2 # GoodFET Chipcon Example
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFETCC import GoodFETCC;
12 from GoodFETConsole import GoodFETConsole;
13 from intelhex import IntelHex;
16 def printpacket(packet):
19 #print "Printing packet."
22 #if i>packet[0]+1: break;
23 s="%s %02x" % (s,foo);
26 def handlesimplicitipacket(packet):
32 #if i>packet[0]+1: break;
33 s="%s %02x" % (s,foo);
51 #payload begins at byte 10.
59 print "%02x: %i %i %i" % (seq,x,y,z);
61 #print "Join request.";
63 print "Not a join request. WTF?";
66 reply=[0x12, #reply is one byte shorter
67 src[0], src[1], src[2], src[3],
70 0x81, tid, #reply, tid
73 #4,3,2,1, #default join token
74 #8,7,6,5, #default link token
78 client.RF_txpacket(reply);
81 print "Security request.";
83 print "Frequency request.";
85 print "Management request.";
87 print "Unknown Port %02x" %port;
90 print "Usage: %s verb [objects]\n" % sys.argv[0];
91 print "%s erase" % sys.argv[0];
92 print "%s flash $foo.hex" % sys.argv[0];
93 print "%s test" % sys.argv[0];
94 print "%s term" % sys.argv[0];
95 print "%s info" % sys.argv[0];
96 print "%s halt" % sys.argv[0];
97 print "%s regs" % sys.argv[0];
98 print "%s dumpcode $foo.hex [0x$start 0x$stop]" % sys.argv[0];
99 print "%s dumpdata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
100 print "%s writedata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
101 print "%s verify $foo.hex [0x$start 0x$stop]" % sys.argv[0];
102 print "%s peekdata 0x$start [0x$stop]" % sys.argv[0];
103 print "%s pokedata 0x$adr 0x$val" % sys.argv[0];
104 print "%s peek 0x$iram" % sys.argv[0];
105 print "%s poke 0x$iram 0x$val" % sys.argv[0];
106 print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
108 print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0];
109 print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
110 print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
111 print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
115 #Initailize FET and set baud rate
116 #client=GoodFET.GoodFETCC.GoodFETCC();
126 if(sys.argv[1]=="carrier"):
128 client.RF_setfreq(eval(sys.argv[2]));
133 if(sys.argv[1]=="reflex"):
134 client.CC1110_crystal();
137 client.config_simpliciti();
141 client.RF_setfreq(eval(sys.argv[2]));
142 print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
143 print "Jamming if RSSI>=%i" % threshold;
145 client.pokebyte(0xFE00,threshold,"xdata"); #Write threshold to shellcode.
146 client.shellcodefile("reflex.ihx");
149 while(0==client.ishalted()):
151 rssi=client.peek8(0xFE00,"xdata");
152 print "Activated jamming with RSSI of %i, going again for another packet." % rssi;
153 #client.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
157 client.CC_RFST_CAL(); #SCAL
162 client.CC_RFST_RX(); #SRX
163 rssi=client.RF_getrssi();
164 client.CC_RFST_IDLE(); #idle
167 for foo in range(0,rssi>>2):
168 string=("%s."%string);
169 print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string);
173 #print "Triggered jamming for 1s.";
176 print "JAMMING JAMMING JAMMING JAMMING";
177 if(sys.argv[1]=="rssi"):
178 client.CC1110_crystal();
181 client.config_simpliciti();
184 client.RF_setfreq(eval(sys.argv[2]));
185 print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6);
189 client.CC_RFST_CAL();
194 rssi=client.RF_getrssi();
195 client.CC_RFST_IDLE(); #idle
198 for foo in range(0,rssi>>2):
199 string=("%s."%string);
200 print "%02x %04i %s" % (rssi,rssi, string);
202 if(sys.argv[1]=="sniffsimpliciti"):
203 #TODO remove all poke() calls.
208 client.CC1110_crystal();
211 client.config_simpliciti(region);
213 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
214 client.RF_getfreq()/10.0**6);
215 #Now we're ready to get packets.
219 packet=client.RF_rxpacket();
223 if(sys.argv[1]=="simpliciti"):
224 #TODO remove all poke() calls.
229 client.CC1110_crystal();
232 client.config_simpliciti(region);
234 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
235 client.RF_getfreq()/10.0**6);
236 #Now we're ready to get packets.
240 packet=client.RF_rxpacket();
241 handlesimplicitipacket(packet);
246 if(sys.argv[1]=="term"):
247 GoodFETConsole(client).run();
248 if(sys.argv[1]=="test"):
250 if(sys.argv[1]=="deadtest"):
251 for i in range(1,10):
252 print "IDENT as %s" % client.CCidentstr();
253 if(sys.argv[1]=="dumpcode"):
258 start=int(sys.argv[3],16);
260 stop=int(sys.argv[4],16);
262 print "Dumping code from %04x to %04x as %s." % (start,stop,f);
266 h[i]=client.CCpeekcodebyte(i);
268 print "Dumped %04x."%i;
271 if(sys.argv[1]=="dumpdata"):
276 start=int(sys.argv[3],16);
278 stop=int(sys.argv[4],16);
280 print "Dumping data from %04x to %04x as %s." % (start,stop,f);
284 h[i]=client.CCpeekdatabyte(i);
286 print "Dumped %04x."%i;
289 if(sys.argv[1]=="status"):
290 print "Status: %s" %client.status();
291 if(sys.argv[1]=="halt"):
294 if(sys.argv[1]=="info"):
295 print "Ident %s" % client.CCidentstr();
298 print "Freq %10.3f MHz" % (client.RF_getfreq()/10**6);
299 print "RSSI %02x" % client.RF_getrssi();
301 print "Freq, RSSI, etc unknown. Install SmartRF7.";
302 #print "Rate %10i kbps" % (client.RF_getrate()/1000);
303 #print "PacketLen %02i bytes" % client.RF_getpacketlen();
304 #print "SMAC 0x%010x" % client.RF_getsmac();
305 #print "TMAC 0x%010x" % client.RF_gettmac();
307 if(sys.argv[1]=="regs"):
310 if(sys.argv[1]=="erase"):
311 print "Status: %s" % client.status();
312 client.CCchiperase();
313 print "Status: %s" %client.status();
315 if(sys.argv[1]=="peekinfo"):
316 print "Select info flash."
317 client.CCwr_config(1);
318 print "Config is %02x" % client.CCrd_config();
322 start=int(sys.argv[2],16);
325 stop=int(sys.argv[3],16);
326 print "Peeking from %04x to %04x." % (start,stop);
328 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
330 if(sys.argv[1]=="poke"):
331 client.CCpokeirambyte(int(sys.argv[2],16),
332 int(sys.argv[3],16));
333 if(sys.argv[1]=="randtest"):
335 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
336 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
337 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
338 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
341 for foo in range(1,10):
342 print "%02x" % client.CCpeekirambyte(0xBD); #RNDH
343 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
344 client.CCreleasecpu();
346 print "%02x" % client.CCpeekdatabyte(0xDF61); #CHIP ID
347 if(sys.argv[1]=="adctest"):
348 # ADCTest 0xDF3A 0xDF3B
349 print "ADC TEST %02x%02x" % (
350 client.CCpeekdatabyte(0xDF3A),
351 client.CCpeekdatabyte(0xDF3B));
352 if(sys.argv[1]=="config"):
353 print "Config is %02x" % client.CCrd_config();
355 if(sys.argv[1]=="flash"):
360 start=int(sys.argv[3],16);
362 stop=int(sys.argv[4],16);
365 if(sys.argv[1]=="lock"):
366 print "Status: %s" %client.status();
368 print "Status: %s" %client.status();
369 if(sys.argv[1]=="flashpage"):
372 target=int(sys.argv[2],16);
373 print "Writing a page of flash from 0xF000 in XDATA"
374 client.CCflashpage(target);
375 if(sys.argv[1]=="erasebuffer"):
376 print "Erasing flash buffer.";
377 client.CCeraseflashbuffer();
379 if(sys.argv[1]=="writedata"):
384 start=int(sys.argv[3],16);
386 stop=int(sys.argv[4],16);
390 for i in h._buf.keys():
391 if(i>=start and i<=stop):
392 client.CCpokedatabyte(i,h[i]);
395 #if(sys.argv[1]=="flashtest"):
396 # client.CCflashtest();
397 if(sys.argv[1]=="peekdata"):
400 start=int(sys.argv[2],16);
403 stop=int(sys.argv[3],16);
404 print "Peeking from %04x to %04x." % (start,stop);
406 print "%04x: %02x" % (start,client.CCpeekdatabyte(start));
408 if(sys.argv[1]=="peek"):
411 start=int(sys.argv[2],16);
414 stop=int(sys.argv[3],16);
415 print "Peeking from %04x to %04x." % (start,stop);
417 print "%04x: %02x" % (start,client.CCpeekirambyte(start));
419 if(sys.argv[1]=="verify"):
424 start=int(sys.argv[3],16);
426 stop=int(sys.argv[4],16);
429 for i in h._buf.keys():
430 if(i>=start and i<stop):
431 peek=client.CCpeekcodebyte(i)
433 print "ERROR at %04x, found %02x not %02x"%(i,peek,h[i]);
436 if(sys.argv[1]=="peekcode"):
439 start=int(sys.argv[2],16);
442 stop=int(sys.argv[3],16);
443 print "Peeking from %04x to %04x." % (start,stop);
445 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
447 if(sys.argv[1]=="pokedata"):
451 start=int(sys.argv[2],16);
453 val=int(sys.argv[3],16);
454 print "Poking %04x to become %02x." % (start,val);
455 client.CCpokedatabyte(start,val);