2 # GoodFET Chipcon Example
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFETCC import GoodFETCC;
12 from GoodFETConsole import GoodFETConsole;
13 from intelhex import IntelHex;
16 def printpacket(packet):
19 #print "Printing packet."
22 #if i>packet[0]+1: break;
23 s="%s %02x" % (s,foo);
27 print "Usage: %s verb [objects]\n" % sys.argv[0];
28 print "%s erase" % sys.argv[0];
29 print "%s flash $foo.hex" % sys.argv[0];
30 print "%s test" % sys.argv[0];
31 print "%s term" % sys.argv[0];
32 print "%s info" % sys.argv[0];
33 print "%s halt" % sys.argv[0];
34 print "%s regs" % sys.argv[0];
35 print "%s dumpcode $foo.hex [0x$start 0x$stop]" % sys.argv[0];
36 print "%s dumpdata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
37 print "%s writedata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
38 print "%s verify $foo.hex [0x$start 0x$stop]" % sys.argv[0];
39 print "%s peekdata 0x$start [0x$stop]" % sys.argv[0];
40 print "%s pokedata 0x$adr 0x$val" % sys.argv[0];
41 print "%s peek 0x$iram" % sys.argv[0];
42 print "%s poke 0x$iram 0x$val" % sys.argv[0];
43 print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
45 print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0];
46 print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
47 print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
48 print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
52 #Initailize FET and set baud rate
53 #client=GoodFET.GoodFETCC.GoodFETCC();
63 if(sys.argv[1]=="carrier"):
65 client.RF_setfreq(eval(sys.argv[2]));
68 #print "\nHolding a carrier wave.";
72 if(sys.argv[1]=="reflex"):
73 client.CC1110_crystal();
76 client.config_simpliciti();
77 client.pokebysym("MDMCFG4", 0x0c); #ultrawide
78 client.pokebysym("FSCTRL1", 0x12); #IF of 457.031
79 client.pokebysym("FSCTRL0", 0x00);
80 client.pokebysym("FSCAL2" , 0x2A); #above mid
81 client.pokebysym("MCSM0" , 0x00); # Main Radio Control State Machine
83 client.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
84 client.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
85 client.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
86 client.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
88 client.pokebysym("TEST2" , 0x88) # Various test settings.
89 client.pokebysym("TEST1" , 0x35) # Various test settings.
90 client.pokebysym("TEST0" , 0x09) # Various test settings.
94 client.RF_setfreq(eval(sys.argv[2]));
95 print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
96 print "Jamming if RSSI>=%i" % threshold;
100 client.CC_RFST_CAL(); #SCAL
106 client.CC_RFST_RX(); #SRX
107 rssi=client.RF_getrssi();
108 client.CC_RFST_IDLE(); #idle
111 for foo in range(0,rssi>>2):
112 string=("%s."%string);
113 print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string);
117 #print "Triggered jamming for 1s.";
120 print "JAMMING JAMMING JAMMING JAMMING";
121 if(sys.argv[1]=="rssi"):
122 client.CC1110_crystal();
125 client.config_simpliciti();
129 client.RF_setfreq(eval(sys.argv[2]));
130 print "Listening on %3.6f MHz." % (client.RF_getfreq()/10.0**6);
134 client.CC_RFST_CAL();
139 rssi=client.RF_getrssi();
140 client.CC_RFST_IDLE(); #idle
143 for foo in range(0,rssi>>2):
144 string=("%s."%string);
145 print "%02x %04i %s" % (rssi,rssi, string);
147 if(sys.argv[1]=="sniffsimpliciti"):
148 #TODO remove all poke() calls.
153 client.CC1110_crystal();
156 client.config_simpliciti(region);
158 #For BSL sniffing, different frequencies.
159 #client.pokebysym("FREQ2",0x25);
160 #client.pokebysym("FREQ1",0x95);
161 #client.pokebysym("FREQ0",0x55);
164 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
165 client.RF_getfreq()/10.0**6);
166 #Now we're ready to get packets.
171 packet=client.RF_rxpacket();
177 if(sys.argv[1]=="term"):
178 GoodFETConsole(client).run();
179 if(sys.argv[1]=="test"):
181 if(sys.argv[1]=="deadtest"):
182 for i in range(1,10):
183 print "IDENT as %s" % client.CCidentstr();
184 if(sys.argv[1]=="dumpcode"):
189 start=int(sys.argv[3],16);
191 stop=int(sys.argv[4],16);
193 print "Dumping code from %04x to %04x as %s." % (start,stop,f);
197 h[i]=client.CCpeekcodebyte(i);
199 print "Dumped %04x."%i;
202 if(sys.argv[1]=="dumpdata"):
207 start=int(sys.argv[3],16);
209 stop=int(sys.argv[4],16);
211 print "Dumping data from %04x to %04x as %s." % (start,stop,f);
215 h[i]=client.CCpeekdatabyte(i);
217 print "Dumped %04x."%i;
220 if(sys.argv[1]=="status"):
221 print "Status: %s" %client.status();
222 if(sys.argv[1]=="halt"):
225 if(sys.argv[1]=="info"):
226 print "Ident %s" % client.CCidentstr();
229 print "Freq %10.3f MHz" % (client.RF_getfreq()/10**6);
230 print "RSSI %02x" % client.RF_getrssi();
232 print "Freq, RSSI, etc unknown. Install SmartRF7.";
233 #print "Rate %10i kbps" % (client.RF_getrate()/1000);
234 #print "PacketLen %02i bytes" % client.RF_getpacketlen();
235 #print "SMAC 0x%010x" % client.RF_getsmac();
236 #print "TMAC 0x%010x" % client.RF_gettmac();
238 if(sys.argv[1]=="regs"):
241 if(sys.argv[1]=="erase"):
242 print "Status: %s" % client.status();
243 client.CCchiperase();
244 print "Status: %s" %client.status();
246 if(sys.argv[1]=="peekinfo"):
247 print "Select info flash."
248 client.CCwr_config(1);
249 print "Config is %02x" % client.CCrd_config();
253 start=int(sys.argv[2],16);
256 stop=int(sys.argv[3],16);
257 print "Peeking from %04x to %04x." % (start,stop);
259 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
261 if(sys.argv[1]=="poke"):
262 client.CCpokeirambyte(int(sys.argv[2],16),
263 int(sys.argv[3],16));
264 if(sys.argv[1]=="randtest"):
266 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
267 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
268 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
269 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
272 for foo in range(1,10):
273 print "%02x" % client.CCpeekirambyte(0xBD); #RNDH
274 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
275 client.CCreleasecpu();
277 print "%02x" % client.CCpeekdatabyte(0xDF61); #CHIP ID
278 if(sys.argv[1]=="adctest"):
279 # ADCTest 0xDF3A 0xDF3B
280 print "ADC TEST %02x%02x" % (
281 client.CCpeekdatabyte(0xDF3A),
282 client.CCpeekdatabyte(0xDF3B));
283 if(sys.argv[1]=="config"):
284 print "Config is %02x" % client.CCrd_config();
286 if(sys.argv[1]=="flash"):
291 start=int(sys.argv[3],16);
293 stop=int(sys.argv[4],16);
296 if(sys.argv[1]=="lock"):
297 print "Status: %s" %client.status();
299 print "Status: %s" %client.status();
300 if(sys.argv[1]=="flashpage"):
303 target=int(sys.argv[2],16);
304 print "Writing a page of flash from 0xF000 in XDATA"
305 client.CCflashpage(target);
306 if(sys.argv[1]=="erasebuffer"):
307 print "Erasing flash buffer.";
308 client.CCeraseflashbuffer();
310 if(sys.argv[1]=="writedata"):
315 start=int(sys.argv[3],16);
317 stop=int(sys.argv[4],16);
321 for i in h._buf.keys():
322 if(i>=start and i<=stop):
323 client.CCpokedatabyte(i,h[i]);
326 #if(sys.argv[1]=="flashtest"):
327 # client.CCflashtest();
328 if(sys.argv[1]=="peekdata"):
331 start=int(sys.argv[2],16);
334 stop=int(sys.argv[3],16);
335 print "Peeking from %04x to %04x." % (start,stop);
337 print "%04x: %02x" % (start,client.CCpeekdatabyte(start));
339 if(sys.argv[1]=="peek"):
342 start=int(sys.argv[2],16);
345 stop=int(sys.argv[3],16);
346 print "Peeking from %04x to %04x." % (start,stop);
348 print "%04x: %02x" % (start,client.CCpeekirambyte(start));
350 if(sys.argv[1]=="verify"):
355 start=int(sys.argv[3],16);
357 stop=int(sys.argv[4],16);
360 for i in h._buf.keys():
361 if(i>=start and i<stop):
362 peek=client.CCpeekcodebyte(i)
364 print "ERROR at %04x, found %02x not %02x"%(i,peek,h[i]);
367 if(sys.argv[1]=="peekcode"):
370 start=int(sys.argv[2],16);
373 stop=int(sys.argv[3],16);
374 print "Peeking from %04x to %04x." % (start,stop);
376 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
378 if(sys.argv[1]=="pokedata"):
382 start=int(sys.argv[2],16);
384 val=int(sys.argv[3],16);
385 print "Poking %04x to become %02x." % (start,val);
386 client.CCpokedatabyte(start,val);