2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFET import GoodFET;
12 from intelhex import IntelHex;
14 import xml.dom.minidom, time, os;
16 class GoodFETCC(GoodFET):
17 """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
21 def __init__(self,filename=None):
22 """GoodFETCC constructor.
23 Mostly concerned with finding SmartRF7."""
24 if self.smartrfpath==None:
25 self.smartrfpath=os.environ.get("SMARTRF");
26 if self.smartrfpath==None and os.name=='nt':
27 pf=os.environ['PROGRAMFILES'];
28 self.smartrfpath="%s\\\\Texas Instruments\\\\SmartRF Tools\\\\SmartRF Studio 7" % pf;
30 if self.smartrfpath==None:
31 self.smartrfpath="/opt/smartrf7";
33 haveloadedsymbols=False;
34 def loadsymbols(self):
35 if self.haveloadedsymbols:
38 self.SRF_loadsymbols();
39 self.haveloadedsymbols=True;
42 if ident==0x0000 or ident==0xFFFF:
43 print "Chip ID is 0x%04x, implying a wiring problem." % ident;
45 print "SmartRF not found for chip 0x%04x." % ident;
46 def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
47 #def SRF_chipdom(self,chip="cc1110", doc="workingconfig.xml"):
48 """Loads the chip XML definitions from SmartRF7."""
49 fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
50 #print "Opening %s" % fn;
51 return xml.dom.minidom.parse(fn)
53 def CMDrs(self,args=[]):
54 """Chip command to grab the radio state."""
56 self.SRF_radiostate();
58 # print "Error printing radio state.";
59 # print "SmartRF not found at %s." % self.smartrfpath;
60 def SRF_bitfieldstr(self,bf):
67 for e in bf.childNodes:
68 if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
69 elif e.localName=="Start": start=e.childNodes[0].nodeValue;
70 elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
71 return " [%s:%s] %30s " % (start,stop,name);
73 def SRF_radiostate(self):
75 chip=self.CCversions.get(ident&0xFF00);
76 dom=self.SRF_chipdom(chip,"register_definition.xml");
77 for e in dom.getElementsByTagName("registerdefinition"):
78 for f in e.childNodes:
79 if f.localName=="DeviceName":
80 print "// %s RadioState" % (f.childNodes[0].nodeValue);
81 elif f.localName=="Register":
86 for g in f.childNodes:
87 if g.localName=="Name":
88 name=g.childNodes[0].nodeValue;
89 elif g.localName=="Address":
90 address=g.childNodes[0].nodeValue;
91 elif g.localName=="Description":
93 description=g.childNodes[0].nodeValue;
94 elif g.localName=="Bitfield":
95 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
96 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
97 print "%-10s=0x%02x; /* %-50s */" % (
98 name,self.CCpeekdatabyte(eval(address)), description);
99 if bitfields!="": print bitfields.rstrip();
101 def SRF_radiostate_select(self,args=[]):
103 ident=self.CCident();
104 chip=self.CCversions.get(ident&0xFF00);
105 dom=self.SRF_chipdom(chip,"register_definition.xml");
107 if reg.lower() == "help":
110 lreg.append(reg.lower())
111 for e in dom.getElementsByTagName("registerdefinition"):
112 for f in e.childNodes:
113 if f.localName=="DeviceName":
114 print "// %s RadioState" % (f.childNodes[0].nodeValue);
115 elif f.localName=="Register":
120 for g in f.childNodes:
121 if g.localName=="Name":
122 name=g.childNodes[0].nodeValue;
123 elif g.localName=="Address":
124 address=g.childNodes[0].nodeValue;
125 elif g.localName=="Description":
127 description=g.childNodes[0].nodeValue;
128 elif g.localName=="Bitfield":
129 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
130 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
132 print "%-10s /* %-50s */" % (name, description);
133 elif name.lower() in lreg:
134 print "%-10s=0x%02x; /* %-50s */" % (
135 name,self.CCpeekdatabyte(eval(address)), description);
136 if bitfields!="": print bitfields.rstrip();
138 def RF_setfreq(self,frequency):
139 """Set the frequency in Hz."""
140 #FIXME CC1110 specific
141 #Some frequencies fail, probably and FSCAL thing.
144 freq=int(hz/396.728515625);
147 freq1=(freq&0xFF00)>>8;
148 freq2=(freq&0xFF0000)>>16;
150 self.pokebysym("FREQ2",freq2);
151 self.pokebysym("FREQ1",freq1);
152 self.pokebysym("FREQ0",freq0);
154 self.pokebysym("TEST1",0x31);
155 self.pokebysym("TEST0",0x09);
158 #self.pokebysym("FSCAL2" , 0x2A); #above mid
159 self.pokebysym("FSCAL2" , 0x0A); #beneath mid
161 #self.CC_RFST_CAL(); #SCAL
165 def RF_getfreq(self):
166 """Get the frequency in Hz."""
167 #FIXME CC1110 specific
169 #return (2400+self.peek(0x05))*10**6
170 #self.poke(0x05,chan);
172 #freq2=self.CCpeekdatabyte(0xdf09);
173 #freq1=self.CCpeekdatabyte(0xdf0a);
174 #freq0=self.CCpeekdatabyte(0xdf0b);
177 freq2=self.peekbysym("FREQ2");
178 freq1=self.peekbysym("FREQ1");
179 freq0=self.peekbysym("FREQ0");
180 freq=(freq2<<16)+(freq1<<8)+freq0;
184 hz=freq*396.728515625;
188 def RF_getchannel(self):
189 """Get the hex channel."""
190 #FIXME CC1110 specific
193 freq2=self.peekbysym("FREQ2");
194 freq1=self.peekbysym("FREQ1");
195 freq0=self.peekbysym("FREQ0");
196 freq=(freq2<<16)+(freq1<<8)+freq0;
203 lastshellcode="none";
204 def shellcodefile(self,filename,wait=1, alwaysreload=0):
205 """Run a fragment of shellcode by name."""
206 #FIXME: should identify chip model number, use shellcode for that chip.
208 if self.lastshellcode!=filename or alwaysreload>0:
209 self.lastshellcode=filename;
211 file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
212 #TODO make this generic
213 path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
214 filename=path+filename;
217 h=IntelHex(filename);
218 for i in h._buf.keys():
219 self.CCpokedatabyte(i,h[i]);
221 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
223 while wait>0 and (0==self.CCstatus()&0x20):
225 #print "Waiting for shell code to return.";
228 return self.CCstatus()&0x20;
229 def shellcode(self,code,wait=1):
230 """Copy a block of code into RAM and execute it."""
234 self.pokebyte(0xF000+i,byte);
236 #print "Code loaded, executing."
237 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
239 while wait>0 and (0==self.CCstatus()&0x20):
242 #print "Waiting for shell code to return.";
244 def CC1110_crystal(self):
245 """Start the main crystal of the CC1110 oscillating, needed for radio use."""
246 code=[0x53, 0xBE, 0xFB, #anl SLEEP, #0xFB
248 0xE5, 0xBE, #mov a,SLEEP
249 0x30, 0xE6, 0xFB, #jnb acc.6, back
250 0x53, 0xc6, 0xB8, #anl CLKCON, #0xB8
252 0xE5, 0xC6, #mov a,CLKCON
253 0x20, 0xE6, 0xFB, #jb acc.6, two
254 0x43, 0xBE, 0x04, #orl SLEEP, #0x04
257 self.shellcode(code);
259 #Slower to load, but produced from C.
260 #self.shellcodefile("crystal.ihx");
263 """Move the radio to its idle state."""
267 #Chipcon RF strobes. CC1110 specific
272 def CC_RFST_IDLE(self):
273 """Switch the radio to idle mode, clearing overflows and errors."""
274 self.CC_RFST(self.RFST_IDLE);
275 def CC_RFST_TX(self):
276 """Switch the radio to TX mode."""
277 self.CC_RFST(self.RFST_TX);
278 def CC_RFST_RX(self):
279 """Switch the radio to RX mode."""
280 self.CC_RFST(self.RFST_RX);
281 def CC_RFST_CAL(self):
282 """Calibrate strobe the radio."""
283 self.CC_RFST(self.RFST_CAL);
284 def CC_RFST(self,state=RFST_IDLE):
286 self.pokebyte(RFST,state); #Return to idle state.
288 def config_dash7(self,band="lf"):
289 #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
290 #Waiting for official confirmation of the accuracy.
292 self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
293 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
295 #Don't change these while the radio is active.
296 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
297 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
298 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
299 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
301 if band=="ismeu" or band=="eu":
302 print "There is no official eu band for dash7."
303 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
304 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
305 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
306 elif band=="ismus" or band=="us":
307 print "There is no official us band for dash7."
308 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
309 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
310 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
311 elif band=="ismlf" or band=="lf":
312 # 433.9198 MHz, same as Simpliciti.
313 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
314 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
315 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
319 #Got a frequency, not a band.
320 self.RF_setfreq(eval(band));
321 self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter
322 self.pokebysym("MDMCFG3" , 0x3B)
323 self.pokebysym("MDMCFG2" , 0x11)
324 self.pokebysym("MDMCFG1" , 0x02)
325 self.pokebysym("MDMCFG0" , 0x53)
326 self.pokebysym("CHANNR" , 0x00) # Channel zero.
327 self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation
329 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
330 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
331 self.pokebysym("MCSM2" , 0x1E)
332 self.pokebysym("MCSM1" , 0x3F)
333 self.pokebysym("MCSM0" , 0x30)
334 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
335 self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate
337 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
338 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
339 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
341 self.pokebysym("TEST2" , 0x81) # Various test settings.
342 self.pokebysym("TEST1" , 0x35) # Various test settings.
343 self.pokebysym("TEST0" , 0x09) # Various test settings.
344 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
345 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
346 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
347 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
348 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
349 self.pokebysym("ADDR" , 0x01) # Device address.
350 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
353 self.pokebysym("SYNC1",0x83);
354 self.pokebysym("SYNC0",0xFE);
356 def config_iclicker(self,band="lf"):
357 #Mike Ossmann figured most of this out, with help from neighbors.
359 self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control.
360 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
362 #Don't change these while the radio is active.
363 self.pokebysym("FSCAL3" , 0xE9)
364 self.pokebysym("FSCAL2" , 0x2A)
365 self.pokebysym("FSCAL1" , 0x00)
366 self.pokebysym("FSCAL0" , 0x1F)
368 if band=="ismeu" or band=="eu":
369 print "The EU band is unknown.";
370 elif band=="ismus" or band=="us":
372 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
373 self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte.
374 self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte.
375 elif band=="ismlf" or band=="lf":
376 print "There is no LF version of the iclicker."
380 #Got a frequency, not a band.
381 self.RF_setfreq(eval(band));
382 # 812.5kHz bandwidth, 152.34 kbaud
383 self.pokebysym("MDMCFG4" , 0x1C)
384 self.pokebysym("MDMCFG3" , 0x80)
385 # no FEC, 2 byte preamble, 250kHz chan spacing
388 #self.pokebysym("MDMCFG2" , 0x01)
390 self.pokebysym("MDMCFG2" , 0x02)
392 self.pokebysym("MDMCFG1" , 0x03)
393 self.pokebysym("MDMCFG0" , 0x3b)
395 self.pokebysym("CHANNR" , 0x2e) # Channel zero.
397 #self.pokebysym("DEVIATN" , 0x71) # 118.5
398 self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation
400 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
401 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
402 self.pokebysym("MCSM2" , 0x07)
403 self.pokebysym("MCSM1" , 0x30) #Auto freq. cal.
404 self.pokebysym("MCSM0" , 0x14)
406 self.pokebysym("TEST2" , 0x88) #
407 self.pokebysym("TEST1" , 0x31) #
408 self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.)
409 self.pokebysym("PA_TABLE0", 0xC0) # Max output power.
410 self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status
411 self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len.
413 self.pokebysym("PKTLEN" , 0x09) # Packet length.
415 self.pokebysym("SYNC1",0xB0);
416 self.pokebysym("SYNC0",0xB0);
417 self.pokebysym("ADDR", 0xB0);
420 def config_ademco(self, band="lf"):
422 # FIXME Temporary placeholder for me to write the Ademco protocol into the GoodFET Chipcon Application
423 # TODO Also, write a class that takes in the XML registration files and sets values (not just addresses)
425 def config_ook(self,band="none"):
426 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
427 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
429 #Don't change these while the radio is active.
430 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
431 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
432 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
433 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
435 if band=="ismeu" or band=="eu":
436 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
437 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
438 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
439 elif band=="ismus" or band=="us":
440 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
441 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
442 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
443 elif band=="ismlf" or band=="lf":
444 self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
445 self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
446 self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
450 #Got a frequency, not a band.
451 self.RF_setfreq(eval(band));
455 #self.pokebysym("MDMCFG4" , 0x85)
456 #self.pokebysym("MDMCFG3" , 0x83)
458 #self.pokebysym("MDMCFG4" , 0xf4)
459 #self.pokebysym("MDMCFG3" , 0x43)
461 #self.pokebysym("MDMCFG4" , 0xf6)
462 #self.pokebysym("MDMCFG3" , 0x83)
465 #print "Warning: Default to 4.8kbaud.";
466 #self.pokebysym("MDMCFG4" , 0xf7)
467 #self.pokebysym("MDMCFG3" , 0x83)
469 #print "Warning: Default to 9.6kbaud.";
472 self.pokebysym("MDMCFG4" , 0xf8)
473 self.pokebysym("MDMCFG3" , 0x83)
474 self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester
476 #Kind aright for keeloq
477 print "Warning: Guessing baud rate.";
478 #self.pokebysym("MDMCFG4" , 0xf6)
479 #self.pokebysym("MDMCFG3" , 0x93)
480 #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester
482 self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
483 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
484 self.pokebysym("CHANNR" , 0x00) # Channel number.
486 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
487 self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
488 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
489 #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
490 #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
492 #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
493 #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
494 #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
496 self.pokebysym("TEST2" , 0x81) # Various test settings.
497 self.pokebysym("TEST1" , 0x35) # Various test settings.
498 self.pokebysym("TEST0" , 0x0B) # Various test settings.
499 self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
500 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
501 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
502 #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
503 self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
504 self.pokebysym("ADDR" , 0x01) # Device address.
505 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
507 self.pokebysym("SYNC1",0xD3);
508 self.pokebysym("SYNC0",0x91);
510 def config_simpliciti(self,band="none"):
511 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
512 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
514 #Don't change these while the radio is active.
515 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
516 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
517 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
518 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
520 if band=="ismeu" or band=="eu":
521 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
522 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
523 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
524 elif band=="ismus" or band=="us":
525 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
526 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
527 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
528 elif band=="ismlf" or band=="lf":
529 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
530 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
531 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
535 #Got a frequency, not a band.
536 self.RF_setfreq(eval(band));
537 self.pokebysym("MDMCFG4" , 0x7B) # Modem configuration.
538 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
539 self.pokebysym("MDMCFG2" , 0x13) # Modem configuration.
540 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
541 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
542 if band=="ismus" or band=="us":
543 self.pokebysym("CHANNR" , 20) # Channel number.
545 self.pokebysym("CHANNR" , 0x00) # Channel number.
546 self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled).
548 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
549 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
550 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
551 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
552 self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
554 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
555 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
556 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
558 self.pokebysym("TEST2" , 0x81) # Various test settings.
559 self.pokebysym("TEST1" , 0x35) # Various test settings.
560 self.pokebysym("TEST0" , 0x09) # Various test settings.
561 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
562 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
563 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
564 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
565 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
566 self.pokebysym("ADDR" , 0x01) # Device address.
567 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
569 self.pokebysym("SYNC1",0xD3);
570 self.pokebysym("SYNC0",0x91);
572 def RF_carrier(self):
573 """Hold a carrier wave on the present frequency."""
575 self.CC1110_crystal(); #FIXME, '1110 specific.
581 self.config_simpliciti();
583 #Don't change these while the radio is active.
584 #self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
585 #self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
586 #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
587 #self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
590 #self.pokebysym("PA_TABLE0", 0xFF) # PA output power setting.
592 #This is what drops to OOK.
593 #Comment to keep GFSK, might be better at jamming.
594 self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
595 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
596 self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
597 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
598 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
600 self.pokebysym("SYNC1",0xAA);
601 self.pokebysym("SYNC0",0xAA);
603 #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
606 while((state!=0x13)):
607 self.pokebyte(RFST,0x03); #RFST=RFST_STX
609 state=self.peekbysym("MARCSTATE")&0x1F;
610 #print "state=%02x" % state;
611 print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
615 def RF_getsmac(self):
616 """Return the source MAC address."""
618 #Register 0A is RX_ADDR_P0, five bytes.
619 mac=self.peekbysym("ADDR");
621 def RF_setsmac(self,mac):
622 """Set the source MAC address."""
623 self.pokebysym("ADDR",mac);
625 def RF_gettmac(self):
626 """Return the target MAC address."""
628 def RF_settmac(self,mac):
629 """Set the target MAC address."""
631 def RF_rxpacket(self):
632 """Get a packet from the radio. Returns None if none is waiting."""
633 self.shellcodefile("rxpacket.ihx");
634 len=self.peek8(0xFE00,"xdata");
635 return self.peekblock(0xFE00,len+3,"data");
636 def RF_txpacket(self,packet):
637 """Transmit a packet. Untested."""
639 self.pokeblock(0xFE00,packet,"data");
640 self.shellcodefile("txpacket.ihx");
642 def RF_txrxpacket(self,packet):
643 """Transmit a packet. Untested."""
645 self.pokeblock(0xFE00,packet,"data");
646 self.shellcodefile("txrxpacket.ihx");
647 len=self.peek8(0xFE00,"xdata");
648 return self.peekblock(0xFE00,len+3,"data");
650 def RF_getrssi(self):
651 """Returns the received signal strenght, with a weird offset."""
653 rssireg=self.symbols.get("RSSI");
654 return self.CCpeekdatabyte(rssireg)^0x80;
656 if self.verbose>0: print "RSSI reg doesn't exist.";
658 #RSSI doesn't exist on some 2.4GHz devices. Maybe RSSIL and RSSIH?
659 rssilreg=self.symbols.get("RSSIL");
660 rssil=self.CCpeekdatabyte(rssilreg);
661 rssihreg=self.symbols.get("RSSIL");
662 rssih=self.CCpeekdatabyte(rssihreg);
663 return (rssih<<8)|rssil;
665 if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
669 def SRF_loadsymbols(self):
670 ident=self.CCident();
671 chip=self.CCversions.get(ident&0xFF00);
672 dom=self.SRF_chipdom(chip,"register_definition.xml");
673 for e in dom.getElementsByTagName("registerdefinition"):
674 for f in e.childNodes:
675 if f.localName=="Register":
680 for g in f.childNodes:
681 if g.localName=="Name":
682 name=g.childNodes[0].nodeValue;
683 elif g.localName=="Address":
684 address=g.childNodes[0].nodeValue;
685 elif g.localName=="Description":
687 description=g.childNodes[0].nodeValue;
688 elif g.localName=="Bitfield":
689 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
690 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
691 self.symbols.define(eval(address),name,description,"data");
697 self.writecmd(self.APP,0x86,0,self.data);
700 def CCreleasecpu(self):
701 """Resume the CPU."""
702 self.writecmd(self.APP,0x87,0,self.data);
706 #print "Status: %s" % self.CCstatusstr();
708 #Grab ident three times, should be equal.
709 ident1=self.CCident();
710 ident2=self.CCident();
711 ident3=self.CCident();
712 if(ident1!=ident2 or ident2!=ident3):
713 print "Error, repeated ident attempts unequal."
714 print "%04x, %04x, %04x" % (ident1, ident2, ident3);
716 #Single step, printing PC.
717 print "Tracing execution at startup."
718 for i in range(1,15):
720 byte=self.CCpeekcodebyte(i);
721 #print "PC=%04x, %02x" % (pc, byte);
724 print "Verifying that debugging a NOP doesn't affect the PC."
725 for i in range(1,15):
727 self.CCdebuginstr([0x00]);
728 if(pc!=self.CCgetPC()):
729 print "ERROR: PC changed during CCdebuginstr([NOP])!";
731 print "Checking pokes to XRAM."
732 for i in range(self.execbuf,self.execbuf+0x20):
733 self.CCpokedatabyte(i,0xde);
734 if(self.CCpeekdatabyte(i)!=0xde):
735 print "Error in XDATA at 0x%04x" % i;
737 #print "Status: %s." % self.CCstatusstr();
743 """Move the FET into the Chipcon 8051 application."""
744 #print "Initializing Chipcon.";
745 self.writecmd(self.APP,0x10,0,self.data);
746 def CCrd_config(self):
747 """Read the config register of a Chipcon."""
748 self.writecmd(self.APP,0x82,0,self.data);
749 return ord(self.data[0]);
750 def CCwr_config(self,config):
751 """Write the config register of a Chipcon."""
752 self.writecmd(self.APP,0x81,1,[config&0xFF]);
753 def CClockchip(self):
754 """Set the flash lock bit in info mem."""
755 self.writecmd(self.APP, 0x9A, 0, None);
757 """Set the flash lock bit in info mem."""
761 CCversions={0x0100:"cc1110",
767 0xA500:"cc2530", #page 57 of SWRU191B
773 CCexecbuf= {0x0100:0xF000,
779 0xA500:0x0000, #CC2530
783 0xFF00:None} #missing
784 CCpagesizes={0x01: 1024, #"CC1110",
785 0x11: 1024, #"CC1111",
786 0x85: 2048, #"CC2430",
787 0x89: 2048, #"CC2431",
788 0x81: 1024, #"CC2510",
789 0x91: 1024, #"CC2511",
790 0xA5: 2048, #"CC2530", #page 57 of SWRU191B
791 0xB5: 2048, #"CC2531",
792 0x95: 2048, #"CC2533",
793 0x8D: 2048, #"CC2540",
795 def infostring(self):
796 return self.CCidentstr();
797 def CCidentstr(self):
798 ident=self.CCident();
799 chip=self.CCversions.get(ident&0xFF00);
800 execbuf=self.CCexecbuf.get(ident&0xFF00);
801 pagesize=self.CCpagesizes.get(ident>0xFF);
802 self.execbuf=execbuf;
805 return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
807 return "%04x" % ident;
809 """Get a chipcon's ID."""
810 self.writecmd(self.APP,0x8B,0,None);
811 chip=ord(self.data[0]);
812 rev=ord(self.data[1]);
813 return (chip<<8)+rev;
814 def CCpagesize(self):
815 """Get a chipcon's ID."""
816 self.writecmd(self.APP,0x8B,0,None);
817 chip=ord(self.data[0]);
818 size=self.CCpagesizes.get(chip);
820 print "ERROR: Pagesize undefined.";
821 print "chip=%0.4x" %chip;
826 return self.CCgetPC();
828 """Get a chipcon's PC."""
829 self.writecmd(self.APP,0x83,0,None);
830 hi=ord(self.data[0]);
831 lo=ord(self.data[1]);
833 def CCcmd(self,phrase):
834 self.writecmd(self.APP,0x00,len(phrase),phrase);
835 val=ord(self.data[0]);
836 print "Got %02x" % val;
838 def CCdebuginstr(self,instr):
839 self.writecmd(self.APP,0x88,len(instr),instr);
840 return ord(self.data[0]);
841 #def peekblock(self,adr,length,memory="vn"):
842 # """Return a block of data, broken"""
843 # data=[adr&0xff, (adr&0xff00)>>8,
844 # length&0xFF,(length&0xFF00)>>8];
845 # self.writecmd(self.APP,0x91,4,data);
846 # return [ord(x) for x in self.data]
847 def peek8(self,address, memory="code"):
848 if(memory=="code" or memory=="flash" or memory=="vn"):
849 return self.CCpeekcodebyte(address);
850 elif(memory=="data" or memory=="xdata" or memory=="ram"):
851 return self.CCpeekdatabyte(address);
852 elif(memory=="idata" or memory=="iram"):
853 return self.CCpeekirambyte(address);
854 print "%s is an unknown memory." % memory;
856 def CCpeekcodebyte(self,adr):
857 """Read the contents of code memory at an address."""
858 self.data=[adr&0xff, (adr&0xff00)>>8];
859 self.writecmd(self.APP,0x90,2,self.data);
860 return ord(self.data[0]);
861 def CCpeekdatabyte(self,adr):
862 """Read the contents of data memory at an address."""
863 self.data=[adr&0xff, (adr&0xff00)>>8];
864 self.writecmd(self.APP,0x91, 2, self.data);
865 return ord(self.data[0]);
866 def CCpeekirambyte(self,adr):
867 """Read the contents of IRAM at an address."""
868 self.data=[adr&0xff];
869 self.writecmd(self.APP,0x02, 1, self.data);
870 return ord(self.data[0]);
871 def CCpeekiramword(self,adr):
872 """Read the little-endian contents of IRAM at an address."""
873 return self.CCpeekirambyte(adr)+(
874 self.CCpeekirambyte(adr+1)<<8);
875 def CCpokeiramword(self,adr,val):
876 self.CCpokeirambyte(adr,val&0xff);
877 self.CCpokeirambyte(adr+1,(val>>8)&0xff);
878 def CCpokeirambyte(self,adr,val):
879 """Write the contents of IRAM at an address."""
880 self.data=[adr&0xff, val&0xff];
881 self.writecmd(self.APP,0x02, 2, self.data);
882 return ord(self.data[0]);
883 def pokebyte(self,adr,val,mem="xdata"):
884 self.CCpokedatabyte(adr,val);
885 def CCpokedatabyte(self,adr,val):
886 """Write a byte to data memory."""
887 self.data=[adr&0xff, (adr&0xff00)>>8, val];
888 self.writecmd(self.APP, 0x92, 3, self.data);
889 return ord(self.data[0]);
890 def CCchiperase(self):
891 """Erase all of the target's memory."""
892 self.writecmd(self.APP,0x80,0,None);
894 """Erase all of the target's memory."""
899 """Check the status."""
900 self.writecmd(self.APP,0x84,0,None);
901 return ord(self.data[0])
903 CCstatusbits={0x80 : "erase_busy",
907 0x08 : "halt_status",
912 CCconfigbits={0x20 : "soft_power_mode", #new for CC2530
915 0x02 : "timer_suspend",
916 0x01 : "sel_flash_info_page" #stricken from CC2530
920 """Check the status as a string."""
921 status=self.CCstatus();
926 str="%s %s" %(self.CCstatusbits[i],str);
930 """Start debugging."""
932 #while ident==0xFFFF or ident==0x0000:
934 self.writecmd(self.APP,0x20,0,self.data);
935 identa=self.CCident();
938 ident=self.CCident();
939 #Get SmartRF Studio regs if they exist.
941 #print "Status: %s" % self.status();
943 """Stop debugging."""
944 self.writecmd(self.APP,0x21,0,self.data);
945 def CCstep_instr(self):
946 """Step one instruction."""
947 self.writecmd(self.APP,0x89,0,self.data);
948 def CCeraseflashbuffer(self):
949 """Erase the 2kB flash buffer"""
950 self.writecmd(self.APP,0x99);
951 def CCflashpage(self,adr):
952 """Flash 2kB a page of flash from 0xF000 in XDATA"""
957 print "Flashing buffer to 0x%06x" % adr;
958 self.writecmd(self.APP,0x95,4,data);
960 def setsecret(self,value):
961 """Set a secret word for later retreival. Used by glitcher."""
963 pagelen = self.CCpagesize(); #Varies by chip.
964 print "page=%04x, pagelen=%04x" % (page,pagelen);
966 self.CCeraseflashbuffer();
967 print "Setting secret to %x" % value;
968 self.CCpokedatabyte(0xF000,value);
969 self.CCpokedatabyte(0xF800,value);
970 print "Setting secret to %x==%x" % (value,
971 self.CCpeekdatabyte(0xf000));
973 print "code[0]=%x" % self.CCpeekcodebyte(0);
975 """Get a secret word. Used by glitcher."""
976 secret=self.CCpeekcodebyte(0);
977 #print "Got secret %02x" % secret;
980 #FIXME: This is CC1110-specific and duplicates functionality of
981 # SmartRF7 integration.
1099 def getSPR(self,args=[]):
1100 """Get special function registers."""
1101 print "Special Function Registers:"
1104 print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1106 for e in self.CCspecfuncregs.keys():
1107 print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1109 def dump(self,file,start=0,stop=0xffff):
1110 """Dump an intel hex file from code memory."""
1111 print "Dumping code from %04x to %04x as %s." % (start,stop,file);
1115 h[i]=self.CCpeekcodebyte(i);
1117 print "Dumped %04x."%i;
1118 h.write_hex_file(file); #buffer to disk.
1120 h.write_hex_file(file);
1122 def flash(self,file):
1123 """Flash an intel hex file to code memory."""
1124 print "Flashing %s" % file;
1128 pagelen = self.CCpagesize(); #Varies by chip.
1130 #print "page=%04x, pagelen=%04x" % (page,pagelen);
1134 #Wipe the RAM buffer for the next flash page.
1135 self.CCeraseflashbuffer();
1136 for i in h._buf.keys():
1137 while(i>=page+pagelen):
1139 self.CCflashpage(page);
1140 #client.CCeraseflashbuffer();
1142 print "Flashed page at %06x" % page
1145 #Place byte into buffer.
1146 self.CCpokedatabyte(0xF000+i-page,
1150 print "Buffering %04x toward %06x" % (i,page);
1152 self.CCflashpage(page);
1153 print "Flashed final page at %06x" % page;