2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFET import GoodFET;
12 from intelhex import IntelHex;
14 import xml.dom.minidom, time;
16 class GoodFETCC(GoodFET):
17 """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
23 smartrfpath="/opt/smartrf7";
24 def loadsymbols(self):
25 try: self.SRF_loadsymbols();
27 if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath;
28 def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
29 fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
30 #print "Opening %s" % fn;
31 return xml.dom.minidom.parse(fn)
33 def CMDrs(self,args=[]):
34 """Chip command to grab the radio state."""
36 self.SRF_radiostate();
38 print "Error printing radio state.";
39 print "SmartRF not found at %s." % self.smartrfpath;
40 def SRF_bitfieldstr(self,bf):
47 for e in bf.childNodes:
48 if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
49 elif e.localName=="Start": start=e.childNodes[0].nodeValue;
50 elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
51 return " [%s:%s] %30s " % (start,stop,name);
52 def SRF_radiostate(self):
54 chip=self.CCversions.get(ident&0xFF00);
55 dom=self.SRF_chipdom(chip,"register_definition.xml");
56 for e in dom.getElementsByTagName("registerdefinition"):
57 for f in e.childNodes:
58 if f.localName=="DeviceName":
59 print "// %s RadioState" % (f.childNodes[0].nodeValue);
60 elif f.localName=="Register":
65 for g in f.childNodes:
66 if g.localName=="Name":
67 name=g.childNodes[0].nodeValue;
68 elif g.localName=="Address":
69 address=g.childNodes[0].nodeValue;
70 elif g.localName=="Description":
72 description=g.childNodes[0].nodeValue;
73 elif g.localName=="Bitfield":
74 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
75 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
76 print "%-10s=0x%02x; /* %-50s */" % (
77 name,self.CCpeekdatabyte(eval(address)), description);
78 if bitfields!="": print bitfields.rstrip();
79 def RF_setfreq(self,frequency):
80 """Set the frequency in Hz."""
81 #FIXME CC1110 specific
82 #Some frequencies fail, probably and FSCAL thing.
85 freq=int(hz/396.728515625);
88 freq1=(freq&0xFF00)>>8;
89 freq2=(freq&0xFF0000)>>16;
91 self.pokebysym("FREQ2",freq2);
92 self.pokebysym("FREQ1",freq1);
93 self.pokebysym("FREQ0",freq0);
95 self.pokebysym("TEST1",0x31);
96 self.pokebysym("TEST0",0x09);
99 #self.pokebysym("FSCAL2" , 0x2A); #above mid
100 self.pokebysym("FSCAL2" , 0x0A); #beneath mid
102 #self.CC_RFST_CAL(); #SCAL
106 def RF_getfreq(self):
107 """Get the frequency in Hz."""
108 #FIXME CC1110 specific
110 #return (2400+self.peek(0x05))*10**6
111 #self.poke(0x05,chan);
113 #freq2=self.CCpeekdatabyte(0xdf09);
114 #freq1=self.CCpeekdatabyte(0xdf0a);
115 #freq0=self.CCpeekdatabyte(0xdf0b);
118 freq2=self.peekbysym("FREQ2");
119 freq1=self.peekbysym("FREQ1");
120 freq0=self.peekbysym("FREQ0");
121 freq=(freq2<<16)+(freq1<<8)+freq0;
125 hz=freq*396.728515625;
128 lastshellcode="none";
129 def shellcodefile(self,filename,wait=1):
130 """Run a fragment of shellcode by name."""
131 #FIXME: should identify chip model number, use shellcode for that chip.
133 if self.lastshellcode!=filename:
134 self.lastshellcode=filename;
136 file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
137 path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
138 filename=path+filename;
141 h=IntelHex(filename);
142 for i in h._buf.keys():
143 self.CCpokedatabyte(i,h[i]);
146 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
148 while wait>0 and (0==self.CCstatus()&0x20):
151 #print "Waiting for shell code to return.";
154 return self.CCstatus()&0x20;
155 def shellcode(self,code,wait=1):
156 """Copy a block of code into RAM and execute it."""
160 self.pokebyte(0xF000+i,byte);
162 #print "Code loaded, executing."
163 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
165 while wait>0 and (0==self.CCstatus()&0x20):
168 #print "Waiting for shell code to return.";
170 def CC1110_crystal(self):
171 """Start the main crystal of the CC1110 oscillating, needed for radio use."""
172 code=[0x53, 0xBE, 0xFB, #anl SLEEP, #0xFB
174 0xE5, 0xBE, #mov a,SLEEP
175 0x30, 0xE6, 0xFB, #jnb acc.6, back
176 0x53, 0xc6, 0xB8, #anl CLKCON, #0xB8
178 0xE5, 0xC6, #mov a,CLKCON
179 0x20, 0xE6, 0xFB, #jb acc.6, two
180 0x43, 0xBE, 0x04, #orl SLEEP, #0x04
183 self.shellcode(code);
185 #Slower to load, but produced from C.
186 #self.shellcodefile("crystal.ihx");
189 """Move the radio to its idle state."""
193 #Chipcon RF strobes. CC1110 specific
198 def CC_RFST_IDLE(self):
199 """Switch the radio to idle mode, clearing overflows and errors."""
200 self.CC_RFST(self.RFST_IDLE);
201 def CC_RFST_TX(self):
202 """Switch the radio to TX mode."""
203 self.CC_RFST(self.RFST_TX);
204 def CC_RFST_RX(self):
205 """Switch the radio to RX mode."""
206 self.CC_RFST(self.RFST_RX);
207 def CC_RFST_CAL(self):
208 """Calibrate strobe the radio."""
209 self.CC_RFST(self.RFST_CAL);
210 def CC_RFST(self,state=RFST_IDLE):
212 self.pokebyte(RFST,state); #Return to idle state.
214 def config_dash7(self,band="lf"):
215 #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
216 #Waiting for official confirmation of the accuracy.
218 self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
219 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
221 #Don't change these while the radio is active.
222 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
223 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
224 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
225 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
227 if band=="ismeu" or band=="eu":
228 print "There is no official eu band for dash7."
229 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
230 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
231 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
232 elif band=="ismus" or band=="us":
233 print "There is no official us band for dash7."
234 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
235 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
236 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
237 elif band=="ismlf" or band=="lf":
238 # 433.9198 MHz, same as Simpliciti.
239 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
240 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
241 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
245 #Got a frequency, not a band.
246 self.RF_setfreq(eval(band));
247 self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter
248 self.pokebysym("MDMCFG3" , 0x3B)
249 self.pokebysym("MDMCFG2" , 0x11)
250 self.pokebysym("MDMCFG1" , 0x02)
251 self.pokebysym("MDMCFG0" , 0x53)
252 self.pokebysym("CHANNR" , 0x00) # Channel zero.
253 self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation
255 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
256 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
257 self.pokebysym("MCSM2" , 0x1E)
258 self.pokebysym("MCSM1" , 0x3F)
259 self.pokebysym("MCSM0" , 0x30)
260 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
261 self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate
263 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
264 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
265 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
267 self.pokebysym("TEST2" , 0x81) # Various test settings.
268 self.pokebysym("TEST1" , 0x35) # Various test settings.
269 self.pokebysym("TEST0" , 0x09) # Various test settings.
270 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
271 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
272 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
273 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
274 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
275 self.pokebysym("ADDR" , 0x01) # Device address.
276 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
278 self.pokebysym("SYNC1",0xD3);
279 self.pokebysym("SYNC0",0x91);
281 def config_iclicker(self,band="lf"):
282 #Mike Ossmann figured most of this out, with help from neighbors.
284 self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control.
285 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
287 #Don't change these while the radio is active.
288 self.pokebysym("FSCAL3" , 0xE9)
289 self.pokebysym("FSCAL2" , 0x2A)
290 self.pokebysym("FSCAL1" , 0x00)
291 self.pokebysym("FSCAL0" , 0x1F)
293 if band=="ismeu" or band=="eu":
294 print "The EU band is unknown.";
295 elif band=="ismus" or band=="us":
297 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
298 self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte.
299 self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte.
300 elif band=="ismlf" or band=="lf":
301 print "There is no LF version of the iclicker."
305 #Got a frequency, not a band.
306 self.RF_setfreq(eval(band));
307 # 812.5kHz bandwidth, 152.34 kbaud
308 self.pokebysym("MDMCFG4" , 0x1C)
309 self.pokebysym("MDMCFG3" , 0x80)
310 # no FEC, 2 byte preamble, 250kHz chan spacing
313 #self.pokebysym("MDMCFG2" , 0x01)
315 self.pokebysym("MDMCFG2" , 0x02)
317 self.pokebysym("MDMCFG1" , 0x03)
318 self.pokebysym("MDMCFG0" , 0x3b)
320 self.pokebysym("CHANNR" , 0x2e) # Channel zero.
322 #self.pokebysym("DEVIATN" , 0x71) # 118.5
323 self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation
325 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
326 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
327 self.pokebysym("MCSM2" , 0x07)
328 self.pokebysym("MCSM1" , 0x30) #Auto freq. cal.
329 self.pokebysym("MCSM0" , 0x14)
331 self.pokebysym("TEST2" , 0x88) #
332 self.pokebysym("TEST1" , 0x31) #
333 self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.)
334 self.pokebysym("PA_TABLE0", 0xC0) # Max output power.
335 self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status
336 self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len.
338 self.pokebysym("PKTLEN" , 0x09) # Packet length.
340 self.pokebysym("SYNC1",0xB0);
341 self.pokebysym("SYNC0",0xB0);
342 self.pokebysym("ADDR", 0xB0);
344 def config_ook(self,band="none"):
345 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
346 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
348 #Don't change these while the radio is active.
349 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
350 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
351 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
352 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
354 if band=="ismeu" or band=="eu":
355 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
356 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
357 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
358 elif band=="ismus" or band=="us":
359 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
360 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
361 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
362 elif band=="ismlf" or band=="lf":
363 self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
364 self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
365 self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
369 #Got a frequency, not a band.
370 self.RF_setfreq(eval(band));
373 #self.pokebysym("MDMCFG4" , 0x85)
374 #self.pokebysym("MDMCFG3" , 0x83)
376 #self.pokebysym("MDMCFG4" , 0xf4)
377 #self.pokebysym("MDMCFG3" , 0x43)
379 #self.pokebysym("MDMCFG4" , 0xf6)
380 #self.pokebysym("MDMCFG3" , 0x83)
383 print "Warning: Default to 9.6kbaud.";
384 self.pokebysym("MDMCFG4" , 0xf8)
385 self.pokebysym("MDMCFG3" , 0x83)
388 self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense in leiu of sync.
389 self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
390 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
391 self.pokebysym("CHANNR" , 0x00) # Channel number.
393 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
394 self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
395 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
396 #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
397 #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
399 #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
400 #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
401 #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
403 self.pokebysym("TEST2" , 0x81) # Various test settings.
404 self.pokebysym("TEST1" , 0x35) # Various test settings.
405 self.pokebysym("TEST0" , 0x0B) # Various test settings.
406 self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
407 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
408 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
409 #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
410 self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
411 self.pokebysym("ADDR" , 0x01) # Device address.
412 self.pokebysym("PKTLEN" , 0x20) # Packet length.
414 self.pokebysym("SYNC1",0xD3);
415 self.pokebysym("SYNC0",0x91);
417 def config_simpliciti(self,band="none"):
418 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
419 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
421 #Don't change these while the radio is active.
422 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
423 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
424 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
425 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
427 if band=="ismeu" or band=="eu":
428 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
429 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
430 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
431 elif band=="ismus" or band=="us":
432 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
433 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
434 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
435 elif band=="ismlf" or band=="lf":
436 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
437 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
438 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
442 #Got a frequency, not a band.
443 self.RF_setfreq(eval(band));
444 self.pokebysym("MDMCFG4" , 0x7B) # Modem configuration.
445 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
446 self.pokebysym("MDMCFG2" , 0x13) # Modem configuration.
447 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
448 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
449 if band=="ismus" or band=="us":
450 self.pokebysym("CHANNR" , 20) # Channel number.
452 self.pokebysym("CHANNR" , 0x00) # Channel number.
453 self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled).
455 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
456 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
457 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
458 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
459 self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
461 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
462 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
463 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
465 self.pokebysym("TEST2" , 0x81) # Various test settings.
466 self.pokebysym("TEST1" , 0x35) # Various test settings.
467 self.pokebysym("TEST0" , 0x09) # Various test settings.
468 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
469 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
470 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
471 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
472 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
473 self.pokebysym("ADDR" , 0x01) # Device address.
474 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
476 self.pokebysym("SYNC1",0xD3);
477 self.pokebysym("SYNC0",0x91);
479 def RF_carrier(self):
480 """Hold a carrier wave on the present frequency."""
482 self.CC1110_crystal(); #FIXME, '1110 specific.
488 self.config_simpliciti();
490 #Don't change these while the radio is active.
491 #self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
492 #self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
493 #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
494 #self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
497 #self.pokebysym("PA_TABLE0", 0xFF) # PA output power setting.
499 #This is what drops to OOK.
500 #Comment to keep GFSK, might be better at jamming.
501 self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
502 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
503 self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
504 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
505 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
508 self.pokebysym("SYNC1",0xAA);
509 self.pokebysym("SYNC0",0xAA);
513 #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
516 while((state!=0x13)):
517 self.pokebyte(RFST,0x03); #RFST=RFST_STX
519 state=self.peekbysym("MARCSTATE")&0x1F;
520 #print "state=%02x" % state;
521 print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
525 def RF_getsmac(self):
526 """Return the source MAC address."""
528 #Register 0A is RX_ADDR_P0, five bytes.
529 mac=self.peekbysym("ADDR");
531 def RF_setsmac(self,mac):
532 """Set the source MAC address."""
533 self.pokebysym("ADDR",mac);
535 def RF_gettmac(self):
536 """Return the target MAC address."""
538 def RF_settmac(self,mac):
539 """Set the target MAC address."""
541 def RF_rxpacket(self):
542 """Get a packet from the radio. Returns None if none is waiting."""
543 self.shellcodefile("rxpacket.ihx");
544 len=self.peek8(0xFE00,"xdata");
545 return self.peekblock(0xFE00,len+3,"data");
546 def RF_txpacket(self,packet):
547 """Transmit a packet. Untested."""
549 self.pokeblock(0xFE00,packet,"data");
550 self.shellcodefile("txpacket.ihx");
552 def RF_txrxpacket(self,packet):
553 """Transmit a packet. Untested."""
555 self.pokeblock(0xFE00,packet,"data");
556 self.shellcodefile("txrxpacket.ihx");
557 len=self.peek8(0xFE00,"xdata");
558 return self.peekblock(0xFE00,len+3,"data");
560 def RF_getrssi(self):
561 """Returns the received signal strenght, with a weird offset."""
563 rssireg=self.symbols.get("RSSI");
564 return self.CCpeekdatabyte(rssireg)^0x80;
566 if self.verbose>0: print "RSSI reg doesn't exist.";
568 #RSSI doesn't exist on 2.4GHz devices. Maybe RSSIL and RSSIH?
569 rssilreg=self.symbols.get("RSSIL");
570 rssil=self.CCpeekdatabyte(rssilreg);
571 rssihreg=self.symbols.get("RSSIL");
572 rssih=self.CCpeekdatabyte(rssihreg);
573 return (rssih<<8)|rssil;
575 if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
581 def SRF_loadsymbols(self):
582 ident=self.CCident();
583 chip=self.CCversions.get(ident&0xFF00);
584 dom=self.SRF_chipdom(chip,"register_definition.xml");
585 for e in dom.getElementsByTagName("registerdefinition"):
586 for f in e.childNodes:
587 if f.localName=="Register":
592 for g in f.childNodes:
593 if g.localName=="Name":
594 name=g.childNodes[0].nodeValue;
595 elif g.localName=="Address":
596 address=g.childNodes[0].nodeValue;
597 elif g.localName=="Description":
599 description=g.childNodes[0].nodeValue;
600 elif g.localName=="Bitfield":
601 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
602 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
603 self.symbols.define(eval(address),name,description,"data");
609 self.writecmd(self.APP,0x86,0,self.data);
612 def CCreleasecpu(self):
613 """Resume the CPU."""
614 self.writecmd(self.APP,0x87,0,self.data);
618 #print "Status: %s" % self.CCstatusstr();
620 #Grab ident three times, should be equal.
621 ident1=self.CCident();
622 ident2=self.CCident();
623 ident3=self.CCident();
624 if(ident1!=ident2 or ident2!=ident3):
625 print "Error, repeated ident attempts unequal."
626 print "%04x, %04x, %04x" % (ident1, ident2, ident3);
628 #Single step, printing PC.
629 print "Tracing execution at startup."
630 for i in range(1,15):
632 byte=self.CCpeekcodebyte(i);
633 #print "PC=%04x, %02x" % (pc, byte);
636 print "Verifying that debugging a NOP doesn't affect the PC."
637 for i in range(1,15):
639 self.CCdebuginstr([0x00]);
640 if(pc!=self.CCgetPC()):
641 print "ERROR: PC changed during CCdebuginstr([NOP])!";
643 print "Checking pokes to XRAM."
644 for i in range(0xf000,0xf020):
645 self.CCpokedatabyte(i,0xde);
646 if(self.CCpeekdatabyte(i)!=0xde):
647 print "Error in XDATA at 0x%04x" % i;
649 #print "Status: %s." % self.CCstatusstr();
655 """Move the FET into the CC2430/CC2530 application."""
656 #print "Initializing Chipcon.";
657 self.writecmd(self.APP,0x10,0,self.data);
658 def CCrd_config(self):
659 """Read the config register of a Chipcon."""
660 self.writecmd(self.APP,0x82,0,self.data);
661 return ord(self.data[0]);
662 def CCwr_config(self,config):
663 """Write the config register of a Chipcon."""
664 self.writecmd(self.APP,0x81,1,[config&0xFF]);
665 def CClockchip(self):
666 """Set the flash lock bit in info mem."""
667 self.writecmd(self.APP, 0x9A, 0, None);
669 """Set the flash lock bit in info mem."""
673 CCversions={0x0100:"cc1110",
679 0xA500:"cc2530", #page 52 of SWRU191
682 CCpagesizes={0x01: 1024, #"CC1110",
683 0x11: 1024, #"CC1111",
684 0x85: 2048, #"CC2430",
685 0x89: 2048, #"CC2431",
686 0x81: 1024, #"CC2510",
687 0x91: 1024, #"CC2511",
688 0xA5: 2048, #"CC2530", #page 52 of SWRU191
689 0xB5: 2048, #"CC2531",
690 0xFF: 0 } #"CCmissing"};
691 def infostring(self):
692 return self.CCidentstr();
693 def CCidentstr(self):
694 ident=self.CCident();
695 chip=self.CCversions.get(ident&0xFF00);
696 pagesize=self.CCpagesizes.get(ident>0xFF);
698 return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
700 return "%04x" % ident;
702 """Get a chipcon's ID."""
703 self.writecmd(self.APP,0x8B,0,None);
704 chip=ord(self.data[0]);
705 rev=ord(self.data[1]);
706 return (chip<<8)+rev;
707 def CCpagesize(self):
708 """Get a chipcon's ID."""
709 self.writecmd(self.APP,0x8B,0,None);
710 chip=ord(self.data[0]);
711 size=self.CCpagesizes.get(chip);
713 print "ERROR: Pagesize undefined.";
714 print "chip=%0.4x" %chip;
719 return self.CCgetPC();
721 """Get a chipcon's PC."""
722 self.writecmd(self.APP,0x83,0,None);
723 hi=ord(self.data[0]);
724 lo=ord(self.data[1]);
726 def CCcmd(self,phrase):
727 self.writecmd(self.APP,0x00,len(phrase),phrase);
728 val=ord(self.data[0]);
729 print "Got %02x" % val;
731 def CCdebuginstr(self,instr):
732 self.writecmd(self.APP,0x88,len(instr),instr);
733 return ord(self.data[0]);
734 #def peekblock(self,adr,length,memory="vn"):
735 # """Return a block of data, broken"""
736 # data=[adr&0xff, (adr&0xff00)>>8,
737 # length&0xFF,(length&0xFF00)>>8];
738 # self.writecmd(self.APP,0x91,4,data);
739 # return [ord(x) for x in self.data]
740 def peek8(self,address, memory="code"):
741 if(memory=="code" or memory=="flash" or memory=="vn"):
742 return self.CCpeekcodebyte(address);
743 elif(memory=="data" or memory=="xdata" or memory=="ram"):
744 return self.CCpeekdatabyte(address);
745 elif(memory=="idata" or memory=="iram"):
746 return self.CCpeekirambyte(address);
747 print "%s is an unknown memory." % memory;
749 def CCpeekcodebyte(self,adr):
750 """Read the contents of code memory at an address."""
751 self.data=[adr&0xff, (adr&0xff00)>>8];
752 self.writecmd(self.APP,0x90,2,self.data);
753 return ord(self.data[0]);
754 def CCpeekdatabyte(self,adr):
755 """Read the contents of data memory at an address."""
756 self.data=[adr&0xff, (adr&0xff00)>>8];
757 self.writecmd(self.APP,0x91, 2, self.data);
758 return ord(self.data[0]);
759 def CCpeekirambyte(self,adr):
760 """Read the contents of IRAM at an address."""
761 self.data=[adr&0xff];
762 self.writecmd(self.APP,0x02, 1, self.data);
763 return ord(self.data[0]);
764 def CCpeekiramword(self,adr):
765 """Read the little-endian contents of IRAM at an address."""
766 return self.CCpeekirambyte(adr)+(
767 self.CCpeekirambyte(adr+1)<<8);
768 def CCpokeiramword(self,adr,val):
769 self.CCpokeirambyte(adr,val&0xff);
770 self.CCpokeirambyte(adr+1,(val>>8)&0xff);
771 def CCpokeirambyte(self,adr,val):
772 """Write the contents of IRAM at an address."""
773 self.data=[adr&0xff, val&0xff];
774 self.writecmd(self.APP,0x02, 2, self.data);
775 return ord(self.data[0]);
776 def pokebyte(self,adr,val,mem="xdata"):
777 self.CCpokedatabyte(adr,val);
778 def CCpokedatabyte(self,adr,val):
779 """Write a byte to data memory."""
780 self.data=[adr&0xff, (adr&0xff00)>>8, val];
781 self.writecmd(self.APP, 0x92, 3, self.data);
782 return ord(self.data[0]);
783 def CCchiperase(self):
784 """Erase all of the target's memory."""
785 self.writecmd(self.APP,0x80,0,None);
787 """Erase all of the target's memory."""
792 """Check the status."""
793 self.writecmd(self.APP,0x84,0,None);
794 return ord(self.data[0])
796 CCstatusbits={0x80 : "erase_busy",
800 0x08 : "halt_status",
805 CCconfigbits={0x20 : "soft_power_mode", #new for CC2530
808 0x02 : "timer_suspend",
809 0x01 : "sel_flash_info_page" #stricken from CC2530
813 """Check the status as a string."""
814 status=self.CCstatus();
819 str="%s %s" %(self.CCstatusbits[i],str);
823 """Start debugging."""
825 self.writecmd(self.APP,0x20,0,self.data);
826 ident=self.CCident();
827 if ident==0xFFFF or ident==0x0000:
828 self.writecmd(self.APP,0x20,0,self.data);
829 ident=self.CCident();
832 #print "Target identifies as %s." % ident;
833 #print "Status: %s." % self.status();
836 #Get SmartRF Studio regs if they exist.
840 """Stop debugging."""
841 self.writecmd(self.APP,0x21,0,self.data);
842 def CCstep_instr(self):
843 """Step one instruction."""
844 self.writecmd(self.APP,0x89,0,self.data);
845 def CCeraseflashbuffer(self):
846 """Erase the 2kB flash buffer"""
847 self.writecmd(self.APP,0x99);
848 def CCflashpage(self,adr):
849 """Flash 2kB a page of flash from 0xF000 in XDATA"""
854 print "Flashing buffer to 0x%06x" % adr;
855 self.writecmd(self.APP,0x95,4,data);
857 def setsecret(self,value):
858 """Set a secret word for later retreival. Used by glitcher."""
860 pagelen = self.CCpagesize(); #Varies by chip.
861 print "page=%04x, pagelen=%04x" % (page,pagelen);
863 self.CCeraseflashbuffer();
864 print "Setting secret to %x" % value;
865 self.CCpokedatabyte(0xF000,value);
866 self.CCpokedatabyte(0xF800,value);
867 print "Setting secret to %x==%x" % (value,
868 self.CCpeekdatabyte(0xf000));
870 print "code[0]=%x" % self.CCpeekcodebyte(0);
872 """Get a secret word. Used by glitcher."""
873 secret=self.CCpeekcodebyte(0);
874 #print "Got secret %02x" % secret;
877 def dump(self,file,start=0,stop=0xffff):
878 """Dump an intel hex file from code memory."""
879 print "Dumping code from %04x to %04x as %s." % (start,stop,file);
883 h[i]=self.CCpeekcodebyte(i);
885 print "Dumped %04x."%i;
886 h.write_hex_file(file); #buffer to disk.
888 h.write_hex_file(file);
890 def flash(self,file):
891 """Flash an intel hex file to code memory."""
892 print "Flashing %s" % file;
896 pagelen = self.CCpagesize(); #Varies by chip.
898 #print "page=%04x, pagelen=%04x" % (page,pagelen);
902 #Wipe the RAM buffer for the next flash page.
903 self.CCeraseflashbuffer();
904 for i in h._buf.keys():
905 while(i>=page+pagelen):
907 self.CCflashpage(page);
908 #client.CCeraseflashbuffer();
910 print "Flashed page at %06x" % page
913 #Place byte into buffer.
914 self.CCpokedatabyte(0xF000+i-page,
918 print "Buffering %04x toward %06x" % (i,page);
920 self.CCflashpage(page);
921 print "Flashed final page at %06x" % page;
projects / goodfet / blob