2 # GoodFET Chipcon Example
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFETCC import GoodFETCC;
12 from GoodFETConsole import GoodFETConsole;
13 from intelhex import IntelHex;
16 def printpacket(packet):
21 s="%s %02x" % (s,foo);
25 def handlesimplicitipacket(packet):
28 global simplepacketcount;
29 simplepacketcount=simplepacketcount+1;
45 #payload begins at byte 10.
47 if packet[len+2]&0x80==0:
48 print "# Dropped broken packet.";
54 if x>=128: x=0-(x^0xFF)-1;
56 if y>=128: y=0-(y^0xFF)-1;
58 if z>=128: z=0-(z^0xFF)-1;
60 print "%09i %03i %4i %4i %4i" % (simplepacketcount,button,x,y,z);
63 #Link request. Gotta send a proper reply to get data.
65 #14 ff ff ff ff 3c b7 e3 98
70 src[0], src[1], src[2], src[3],
71 0x78,0x56,0x34,0x10, #my address.
73 0x81, tid, #reply, tid
75 0x20,0x00,0xad,0xde, #link token
78 print "#FIXME FAST: repeatedly broadcasting ACK to catch LINK on the next attempt.";
79 for foo in range(1,50):
80 client.RF_txpacket(reply);
84 #print "Join request.";
87 print "Not a join request. WTF?";
90 reply=[0x12, #reply is one byte shorter
91 src[0], src[1], src[2], src[3],
92 0x78,0x56,0x34,0x10, #my address.
94 0x81, tid, #reply, tid
96 0xef,0xbe,0xad,0xde, #Join token
99 print "#FIXME FAST: repeatedly broadcasting ACK to catch JOIN on the next attempt.";
101 for foo in range(1,20):
102 client.RF_txpacket(reply);
103 print "#Should be connected now.";
106 print "Security request.";
108 print "Frequency request.";
110 print "Management request.";
112 print "Unknown Port %02x" %port;
114 if(len(sys.argv)==1):
115 print "Usage: %s verb [objects]\n" % sys.argv[0];
116 print "%s erase" % sys.argv[0];
117 print "%s flash $foo.hex" % sys.argv[0];
118 print "%s test" % sys.argv[0];
119 print "%s term" % sys.argv[0];
120 print " use \'?\' for list of commands";
121 print "%s info" % sys.argv[0];
122 print "%s infotest" % sys.argv[0];
123 print "%s radioinfo [help] [REGISTER_NAME]" % sys.argv[0];
124 print "%s specfuncreg [SPECIAL_REGISTER_NAME]" % sys.argv[0];
125 print "%s halt" % sys.argv[0];
126 print "%s regs" % sys.argv[0];
127 print "%s dumpcode $foo.hex [0x$start 0x$stop]" % sys.argv[0];
128 print "%s dumpdata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
129 print "%s writedata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
130 print "%s verify $foo.hex [0x$start 0x$stop]" % sys.argv[0];
131 print "%s peekdata 0x$start [0x$stop]" % sys.argv[0];
132 print "%s pokedata 0x$adr 0x$val" % sys.argv[0];
133 print "%s peek 0x$iram" % sys.argv[0];
134 print "%s poke 0x$iram 0x$val" % sys.argv[0];
135 print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
137 print "%s specan [freq]\n\tSpectrum Analyzer" % sys.argv[0];
138 print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0];
139 print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
140 print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
141 print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
142 print "%s sniffdash7 [lf]\n\tSniffs Dash7. (untested)" % sys.argv[0];
143 print "%s snifficlicker [us]\n\tSniffs iClicker." % sys.argv[0];
145 print "%s simpliciti [us|eu|lf]\n\tSimpliciti access point for Chronos watch." % sys.argv[0];
146 print "%s iclicker [us|eu|lf]\n\tSniffs iClicker packets as ASCII." % sys.argv[0];
150 #Initailize FET and set baud rate
151 #client=GoodFET.GoodFETCC.GoodFETCC();
160 #client.pokebyte(0xc7,0x08);
162 if(sys.argv[1]=="carrier"):
164 client.RF_setfreq(eval(sys.argv[2]));
169 if(sys.argv[1]=="reflex"):
170 client.CC1110_crystal();
173 client.config_simpliciti();
177 client.RF_setfreq(eval(sys.argv[2]));
178 print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
179 print "Jamming if RSSI>=%i" % threshold;
181 client.pokebyte(0xFE00,threshold,"xdata"); #Write threshold to shellcode.
182 client.shellcodefile("reflex.ihx");
185 while(0==client.ishalted()):
187 rssi=client.peek8(0xFE00,"xdata");
188 print "Activated jamming with RSSI of %i, going again for another packet." % rssi;
192 if(sys.argv[1]=="rssi"):
193 client.CC1110_crystal();
196 client.config_simpliciti();
199 client.RF_setfreq(eval(sys.argv[2]));
200 print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6);
204 client.CC_RFST_CAL();
209 rssi=client.RF_getrssi();
210 client.CC_RFST_IDLE(); #idle
213 for foo in range(0,rssi>>2):
214 string=("%s."%string);
215 print "%02x %04i %s" % (rssi,rssi, string);
216 if(sys.argv[1]=="specan"):
217 print "This doesn't work yet."
219 client.CC1110_crystal();
222 client.config_simpliciti();
225 client.RF_setfreq(eval(sys.argv[2]));
226 #print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6);
229 client.shellcodefile("specan.ihx",wait=0);
230 #client.shellcodefile("crystal.ihx",wait=1);
236 print "time freq rssi";
245 for entry in range(0,maxchan):
246 adr=bytestart+entry*8;
247 freq=((client.CCpeekdatabyte(adr+0)<<16)+
248 (client.CCpeekdatabyte(adr+1)<<8)+
249 (client.CCpeekdatabyte(adr+2)<<0));
250 hz=freq*396.728515625;
252 rssi=client.CCpeekdatabyte(adr+6);
253 print "%03i %3.3f %03i" % (round,mhz,rssi);
256 client.CCreleasecpu();
259 if(sys.argv[1]=="sniff"):
260 client.CC1110_crystal();
263 #client.config_simpliciti(region);
265 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
266 client.RF_getfreq()/10.0**6);
267 #Now we're ready to get packets.
271 packet=client.RF_rxpacket();
275 if(sys.argv[1]=="sniffsimpliciti"):
280 client.CC1110_crystal();
283 client.config_simpliciti(region);
285 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
286 client.RF_getfreq()/10.0**6);
287 #Now we're ready to get packets.
291 packet=client.RF_rxpacket();
294 if(sys.argv[1]=="sniffook"):
299 client.CC1110_crystal();
302 client.config_ook(region);
304 print "Listening for OOK on %f MHz" % (client.RF_getfreq()/10.0**6);
305 #Now we're ready to get packets.
309 packet=client.RF_rxpacket();
312 if(sys.argv[1]=="sniffdash7"):
317 client.CC1110_crystal();
320 client.config_dash7(region);
322 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
323 client.RF_getfreq()/10.0**6);
324 #Now we're ready to get packets.
328 packet=client.RF_rxpacket();
331 if(sys.argv[1]=="snifficlicker"):
336 client.CC1110_crystal();
339 client.config_iclicker(region);
341 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
342 client.RF_getfreq()/10.0**6);
343 #Now we're ready to get packets.
347 packet=client.RF_rxpacket();
350 if(sys.argv[1]=="iclicker"):
351 buttons=[0, 'A', 'j', 3, 4, 'B',
352 6, 7, 8, 9, 'E', 0xB, 0xC,
358 client.CC1110_crystal();
361 client.config_iclicker(region);
363 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
364 client.RF_getfreq()/10.0**6);
365 #Now we're ready to get packets.
369 packet=client.RF_rxpacket();
371 button=((packet[5]&1)<<3) | (packet[6]>>5);
372 print "Button %c" % buttons[button];
375 if(sys.argv[1]=="simpliciti"):
380 client.CC1110_crystal();
383 client.config_simpliciti(region);
385 print "# Listening as %x on %f MHz" % (client.RF_getsmac(),
386 client.RF_getfreq()/10.0**6);
387 #Now we're ready to get packets.
391 packet=client.RF_rxpacket();
392 handlesimplicitipacket(packet);
397 if(sys.argv[1]=="term"):
398 GoodFETConsole(client).run();
399 if(sys.argv[1]=="test"):
401 if(sys.argv[1]=="deadtest"):
402 for i in range(1,10):
403 print "IDENT as %s" % client.CCidentstr();
404 if(sys.argv[1]=="dumpcode"):
409 start=int(sys.argv[3],16);
411 stop=int(sys.argv[4],16);
413 print "Dumping code from %04x to %04x as %s." % (start,stop,f);
417 h[i]=client.CCpeekcodebyte(i);
419 print "Dumped %04x."%i;
422 if(sys.argv[1]=="dumpdata"):
427 start=int(sys.argv[3],16);
429 stop=int(sys.argv[4],16);
431 print "Dumping data from %04x to %04x as %s." % (start,stop,f);
435 h[i]=client.CCpeekdatabyte(i);
437 print "Dumped %04x."%i;
440 if(sys.argv[1]=="status"):
441 print "Status: %s" %client.status();
442 if(sys.argv[1]=="halt"):
446 if(sys.argv[1]=="infotest"):
449 print "Ident %s" % client.CCidentstr();
450 if(sys.argv[1]=="info"):
451 print "Ident %s" % client.CCidentstr();
454 print "Freq %10.3f MHz" % (client.RF_getfreq()/10**6);
455 print "RSSI %02x" % client.RF_getrssi();
457 print "Freq, RSSI, etc unknown. Install SmartRF7.";
458 #print "Rate %10i kbps" % (client.RF_getrate()/1000);
459 #print "PacketLen %02i bytes" % client.RF_getpacketlen();
460 #print "SMAC 0x%010x" % client.RF_getsmac();
461 #print "TMAC 0x%010x" % client.RF_gettmac();
463 if(sys.argv[1]=="radioinfo"):
464 if (len(sys.argv) - 2) > 0:
465 client.CMDrs(sys.argv[2:]);
469 if(sys.argv[1]=="regs"):
472 if(sys.argv[1]=="erase"):
473 print "Status: %s" % client.status();
474 client.CCchiperase();
475 print "Status: %s" %client.status();
477 if(sys.argv[1]=="peekinfo"):
478 print "Select info flash."
479 client.CCwr_config(1);
480 print "Config is %02x" % client.CCrd_config();
484 start=int(sys.argv[2],16);
487 stop=int(sys.argv[3],16);
488 print "Peeking from %04x to %04x." % (start,stop);
490 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
492 if(sys.argv[1]=="poke"):
493 client.CCpokeirambyte(int(sys.argv[2],16),
494 int(sys.argv[3],16));
495 if(sys.argv[1]=="randtest"):
497 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
498 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
499 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
500 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
503 for foo in range(1,10):
504 print "%02x" % client.CCpeekirambyte(0xBD); #RNDH
505 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
506 client.CCreleasecpu();
508 print "%02x" % client.CCpeekdatabyte(0xDF61); #CHIP ID
509 if(sys.argv[1]=="adctest"):
510 # ADCTest 0xDF3A 0xDF3B
511 print "ADC TEST %02x%02x" % (
512 client.CCpeekdatabyte(0xDF3A),
513 client.CCpeekdatabyte(0xDF3B));
514 if(sys.argv[1]=="config"):
515 print "Config is %02x" % client.CCrd_config();
517 if(sys.argv[1]=="specfuncreg" or sys.argv[1]=="sfr"):
518 if len(sys.argv) > 2:
519 client.getSPR(sys.argv[2:]);
523 if(sys.argv[1]=="flash"):
528 start=int(sys.argv[3],16);
530 stop=int(sys.argv[4],16);
533 if(sys.argv[1]=="lock"):
534 print "Status: %s" %client.status();
536 print "Status: %s" %client.status();
537 if(sys.argv[1]=="flashpage"):
540 target=int(sys.argv[2],16);
541 print "Writing a page of flash from 0xF000 in XDATA"
542 client.CCflashpage(target);
543 if(sys.argv[1]=="erasebuffer"):
544 print "Erasing flash buffer.";
545 client.CCeraseflashbuffer();
547 if(sys.argv[1]=="writedata"):
552 start=int(sys.argv[3],16);
554 stop=int(sys.argv[4],16);
558 for i in h._buf.keys():
559 if(i>=start and i<=stop):
560 client.CCpokedatabyte(i,h[i]);
563 #if(sys.argv[1]=="flashtest"):
564 # client.CCflashtest();
565 if(sys.argv[1]=="peekdata"):
568 start=int(sys.argv[2],16);
571 stop=int(sys.argv[3],16);
572 print "Peeking from %04x to %04x." % (start,stop);
574 print "%04x: %02x" % (start,client.CCpeekdatabyte(start));
576 if(sys.argv[1]=="peek"):
579 start=int(sys.argv[2],16);
582 stop=int(sys.argv[3],16);
583 print "Peeking from %04x to %04x." % (start,stop);
585 print "%04x: %02x" % (start,client.CCpeekirambyte(start));
587 if(sys.argv[1]=="verify"):
592 start=int(sys.argv[3],16);
594 stop=int(sys.argv[4],16);
597 for i in h._buf.keys():
598 if(i>=start and i<stop):
599 peek=client.CCpeekcodebyte(i)
601 print "ERROR at %04x, found %02x not %02x"%(i,peek,h[i]);
604 if(sys.argv[1]=="peekcode"):
607 start=int(sys.argv[2],16);
610 stop=int(sys.argv[3],16);
611 print "Peeking from %04x to %04x." % (start,stop);
613 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
615 if(sys.argv[1]=="pokedata"):
619 start=int(sys.argv[2],16);
621 val=int(sys.argv[3],16);
622 print "Poking %04x to become %02x." % (start,val);
623 client.CCpokedatabyte(start,val);