fc-sim-sniff: doc/Sniffer-FPGA-design annotate

annotate doc/Sniffer-FPGA-design @ 46:43f678895a3a

simtrace3-sniff-rx: add some annotations to output

author	Mychaela Falconia <falcon@freecalypso.org>
date	Thu, 31 Aug 2023 10:01:40 +0000
parents	695ca51e1564
children	1068f9fd41d5

rev	line source
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	1 FPGA component of SIMtrace3 sniffer
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	2 ===================================
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	3
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	4 The SIM interface sniffing apparatus of SIMtrace3 consists of a sniffer pod
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	5 (hardware adapter with level shifters) and a Lattice Icestick FPGA board, loaded
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	6 with the appropriate gateware image from the present project. This document
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	7 describes the design and operation of the FPGA component of this SIMtrace3
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	8 sniffing solution.
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	9
25 c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	10 Hardware architecture and FPGA design principle
c03a882cc49e doc/Sniffer-FPGA-design: update for working status Mychaela Falconia <falcon@freecalypso.org> parents: 17 diff changeset	11 ===============================================
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	12
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	13 The two principal components of the Icestick board are an iCE40HX1K FPGA and an
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	14 FT2232H-based USB host interface. Our sniffer logic function in the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	15 operates principally as a byte forwarder from the ISO 7816-3 sniffer block to
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	16 the FT2232H UART: every time the bus sniffer block captures a character (in ISO
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	17 7816-3 terminology) being passed on the SIM electrical interface in either
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	18 direction (the two directions of transmission are indistinguishable to a tap
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	19 sniffer that does not actively participate in the protocol), the FPGA forwards
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	20 this character to the connected host computer (by way of FT2232H UART) for
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	21 further processing in software. The UART data line going from the FPGA to the
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	22 FT2232H is the sole functional output from this FPGA, aside from some
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	23 non-essential LED outputs: right now the green LED shows the current state of
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	24 SIM RST line, and we might add another LED showing if SIM CLK is running or
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	25 stopped. The other UART data line going the opposite direction (output from
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	26 FT2232H) remains unused in this application, i.e., the host software application
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	27 will only read/receive from the ttyUSBx FPGA device and won't send anything to
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	28 it. All modem control lines on this UART interface likewise remain unused.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	29
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	30 Serial interface format
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	31 =======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	32
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	33 For every ISO 7816-3 character captured by the sniffer, two back-to-back UART
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	34 bytes are transferred from the FPGA to the host computer; more generally, the
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	35 FPGA can only transmit pairs of back-to-back bytes on this UART and no
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	36 singletons or other arrangements - thus the host receiver can always recover
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	37 synchronization by dropping any partially received two-byte message (the first
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	38 byte of an expected pair) during prolonged pauses. The FPGA transmits the two
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	39 back-to-back UART bytes as a single shift-out of 20 bits, conveying two bytes
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	40 in 8N1 framing.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	41
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	42 Why are we turning every captured ISO 7816-3 character into a pair of bytes on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	43 our internal UART interface, why not simply forward it as a single byte? The
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	44 reason is that we need to pass some additional bits beyond the 8 that comprise
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	45 the ISO 7816-3 character payload; the additional bits which we need to pass are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	46 as follows:
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	47
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	48 - the received parity bit;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	49 - a flag indicating whether or not an error signal (ISO 7816-3 section 7.3)
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	50 was seen;
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	51 - additional flag bits communicating SIM RST assertion and negation events,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	52 as distinct from ISO 7816-3 characters;
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	53 - additional flags indicating actions of the integrated PPS catcher state
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	54 machine, to be described later in this document.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	55
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	56 Assertion or negation of SIM RST is the only other possible event (besides ISO
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	57 7816-3 character capture, with or without attendant PPS catcher state machine
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	58 action) that can cause the FPGA to send a byte-pair UART message to the host
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	59 computer. One bit in the 16-bit message will distinguish between characters
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	60 and RST events, another bit will indicate the state of RST at the time of the
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	61 event (new RST for transitions, 1 for characters), and all other bits are
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	62 meaningful only for characters.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	63
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	64 Detailed serial interface format
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	65 --------------------------------
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	66
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	67 Treating the two transmitted bytes as a single 16-bit word, with the least
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	68 significant 8 bits transmitted first (matching the transmission order of bits
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	69 within a byte, see IEN 137), the 16 bits of this word are assigned as follows:
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	70
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	71 Bit 15: set to 0 if this message signals ISO 7816-3 character reception or 1 if
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	72 it signals a change of state in the RST line.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	73
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	74 Bit 14: new state of RST in the case of RST state change messages; should always
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	75 be 1 in character Rx messages.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	76
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	77 The remaining bits are valid only in character Rx messages:
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	78
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	79 Bit 13: set to 0 if this character was captured in F/D=372 mode or 1 if it was
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	80 captured in one of the supported speed enhancement modes (F=512, D=8/16/32/64).
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	81
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	82 Bit 12: set to 1 in the byte position that is expected to be the final PCK byte
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	83 of the card's PPS response in the case of supported speed enhancement modes,
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	84 0 otherwise.
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	85
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	86 Bit 11: set to 1 in the byte position that is expected to be the PPS1 byte of
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	87 the card's PPS response, 0 otherwise.
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	88
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	89 Bit 10: set to 1 if the error signal of ISO 7816-3 section 7.3 was detected,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	90 0 otherwise.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	91
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	92 Bit 9: sampled line value at the midpoint of the start bit, should be 0 in a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	93 properly working system.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	94
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	95 Bit 8: received parity bit;
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	96
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	97 Bits [7:0]: payload bits of the received character.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	98
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	99 UART baud rate
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	100 ==============
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	101
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	102 The baud rate on the UART interface between the FPGA and the FT2232H converter
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	103 is 3000000 bps. This high (and very non-RS232-standard) UART baud rate was
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	104 chosen for the following reasons:
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	105
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	106 * Our UART interface is totally private, going nowhere but the on-board FT2232H,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	107 thus it doesn't matter if the baud rate is standard-ish or totally
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	108 non-standard.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	109
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	110 * No cables of any kind are used, instead the UART interface is confined to
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	111 short PCB traces running between the FPGA and the FTDI chip on the same board
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	112 - hence high baud rates are not a problem.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	113
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	114 * Our UART baud rate needs to be high enough to provide good margin, despite
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	115 our 2x expansion, at the highest possible effective bps rate on the SIM
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	116 interface, meaning the highest possible SIM CLK frequency and the most
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	117 aggressive F/D ratio. The combination of SIM CLK at 5 MHz, F=512 and D=64
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	118 corresponds to 625000 bps effective on the SIM interface; running our UART at
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	119 3 Mbps provides sufficient margin.
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	120
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	121 Clocking design
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	122 ===============
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	123
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	124 The FPGA on the Icestick board receives a 12 MHz clock input. Our original
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	125 plan was to use the FPGA's on-chip PLL to multiply this clock by 4, producing a
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	126 48 MHz system clock - however, this plan has been shelved for now, and our
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	127 current sniffer design uses the 12 MHz clock directly as its system clock.
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	128
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	129 The 3 inputs to the FPGA coming from the SIM electrical sniffer (buffered and
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	130 level-shifted SIM RST, CLK and I/O lines) pass through two cascaded DFFs,
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	131 bringing them into our internal clock domain. The delay added by these cascaded
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	132 DFFs is not a concern: we are a passive sniffer without any output back to the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	133 SIM interface, and all 3 signal inputs will be subject to the same delay.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	134
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	135 As stated in the previous section, the baud rate on the UART interface between
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	136 the FPGA and the FT2232H converter is 3000000 bps. The UART output block in
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	137 the FPGA uses a simple /4 divider from CLK12 (board-level 12 MHz clock input)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	138 to time its output bits; the original intent was to use a /16 divider from
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	139 48 MHz SYSCLK.
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	140
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	141 ISO 7816-3 sniffer block
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	142 ========================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	143
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	144 Our ISO 7816-3 receiver triggers on the falling edge of the I/O line. Once it
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	145 detects a high-to-low transition on the SYSCLK-synchronized SIM_IO input, it
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	146 starts counting SIM CLK cycles - we are arbitrarily choosing low-to-high
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	147 transition of SYSCLK-synchronized SIM_CLK input as the trigger point. (This
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	148 choice is arbitrary because per the spec there is no defined phase relation
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	149 between SIM CLK and SIM I/O transitions.)
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	150
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	151 Our ISO 7816-3 receiver needs to know how many SIM CLK cycles constitute one
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	152 etu - or more precisely, our sniffing receiver needs to know how many SIM CLK
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	153 cycles constitute 0.5 etu, 1 etu and 1.5 etu, in order to locate various needed
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	154 sampling points relative to the instant at which SIM_IO was initially sampled
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	155 low. Our sniffer-pps FPGA supports the following combinations:
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	156
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	157 F=372, D=1: 372 clocks per etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	158 F=512, D=8: 64 clocks per etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	159 F=512, D=16: 32 clocks per etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	160 F=512, D=32: 16 clocks per etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	161 F=512, D=64: 8 clocks per etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	162
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	163 Our sniffing Rx is held down in reset (won't receive anything) while SIM RST is
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	164 low; as we come out of reset upon SIM RST line going high, our sniffing Rx is in
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	165 F/D=372 mode and the PPS catcher state machine is set to its initial state. As
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	166 ISO 7816-3 characters captured in this F/D=372 mode are received, our PPS
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	167 catcher state machine follows the spec-defined structure of ATR to locate its
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	168 end. If the end of ATR is followed by a PPS request which is then followed by
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	169 a PPS response, and if the PPS response from the card includes a PPS1 byte that
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	170 invokes one of our supported speed enhancement modes listed above, the sniffing
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	171 receiver's notion of etu length is switched at the correct point in time:
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	172 immediately after finishing RX of the PCK byte that concludes the card's PPS
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	173 response.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	174
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	175 Direct and inverse coding conventions
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	176 =====================================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	177
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	178 Only the card and not the interface device (ISO 7816-3 terminology) determines
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	179 which coding convention is used, direct or inverse. So far we (FreeCalypso)
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	180 have not yet encountered a real-life SIM that uses the inverse convention, only
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	181 the direct convention kind. In the sniffer function of SIMtrace-ice, we are
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	182 going to keep our FPGA gateware simple in this regard and punt all inverse
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	183 convention handling to the software application on the host computer: the FPGA
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	184 passes the 9 received bits (8 data bits and 1 parity bit) to the 16-bit UART
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	185 message as-is, without inverting or reordering them.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	186
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	187 Integrated PPS catcher
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	188 ======================
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	189
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	190 Our sniffer FPGA logic was developed incrementally. The first version,
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	191 preserved in fpga/sniffer-basic in case we ever need to revisit it, uses an ISO
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	192 7816-3 sniffing Rx block with fixed F/D ratio of 372. That simple version is
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	193 sufficient for sniffing exchanges between a GSM ME and a SIM if the etu-
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	194 defining F/D ratio is never switched from the basic default of 372, either
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	195 because the SIM does not support speed enhancement or because the ME does not
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	196 support such. However, such no-speed-enhancement scenarios are rare:
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	197
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	198 * All commercial operators' SIMs in the present era do support speed
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	199 enhancement, and so do our own FCSIM1 cards. More specifically, our FCSIM1
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	200 model supports F=512 D=8, while most commercial operators' SIMs that have
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	201 passed through Mother's hands (plus sysmoUSIM-SJS1 and sysmoISIM-SJA2)
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	202 support F=512 D=32.
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	203
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	204 * F=512 D=8 is a speed enhancement mode endorsed by the most classic GSM 11.11
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	205 spec, and it is supported by classic GSM ME implementations including our dear
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	206 Calypso.
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	207
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	208 As a result of the above two factors, most real-life GSM ME to SIM sessions
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	209 which we will need to sniff and trace in the course of Vintage Mobile Phone
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	210 debugging and support will include a PPS exchange switching from F/D=372 to a
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	211 smaller number of SIM CLK cycles per etu, specifically one of F=512 D=8/16/32/64
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	212 modes.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	213
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	214 The main difficulty with capturing SIM interface sessions that use speed
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	215 enhancement is as follows: in order for the session capture to be complete,
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	216 without any lost bits, the sniffing receiver's knowledge of how many SIM CLK
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	217 cycles constitute an etu needs to change to the new value at exactly the
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	218 correct moment in time, which is the moment immediately after the last byte
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	219 (PCK) of the SIM's PPS response passes across the wire. If we were to rely on
b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	220 host software to decode all byte exchanges up to this point (ATR from the SIM,
17 41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	221 PPS request from ME/ID, then PPS response) and command the FPGA (UART in the
41e6026e5d1a doc/Sniffer-FPGA-design: update for first implementation Mychaela Falconia <falcon@freecalypso.org> parents: 4 diff changeset	222 other direction, or a modem control line) to switch the etu counters (the
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	223 0.5 etu, 1 etu and 1.5 etu counters mentioned earlier in this document), we
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	224 stand very little chance of getting this command to the FPGA in time, before
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	225 ME/ID starts transmitting its next command to the SIM using the new etu
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	226 definition.
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	227
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	228 Designs that incorporate a local CPU core immediately adjacent to the ISO 7816-3
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	229 receiver block, such as original Osmocom SIMtrace in which the local CPU core
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	230 and the ISO 7816-3 receiver sit in the same AT91SAMx chip, don't suffer from
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	231 this problem: with a local (dedicated, embedded) CPU so close, the firmware can
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	232 react and intervene in time. However, in the case of our SIMtrace3, the nearest
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	233 CPU is the host computer separated by UART and USB links - not closely coupled
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	234 enough to provide the degree of real-time response that is needed here. Someone
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	235 could say that we should stick a soft CPU core with firmware into our FPGA - but
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	236 we've implemented a different solution: we have a specialized PPS catcher state
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	237 machine instead. This gateware FSM follows the spec-defined structure of ATR,
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	238 PPS request and PPS response, and locates the two key items of interest to us:
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	239
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	240 * The PPS1 byte in the card's PPS response, which we check for a supported speed
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	241 enhancement mode (the upper 6 bits need to match 0x94) and from which we
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	242 extract the two lsbs selecting among D=8/16/32/64;
4 b275c69c1b80 doc: describe proposed FPGA design Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	243
35 695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	244 * The PCK byte that concludes the card's PPS response - the point where we throw
695ca51e1564 doc/Sniffer-FPGA-design: update for finished work Mychaela Falconia <falcon@freecalypso.org> parents: 25 diff changeset	245 the switch to sniffing with the new F/D ratio.

FreeCalypso > hg > fc-sim-sniff

annotate doc/Sniffer-FPGA-design @ 46:43f678895a3a