Microchip AN663 Using keeloqâ® to generate hopping password Datasheet

M
AN665
Using KEELOQ¨ to Generate Hopping Passwords
Author:
Lucio Di Jasio
Arizona Microchip Technology, Italy
INTRODUCTION
The purpose of this application note is to demonstrate
how KEELOQÒ code hopping technology can be conveniently employed to implement an automatic code hopping password generator/keypad. Using a PIC12C508,
the hopping code produced by an HCS300 is converted
to a string of 16 hex digits. This string is then transferred to the PC via the keyboard line, thereby emulating the actual pressure of a sequence of keys on a
standard PC/AT ® keyboard. Since this conversion process is transparent to any application, it appears as if
the user is simply typing on a PC/AT-type keyboard.
An ideal situation for implementing this application
would be in creating a “super password” for general,
access-control secure logins when transmitting information onto the internet (i.e., through a browser) or a
Java applet.
THE “HOPPING” ADVANTAGE
Password-based access control systems are very popular today, but the level of security they provide are
often overestimated. Being basically a unidirectional
transmission, a password-based system has two very
important shortcomings which can lead to unauthorized access: the code is fixed, and the number of possible combinations is relatively low.
The growing speed of communication lines and the
computing power of available systems increases the
chance of a brute force attack or “code scanning.” The
use of unsecure means of transmission, where code
“grabbing” is possible (i.e., a typical modem connection
over phone lines), can make the use of a fixed code
highly undesirable. Note that these are the same situation that led to the introduction of the “code hopping”
concept in the remote control market.
The basic idea is to have the access code change each
time it is used through a sequence where the new
codes cannot be predicted even knowing a very large
number of previously used ones. Producing such a
sequence requires the use of a solid encryption engine.
Microchip Technology is currently offering a broad
range of encoders based on the proprietary KEELOQ
code hopping technology. These encoders make producing a code hopping remote control easy, but as we
will see, can also be conveniently used to add the hopping advantage to old password based access control
systems in a transparent way.
FIGURE 1: HCS300 AND PIC12C508 PINOUT DIAGRAMS
HCS300
PIC12C508
S1
2
S2
3
S3
4
8
VDD
VDD
7
LED
GP5/OSC1/CLKIN
6
PWM
5
VSS
GP4/OSC2
GP3/MCLR/VPP
1
2
3
4
PIC12C508
1
HCS300
S0
8
7
6
5
VSS
GP0
GP1
GP2/T0CKI
KEELOQ is a registered trademark of Microchip Technology, Inc.
Microchip’s Secure Data Products are covered by some or all of the following patents:
Code hopping encoder patents issued in Europe, U.S.A., and R.S.A. — U.S.A.: 5,517,187; Europe: 0459781; R.S.A.: ZA93/4726
Secure learning patents issued in the U.S.A. and R.S.A. — U.S.A.: 5,686,904; R.S.A.: 95/5429
IBM PC-AT, IBM and AT are registered trademarks of International Business Machines Corporation
ã 1997 Microchip Technology Inc.
DS00665A-page 1
AN665
INTRODUCTION TO KEELOQ
ENCODERS
The synchronization information is used at the decoder
to determine whether a transmission is valid or is a repetition of a previous transmission. Previous codes are
rejected to safeguard against code grabbers.
All KEELOQ encoders use the KEELOQ code hopping
technology to make each transmission by an encoder
unique. The encoder transmissions have two parts. The
first part changes each time the encoder is activated
and is called the code hopping part and is encrypted.
The second part is the unencrypted part of the transmission, principally containing the encoder serial number identifying it to a decoder.
The HSC300 and HCS301 encoders transmit two overflow bits which may be used to extend the range of the
synchronization counter from 65,536 to 196,608 button
operations. The HCS300 and HCS301 encoders
include provision for four bits of function information
and two status bits in the fixed code portion of its transmission. The two status bits indicate whether a
repeated transmission is being sent, and whether the
battery voltage is low.
The code hopping contains function information, a discrimination value, and a synchronization counter. This
information is encrypted by an encryption algorithm
before being transmitted. A 64-bit encryption key is
used by the encryption algorithm. If one bit in the data
that is encrypted changes, the result is that an average
of half the bits in the output will change. As a result, the
code hopping changes dramatically for each transmission and can not be predicted.
The Microchip HCSXXX encoders all have the ability to
transmit a fixed seed. The seed value is programmed
into the encoder when the encoder is first initialized
along with the counters, key, serial number, and other
information. The seed length differs from encoder to
encoder, with the HCS300 and HCS301 having a 32-bit
seed.
FIGURE 2: KEELOQ ENCODER CODE WORD TRANSMISSION FORMAT
LOGIC ‘0’
LOGIC ‘1’
Bit
Period
Preamble
TP
Header
TH
Fixed Portion of
Transmission
TFIX
Encrypted Portion
of Transmission
THOP
Guard
Time
TG
FIGURE 3: KEELOQ ENCODER CODE WORD ORGANIZATION
Fixed Code Data
VLOW and
Button
Repeat Status Status
(4 bits)
(2 bits)
28-bit Serial Number
Encrypted Code Data
Button Overflow Discrimination
bits
bits
Status
(10 bits)
(4 bits) (2 bits)
16-bit
Sync Value
Encrypted using
BLOCK CIPHER Algorithm
2 bits
of Status
+
Serial Number and Button
Status (32 bits)
+
32 bits of Encrypted Data
Transmission Direction
DS00665A-page 2
ã 1997 Microchip Technology Inc.
AN665
The IBM PC-AT® Keyboard Protocol
FIGURE 4: HCS300 BLOCK DIAGRAM
Oscillator
Controller
Reset circuit
IBM® was the first to introduce the synchronous serial
protocol most of today’s PC-ATs use to communicate
with a keyboard. This now-standard, 5-pole shielding
connector (Figure 5) carries the clock line, data line,
ground, and +5V power supply in order to transmit data
bidirectionally from the keyboard to the PC.
Power
latching
and
switching
LED
LED driver
EEPROM
Typically, data travelling from the keyboard to the PC is
accomplished by either key pressure or release information. However, some configuration data (i.e., repeat,
delay, and rate) can flow in the opposite direction – for
example, during a system boot. The keyboard drives
the clock line by using open collector drivers. To disable
the keyboard, the PC can keep the clock line low. If the
data line is held low by the PC while the clock line is
high, the computer transmits a requests to send, and
the keyboard goes into receive mode. The keyboard is
only allowed to send data when both the clock line and
data line are high.
Encoder
PWM
32-bit shift register
VSS
Button input port
VDD
S3 S2
S1 S0
FIGURE 5: STANDARD 5-POLE CONNECTOR
1
1 = Clock
2 = Data
3 = GND
4 = GND
5 = +5V
3
4
5
2
FIGURE 6: AT® KEYBOARD PROTOCOL
Keyboard
Clock
Keyboard
Data
PC
Data
1
2
Start
Bit
LSB
LSB
3
4
5
6
7
8
MSB
9
10
11
MSB
Parity
Stop
Bit
Parity
Stop
Bit
Start
Bit
Keyboard pulls low
ã 1997 Microchip Technology Inc.
DS00665A-page 3
AN665
Keyboard Transmission
Key Pressure Release Encoding
The keyboard pulls the data line low (start bit) and
starts the clock. The eight data bits (least significant bit
first) are shifted out, followed by the parity (odd), and
stop bit (high). Data is valid after the falling edge of the
clock and changes after the rising edge of the clock. If
no data is transmitted, both the clock line and data line
are high. If the computer pulls the clock line low for at
least 60 ms before the tenth bit is transmitted, the keyboard stops the transmission and stores the aborted
data in a buffer for retransmission at a later time.
Key pressure is communicated to the PC by sending a
scan code. Table 1 lists the scan codes corresponding
to keys ‘0’…’F’. Release is communicated by sending
the break code (0F0), followed by the previous scan
code.
Keyboard Receiving
The computer pulls the data line low (start bit), after
which the keyboard starts to shift out 11 clock pulses
within 15 ms. Transmission has to be completed within
2 ms. Data from the computer changes after the falling
edge of the clock line, and is valid before the rising
edge of the clock. After the start bit, eight data bits
(least significant bit first), followed by the parity bit
(odd), and the stop bit (high) are shifted out by the computer with the clock signal provided by the keyboard.
The keyboard pulls the stop bit low in order to acknowledge the receipt of the data. If a transmission error
occurs (parity error or similar) the keyboard issues a
“RESEND” command to the PC.
DS00665A-page 4
TABLE 1:
SCAN CODES
Codes
Key
45
‘0’
16
‘1’
1E
‘2’
26
‘3’
25
‘4’
2E
‘5’
36
‘6’
3D
‘7’
3E
‘8’
46
‘9’
1C
‘A’
32
‘B’
21
‘C’
23
‘D’
24
‘E’
2B
‘F’
ã 1997 Microchip Technology Inc.
AN665
Proposing a Demo Keypad/Dongle
Implementation
Power consumption has to be the lowest possible in
order not to excessively load the line. Size and component count should also be kept to the possible minimum
in order to allow for a very small package. Ideally, the
whole circuit should fit into a small gap between the two
connectors.
The password generator fits between the keyboard and
the PC. A 5-pin plug connects to the PC, supplying
power to our device, and the keyboard plugs into the
5-pin socket (Figure 7). The clock and data lines are
passed between the PC and keyboard, allowing normal
keyboard operations. When S1 is activated, the
PIC12C508 receives the new message (16 hex digits)
produced by the KEELOQ HCS300 Encoder. The
PIC12C508 will then emulate the keyboard, sending
the appropriate sequence of key press and key release
messages to the PC. To prevent the keyboard from
interpreting this transmission as a ‘request to send’
from the PC, it is necessary to isolate the keyboard
from the clock line and data line during the transmission.
In the implementation we are proposing, an HCS300
KEELOQ code hopping encoder is used together with a
PIC12C508 microcontroller.For simplicity, a standard
CMOS quadruple switch (4066) is used to alternatively
connect the dongle or the keyboard to the PC line. The
HCS300 and the PIC12C508 (both available in 8-pin
DIP or SOIC packages), draw extremely low currents
as well as internally produce the clock required to operate the dongle. Beside a couple of pull-up resistors
required for the clock line and data line, no other components are required to obtain a fully functional hopping password dongle (Figure 7).
The KEELOQ HCS300 Encoder can be part of the dongle or can be removable, like a key, in order to allow different encoders with different encryption keys or serial
numbers to be easily exchanged.
FIGURE 7: KEYPAD/DONGLE SCHEMATIC
To PC keyboard socket
5
1
2
5V
3
GND
5K6
5V
5K6
100 nF
1 S0
2 S1
VDD 8
LED 7
3 S2
PWM 6
4 S3
VSS 5
HCS300
1 VDD
VSS 8
CLK 7
2 LED
3 HCSIN
4 NU
DATA 6
SWITCH 5
PIC12C508
1K
2
4
4066
5,13
1
3
5V
5
GND
1
2
3
From keyboard
ã 1997 Microchip Technology Inc.
DS00665A-page 5
AN665
Software Implementation
Decoding Options
The software is composed of three short code
segments:
A code hopping password can be used to validate
access to a wide variety of electronic services providing the recipient application (typically, it will be some
software running on a server) is capable of following
some simple decryption and verification steps. The
fixed unencrypted part of the code (last 8 digits) can be
used to identify the user (7 digits) and the function activated on the encoder (1 out of 15, corresponding to the
last digit).
• Receive routine for the KEELOQ HCS300 Encoder
• Keyboard Emulation Routines
• Main loop routine.
Receive Routine for the HCS300 Encoder
(RECEIVE)
The RECEIVE routine gathers the first 64 bits transmitted by the HCS300, ignoring the last two bits (repeat
and battery status) as they carry no useful information
for this application, and packs them into a 8-bytes
buffer (Buffer0…Buffer7).
Keyboard Emulation Routines
(Sendbit, SendKey)
These implement the transmission of the key scan
codes according to the IBM-PC/AT keyboard protocol.
Main Loop
While the CMOS switch connects the PC to the keyboard clock and data lines, the LED output line is continuously polled to detect the activation of the HCS300
The hopping part has to be decrypted using the appropriate 64-bit decryption key. Depending on the desired
level of security, many different key generation and
management techniques can be adopted. For example, the key could be deduced by the User ID and a
Manufacturer’s Key, by the “seed” code of the encoder
or could simply be a fixed 64-bit constant.
Learning techniques can also be applied so that the
application actually autonomously acquires the
required keys and builds a database of users, ID codes,
and decryption keys. For a further analysis, consult the
following literature:
AN645
Any combination of its four input lines after
debouncing activates the encoder.
PIC16C57 Based Code Hopping Security System (DS00645)
AN662
When the LED line goes low, the CMOS switch is activated to isolate the clock and data lines from the keyboard. The RECEIVE routine is called.
KEELOQ Code Hopping Decoder Using
Secure Learn (DS00662)
AN663
KEELOQ Simple Code Hopping Decoder
(DS00663)
TB001
An Introduction to KeeLoq Code Hopping
(DS91000A)
TB003
An Introduction to KEELOQ Code Hopping
(DS91002A).
Note:
Upon successfully receiving a transmission, a loop is
entered where 16 hex digits from the receive buffer are
transmitted as a sequence of key press and key
release messages, separated by appropriate delays
repetitively calling the SENDKEY subroutine.
.
The software has been developed in the simplest possible form and, therefore, is open to a number of optimizations. For example:
• The PIC12C508 could be put to “sleep” to further
reduce power consumption.
• The encoder could be removable and its presence/activation should be properly detected.
• For simplicity, the presented RECEIVE routine
requires a 400 ms transmission speed being configured in the encoder, while a more flexible multibaud rate routine can be used as presented in
various other application notes.
• A second code word could be compared with the
first code word received to recognize transmission
errors (although highly improbable when the
encoder is wired to the PIC12508), since there is
no decryption, there is no other means to tell that
the transmission has not been corrupted.
DS00665A-page 6
ã 1997 Microchip Technology Inc.
AN665
Please check the Microchip Worldwide Web at www.microchip.com for the latest version of the source code.
APPENDIX A: HOPPASW.LST
MPASM 01.40 Released
LOC OBJECT CODE
VALUE
HOPPASW.ASM
2-20-1997
16:45:24
PAGE
1
LINE SOURCE TEXT
00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00001
00002
00103
00033
0FFF 0FEA
00034
01FF 0000 0003 0001 00035
0002
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
ã 1997 Microchip Technology Inc.
LIST
PROCESSOR
RADIX
n=0, c=132
PIC12C508
HEX
;* filename: HOPPASW.ASM
;**********************************************************************
;*
Author:
Lucio Di Jasio
;*
Company:
Microchip Technology
;*
Revision:
RevA0
;*
Date:
4-sept-96
;*
Assembled using:
MPASM rev. 1.40
;**********************************************************************
;*
include files:
;*
p12C508.inc
;*
;**********************************************************************
;*
HCS300 to keyboard interface, for hopping password generation
;*
;*
/
/
;*
HCS300 |5V
|5V
;*
+-------+ |
| +--------+
;* Key1-+S1
+-+
+-+Vdd
+-----GND
;* Key2-+S2 LED+---------------------+LED
+-----PCCLK
;* Key3-+S3 PWM+---------------------+HCSIN
+-----DATA
;* Key4-+S4
+-+
-+nc
+-----SWITCH
;*
+-------+ |
+--------+
;*
|
;*
VGnd
;*
;**********************************************************************
INCLUDE Ò\pic\include\p12c508.incÓ
LIST
; P12C508.INC Standard Header File, Vers 1.01 Microchip Technology. Inc.
LIST
__CONFIG _IntRC_OSC & _MCLRE_OFF & _CP_OFF & _WDT_OFF
__IDLOCS HÕ0312Õ
;**********************************************************************
;* internal 4MHz clock
;* internal reset
;* no code protect (?)
;* no watchdog
;* ID code is Ò0312Ó
;**********************************************************************
;
; pin description
;
#define LED
GPIO,5
; Led from HCS300
DS00665A-page 7
AN665
00000007
00000008
00000009
0000000A
0000000B
0000000C
0000000D
0000000E
0000000F
00000010
00000011
00000012
00000013
00000014
00000015
00000016
0000
0000
0000 0025
0001 0A7A
0002
0002
0003
0004
0005
0006
0007
0008
0009
000A
000B
000C
000D
000E
000F
0010
0011
0012
01E2
0845
0816
081E
0826
0825
082E
0836
083D
083E
0846
081C
0832
0821
0823
0824
082B
DS00665A-page 8
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081
00082
00083
00084
00085
00086
00087
00088
00089
00090
00091
00092
00093
00094
00095
00096
00097
00098
00099
00100
00101
00102
00103
00104
00105
00106
00107
00108
00109
00110
00111
00112
00113
00114
#define
#define
#define
#define
HCSIN
NC
SWITCH
DATA
GPIO,4
GPIO,3
GPIO,2
GPIO,1
;
;
;
;
PWM from HCS300
not used
sense clock line to/from PC
data to PC
#define PCCLK
0
; clock to PC
#define MASKDEF
#define MASKLOW
#define MASKHIGH
bÕ11111011Õ ; only SWITCH pin in output
bÕ11111001Õ ; prepare data low
bÕ11111011Õ ; prepare data high
;
; RAM assignments
;
CBLOCK 07
BUFFER0
; receive buffer for hcs300
BUFFER1
BUFFER2
BUFFER3
BUFFER4
BUFFER5
BUFFER6
BUFFER7
BITCOUNT
; counters
BYTECOUNT
;
TIMEHI
; timing
TIMELO
;
PARITY
; transmission parity bit
AUX
; g.p.
KEY
; key to encode
GPIOTEMP
; temp copy of tris register
ENDC
;---------------------------------------------------------------------ORG
0
movwf
goto
OSCCAL
Main
Start
; calibrate
;---------------------------------------------------------------------; keyscan table
;
ScanCode
addwf
PCL,F
retlw
45
; key Ô0Õ
retlw
16
; key Ô1Õ
retlw
1E
; key Ô2Õ
retlw
26
; key Ô3Õ
retlw
25
; key Ô4Õ
retlw
2E
; key Ô5Õ
retlw
36
; key Ô6Õ
retlw
3D
; key Ô7Õ
retlw
3E
; key Ô8Õ
retlw
46
; key Ô9Õ
retlw
1C
; key ÔAÕ
retlw
32
; key ÔBÕ
retlw
21
; key ÔCÕ
retlw
23
; key ÔDÕ
retlw
24
; key ÔEÕ
retlw
2B
; key ÔFÕ
#define
BREAK
0F0
; break scan code
;**********************************************************************
;* SubDelay
ã 1997 Microchip Technology Inc.
AN665
00115
00116
00117
00118
00119
00120
00121
00122
00123
00124
00125
00126
00127
00128
00129
00130
00131
00132
00133
00134
00135
00136
00137
00138
00139
00140
00141
00142
00143
00144
00145
00146
00147
00148
00149
00150
00151
00152
00153
00154
00155
00156
00157
00158
00159
00160
00161
00162
00163
00164
00165
00166
00167
00168
00169
00170
00171
00172
00173
00174
00175
00176
00177
00178
00179
00180
;*
short delay functions N us
;*
;*
Input Variables:
;*
none
;*
Output Variables:
;*
none
;**********************************************************************
;
SubDelay10
nop
SubDelay9
nop
SubDelay8
nop
SubDelay7
nop
SubDelay6
nop
SubDelay5
nop
SubDelay4
retlw
0
; 2 call + N nop + 2 retlw
ã 1997 Microchip Technology Inc.
DS00665A-page 9
0013
0014
0015
0016
0017
0018
0019
001A
001A
001B
001B
001C
001C
001D
001D
001E
001F
0020
0021
0022
0022
0023
0024
0025
0026
0027
0028
0029
002A
002A
002B
0000
0000
0000
0000
0000
0000
0800
0C0F
0031
0072
02F2
0A1D
02F1
0A1C
0800
0066
0CF9
0603
0CFB
0036
0006
0C0E
0032
02F2
0A2A
002C 0416
002D 0216
002E 0006
;**********************************************************************
;* Wait10ms
;*
waits for approx 10ms
;*
;*
Input Variables:
;*
none
;*
Output Variables:
;*
none
;**********************************************************************
;
Wait10ms
movlw
.15
; 15 * .7ms ~= 10ms@4MHz
WaitWx750
movwf
TIMEHI
WaitHi
clrf
TIMELO
; 256 * 3us ~= 750us@4MHz
WaitLo
decfsz TIMELO,F
goto
WaitLo
decfsz TIMEHI,F
goto
WaitHi
retlw
0
;**********************************************************************
;* SendBit
;*
sends a bit in AT keyboard protocol
;*
;*
Input Variables:
;*
STATUS,C
;*
Output Variables:
;*
none
;**********************************************************************
;
SendBit
clrf
GPIO
; disable kb and clear out buffers
movlw
MASKLOW
; DATA low prepare
btfsc
STATUS,C
movlw
MASKHIGH
; DATA high prepare
movwf
GPIOTEMP
; save value
tris
GPIO
movlw
movwf
.14
TIMELO
decfsz
goto
TIMELO,F
SBitT
; 45us loop (data stable)
bcf
movf
tris
GPIOTEMP,PCCLK
GPIOTEMP,W
GPIO
; clk fall
SBitT
AN665
002F
0030
0031
0031
0032
0C0F
0032
0033
0034
0035
0036
0516
0216
0006
0800
02F2
0A31
0037
0037 0034
0038
0038 0706
0039 0A38
003A 0403
003B 0922
003C 0C08
003D 002F
003E 0073
003F
003F
0040
0041
0042
0043
0044
0334
0603
02B3
0922
02EF
0A3F
0045 02B3
0046 0333
0047 0922
0048 0503
0049 0A22
DS00665A-page 10
00181
00182
00183
00184
00185
00186
00187
00188
00189
00190
00191
00192
00193
00194
00195
00196
00197
00198
00199
00200
00201
00202
00203
00204
00205
00206
00207
00208
00209
00210
00211
00212
00213
00214
00215
00216
00217
00218
00219
00220
00221
00222
00223
00224
00225
00226
00227
00228
00229
00230
00231
00232
00233
00234
00235
00236
00237
00238
00239
00240
00241
00242
00243
00244
00245
00246
movlw
movwf
.15
TIMELO
decfsz
goto
TIMELO,F
SBitT2
; 45us loop (data stable)
bsf
movf
tris
retlw
GPIOTEMP,PCCLK
GPIOTEMP,W
GPIO
0
; clk rise
SBitT2
;**********************************************************************
;* SendKEY
;*
sends a scan code to the PC
;*
;*
Input Variables:
;*
W
;*
Output Variables:
;*
none
;**********************************************************************
;
SendKEY
movwf
AUX
; temp storage
; wait PC ready
SendW
btfss
goto
GPIO,PCCLK
SendW
; test PCCLK
; loop until HIGH
; PC request ?
;
btfss
;
goto
DATA
RecKEY
; PC pull down Data?
; go receive first
; send start bit
bcf
call
STATUS,C
SendBit
; than shift out 8 bit LSB first
movlw
.8
movwf
BITCOUNT
clrf
PARITY
SBitL
rrf
btfsc
incf
call
decfsz
goto
AUX,F
STATUS,C
PARITY,F
SendBit
BITCOUNT,F
SBitL
; next bit
incf
rrf
call
PARITY,F
PARITY,F
SendBit
; parity odd
; send parity Bit
bsf
goto
STATUS,C
SendBit
; count parity
; loop for 8 bit
; send stop bit (high = released)
;**********************************************************************
;* Receive
;*
receives first 64 bit transmitted by an HCS300 encoder
;*
simplified to operate with 400us PWM only
;*
;*
Input Variables:
;*
none
ã 1997 Microchip Technology Inc.
AN665
00247
00248
00249
00250
00251
00252
00253
00254
00255
00256
00257
00258
00259
00260
00261
00262
00263
00264
00265
00266
00267
00268
00269
00270
00271
00272
00273
00274
00275
00276
00277
00278
00279
00280
00281
00282
00283
00284
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300
00301
00302
00303
00304
00305
00306
00307
00308
00309
00310
00311
00312
;*
Output Variables:
;*
BUFFER0..7
;**********************************************************************
;
Receive
btfsc
HCSIN
; wait for a falling edge
goto
Receive
ã 1997 Microchip Technology Inc.
DS00665A-page 11
004A
004A 0686
004B 0A4A
00000038
004C 006F
004D
004D 0686
004E 0A54
004F 0913
0050 0914
0051 03EF
0052 0A4D
0053 0A4A
0054
0054 07EF
0055 0A4A
0056 0C40
0057 002F
0058
0058 0C38
0059 0031
005A 0A5D
005B
005B 0C36
005C 0031
005D
005D
005E
005F
0060
0061
02B1
0643
0A4A
0686
0A5D
0062 0C38
0063 0032
0064
0064
0065
0066
0067
0068
02B2
0643
0A4A
0786
0A64
0069 0211
006A 00B2
006B 032E
; will accept sync pulses from 3.0 to 6.1 ms.
; more than 128 cycles but less than 256
; each cycle is 24 us @4MHz
;
PREBIT
EQU
.56
clrf
BITCOUNT
; init counter
btfsc
goto
HCSIN
Rise2
; wait rising edge
call
call
SubDelay10
SubDelay9
; 24us per cycle
;
incfsz
goto
goto
BITCOUNT,F
Rise
Receive
; more than 6,0ms timeout
; waiting loop
; timeout restart
btfss
goto
BITCOUNT,7
Receive
; if bit7=1 ok
; else less than
Rise
Rise2
3.0 ms timeout
;------------------------------------------------------------------; read folowing 8 bytes (ignore last 2 bit)
;
movlw
.64
; 8 bit per byte
movwf
BITCOUNT
;
FirstPreload
movlw
movwf
goto
PREBIT
TIMEHI
WHL
; first bit needs no balance
movlw
movwf
PREBIT-2
TIMEHI
; preload counter
; balance extra rrf time
incf
btfsc
goto
btfsc
goto
TIMEHI,F
STATUS,Z
Receive
HCSIN
WHL
; measure high period
movlw
movwf
PREBIT
TIMELO
; preload counter
incf
btfsc
goto
btfss
goto
TIMELO,F
STATUS,Z
Receive
HCSIN
WLL
; measure low period
RNextBit
WHL
; after 1.2ms (200*6) timeout
; loop while High
;
WLL
; shift in the new bit
movf
TIMEHI,W
subwf
TIMELO,F
rrf
BUFFER7,F
; after 1.2ms (200*6) timeout
; loop while Low
; if TIMEHI > TIMELO Carry = 0
; insert bit in buffer
AN665
006C
006D
006E
006F
0070
0071
0072
032D
032C
032B
032A
0329
0328
0327
0073
0074
0075
0076
0CE0
0152
0643
0A4A
0077 02EF
0078 0A5B
0079 0800
007A
007A
007B
007C
007D
007E
007F
0C04
0026
0CFB
0006
0C00
0002
0080 06A6
0081 0A7A
0082
0082 0066
0083 094A
0084
0085
0086
0087
0C08
0030
0C07
0024
0088
0088
0089
008A
008B
008C
008D
008E
008F
0090
0200
0E0F
0902
0035
0937
091A
0CF0
0937
0C01
DS00665A-page 12
00313
00314
00315
00316
00317
00318
00319
00320
00321
00322
00323
00324
00325
00326
00327
00328
00329
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347
00348
00349
00350
00351
00352
00353
00354
00355
00356
00357
00358
00359
00360
00361
00362
00363
00364
00365
00366
00367
00368
00369
00370
00371
00372
00373
00374
00375
00376
00377
00378
rrf
rrf
rrf
rrf
rrf
rrf
rrf
BUFFER6,F
BUFFER5,F
BUFFER4,F
BUFFER3,F
BUFFER2,F
BUFFER1,F
BUFFER0,F
; compare duty cycle, to skip preamble
movlw
0E0
; test duty cycle
andwf
TIMELO,W
; delta >200us? (32 cycles)
btfsc
STATUS,Z
goto
Receive
; no! itÕs a preamble
decfsz
goto
retlw
BITCOUNT,F
RNextBit
0
; loop to completion
;---------------------------------------------------------------------;**********************************************************************
;* Main loop
;*
set TRIS and option register
;*
wait for start (LED)
;*
disable keyboard
;*
receive new hopping code
;*
send 16 hex digits
;*
wait transmission end
;*
loop
;**********************************************************************
;
Main
movlw
bÕ00000100Õ ; set switch ON
movwf
GPIO
movlw
MASKDEF
; init port
tris
GPIO
movlw
0
option
btfsc
goto
LED
Main
; wait for Led output fall
clrf
GPIO
; send disable kb
; SWITCH = LOW
call
Receive
; gets the new hopping code
Disable
;---------------------------------------------------------------------; emulate a keyboard and send data as a sequence of 16 key
; pressed and released, one each hex digit
;
movlw
.8
; 8 byte from the buffer
movwf
BYTECOUNT
movlw
BUFFER0
; init pointer
movwf
FSR
KEYL
movf
andlw
call
movwf
call
call
movlw
call
movlw
INDF,W
0F
ScanCode
KEY
SendKEY
Wait10ms
BREAK
SendKEY
1
; low nibble
; encode hex nibble
; emulate key press
; emulate key release
ã 1997 Microchip Technology Inc.
AN665
0091 091B
0092 0215
0093 0937
00379
00380
00381
00382
00383
00384
00385
00386
00387
00388
00389
00390
00391
00392
00393
00394
00395
00396
00397
00398
00399
00400
00401
00402
00403
00404
00405
00406
00407
00408
00409
00410
00411
00412
0094 091A
0095
0096
0097
0098
0099
009A
009B
009C
009D
009E
009F
00A0
0380
0E0F
0902
0035
0937
091A
0CF0
0937
0C01
091B
0215
0937
00A1 091A
00A2 02A4
00A3 02F0
00A4 0A88
00A5
00A5 07A6
00A6 0AA5
00A7 0A7A
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
---------------XXX----------------------------
; wait 750us
call
Wait10ms
swapf
andlw
call
movwf
call
call
movlw
call
movlw
call
movf
call
INDF,W
0F
ScanCode
KEY
SendKEY
Wait10ms
BREAK
SendKEY
1
WaitWx750
KEY,W
SendKEY
call
Wait10ms
incf
decfsz
goto
FSR,F
BYTECOUNT,F
KEYL
; high nibble
; encode hex nibble
; emulate key press
; emulate key release
; wait 750us
; next byte
END
HOPPASW.ASM
MEMORY USAGE MAP (ÔXÕ = Used,
:
:
:
:
:
:
WaitWx750
KEY,W
SendKEY
;---------------------------------------------------------------------; now wait for the HCS to stop transmisssion (button release)
;
Release
btfss
LED
; wait Led rise
goto
Release
goto
Main
MPASM 01.40 Released
0000
0040
0080
01C0
0200
0FC0
call
movf
call
2-20-1997
16:45:24
PAGE
2
Ô-Õ = Unused)
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
----------------------------------------------
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
XXXXXXXX-----------------------------------------------------
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
------------------------------X
------------------------------X
All other memory blocks unused.
Program Memory Words Used:
Program Memory Words Free:
Errors
:
Warnings :
Messages :
0
0 reported,
0 reported,
ã 1997 Microchip Technology Inc.
168
343
0 suppressed
0 suppressed
DS00665A-page 13
AN665
NOTES:
DS00665A-page 14
ã 1997 Microchip Technology Inc.
AN665
NOTES:
ã 1997 Microchip Technology Inc.
DS00665A-page 15
Note the following details of the code protection feature on PICmicro® MCUs.
•
•
•
•
•
•
The PICmicro family meets the specifications contained in the Microchip Data Sheet.
Microchip believes that its family of PICmicro microcontrollers is one of the most secure products of its kind on the market today,
when used in the intended manner and under normal conditions.
There are dishonest and possibly illegal methods used to breach the code protection feature. All of these methods, to our knowledge, require using the PICmicro microcontroller in a manner outside the operating specifications contained in the data sheet.
The person doing so may be engaged in theft of intellectual property.
Microchip is willing to work with the customer who is concerned about the integrity of their code.
Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code. Code protection does not
mean that we are guaranteeing the product as “unbreakable”.
Code protection is constantly evolving. We at Microchip are committed to continuously improving the code protection features of
our product.
If you have any further questions about this matter, please contact the local sales office nearest to you.
Information contained in this publication regarding device
applications and the like is intended through suggestion only
and may be superseded by updates. It is your responsibility to
ensure that your application meets with your specifications.
No representation or warranty is given and no liability is
assumed by Microchip Technology Incorporated with respect
to the accuracy or use of such information, or infringement of
patents or other intellectual property rights arising from such
use or otherwise. Use of Microchip’s products as critical components in life support systems is not authorized except with
express written approval by Microchip. No licenses are conveyed, implicitly or otherwise, under any intellectual property
rights.
Trademarks
The Microchip name and logo, the Microchip logo, FilterLab,
KEELOQ, microID, MPLAB, PIC, PICmicro, PICMASTER,
PICSTART, PRO MATE, SEEVAL and The Embedded Control
Solutions Company are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries.
dsPIC, ECONOMONITOR, FanSense, FlexROM, fuzzyLAB,
In-Circuit Serial Programming, ICSP, ICEPIC, microPort,
Migratable Memory, MPASM, MPLIB, MPLINK, MPSIM,
MXDEV, PICC, PICDEM, PICDEM.net, rfPIC, Select Mode
and Total Endurance are trademarks of Microchip Technology
Incorporated in the U.S.A.
Serialized Quick Turn Programming (SQTP) is a service mark
of Microchip Technology Incorporated in the U.S.A.
All other trademarks mentioned herein are property of their
respective companies.
© 2002, Microchip Technology Incorporated, Printed in the
U.S.A., All Rights Reserved.
Printed on recycled paper.
Microchip received QS-9000 quality system
certification for its worldwide headquarters,
design and wafer fabrication facilities in
Chandler and Tempe, Arizona in July 1999. The
Company’s quality system processes and
procedures are QS-9000 compliant for its
PICmicro® 8-bit MCUs, KEELOQ® code hopping
devices, Serial EEPROMs and microperipheral
products. In addition, Microchip’s quality
system for the design and manufacture of
development systems is ISO 9001 certified.
 2002 Microchip Technology Inc.
M
WORLDWIDE SALES AND SERVICE
AMERICAS
ASIA/PACIFIC
Japan
Corporate Office
Australia
2355 West Chandler Blvd.
Chandler, AZ 85224-6199
Tel: 480-792-7200 Fax: 480-792-7277
Technical Support: 480-792-7627
Web Address: http://www.microchip.com
Microchip Technology Australia Pty Ltd
Suite 22, 41 Rawson Street
Epping 2121, NSW
Australia
Tel: 61-2-9868-6733 Fax: 61-2-9868-6755
Microchip Technology Japan K.K.
Benex S-1 6F
3-18-20, Shinyokohama
Kohoku-Ku, Yokohama-shi
Kanagawa, 222-0033, Japan
Tel: 81-45-471- 6166 Fax: 81-45-471-6122
Rocky Mountain
China - Beijing
2355 West Chandler Blvd.
Chandler, AZ 85224-6199
Tel: 480-792-7966 Fax: 480-792-7456
Microchip Technology Consulting (Shanghai)
Co., Ltd., Beijing Liaison Office
Unit 915
Bei Hai Wan Tai Bldg.
No. 6 Chaoyangmen Beidajie
Beijing, 100027, No. China
Tel: 86-10-85282100 Fax: 86-10-85282104
Atlanta
500 Sugar Mill Road, Suite 200B
Atlanta, GA 30350
Tel: 770-640-0034 Fax: 770-640-0307
Boston
2 Lan Drive, Suite 120
Westford, MA 01886
Tel: 978-692-3848 Fax: 978-692-3821
Chicago
333 Pierce Road, Suite 180
Itasca, IL 60143
Tel: 630-285-0071 Fax: 630-285-0075
Dallas
4570 Westgrove Drive, Suite 160
Addison, TX 75001
Tel: 972-818-7423 Fax: 972-818-2924
Detroit
Tri-Atria Office Building
32255 Northwestern Highway, Suite 190
Farmington Hills, MI 48334
Tel: 248-538-2250 Fax: 248-538-2260
Kokomo
2767 S. Albright Road
Kokomo, Indiana 46902
Tel: 765-864-8360 Fax: 765-864-8387
Los Angeles
18201 Von Karman, Suite 1090
Irvine, CA 92612
Tel: 949-263-1888 Fax: 949-263-1338
China - Chengdu
Microchip Technology Consulting (Shanghai)
Co., Ltd., Chengdu Liaison Office
Rm. 2401, 24th Floor,
Ming Xing Financial Tower
No. 88 TIDU Street
Chengdu 610016, China
Tel: 86-28-6766200 Fax: 86-28-6766599
China - Fuzhou
Microchip Technology Consulting (Shanghai)
Co., Ltd., Fuzhou Liaison Office
Unit 28F, World Trade Plaza
No. 71 Wusi Road
Fuzhou 350001, China
Tel: 86-591-7503506 Fax: 86-591-7503521
China - Shanghai
Microchip Technology Consulting (Shanghai)
Co., Ltd.
Room 701, Bldg. B
Far East International Plaza
No. 317 Xian Xia Road
Shanghai, 200051
Tel: 86-21-6275-5700 Fax: 86-21-6275-5060
China - Shenzhen
150 Motor Parkway, Suite 202
Hauppauge, NY 11788
Tel: 631-273-5305 Fax: 631-273-5335
Microchip Technology Consulting (Shanghai)
Co., Ltd., Shenzhen Liaison Office
Rm. 1315, 13/F, Shenzhen Kerry Centre,
Renminnan Lu
Shenzhen 518001, China
Tel: 86-755-2350361 Fax: 86-755-2366086
San Jose
Hong Kong
Microchip Technology Inc.
2107 North First Street, Suite 590
San Jose, CA 95131
Tel: 408-436-7950 Fax: 408-436-7955
Microchip Technology Hongkong Ltd.
Unit 901-6, Tower 2, Metroplaza
223 Hing Fong Road
Kwai Fong, N.T., Hong Kong
Tel: 852-2401-1200 Fax: 852-2401-3431
New York
Toronto
6285 Northam Drive, Suite 108
Mississauga, Ontario L4V 1X5, Canada
Tel: 905-673-0699 Fax: 905-673-6509
India
Microchip Technology Inc.
India Liaison Office
Divyasree Chambers
1 Floor, Wing A (A3/A4)
No. 11, O’Shaugnessey Road
Bangalore, 560 025, India
Tel: 91-80-2290061 Fax: 91-80-2290062
Korea
Microchip Technology Korea
168-1, Youngbo Bldg. 3 Floor
Samsung-Dong, Kangnam-Ku
Seoul, Korea 135-882
Tel: 82-2-554-7200 Fax: 82-2-558-5934
Singapore
Microchip Technology Singapore Pte Ltd.
200 Middle Road
#07-02 Prime Centre
Singapore, 188980
Tel: 65-334-8870 Fax: 65-334-8850
Taiwan
Microchip Technology Taiwan
11F-3, No. 207
Tung Hua North Road
Taipei, 105, Taiwan
Tel: 886-2-2717-7175 Fax: 886-2-2545-0139
EUROPE
Denmark
Microchip Technology Nordic ApS
Regus Business Centre
Lautrup hoj 1-3
Ballerup DK-2750 Denmark
Tel: 45 4420 9895 Fax: 45 4420 9910
France
Microchip Technology SARL
Parc d’Activite du Moulin de Massy
43 Rue du Saule Trapu
Batiment A - ler Etage
91300 Massy, France
Tel: 33-1-69-53-63-20 Fax: 33-1-69-30-90-79
Germany
Microchip Technology GmbH
Gustav-Heinemann Ring 125
D-81739 Munich, Germany
Tel: 49-89-627-144 0 Fax: 49-89-627-144-44
Italy
Microchip Technology SRL
Centro Direzionale Colleoni
Palazzo Taurus 1 V. Le Colleoni 1
20041 Agrate Brianza
Milan, Italy
Tel: 39-039-65791-1 Fax: 39-039-6899883
United Kingdom
Arizona Microchip Technology Ltd.
505 Eskdale Road
Winnersh Triangle
Wokingham
Berkshire, England RG41 5TU
Tel: 44 118 921 5869 Fax: 44-118 921-5820
01/18/02
 2002 Microchip Technology Inc.
Similar pages