level3.c

em公司的RFID源程序,适合EM4094,绝对震撼!

      search.mask_len = 0;                        //fast restart
      auxiliary_nothing = 0;
      nothing = 0;
    } else
    if (nothing >= 1) {
      if (search.value == 1) {                    //slow step back
        if (search.mask_len > 0) {
          search.mask_len--;
          search.value = 0;
        }
      } else
        search.value = 1;
      nothing = 0;
    }

    debug_count++;
  }


  //Send responses
  if (found_ptr > 0) {

    //some tags found
    while(--found_ptr >= 0)
      FormatResponse_Data( 0x83, 0, 12, &found[found_ptr].mask[0]);
  };
  
  return result;
}

//--------------------------------------------------------------
//--------------------------------------------------------------

void RF_Reset(void) {

  WriteSPI( write_4094_low & 0xFFFE, write_4094_hi );
  Wait(32768);
  WriteSPI( write_4094_low | 1, write_4094_hi );
  Wait(1000);                            //wait for ~2ms
}

//--------------------------------------------------------------
//--------------------------------------------------------------

//#define HW_AUTH_DBG

  uint8_t hwa_Key;
  uint8_t hwa_ICMfg;
  uint8_t hwa_A1[7];
  uint8_t hwa_A2_db_f[11];

//--------------------------------------------------------------
//main EM4035 authentication routine
//
uint8_t HW_Authentication(void) {

  uint8_t i, j;
  uint16_t crc;

  //............................................................
  //save the parameters

  if (authSelectFlag == 0) 
    hwa_Key = cmd_message[11];
  else
    hwa_Key = cmd_message[3];

  hwa_ICMfg = cmd_message[2];

  //............................................................
  //reselect the key

  j = hwa_Key;

  for(i=0; i<7; i++) {                                 //hot one to binary conversion    
    j >>= 1;
    if(j == 0) break;
  }
  hwa_Key = (hwa_Key | (hwa_Key >> 4)) & 0x0F;

  cbi(PORTB, SDA_PIN);
  cbi(PORTC, SCK_PIN);
  cbi(PORTD, SSN_PIN);

  ResetSSN();
  HWTransaction( &i, &j, 3);

  //............................................................
  //ISO Select

  if (authSelectFlag == 0) {                        //perform Select for 8Ah and 89h command

    cmd_message[0] = (message_flags & 0x03) | 0x20;
    cmd_message[1] = 0x25;

    Copy(&cmd_message[2], &cmd_message[3], 8);     //shift uid 1 byte down

    AddCRC( 10 );

    //send command & wait
    expectedResponseLen = 0x18;
    cmd_message_len = 12;
    j = GeneralRead();

    if ((j == UART_MESSAGE_OK) && (clean_data_cnt == 3)) {      //3 bytes data
      crc = CRC(data_buffer, 3);
      if ((crc != ~0xF0B8) || (data_buffer[0] != 0))
        return ERR_EM4035_SELECT_FAILED;
    } else {
      return ERR_EM4035_SELECT_FAILED;
    }

  }

  //............................................................
  //Auth1

  cmd_message[0] = message_flags & 0x03;
  if (authSelectFlag == 0) cmd_message[0] |= 0x10;
  cmd_message[1] = 0xE0;
  cmd_message[2] = hwa_ICMfg;
  cmd_message[3] = hwa_Key;

  AddCRC( 4 );

  //send command & wait
  expectedResponseLen = 0x50;
  cmd_message_len = 6;
  j = GeneralRead();

  if (j == ERR_EM4035_NO_SOF)
    return ERR_EM4035_A1_NO_SOF;

#ifdef HW_AUTH_DBG
  SendByte(j);
  SendByte(clean_data_cnt);

  Block_Output( clean_data_cnt, data_buffer );
#endif

  if ((j == UART_MESSAGE_OK) && (clean_data_cnt > 0)) {
    crc = CRC(data_buffer, clean_data_cnt);

    if (crc != ~0xF0B8)
      return ERR_EM4035_A1_CRC_ERROR;

    if ((clean_data_cnt != 10) || (data_buffer[0] != 0))   //10 bytes data
      return UART_MESSAGE_OK;
  } else {
    return ERR_EM4035_A1_FAILED;
  }

  Copy(hwa_A1, &data_buffer[1], 7);

#ifdef HW_AUTH_DBG
  Block_Output( 7, &data_buffer[1] );           //dump A1
#endif

  //............................................................
  //HW Authentication part I
  cbi(PORTB, SDA_PIN);
  cbi(PORTC, SCK_PIN);
  cbi(PORTD, SSN_PIN);

  HWTransaction( hwa_A1, hwa_A2_db_f, 56 );

  for (i=0; i<11; i++)                          //clean A2_db_f
    hwa_A2_db_f[i] = 0;

  HWTransaction( hwa_A2_db_f, hwa_A2_db_f, 65);    //shift A2 and dummy byte
  HWTransaction( hwa_A2_db_f, (uint8_t*)&(hwa_A2_db_f[8]), 24); //shift result  

#ifdef DEBUG
  PORTD = PIND ^ (1<<DBG_FORWARD);
#endif

  //............................................................
  //Auth2

  cmd_message[0] = message_flags & 0x03;
  if (authSelectFlag == 0) cmd_message[0] |= 0x10;
  cmd_message[1] = 0xE1;
  cmd_message[2] = hwa_ICMfg;

  Copy(&cmd_message[3], hwa_A2_db_f, 11);

  AddCRC( 14 );

#ifdef HW_AUTH_DBG
  Block_Output( 16, cmd_message );
#endif

  //wait for 6.6ms
  Wait(3300);

  //send command & wait
  expectedResponseLen = 0x30;  
  cmd_message_len = 16;
  j = GeneralRead();

  if (j == ERR_EM4035_NO_SOF)
    return ERR_EM4035_A2_NO_SOF;

#ifdef HW_AUTH_DBG
  SendByte(j);
  SendByte(clean_data_cnt);

  Block_Output( clean_data_cnt, data_buffer );
#endif

  if ((j == UART_MESSAGE_OK) && (clean_data_cnt > 0)) {
    crc = CRC(data_buffer, clean_data_cnt);

    if (crc != ~0xF0B8)
      return ERR_EM4035_A2_CRC_ERROR;

    if ((clean_data_cnt != 6) || (data_buffer[0] != 0))   //6 bytes data
      return UART_MESSAGE_OK;
  } else {
    return ERR_EM4035_A2_FAILED;
  }


  //............................................................
  //HW Authentication part II
  
  *(uint32_t*)&hwa_A2_db_f[0] = 0;

  HWTransaction( hwa_A2_db_f, hwa_A2_db_f, 24); //shift g'

#ifdef HW_AUTH_DBG
  Block_Output( 3, &data_buffer[1] );

  Block_Output( 3, hwa_A2_db_f );
#endif

  for (i=0; i<3; i++)                           //compare g and g'
    if (hwa_A2_db_f[i] != data_buffer[i+1])
      return ERR_EM4035_AUTH_FAILED;

  return UART_MESSAGE_OK;
}

//--------------------------------------------------------------
//--------------------------------------------------------------
//send the EM4034 login command
//
uint8_t EM4034_Login(void) {

  uint8_t i;

  //save the parameters
  hwa_ICMfg = cmd_message[2];

  i = GeneralRead();
  return i;
} 

//--------------------------------------------------------------
//--------------------------------------------------------------
//--------------------------------------------------------------

//--------------------------------------------------------------
//toggle EAS OFF
//
uint8_t ToggleEAS(void) {

  uint8_t i, j;
  uint16_t crc;

  //RF Reset
  RF_Reset();

  authSelectFlag = 1;                    //auth without Selection
  j = cmd_message[1];
  if (j == 0xE0)
    i = HW_Authentication();             //EM4035
  else
    i = EM4034_Login();                  //EM4034
     
  if (i != UART_MESSAGE_OK)
    return i;

  if (data_buffer[0] != 0)
    return UART_MESSAGE_OK;

  //form unaddressed toggle EAS command
  cmd_message[0] = message_flags & 0x03;
  cmd_message[1] = 0xA0;
  cmd_message[2] = hwa_ICMfg;

  AddCRC( 3 );

  expectedResponseLen = 0x20;
  cmd_message_len = 5;
  write_tag_memory_delay = 0x1100;

  //send command & wait
  i = GeneralWrite();

  if (i == UART_MESSAGE_OK) {
    if (clean_data_cnt == 4) {                                  //4 bytes data
      crc = CRC(data_buffer, clean_data_cnt);
      if (crc != ~0xF0B8)
        i = ERR_EM4035_BAD_CRC;
    } else {
      i = ERR_EM4035_WRONG_LEN;
    }
  }

/*
  write_tag_memory_delay = 0x1100;
  Send( 5, STD_WAIT );
  maxCaptureTimeLow = (uint8_t)maxTwa1ee; 
  maxCaptureTimeHi = maxTwa1ee >> 8; 
  Capture(2);

  if (sof == 0)
    return ERR_EM4035_NO_SOF;

  j = 248 - ExtractData( 248 );                  //find first data bit
  clean_data_cnt = j / 8;

  if (clean_data_cnt == 4) {                                  //4 bytes data
    crc = CRC(data_buffer, clean_data_cnt);
    if (crc != ~0xF0B8)
      return ERR_EM4035_BAD_CRC;
  } else {
    return ERR_EM4035_WRONG_LEN;
  }
*/

  return i;
}


//--------------------------------------------------------------
//--------------------------------------------------------------
//--------------------------------------------------------------

//--------------------------------------------------------------
//Switch to Normal mode
//
uint8_t SwitchToNormalMode(void) {

  uint8_t i;
  uint16_t crc;

  //RF Reset
  RF_Reset();

  //authenticate without Selection (02 0A 8C 50 02 E0 16 01 C1 1C FE 03)
  authSelectFlag = 1;                    
  i = HW_Authentication();               //EM4035

  if (i != UART_MESSAGE_OK)
    return i;

  if ((clean_data_cnt != 6) || (data_buffer[0] != 0))   //6 bytes data
    return ERR_EM4035_NM_AUTH_FAILED;

  //form unaddressed read of block 8 command
  cmd_message[0] = message_flags;
  cmd_message[1] = 0xE2;
  cmd_message[2] = hwa_ICMfg;
  cmd_message[3] = 8;
  cmd_message[4] = 0;

  AddCRC( 5 );

  cmd_message_len = 7;
  expectedResponseLen = 0x60;

  i = GeneralRead();

  if ((i == UART_MESSAGE_OK) && (clean_data_cnt > 0)) {
    crc = CRC(data_buffer, clean_data_cnt);

    if (crc != ~0xF0B8)
      return ERR_EM4035_NM_CRC_ERROR;

    if ((clean_data_cnt != 12) || (data_buffer[0] != 0))   //12 bytes data
      return UART_MESSAGE_OK;
  } else {
    return ERR_EM4035_NM_READ_FAILED;
  }

  //analyse the block 8 content
  i = data_buffer[8];
  if ((i & 0x60) == 0x20) {
    return UART_MESSAGE_OK;
  }

  //form unaddressed write of block 8 command (02 14 90 18 00 10 02 E3 16 08 00 00 00 00 00 00 00 00 08 64 1F 03)

  i = (i & 0x9F) | 0x20;               //normal mode flag
  data_buffer[8] = i;

//  cmd_message[0] = message_flags;
  cmd_message[1] = 0xE3;
//  cmd_message[2] = hwa_ICMfg;
//  cmd_message[3] = 8;

  Copy(&cmd_message[4], &data_buffer[2], 8);

  AddCRC( 0x0C );

  cmd_message_len = 0x0E;
  expectedResponseLen = 0x18;

  //send command & wait
  write_tag_memory_delay = 0x1100;

  i = GeneralWrite();

  if (i == UART_MESSAGE_OK) {
    crc = CRC(data_buffer, clean_data_cnt);
    if (crc != ~0xF0B8) {
        i = ERR_EM4035_BAD_CRC;
    }
  }

  return i;
}