2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFET import GoodFET;
12 from intelhex import IntelHex;
14 import xml.dom.minidom, time, os;
16 class GoodFETCC(GoodFET):
17 """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
21 def __init__(self,filename=None):
22 """GoodFETCC constructor.
23 Mostly concerned with finding SmartRF7."""
24 if self.smartrfpath==None:
25 self.smartrfpath=os.environ.get("SMARTRF");
26 if self.smartrfpath==None and os.name=='nt':
27 self.smartrfpath="c:/Program Files/Texas Instruments/SmartRF Tools/SmartRF Studio 7";
28 if self.smartrfpath==None:
29 self.smartrfpath="/opt/smartrf7";
32 def loadsymbols(self):
33 try: self.SRF_loadsymbols();
35 print "SmartRF not found at %s." % self.smartrfpath;
36 def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
37 """Loads the chip XML definitions from SmartRF7."""
38 fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
39 #print "Opening %s" % fn;
40 return xml.dom.minidom.parse(fn)
42 def CMDrs(self,args=[]):
43 """Chip command to grab the radio state."""
45 self.SRF_radiostate();
47 # print "Error printing radio state.";
48 # print "SmartRF not found at %s." % self.smartrfpath;
49 def SRF_bitfieldstr(self,bf):
56 for e in bf.childNodes:
57 if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
58 elif e.localName=="Start": start=e.childNodes[0].nodeValue;
59 elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
60 return " [%s:%s] %30s " % (start,stop,name);
62 def SRF_radiostate(self):
64 chip=self.CCversions.get(ident&0xFF00);
65 dom=self.SRF_chipdom(chip,"register_definition.xml");
66 for e in dom.getElementsByTagName("registerdefinition"):
67 for f in e.childNodes:
68 if f.localName=="DeviceName":
69 print "// %s RadioState" % (f.childNodes[0].nodeValue);
70 elif f.localName=="Register":
75 for g in f.childNodes:
76 if g.localName=="Name":
77 name=g.childNodes[0].nodeValue;
78 elif g.localName=="Address":
79 address=g.childNodes[0].nodeValue;
80 elif g.localName=="Description":
82 description=g.childNodes[0].nodeValue;
83 elif g.localName=="Bitfield":
84 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
85 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
86 print "%-10s=0x%02x; /* %-50s */" % (
87 name,self.CCpeekdatabyte(eval(address)), description);
88 if bitfields!="": print bitfields.rstrip();
90 def SRF_radiostate_select(self,args=[]):
93 chip=self.CCversions.get(ident&0xFF00);
94 dom=self.SRF_chipdom(chip,"register_definition.xml");
96 if reg.lower() == "help":
99 lreg.append(reg.lower())
100 for e in dom.getElementsByTagName("registerdefinition"):
101 for f in e.childNodes:
102 if f.localName=="DeviceName":
103 print "// %s RadioState" % (f.childNodes[0].nodeValue);
104 elif f.localName=="Register":
109 for g in f.childNodes:
110 if g.localName=="Name":
111 name=g.childNodes[0].nodeValue;
112 elif g.localName=="Address":
113 address=g.childNodes[0].nodeValue;
114 elif g.localName=="Description":
116 description=g.childNodes[0].nodeValue;
117 elif g.localName=="Bitfield":
118 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
119 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
121 print "%-10s /* %-50s */" % (name, description);
122 elif name.lower() in lreg:
123 print "%-10s=0x%02x; /* %-50s */" % (
124 name,self.CCpeekdatabyte(eval(address)), description);
125 if bitfields!="": print bitfields.rstrip();
127 def RF_setfreq(self,frequency):
128 """Set the frequency in Hz."""
129 #FIXME CC1110 specific
130 #Some frequencies fail, probably and FSCAL thing.
133 freq=int(hz/396.728515625);
136 freq1=(freq&0xFF00)>>8;
137 freq2=(freq&0xFF0000)>>16;
139 self.pokebysym("FREQ2",freq2);
140 self.pokebysym("FREQ1",freq1);
141 self.pokebysym("FREQ0",freq0);
143 self.pokebysym("TEST1",0x31);
144 self.pokebysym("TEST0",0x09);
147 #self.pokebysym("FSCAL2" , 0x2A); #above mid
148 self.pokebysym("FSCAL2" , 0x0A); #beneath mid
150 #self.CC_RFST_CAL(); #SCAL
154 def RF_getfreq(self):
155 """Get the frequency in Hz."""
156 #FIXME CC1110 specific
158 #return (2400+self.peek(0x05))*10**6
159 #self.poke(0x05,chan);
161 #freq2=self.CCpeekdatabyte(0xdf09);
162 #freq1=self.CCpeekdatabyte(0xdf0a);
163 #freq0=self.CCpeekdatabyte(0xdf0b);
166 freq2=self.peekbysym("FREQ2");
167 freq1=self.peekbysym("FREQ1");
168 freq0=self.peekbysym("FREQ0");
169 freq=(freq2<<16)+(freq1<<8)+freq0;
173 hz=freq*396.728515625;
177 def RF_getchannel(self):
178 """Get the hex channel."""
179 #FIXME CC1110 specific
182 freq2=self.peekbysym("FREQ2");
183 freq1=self.peekbysym("FREQ1");
184 freq0=self.peekbysym("FREQ0");
185 freq=(freq2<<16)+(freq1<<8)+freq0;
192 lastshellcode="none";
193 def shellcodefile(self,filename,wait=1, alwaysreload=0):
194 """Run a fragment of shellcode by name."""
195 #FIXME: should identify chip model number, use shellcode for that chip.
197 if self.lastshellcode!=filename or alwaysreload>0:
198 self.lastshellcode=filename;
200 file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
201 #TODO make this generic
202 path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
203 filename=path+filename;
206 h=IntelHex(filename);
207 for i in h._buf.keys():
208 self.CCpokedatabyte(i,h[i]);
211 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
213 while wait>0 and (0==self.CCstatus()&0x20):
216 #print "Waiting for shell code to return.";
219 return self.CCstatus()&0x20;
220 def shellcode(self,code,wait=1):
221 """Copy a block of code into RAM and execute it."""
225 self.pokebyte(0xF000+i,byte);
227 #print "Code loaded, executing."
228 self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
230 while wait>0 and (0==self.CCstatus()&0x20):
233 #print "Waiting for shell code to return.";
235 def CC1110_crystal(self):
236 """Start the main crystal of the CC1110 oscillating, needed for radio use."""
237 code=[0x53, 0xBE, 0xFB, #anl SLEEP, #0xFB
239 0xE5, 0xBE, #mov a,SLEEP
240 0x30, 0xE6, 0xFB, #jnb acc.6, back
241 0x53, 0xc6, 0xB8, #anl CLKCON, #0xB8
243 0xE5, 0xC6, #mov a,CLKCON
244 0x20, 0xE6, 0xFB, #jb acc.6, two
245 0x43, 0xBE, 0x04, #orl SLEEP, #0x04
248 self.shellcode(code);
250 #Slower to load, but produced from C.
251 #self.shellcodefile("crystal.ihx");
254 """Move the radio to its idle state."""
258 #Chipcon RF strobes. CC1110 specific
263 def CC_RFST_IDLE(self):
264 """Switch the radio to idle mode, clearing overflows and errors."""
265 self.CC_RFST(self.RFST_IDLE);
266 def CC_RFST_TX(self):
267 """Switch the radio to TX mode."""
268 self.CC_RFST(self.RFST_TX);
269 def CC_RFST_RX(self):
270 """Switch the radio to RX mode."""
271 self.CC_RFST(self.RFST_RX);
272 def CC_RFST_CAL(self):
273 """Calibrate strobe the radio."""
274 self.CC_RFST(self.RFST_CAL);
275 def CC_RFST(self,state=RFST_IDLE):
277 self.pokebyte(RFST,state); #Return to idle state.
279 def config_dash7(self,band="lf"):
280 #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
281 #Waiting for official confirmation of the accuracy.
283 self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
284 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
286 #Don't change these while the radio is active.
287 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
288 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
289 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
290 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
292 if band=="ismeu" or band=="eu":
293 print "There is no official eu band for dash7."
294 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
295 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
296 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
297 elif band=="ismus" or band=="us":
298 print "There is no official us band for dash7."
299 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
300 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
301 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
302 elif band=="ismlf" or band=="lf":
303 # 433.9198 MHz, same as Simpliciti.
304 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
305 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
306 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
310 #Got a frequency, not a band.
311 self.RF_setfreq(eval(band));
312 self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter
313 self.pokebysym("MDMCFG3" , 0x3B)
314 self.pokebysym("MDMCFG2" , 0x11)
315 self.pokebysym("MDMCFG1" , 0x02)
316 self.pokebysym("MDMCFG0" , 0x53)
317 self.pokebysym("CHANNR" , 0x00) # Channel zero.
318 self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation
320 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
321 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
322 self.pokebysym("MCSM2" , 0x1E)
323 self.pokebysym("MCSM1" , 0x3F)
324 self.pokebysym("MCSM0" , 0x30)
325 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
326 self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate
328 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
329 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
330 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
332 self.pokebysym("TEST2" , 0x81) # Various test settings.
333 self.pokebysym("TEST1" , 0x35) # Various test settings.
334 self.pokebysym("TEST0" , 0x09) # Various test settings.
335 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
336 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
337 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
338 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
339 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
340 self.pokebysym("ADDR" , 0x01) # Device address.
341 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
344 self.pokebysym("SYNC1",0x83);
345 self.pokebysym("SYNC0",0xFE);
347 def config_iclicker(self,band="lf"):
348 #Mike Ossmann figured most of this out, with help from neighbors.
350 self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control.
351 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
353 #Don't change these while the radio is active.
354 self.pokebysym("FSCAL3" , 0xE9)
355 self.pokebysym("FSCAL2" , 0x2A)
356 self.pokebysym("FSCAL1" , 0x00)
357 self.pokebysym("FSCAL0" , 0x1F)
359 if band=="ismeu" or band=="eu":
360 print "The EU band is unknown.";
361 elif band=="ismus" or band=="us":
363 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
364 self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte.
365 self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte.
366 elif band=="ismlf" or band=="lf":
367 print "There is no LF version of the iclicker."
371 #Got a frequency, not a band.
372 self.RF_setfreq(eval(band));
373 # 812.5kHz bandwidth, 152.34 kbaud
374 self.pokebysym("MDMCFG4" , 0x1C)
375 self.pokebysym("MDMCFG3" , 0x80)
376 # no FEC, 2 byte preamble, 250kHz chan spacing
379 #self.pokebysym("MDMCFG2" , 0x01)
381 self.pokebysym("MDMCFG2" , 0x02)
383 self.pokebysym("MDMCFG1" , 0x03)
384 self.pokebysym("MDMCFG0" , 0x3b)
386 self.pokebysym("CHANNR" , 0x2e) # Channel zero.
388 #self.pokebysym("DEVIATN" , 0x71) # 118.5
389 self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation
391 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
392 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
393 self.pokebysym("MCSM2" , 0x07)
394 self.pokebysym("MCSM1" , 0x30) #Auto freq. cal.
395 self.pokebysym("MCSM0" , 0x14)
397 self.pokebysym("TEST2" , 0x88) #
398 self.pokebysym("TEST1" , 0x31) #
399 self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.)
400 self.pokebysym("PA_TABLE0", 0xC0) # Max output power.
401 self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status
402 self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len.
404 self.pokebysym("PKTLEN" , 0x09) # Packet length.
406 self.pokebysym("SYNC1",0xB0);
407 self.pokebysym("SYNC0",0xB0);
408 self.pokebysym("ADDR", 0xB0);
410 def config_ook(self,band="none"):
411 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
412 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
414 #Don't change these while the radio is active.
415 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
416 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
417 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
418 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
420 if band=="ismeu" or band=="eu":
421 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
422 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
423 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
424 elif band=="ismus" or band=="us":
425 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
426 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
427 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
428 elif band=="ismlf" or band=="lf":
429 self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
430 self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
431 self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
435 #Got a frequency, not a band.
436 self.RF_setfreq(eval(band));
440 #self.pokebysym("MDMCFG4" , 0x85)
441 #self.pokebysym("MDMCFG3" , 0x83)
443 #self.pokebysym("MDMCFG4" , 0xf4)
444 #self.pokebysym("MDMCFG3" , 0x43)
446 #self.pokebysym("MDMCFG4" , 0xf6)
447 #self.pokebysym("MDMCFG3" , 0x83)
450 #print "Warning: Default to 4.8kbaud.";
451 #self.pokebysym("MDMCFG4" , 0xf7)
452 #self.pokebysym("MDMCFG3" , 0x83)
454 #print "Warning: Default to 9.6kbaud.";
457 self.pokebysym("MDMCFG4" , 0xf8)
458 self.pokebysym("MDMCFG3" , 0x83)
459 self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester
461 #Kind aright for keeloq
462 print "Warning: Guessing baud rate.";
463 #self.pokebysym("MDMCFG4" , 0xf6)
464 #self.pokebysym("MDMCFG3" , 0x93)
465 #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester
467 self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
468 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
469 self.pokebysym("CHANNR" , 0x00) # Channel number.
471 self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
472 self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
473 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
474 #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
475 #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
477 #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
478 #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
479 #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
481 self.pokebysym("TEST2" , 0x81) # Various test settings.
482 self.pokebysym("TEST1" , 0x35) # Various test settings.
483 self.pokebysym("TEST0" , 0x0B) # Various test settings.
484 self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
485 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
486 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
487 #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
488 self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
489 self.pokebysym("ADDR" , 0x01) # Device address.
490 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
492 self.pokebysym("SYNC1",0xD3);
493 self.pokebysym("SYNC0",0x91);
495 def config_simpliciti(self,band="none"):
496 self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
497 self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
499 #Don't change these while the radio is active.
500 self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
501 self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
502 self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
503 self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
505 if band=="ismeu" or band=="eu":
506 self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
507 self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
508 self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
509 elif band=="ismus" or band=="us":
510 self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
511 self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
512 self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
513 elif band=="ismlf" or band=="lf":
514 self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
515 self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
516 self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
520 #Got a frequency, not a band.
521 self.RF_setfreq(eval(band));
522 self.pokebysym("MDMCFG4" , 0x7B) # Modem configuration.
523 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
524 self.pokebysym("MDMCFG2" , 0x13) # Modem configuration.
525 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
526 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
527 if band=="ismus" or band=="us":
528 self.pokebysym("CHANNR" , 20) # Channel number.
530 self.pokebysym("CHANNR" , 0x00) # Channel number.
531 self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled).
533 self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
534 self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
535 self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
536 self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
537 self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
539 self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
540 self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
541 self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
543 self.pokebysym("TEST2" , 0x81) # Various test settings.
544 self.pokebysym("TEST1" , 0x35) # Various test settings.
545 self.pokebysym("TEST0" , 0x09) # Various test settings.
546 self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
547 self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
548 #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
549 self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
550 #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
551 self.pokebysym("ADDR" , 0x01) # Device address.
552 self.pokebysym("PKTLEN" , 0xFF) # Packet length.
554 self.pokebysym("SYNC1",0xD3);
555 self.pokebysym("SYNC0",0x91);
557 def RF_carrier(self):
558 """Hold a carrier wave on the present frequency."""
560 self.CC1110_crystal(); #FIXME, '1110 specific.
566 self.config_simpliciti();
568 #Don't change these while the radio is active.
569 #self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
570 #self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
571 #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
572 #self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
575 #self.pokebysym("PA_TABLE0", 0xFF) # PA output power setting.
577 #This is what drops to OOK.
578 #Comment to keep GFSK, might be better at jamming.
579 self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
580 self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
581 self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
582 self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
583 self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
585 self.pokebysym("SYNC1",0xAA);
586 self.pokebysym("SYNC0",0xAA);
588 #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
591 while((state!=0x13)):
592 self.pokebyte(RFST,0x03); #RFST=RFST_STX
594 state=self.peekbysym("MARCSTATE")&0x1F;
595 #print "state=%02x" % state;
596 print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
600 def RF_getsmac(self):
601 """Return the source MAC address."""
603 #Register 0A is RX_ADDR_P0, five bytes.
604 mac=self.peekbysym("ADDR");
606 def RF_setsmac(self,mac):
607 """Set the source MAC address."""
608 self.pokebysym("ADDR",mac);
610 def RF_gettmac(self):
611 """Return the target MAC address."""
613 def RF_settmac(self,mac):
614 """Set the target MAC address."""
616 def RF_rxpacket(self):
617 """Get a packet from the radio. Returns None if none is waiting."""
618 self.shellcodefile("rxpacket.ihx");
619 len=self.peek8(0xFE00,"xdata");
620 return self.peekblock(0xFE00,len+3,"data");
621 def RF_txpacket(self,packet):
622 """Transmit a packet. Untested."""
624 self.pokeblock(0xFE00,packet,"data");
625 self.shellcodefile("txpacket.ihx");
627 def RF_txrxpacket(self,packet):
628 """Transmit a packet. Untested."""
630 self.pokeblock(0xFE00,packet,"data");
631 self.shellcodefile("txrxpacket.ihx");
632 len=self.peek8(0xFE00,"xdata");
633 return self.peekblock(0xFE00,len+3,"data");
635 def RF_getrssi(self):
636 """Returns the received signal strenght, with a weird offset."""
638 rssireg=self.symbols.get("RSSI");
639 return self.CCpeekdatabyte(rssireg)^0x80;
641 if self.verbose>0: print "RSSI reg doesn't exist.";
643 #RSSI doesn't exist on some 2.4GHz devices. Maybe RSSIL and RSSIH?
644 rssilreg=self.symbols.get("RSSIL");
645 rssil=self.CCpeekdatabyte(rssilreg);
646 rssihreg=self.symbols.get("RSSIL");
647 rssih=self.CCpeekdatabyte(rssihreg);
648 return (rssih<<8)|rssil;
650 if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
654 def SRF_loadsymbols(self):
655 ident=self.CCident();
656 chip=self.CCversions.get(ident&0xFF00);
657 dom=self.SRF_chipdom(chip,"register_definition.xml");
658 for e in dom.getElementsByTagName("registerdefinition"):
659 for f in e.childNodes:
660 if f.localName=="Register":
665 for g in f.childNodes:
666 if g.localName=="Name":
667 name=g.childNodes[0].nodeValue;
668 elif g.localName=="Address":
669 address=g.childNodes[0].nodeValue;
670 elif g.localName=="Description":
672 description=g.childNodes[0].nodeValue;
673 elif g.localName=="Bitfield":
674 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
675 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
676 self.symbols.define(eval(address),name,description,"data");
682 self.writecmd(self.APP,0x86,0,self.data);
685 def CCreleasecpu(self):
686 """Resume the CPU."""
687 self.writecmd(self.APP,0x87,0,self.data);
691 #print "Status: %s" % self.CCstatusstr();
693 #Grab ident three times, should be equal.
694 ident1=self.CCident();
695 ident2=self.CCident();
696 ident3=self.CCident();
697 if(ident1!=ident2 or ident2!=ident3):
698 print "Error, repeated ident attempts unequal."
699 print "%04x, %04x, %04x" % (ident1, ident2, ident3);
701 #Single step, printing PC.
702 print "Tracing execution at startup."
703 for i in range(1,15):
705 byte=self.CCpeekcodebyte(i);
706 #print "PC=%04x, %02x" % (pc, byte);
709 print "Verifying that debugging a NOP doesn't affect the PC."
710 for i in range(1,15):
712 self.CCdebuginstr([0x00]);
713 if(pc!=self.CCgetPC()):
714 print "ERROR: PC changed during CCdebuginstr([NOP])!";
716 print "Checking pokes to XRAM."
717 for i in range(0xf000,0xf020):
718 self.CCpokedatabyte(i,0xde);
719 if(self.CCpeekdatabyte(i)!=0xde):
720 print "Error in XDATA at 0x%04x" % i;
722 #print "Status: %s." % self.CCstatusstr();
728 """Move the FET into the CC2430/CC2530 application."""
729 #print "Initializing Chipcon.";
730 self.writecmd(self.APP,0x10,0,self.data);
731 def CCrd_config(self):
732 """Read the config register of a Chipcon."""
733 self.writecmd(self.APP,0x82,0,self.data);
734 return ord(self.data[0]);
735 def CCwr_config(self,config):
736 """Write the config register of a Chipcon."""
737 self.writecmd(self.APP,0x81,1,[config&0xFF]);
738 def CClockchip(self):
739 """Set the flash lock bit in info mem."""
740 self.writecmd(self.APP, 0x9A, 0, None);
742 """Set the flash lock bit in info mem."""
746 CCversions={0x0100:"cc1110",
752 0xA500:"cc2530", #page 57 of SWRU191B
757 CCpagesizes={0x01: 1024, #"CC1110",
758 0x11: 1024, #"CC1111",
759 0x85: 2048, #"CC2430",
760 0x89: 2048, #"CC2431",
761 0x81: 1024, #"CC2510",
762 0x91: 1024, #"CC2511",
763 0xA5: 2048, #"CC2530", #page 57 of SWRU191B
764 0xB5: 2048, #"CC2531",
765 0x95: 2048, #"CC2533",
766 0x8D: 2048, #"CC2540",
767 0xFF: 0 } #"CCmissing"};
768 def infostring(self):
769 return self.CCidentstr();
770 def CCidentstr(self):
771 ident=self.CCident();
772 chip=self.CCversions.get(ident&0xFF00);
773 pagesize=self.CCpagesizes.get(ident>0xFF);
775 return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
777 return "%04x" % ident;
779 """Get a chipcon's ID."""
780 self.writecmd(self.APP,0x8B,0,None);
781 chip=ord(self.data[0]);
782 rev=ord(self.data[1]);
783 return (chip<<8)+rev;
784 def CCpagesize(self):
785 """Get a chipcon's ID."""
786 self.writecmd(self.APP,0x8B,0,None);
787 chip=ord(self.data[0]);
788 size=self.CCpagesizes.get(chip);
790 print "ERROR: Pagesize undefined.";
791 print "chip=%0.4x" %chip;
796 return self.CCgetPC();
798 """Get a chipcon's PC."""
799 self.writecmd(self.APP,0x83,0,None);
800 hi=ord(self.data[0]);
801 lo=ord(self.data[1]);
803 def CCcmd(self,phrase):
804 self.writecmd(self.APP,0x00,len(phrase),phrase);
805 val=ord(self.data[0]);
806 print "Got %02x" % val;
808 def CCdebuginstr(self,instr):
809 self.writecmd(self.APP,0x88,len(instr),instr);
810 return ord(self.data[0]);
811 #def peekblock(self,adr,length,memory="vn"):
812 # """Return a block of data, broken"""
813 # data=[adr&0xff, (adr&0xff00)>>8,
814 # length&0xFF,(length&0xFF00)>>8];
815 # self.writecmd(self.APP,0x91,4,data);
816 # return [ord(x) for x in self.data]
817 def peek8(self,address, memory="code"):
818 if(memory=="code" or memory=="flash" or memory=="vn"):
819 return self.CCpeekcodebyte(address);
820 elif(memory=="data" or memory=="xdata" or memory=="ram"):
821 return self.CCpeekdatabyte(address);
822 elif(memory=="idata" or memory=="iram"):
823 return self.CCpeekirambyte(address);
824 print "%s is an unknown memory." % memory;
826 def CCpeekcodebyte(self,adr):
827 """Read the contents of code memory at an address."""
828 self.data=[adr&0xff, (adr&0xff00)>>8];
829 self.writecmd(self.APP,0x90,2,self.data);
830 return ord(self.data[0]);
831 def CCpeekdatabyte(self,adr):
832 """Read the contents of data memory at an address."""
833 self.data=[adr&0xff, (adr&0xff00)>>8];
834 self.writecmd(self.APP,0x91, 2, self.data);
835 return ord(self.data[0]);
836 def CCpeekirambyte(self,adr):
837 """Read the contents of IRAM at an address."""
838 self.data=[adr&0xff];
839 self.writecmd(self.APP,0x02, 1, self.data);
840 return ord(self.data[0]);
841 def CCpeekiramword(self,adr):
842 """Read the little-endian contents of IRAM at an address."""
843 return self.CCpeekirambyte(adr)+(
844 self.CCpeekirambyte(adr+1)<<8);
845 def CCpokeiramword(self,adr,val):
846 self.CCpokeirambyte(adr,val&0xff);
847 self.CCpokeirambyte(adr+1,(val>>8)&0xff);
848 def CCpokeirambyte(self,adr,val):
849 """Write the contents of IRAM at an address."""
850 self.data=[adr&0xff, val&0xff];
851 self.writecmd(self.APP,0x02, 2, self.data);
852 return ord(self.data[0]);
853 def pokebyte(self,adr,val,mem="xdata"):
854 self.CCpokedatabyte(adr,val);
855 def CCpokedatabyte(self,adr,val):
856 """Write a byte to data memory."""
857 self.data=[adr&0xff, (adr&0xff00)>>8, val];
858 self.writecmd(self.APP, 0x92, 3, self.data);
859 return ord(self.data[0]);
860 def CCchiperase(self):
861 """Erase all of the target's memory."""
862 self.writecmd(self.APP,0x80,0,None);
864 """Erase all of the target's memory."""
869 """Check the status."""
870 self.writecmd(self.APP,0x84,0,None);
871 return ord(self.data[0])
873 CCstatusbits={0x80 : "erase_busy",
877 0x08 : "halt_status",
882 CCconfigbits={0x20 : "soft_power_mode", #new for CC2530
885 0x02 : "timer_suspend",
886 0x01 : "sel_flash_info_page" #stricken from CC2530
890 """Check the status as a string."""
891 status=self.CCstatus();
896 str="%s %s" %(self.CCstatusbits[i],str);
900 """Start debugging."""
902 self.writecmd(self.APP,0x20,0,self.data);
903 ident=self.CCident();
904 if ident==0xFFFF or ident==0x0000:
905 self.writecmd(self.APP,0x20,0,self.data);
906 ident=self.CCident();
909 #print "Target identifies as %s." % ident;
910 #print "Status: %s." % self.status();
913 #Get SmartRF Studio regs if they exist.
917 """Stop debugging."""
918 self.writecmd(self.APP,0x21,0,self.data);
919 def CCstep_instr(self):
920 """Step one instruction."""
921 self.writecmd(self.APP,0x89,0,self.data);
922 def CCeraseflashbuffer(self):
923 """Erase the 2kB flash buffer"""
924 self.writecmd(self.APP,0x99);
925 def CCflashpage(self,adr):
926 """Flash 2kB a page of flash from 0xF000 in XDATA"""
931 print "Flashing buffer to 0x%06x" % adr;
932 self.writecmd(self.APP,0x95,4,data);
934 def setsecret(self,value):
935 """Set a secret word for later retreival. Used by glitcher."""
937 pagelen = self.CCpagesize(); #Varies by chip.
938 print "page=%04x, pagelen=%04x" % (page,pagelen);
940 self.CCeraseflashbuffer();
941 print "Setting secret to %x" % value;
942 self.CCpokedatabyte(0xF000,value);
943 self.CCpokedatabyte(0xF800,value);
944 print "Setting secret to %x==%x" % (value,
945 self.CCpeekdatabyte(0xf000));
947 print "code[0]=%x" % self.CCpeekcodebyte(0);
949 """Get a secret word. Used by glitcher."""
950 secret=self.CCpeekcodebyte(0);
951 #print "Got secret %02x" % secret;
954 #FIXME: This is CC1110-specific and duplicates functionality of
955 # SmartRF7 integration.
1073 def getSPR(self,args=[]):
1074 """Get special function registers."""
1075 print "Special Function Registers:"
1078 print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1080 for e in self.CCspecfuncregs.keys():
1081 print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1083 def dump(self,file,start=0,stop=0xffff):
1084 """Dump an intel hex file from code memory."""
1085 print "Dumping code from %04x to %04x as %s." % (start,stop,file);
1089 h[i]=self.CCpeekcodebyte(i);
1091 print "Dumped %04x."%i;
1092 h.write_hex_file(file); #buffer to disk.
1094 h.write_hex_file(file);
1096 def flash(self,file):
1097 """Flash an intel hex file to code memory."""
1098 print "Flashing %s" % file;
1102 pagelen = self.CCpagesize(); #Varies by chip.
1104 #print "page=%04x, pagelen=%04x" % (page,pagelen);
1108 #Wipe the RAM buffer for the next flash page.
1109 self.CCeraseflashbuffer();
1110 for i in h._buf.keys():
1111 while(i>=page+pagelen):
1113 self.CCflashpage(page);
1114 #client.CCeraseflashbuffer();
1116 print "Flashed page at %06x" % page
1119 #Place byte into buffer.
1120 self.CCpokedatabyte(0xF000+i-page,
1124 print "Buffering %04x toward %06x" % (i,page);
1126 self.CCflashpage(page);
1127 print "Flashed final page at %06x" % page;
projects / goodfet / blob