self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
self.resume();
while wait>0 and (0==self.CCstatus()&0x20):
- time.sleep(0.1);
+ a=1;
+ #time.sleep(0.1);
#print "Waiting for shell code to return.";
return;
def shellcode(self,code,wait=1):
self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
self.resume();
while wait>0 and (0==self.CCstatus()&0x20):
- time.sleep(0.1);
+ a=1;
+ #time.sleep(0.1);
#print "Waiting for shell code to return.";
return;
def CC1110_crystal(self):
self.pokebysym("TEST2" , 0x81) # Various test settings.
self.pokebysym("TEST1" , 0x35) # Various test settings.
self.pokebysym("TEST0" , 0x09) # Various test settings.
- #self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
- self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
+ self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
- #self.pokebysym("PKTCTRL0" , 0x01) # Packet automation control, w/o checksum.
- self.pokebysym("ADDR" , 0x00) # Device address.
+ self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
self.pokebysym("PKTLEN" , 0xFF) # Packet length.
self.pokebysym("SYNC1",0xD3);
return 0;
def RF_rxpacket(self):
"""Get a packet from the radio. Returns None if none is waiting."""
- #RFST=0xDFE1
- #self.pokebyte(RFST,0x01); #SCAL
- #self.pokebyte(RFST,0x02); #SRX
-
self.shellcodefile("rxpacket.ihx");
- #time.sleep(1);
- self.halt();
len=self.peek8(0xFE00,"xdata");
- #print "Grabbing %i bytes." %len;
- return self.peekblock(0xFE00,len,"data");
- def RF_txpacket(self,payload):
+ return self.peekblock(0xFE00,len+1,"data");
+ def RF_txpacket(self,packet):
"""Transmit a packet. Untested."""
- print "FIXME, Chipcon packet transmission is not yet implemented.";
+ self.pokeblock(0xFE00,packet,"data");
+ self.shellcodefile("txpacket.ihx");
return;
+ def RF_txrxpacket(self,packet):
+ """Transmit a packet. Untested."""
+
+ self.pokeblock(0xFE00,packet,"data");
+ self.shellcodefile("txrxpacket.ihx");
+ len=self.peek8(0xFE00,"xdata");
+ return self.peekblock(0xFE00,len+1,"data");
def RF_getrssi(self):
"""Returns the received signal strenght, with a weird offset."""
s="%s %02x" % (s,foo);
print "%s" %s;
+def handlesimplicitipacket(packet):
+ s="";
+ i=0;
+
+ for foo in packet:
+ i=i+1;
+ #if i>packet[0]+1: break;
+ s="%s %02x" % (s,foo);
+ print "\n%s" %s;
+
+
+ len=packet[0];
+ if len<12: return;
+
+ dst=[packet[1],
+ packet[2],
+ packet[3],
+ packet[4]];
+ src=[packet[5],
+ packet[6],
+ packet[7],
+ packet[8]];
+ port=packet[9];
+ info=packet[10];
+ seq=packet[11];
+ #payload begins at byte 12.
+
+
+
+ if port==0x03:
+ #print "Join request.";
+ if packet[12]!=1:
+ print "Not a join request. WTF?";
+ return;
+ tid=packet[13];
+ reply=[0x12, #reply is one byte shorter
+ src[0], src[1], src[2], src[3],
+ 1,1,1,1, #my address
+ port, 0x21, seq,
+ 0x81, tid, #reply, tid
+
+ 1,1,1,1,
+ #4,3,2,1, #default join token
+ #8,7,6,5, #default link token
+ #0xFF,0xFF,0xFF,0xFF,
+ 0x00]; #no security
+ printpacket(reply);
+ client.RF_txpacket(reply);
+
+ elif port==0x04:
+ print "Security request.";
+ elif port==0x05:
+ print "Frequency request.";
+ elif port==0x06:
+ print "Management request.";
+ else:
+ print "Unknown Port %02x" %port;
+
if(len(sys.argv)==1):
print "Usage: %s verb [objects]\n" % sys.argv[0];
print "%s erase" % sys.argv[0];
client.config_simpliciti(region);
- #For BSL sniffing, different frequencies.
- #client.pokebysym("FREQ2",0x25);
- #client.pokebysym("FREQ1",0x95);
- #client.pokebysym("FREQ0",0x55);
+ print "Listening as %x on %f MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10.0**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ packet=client.RF_rxpacket();
+ printpacket(packet);
+ sys.stdout.flush();
+
+if(sys.argv[1]=="simpliciti"):
+ #TODO remove all poke() calls.
+ region="us";
+ if len(sys.argv)>2:
+ region=sys.argv[2];
+
+ client.CC1110_crystal();
+ client.RF_idle();
+ client.config_simpliciti(region);
print "Listening as %x on %f MHz" % (client.RF_getsmac(),
client.RF_getfreq()/10.0**6);
while 1:
packet=None;
while packet==None:
- #time.sleep(0.1);
packet=client.RF_rxpacket();
- printpacket(packet);
+ handlesimplicitipacket(packet);
sys.stdout.flush();
# Use lower RAM if needed.
CC=sdcc --code-loc 0xF000
-objs=crystal.ihx txpacket.ihx rxpacket.ihx
+objs=crystal.ihx txpacket.ihx rxpacket.ihx txrxpacket.ihx
all: $(objs)
RFST=RFST_SRX;
while(MARCSTATE!=MARC_STATE_RX);
- while(i<len+1){
+ while(i<len+1){ //len+3 if status is appended.
while(!RFTXRXIF); //Wait for byte to be ready.
RFTXRXIF=0; //Clear the flag.
HALT;
}
- RFST = RFST_SIDLE; //End transmit.
+ RFST = RFST_SIDLE; //End receive.
HALT;
}
+
//! Transmit a packet out of the radio from 0xFE00.
void main(){
unsigned char len=packet[0], i=0;
+
+ //Disable interrupts.
+ RFTXRXIE=0;
+
+ //idle a bit.
+ RFST=RFST_SIDLE;
+ while(MARCSTATE!=MARC_STATE_IDLE);
+
+
RFST=RFST_STX; //Begin transmit.
+ while(MARCSTATE!=MARC_STATE_TX);
+
while(i!=len+1){
while(!RFTXRXIF); //Wait for byte to be ready.
--- /dev/null
+#include <cc1110.h>
+#include "cc1110-ext.h"
+
+char __xdata at 0xfe00 packet[256] ;
+
+//! Transmit a packet out of the radio from 0xFE00.
+void main(){
+ unsigned char len=packet[0], i=0;
+
+ //idle a bit.
+ RFST=RFST_SIDLE;
+ while(MARCSTATE!=MARC_STATE_IDLE);
+
+ RFST=RFST_STX; //Begin transmit.
+ while(i!=len+1){
+ while(!RFTXRXIF); //Wait for byte to be ready.
+
+ RFTXRXIF=0; //Clear the flag.
+ RFD=packet[i++]; //Send the next byte.
+ }
+ RFST = RFST_SIDLE; //End transmit.
+
+
+ while(MARCSTATE!=MARC_STATE_IDLE);
+
+ //Begin to receive.
+ RFST=RFST_SRX;
+ while(MARCSTATE!=MARC_STATE_RX);
+ i=0;len=16;
+ while(i<len+1){
+ while(!RFTXRXIF); //Wait for byte to be ready.
+ RFTXRXIF=0; //Clear the flag.
+
+ if (MARCSTATE == MARC_STATE_RX) {
+ packet[i]=RFD; //Grab the next byte.
+ i++;
+ len=packet[0]; //First byte of the packet is the length.
+ }else
+ HALT;
+
+ }
+ RFST = RFST_SIDLE; //End receive.
+ HALT;
+}