
All device firmware and host software source code is released under GNU General
|
|
66
|
Public License. The hardware design (schematics, PCB) is released under
|
|
67
|
"Creative Commons share-alike attribution" License.
|
|
68
|
</para>
|
|
69
|
</section> <!-- Introduction -->
|
|
70
|
|
|
71
|
<section>
|
|
72
|
<title>Hardware</title>
|
|
73
|
<para>
|
|
74
|
FIXME: to be filled by milosch
|
|
75
|
</para>
|
|
76
|
|
|
77
|
<xi:xinclude href="common-hardware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
|
|
78
|
|
|
79
|
</section>
|
|
80
|
|
|
81
|
|
|
82
|
<section>
|
|
83
|
<title>Software</title>
|
|
84
|
|
|
85
|
<xi:include href="common-usbproto.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
|
|
86
|
|
|
87
|
<section>
|
|
88
|
<title>PICC specific commands</title>
|
|
89
|
<section>
|
|
90
|
<title>CMD_PICC_REG_WRITE</title>
|
|
91
|
<para>
|
|
92
|
Using this command, a given OpenPICC register can be written to.
|
|
93
|
</para>
|
|
94
|
</section>
|
|
95
|
<section>
|
|
96
|
<title>CMD_PICC_REG_READ</title>
|
|
97
|
<para>
|
|
98
|
Using this command, a given OpenPICC register can be read.
|
|
99
|
</para>
|
|
100
|
</section>
|
|
101
|
</section> <!-- PICC specific commands -->
|
|
102
|
|
|
103
|
<section>
|
|
104
|
<title>ADC specific commands</title>
|
|
105
|
</section> <!-- ADC specific commands -->
|
|
106
|
|
|
107
|
<section>
|
|
108
|
<title>GPIO IRQ commands</title>
|
|
109
|
<para>
|
|
110
|
Using these commands, the host software can request a USB interrupt
|
|
111
|
transfer to be sent once a given GPIO pin changes its level
|
|
112
|
</para>
|
|
113
|
</section> <!-- GPIO IRQ commands -->
|
|
114
|
|
|
115
|
</section> <!-- USB protocol commands -->
|
|
116
|
</section> <!-- USB protocol -->
|
|
117
|
|
|
118
|
<xi:include href="common-targetsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
|
|
119
|
|
|
120
|
<section> <!-- Target Software -->
|
|
121
|
|
|
122
|
<section>
|
|
123
|
<title>The OpenPICC register set</title>
|
|
124
|
<para>
|
|
125
|
Most of the behaviour of the OpenPICC simulator can be controlled using the
|
|
126
|
OpenPICC register set. This is not really a register set that corresponds to
|
|
127
|
hardware registers. The registers are actually implemented in software, and
|
|
128
|
act as global variables present in SAM7 RAM, which influence the OpenPICC
|
|
129
|
firmware operation.
|
|
130
|
</para>
|
|
131
|
<para>
|
|
132
|
This interface was chosen because it is something that software developers
|
|
133
|
(more specificially: driver developers) are used to.
|
|
134
|
</para>
|
|
135
|
|
|
136
|
<section>
|
|
137
|
<title>OPICC_REG_14443A_UIDLEN</title>
|
|
138
|
<para>
|
|
139
|
This register defines the length of the 14443-A UID or 14443-B PUPI. The
|
|
140
|
length value is specified in bytes.
|
|
141
|
</para>
|
|
142
|
<para>
|
|
143
|
Permitted values for 14443-A are: 4, 7 or 10.
|
|
144
|
</para>
|
|
145
|
<para>
|
|
146
|
Permitted values for 14443-B are: 4.
|
|
147
|
</para>
|
|
148
|
</section>
|
|
149
|
|
|
150
|
<section>
|
|
151
|
<title>OPICC_REG_14443A_FDT0</title>
|
|
152
|
<para>
|
|
153
|
ISO 14443A synchronous frame delay time in case last bit of PCD->PICC frame
|
|
154
|
was 0. According to the ISO 14443-3 specification, this has to be 1236.
|
|
155
|
</para>
|
|
156
|
</section>
|
|
157
|
|
|
158
|
<section>
|
|
159
|
<title>OPICC_REG_14443A_FDT1</title>
|
|
160
|
<para>
|
|
161
|
ISO 14443-3A synchronous frame delay time in case last bit of PCD->PICC frame
|
|
162
|
was 1. According to the ISO 14443-3A specification, this has to be 1172.
|
|
163
|
</para>
|
|
164
|
</section>
|
|
165
|
|
|
166
|
<section>
|
|
167
|
<title>OPICC_REG_14443A_ATQA</title>
|
|
168
|
<para>
|
|
169
|
The ATQA register contains a template for the 14443-3A ATQA. Only the lowest
|
|
170
|
five bits (0...4, bit frame anti-collision) and the bits 8..11 are used, the
|
|
171
|
rest will be masked and or specified by the OpenPICC firmware.
|
|
172
|
</para>
|
|
173
|
</section>
|
|
174
|
|
|
175
|
<section>
|
|
176
|
<title>OPICC_REG_14443A_STATE</title>
|
|
177
|
<para>
|
|
178
|
The PICC state according to ISO 14443-3A. Possible values are:
|
|
179
|
ISO14443A_ST_POWEROFF, ISO14443A_ST_IDLE, ISO14443A_ST_READY,
|
|
180
|
ISO14443A_ST_ACTIVE, ISO14443A_ST_HALT, ISO14443A_ST_READY2,
|
|
181
|
ISO14443A_ST_ACTIVE2.
|
|
182
|
</para>
|
|
183
|
</section>
|
|
184
|
|
|
185
|
<section>
|
|
186
|
<title>OPICC_REG_RX_CLK_DIV</title>
|
|
187
|
<para>
|
|
188
|
The receive clock divider register. This specifies the relationship
|
|
189
|
between SSC sample clock and re-generated carrier clock.
|
|
190
|
</para>
|
|
191
|
<para>
|
|
192
|
For ISO14443-A at 106kBp/s, this is usually set to 32 in order to produce
|
|
193
|
a four-times oversampled signal. Values for higher baudrtes are TBD.
|
|
194
|
</para>
|
|
195
|
</section>
|
|
196
|
|
|
197
|
<section>
|
|
198
|
<title>OPICC_REG_RX_CLK_PHASE</title>
|
|
199
|
<para>
|
|
200
|
This register defines the phase of the receive sample clock. Values
|
|
201
|
are given relative to the rx sample clock synchronization pulse caused
|
|
202
|
by the first falling edge within the frame.
|
|
203
|
</para>
|
|
204
|
</section>
|
|
205
|
|
|
206
|
<section>
|
|
207
|
<title>OPICC_REG_RX_CONTROL</title>
|
|
208
|
<para>
|
|
209
|
The receive control register controls the OpenPICC receive path
|
|
210
|
</para>
|
|
211
|
</section>
|
|
212
|
|
|
213
|
<section>
|
|
214
|
<title>OPICC_REG_TX_CLK_DIV</title>
|
|
215
|
<para>
|
|
216
|
The transmit clock divider register determines the sample clock rate of the SSC
|
|
217
|
transmit path. Since 14443-A and -B use a 847.5kHz subcarrier, the sample
|
|
218
|
rate will have to be configured to 1.695MHz, and thus a clock divider of 8
|
|
219
|
programmed into this register.
|
|
220
|
</para>
|
|
221
|
</section>
|
|
222
|
|
|
223
|
<section>
|
|
224
|
<title>OPICC_REG_TX_CLK_PHASE</title>
|
|
225
|
<para>
|
|
226
|
The transmit clock phase register defines the phase relationship between carrier clock and SSC Tx clock.
|
|
227
|
</para>
|
|
228
|
</section>
|
|
229
|
|
|
230
|
<section>
|
|
231
|
<title>OPICC_REG_TX_CONTROL</title>
|
|
232
|
<para>
|
|
233
|
The transmit control register is split in two sections: Lower nibble switches between BPSK (1) and MANCHESTER (2), whereas the higher nibble is used to configure the modulation depth (0..3).
|
|
234
|
</para>
|
|
235
|
</section>
|
|
236
|
|
|
237
|
<section>
|
|
238
|
<title>OPICC_REG_RX_COMP_LEVEL</title>
|
|
239
|
<para>
|
|
240
|
The demodulated Rx signal is digitized using a comparator. Using this
|
|
241
|
register, the comparator reference value can be specified. The value is
|
|
242
|
conveyed as a 7bit value in the range of 0..127.
|
|
243
|
</para>
|
|
244
|
</section>
|
|
245
|
|
|
246
|
<section>
|
|
247
|
<title>OPICC_SREG_14443A_UID</title>
|
|
248
|
<para>
|
|
249
|
This string register contains the 14443-3A UID or 14443-3B PUPI.
|
|
250
|
</para>
|
|
251
|
</section>
|
|
252
|
|
|
253
|
</section> <!-- The OpenPICC register set -->
|
|
254
|
|
|
255
|
</section> <!-- Target Software -->
|
|
256
|
|
|
257
|
</section>
|
|
258
|
|
|
259
|
</section> <!-- The OpenPICC register set -->
|
|
260
|
|
|
261
|
</section> <!-- Target Software -->
|
|
262
|
|
|
263
|
<section>
|
|
264
|
<title>Host Software</title>
|
|
265
|
<para>
|
|
266
|
TBD
|
|
267
|
</para>
|
|
268
|
|
|
269
|
<xi:include href="common-hostsoftware.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
|
|
270
|
|
|
271
|
</section> <!-- Host Software -->
|
|
272
|
|
|
273
|
</section> <!-- Software -->
|
|
274
|
|
|
275
|
</article>
|
