📄 secsys14.asm
字号:
;------------------------------------------------------------------------------
; MICROCHIP KEELOQ SECURITY SYSTEM
;
;------------------------------------------------------------------------------
; LEGAL NOTICE
;
; The information contained in this document is proprietary and
; confidential information of Microchip Technology Inc. Therefore all
; parties are required to sign a non-disclosure agreement before
; receiving this document.
;------------------------------------------------------------------------------
;**************************************************************************
; Program: SECSYS14.ASM
; Microchip EEPROM Alarm System
; Description: This program is an example of a KeeLoq decoder, based
; on the Microchip PIC platform. The code is intended for
; modification by users to implement their own security
; systems.
; Processor: Microchip PIC 16C57
; Assembler: Microchip MPASM v1.30
; Options: WDT=On; RC Oscillator (4 MHz); Code Protection=On
;**************************************************************************
; Revision record:
; 1.40 19 July 1996 Fanie Delport
; a. Included adapted receive routine that can handle a wider range
; of transmission speeds.
; 1.30 9 June 1996 Kobus Marneweck SECSYS13.ASM
; a. Added destination to remove warnings
; 1.10 26 October 1995 Fanie Delport SECSYS11.ASM
; a. Included adapted recieve routine to cater for
; all Keeloq encoders.
; b. Removed macros.
; c. Added comments.
; 1.00 02 October 1995 Kobus Marneweck SECSYS10.ASM
; Initial version, adapted from Microchip decoder v 1.0 by V N Delport
;**************************************************************************
LIST P=16C57,F=INHX8M,R=DEC
; GENERAL PURPOSE REGISTERS
IND EQU 00H ; INDIRECT ADDRESS REGISTER
RTCC EQU 01H ; REAL TIME COUNTER CLOCK
PC EQU 02H ; PROGRAM COUNTER
STATUS EQU 03H ; STATUS REGISTER
FSR EQU 04H ; FILE SELECT REGISTER
PORTA EQU 05H ; PORT A
PORTB EQU 06H ; PORT B
PORTC EQU 07H ; PORT C
; USER DEFINED REGISTER
ADDRESS EQU 0CH ; ADDRESS REGISTER
TXNUM EQU 0DH ; CURRENT TX
OUTBYT EQU 0EH ; GENERAL DATA REGISTER
MASK EQU OUTBYT ; MASK REGISTER USED IN DECRYPTION
TMP_CNT EQU OUTBYT ; RECEIVE ROUTINE TEMPORARY COUNTER
CSR8 EQU ADDRESS ; MSB OF RX REGISTER
; COUNTER REGISTERS
CNT0 EQU 18H ; LOOP COUNTERS
CNT1 EQU 19H
CNT2 EQU 1AH
CNT_HI EQU 1BH ; 16 BIT CLOCK COUNTER
CNT_LW EQU 1CH
; TEMP REGISTERS
TMP1 EQU 10H ; TEMP REGISTERS
TMP2 EQU 11H
TMP3 EQU 12H
TMP4 EQU 13H
; CIRCULAR BUFFER REGISTER
CSR4 EQU 14H ; 64 BIT RECEIVE SHIFT REGISTER
CSR5 EQU 15H
CSR6 EQU 16H
CSR7 EQU 17H
CSR0 EQU 08H
CSR1 EQU 09H
CSR2 EQU 0AH
CSR3 EQU 0BH
; **** WORK REGISTERS ********
STACK EQU 1EH ; EXTRA STACK LEVEL
FLAGS EQU 1FH ; USER FLAG REGISTER
FLAGS1 EQU 0FH ; USER FLAG REGISTER
RAMS EQU 1DH ; RAM STATE
; ************** DECRYPTION REGISTER RE-MAPPINGS *******************
;
; NOTE : INDIRECT ADDRESSING USED, DO NOT CHANGE REGISTER ASSIGNMENT
;
; ******************************************************************
KEY0 EQU TMP2 ; 64 BIT SHIFT REGISTER WITH DECRYPTION KEY
KEY1 EQU TMP1
KEY2 EQU TMP3
KEY3 EQU TMP4
KEY4 EQU CSR4
KEY5 EQU CSR5
KEY6 EQU CSR6
KEY7 EQU CSR7
HOP1 EQU CSR0 ; 32 BIT HOPCODE REGISTER
HOP2 EQU CSR1
HOP3 EQU CSR2
HOP4 EQU CSR3
; ***** USER REGISTER RE-MAPPINGS ***************
DAT1 EQU CSR3 ; 32 BIT DATA REGISTER
DAT2 EQU CSR2
DAT3 EQU CSR1
DAT4 EQU CSR0
; NOTE : THESE REGISTERS ARE USED DURING KEYGEN AS A 32 BIT BUFFER
ETMP1 EQU 30H ; EXTENDED 32 BIT BUFFER IN RAM PAGE 1
ETMP2 EQU 31H
ETMP3 EQU 32H
ETMP4 EQU 33H
; SECOND SET OF COUNTERS
CNT1_LW EQU 34H
CNT1_HI EQU 35H
CNT2_LW EQU 36H
CNT2_HI EQU 37H
; RECEIVED TRANSMISSION OPEN 32 BITS
SER_0 EQU CSR7 ; 24/28 BIT SERIAL NUMBER
SER_1 EQU CSR6
SER_2 EQU CSR5
SER_3 EQU CSR4
; RECEIVED TRANSMISSION ENCRYPTED 32 BITS
FUNC EQU DAT1 ; BUTTON CODE & USER BIT FUNCTION BYTE
CODE EQU DAT2 ; DISCRIMINATION VALUE
CNTR_HI EQU DAT3 ; 16 BIT RX COUNTER
CNTR_LW EQU DAT4
; ********* EEPROM MEMORY ALLOCATION *******
LRN_PTR EQU 1H ; LEARN POINTER
SSTATUS EQU 2H ; SYSTEM STATUS
BSTATUS EQU 3H ; BACKUP STATUS
TMPCNT EQU 4H ; TEMPORARY COUNTER FOR RE-SYNC
X1 EQU 0C7H ; VALUES FOR STATE RECOVER
X2 EQU 08BH
; ********* PORTA BIT DEFINITIONS *******
DIO EQU 0H ; 0/1 EEPROM DATA LINE
CLK EQU 1H ; 0 EEPROM SERIAL CLOCK
CS EQU 2H ; 0 EEPROM CHIP SELECT
RFIN EQU 3H ; 1 RF INPUT
; ********* PORTB BIT DEFINITIONS *******
IMMO EQU 0H ; 0 IMMOBILIZE OUTPUT
SIREN EQU 1H ; 0 SIREN OUTPUT
PLIGHT EQU 2H ; 0 PARKING LIGHT OUTPUT
LOCK EQU 4H ; 0 LOCK OUTPUT
UNLOCK EQU 5H ; 0 UNLOCK OUTPUT
TRUNK EQU 6H ; 0 TRUNK OUTPUT
LED EQU 7H ; 0 LED INDICATOR
; ********* PORTC BIT DEFINITIONS *******
IGN EQU 0H ; 1 IGNITION INPUT
TRIG EQU 1H ; 1 TRIG INPUT
DOOR EQU 2H ; 1 DOORS INPUT
LEARN EQU 3H ; 1 LEARN INPUT
; ********* COMPILER DEFINES ******************
NBITS EQU 66 ; MAXIMUM TRANSMISSION BIT LENGTH
MIN EQU 560 ; TRANSMISSION HEADER MINIMUM LENGTH [鍿]
;MAX EQU 10800 ; TRANSMISSION HEADER MAXIMUM LENGTH [鍿]
TRISA EQU 1001B ; PORTA: TRI-STATE VALUE
WRCFG EQU 1000B ; PORTA: EEPROM WRITE TRI-STATE VALUE
RDCFG EQU 1001B ; PORTA: EEPROM READ TRI-STATE VALUE
TRISB EQU 00000000B ; PORTB: TRI-STATE VALUE
TRISC EQU 11111111B ; PORTC: TRI-STATE VALUE
E_OK EQU 000H ; 0 VALID RESPONSE
;****** STATE DEFINITIONS **************
ARMEDS EQU 0A5H
DRIVES EQU 05AH
IMMOBS EQU 03CH
LEARNS EQU 0C3H
ALARMS EQU 042H
;****** FLAGS DEFINITIONS **************
NORMAL EQU 0H ; NORMAL PROGRAM FLOW
PASS1 EQU 1H ; LEARN FIRST PASS
PASS2 EQU 2H ; LEARN SECOND PASS
LFLASH EQU 3H ; FLASH LED
PFLASH EQU 4H ; FLASH PLIGHT
NTQ106 EQU 5H ; INDICATE NTQ106 TRANSMISSION RECEIVED
RESYNC EQU 6H ; RESYNCH ACTIVE BIT
RPT EQU 7H ; REPEATED CODE
;****** FLAGS1 DEFINITIONS **************
BITIN EQU 0H ; RF DATA BIT
S_RSTR EQU 1H ; FLAGS MUST BE RESTORED
ENTRY EQU 2H ; ENTRY FLAG
BAT_LOW EQU 3H ; ENCODER BATTERY LOW INDICATOR
;****** STATUS REGISTER BIT DEFINITIONS *****************
CARRY EQU 0 ; CARRY
DC EQU 1 ; DIGIT CARRY
ZERO EQU 2 ; ZERO
PD EQU 3 ; POWER DOWN
TO EQU 4 ; TIMEOUT
PA0 EQU 5 ; PAGE SELECT [0 OR 1]
PA1 EQU 6 ; PAGE SELECT [0 OR 1]
OVF EQU 7 ; RTCC OVERFLOW
;**************************************************************************
; PAGE 0:
;**************************************************************************
ORG 00H
;**************************************************************************
;
; FUNCTION : RESET ()
;
; DESCRIPTION : PROGRAM RESET ROUTINE
;
; PAGE : 0
;
;**************************************************************************
RESET
MOVLW 00000111B ; SETUP RTCC PRESCALER
OPTION ; 1 : 256
BSF STATUS,PA0 ; SELECT PAGE #1
GOTO RESET_P1 ; GOTO MAIN PROGRAM LOOP
;**************************************************************************
; UPPER PAGE CALLS
;**************************************************************************
SENDC GOTO SENDC1 ; UPPER PAGE CALL TO SENDC
TST_LEARN
GOTO TST_LEARN1 ; CALL LEARN BUTTON TEST ROUTINE
TST_RTCC
GOTO TST_RTCC1
EE_WRITE0
GOTO EEWRITE ; CALL EEPROM WRITE ROUTINE
M_LOOP0
BSF STATUS,PA0
GOTO M_LOOP
;**************************************************************************
;
; FUNCTION : ROT_SHIFT()
;
; DESCRIPTION : RIGHT ROTATE 66 BIT RECEIVE SHIFT REGISTER
;
; PAGE : 0
;
;**************************************************************************
ROT_SHIFT
RRF CSR8,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR7,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR6,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR5,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR4,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR3,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR2,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR1,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RRF CSR0,1 ; [1] RIGHT ROTATE RECEIVE SHIFT REGISTER
RETLW E_OK ; [2]
;**************************************************************************
;
; FUNCTION : ROTR()
;
; DESCRIPTION : ROTATE 16 BIT SHIFT REGISTER RIGHT
;
; PAGE : 0
;
;**************************************************************************
ROTR
RRF TMP1,F
RRF TMP2,F
BCF TMP1,7
BTFSC STATUS,CARRY
BSF TMP1,7
RETLW 0
;**************************************************************************
;
; FUNCTION : ROTL()
;
; DESCRIPTION : ROTATE 16 BIT SHIFT REGISTER LEFT
;
; PAGE : 0
;
;**************************************************************************
ROTL
RLF TMP2,F
RLF TMP1,F
BCF TMP2,0
BTFSC STATUS,CARRY
BSF TMP2,0
RETLW 0
;**************************************************************************
;
; FUNCTION : EEREAD ()
;
; DESCRIPTION : READ 16 BIT VALUE FROM EEPROM AND DECRYPT
;
; PAGE : 0
;
;**************************************************************************
EEREAD
MOVFW ADDRESS
MOVWF OUTBYT
BSF OUTBYT,7 ; COMMAND = READ
CALL SENDC ; SEND COMMAND
MOVLW RDCFG
TRIS PORTA ; DIO = INPUT
MOVLW 16D ; 16 BITS TO READ
MOVWF CNT1
READ0 BSF PORTA,CLK ; CLOCK HIGH
RLF TMP2,F ; SHIFT LO BYTE
BCF TMP2,0 ; ASSUME BIT WILL BE 0
BTFSC PORTA,DIO ; READ DIO LINE
BSF TMP2,0 ; COPY BIT TO REGISTER
BCF PORTA,CLK ; CLOCK LOW
RLF TMP1,F ; SHIFT HI BYTE
DECFSZ CNT1,F ; LOOP COUNTER
GOTO READ0
BCF PORTA,CS ; END READ CYCLE
; ******* DECRYPT 16-BIT WORD READ FROM EEPROM ***************
IFNC
MOVLW 16D
MOVWF CNT1
IFNC1 CALL ROTL
MOVLW 07H ; MASK ONLY LOWER 3 BITS
ANDWF TMP1,W
MOVWF OUTBYT ; TEMPORY STORE RESULT
MOVLW (EE_KEY-KEYBASE) ; GET BASE ADDRES OF EEPROM KEY
ADDWF OUTBYT,W ; ... AND ADD TO RESULT
CALL KEY_LOOKUP ; KEY BYTE FROM KEY LOOKUP TABLE
XORWF TMP2,F
DECFSZ CNT1,F
GOTO IFNC1
RETLW 0H
;**************************************************************************
; Memory Map ROM Keys
;**************************************************************************
ORG 3FH
KEY_LOOKUP
ADDWF PC,1 ; ADD OFFSET TO PROGRAM COUNTER
KEYBASE EQU $ ; BASE ADDRESS 40H
MAS_KEY EQU $ ; MASTER KEY BASE ADDRESS
RETLW 0EFH ; MKEY_0 LSB
RETLW 0CDH ; MKEY_1
RETLW 0ABH ; MKEY_2
RETLW 089H ; MKEY_3
RETLW 067H ; MKEY_4
RETLW 045H ; MKEY_5
RETLW 023H ; MKEY_6
RETLW 001H ; MKEY_7 MSB
EE_KEY EQU $ ; EEPROM KEY BASE ADDRESS
RETLW 088H ; EKEY_0 LSB
RETLW 077H ; EKEY_1
RETLW 066H ; EKEY_2
RETLW 055H ; EKEY_3
RETLW 044H ; EKEY_4
RETLW 033H ; EKEY_5
RETLW 022H ; EKEY_6
RETLW 011H ; EKEY_7 MSB
;**************************************************************************
; FUNCTION : RECEIVE
;
; DESCRIPTION : RECEIVE ROUTINE FOR KEELOQ TRANSMISSIONS
;
; PAGE : 0
;
;**************************************************************************
RECEIVE
;******** WAIT FOR HEADER AND CALIBRATE *******************
BCF FLAGS,NTQ106 ; RESET NTQ106 TRANSMISSION FLAG
BTFSS PORTA,RFIN ; INPUT LOW?
GOTO RMT_0 ; YES; RECEIVE ERROR
MOVLW 10 ; 10 ms TIMER
MOVWF CNT1
RCV0
MOVLW 200
MOVWF CNT0
RCV1
BTFSS PORTA,RFIN ; [2] INPUT HIGH?
GOTO RCV2 ; [0] NO, JUMP OUT OF LOOP
DECFSZ CNT0,1 ; [1] YES, CONTINUE WITH TIMING LOOP
GOTO RCV1 ; [2] 5 us X CNT0
DECFSZ CNT1,1 ; [0] DO 1 ms LOOP CNT1 TIMES
GOTO RCV0 ; [0]
RCV2
CLRF CNT0 ; [1] CLEAR CALIB COUNTER LOW BYTE
CLRF CNT1 ; [1] CLEAR CALIB COUNTER HIGH BYTE
;*************************************************************************
; 2.5 IS AVERAGE FOR DETECTING FALLING EDGE IN RCV1
; 2 INSTRUCTIONS FOR JUMP OUT RCV1 TO RCV2
; 2 INSTRUCTIONS FOR RCV2 - CLEAR CALIBRATION COUNTER
; TOTAL 6.5 INSTRUCTIONS < 1 CALIBRATION LOOP SO DISCARD
;*************************************************************************
RCV3
BTFSC PORTA,RFIN ; [2][2] INPUT HIGH?
GOTO RCV6 ; [0][0] YES--END CALIBRATION
INCF CNT0,1 ; [1] INCREMENT 16BIT COUNTER
SKPNZ ; [2]
INCF CNT1,1 ; [0]
CLRWDT ; [1] RESET WATCH DOG TIMER
NOP ; [1]
BTFSS CNT1,3 ; [1]
GOTO RCV3 ; [2]
GOTO RMT_0 ; [0]
; TOTAL = 10
RCV6
CLRC ; [1] DIVIDE CNT1:CNT0 BY 8 (600/8=75)
RRF CNT1,1 ; [1]
RRF CNT0,1 ; [1]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -