3 #GoodFET Chipcon SPI Client
4 # (C) 2011 Travis Goodspeed
7 #Might be CC2420 Specific
13 from GoodFETCCSPI import GoodFETCCSPI;
16 print "Usage: %s verb [objects]\n" % sys.argv[0];
17 print "%s info" % sys.argv[0];
18 print "%s regs" % sys.argv[0];
19 print "%s test" % sys.argv[0];
20 print "%s peek 0x$start [0x$stop]" % sys.argv[0];
21 print "%s poke 0x$adr 0x$val" % sys.argv[0];
22 print "%s txtest" % sys.argv[0];
24 print "\n%s rssi" % sys.argv[0];
25 print "%s sniff [chan]" % sys.argv[0];
26 print "%s bsniff [chan]" % sys.argv[0];
27 print "%s sniffdissect" % sys.argv[0];
29 print "\n%s txtoscount [-i|-r] TinyOS BlinkToLED" % sys.argv[0];
30 print "%s reflexjam" % sys.argv[0];
34 #Initialize FET and set baud rate
35 client=GoodFETCCSPI();
41 #Might read as all ones if chip has a startup delay.
43 if(sys.argv[1]=="carrier"):
45 client.RF_setfreq(eval(sys.argv[2]));
51 if(sys.argv[1]=="modulated_spectrum"):
53 client.RF_setfreq(eval(sys.argv[2]));
55 client.RF_modulated_spectrum();
59 if(sys.argv[1]=="reflexjam"):
60 client.RF_promiscuity(1);
63 freq=eval(sys.argv[2]);
65 client.RF_setfreq(freq);
67 client.RF_setchan(freq);
69 print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
70 client.RF_getfreq()/10**6);
71 client.RF_reflexjam();
73 if(sys.argv[1]=="info"):
74 print "Found %s" % client.identstr();
75 print "Freq: %05f MHz" % (client.RF_getfreq()/(10**6));
76 print "Status: %s" % client.status();
77 if(sys.argv[1]=="regs"):
78 for adr in range(0x10,0x40): #*1024):
80 print "%04x:=0x%04x" % (adr,val);
81 if(sys.argv[1]=="test"):
82 data=client.trans([0x20, 0xde, 0xad]);
83 print "%02x %02x" % (ord(data[1]), ord(data[2]));
84 data=client.trans([0x40|0x20, 0xde, 0xad]);
85 print "%02x %02x" % (ord(data[1]), ord(data[2]));
86 if(sys.argv[1]=="rssi"):
88 freq=eval(sys.argv[2]);
90 client.RF_setfreq(freq);
92 client.RF_setchan(freq);
93 print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6);
95 client.strobe(0x02); #Calibrate
100 #client.strobe(0x03); #SRXON
101 rssi=client.RF_getrssi();
102 #client.CC_RFST_IDLE(); #idle
105 for foo in range(0,rssi>>2):
106 string=("%s."%string);
107 print "%02x %04i %s" % (rssi,rssi, string);
108 if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect"):
110 client.RF_promiscuity(1);
111 client.RF_autocrc(0);
114 freq=eval(sys.argv[2]);
116 client.RF_setfreq(freq);
118 client.RF_setchan(freq);
120 print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
121 client.RF_getfreq()/10**6);
122 #Now we're ready to get packets.
126 packet=client.RF_rxpacket();
127 if sys.argv[1]=="sniffdissect":
128 client.printdissect(packet);
130 client.printpacket(packet);
132 if(sys.argv[1]=="bsniff"):
134 client.RF_promiscuity(0);
135 client.RF_setsmac(0xFFFFFFFF);
136 client.RF_autocrc(1);
139 freq=eval(sys.argv[2]);
141 client.RF_setfreq(freq);
143 client.RF_setchan(freq);
145 print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
146 client.RF_getfreq()/10**6);
147 #Now we're ready to get packets.
151 packet=client.RF_rxpacket();
152 client.printpacket(packet);
155 if(sys.argv[1]=="txtest"):
157 freq=eval(sys.argv[2]);
159 client.RF_setfreq(freq);
161 client.RF_setchan(freq);
162 print "Transmitting DEADBEEF as %010x on %i MHz" % (
164 client.RF_getfreq()/10**6);
167 client.RF_txpacket([0x0f, 0x01, 0x08, 0x82,
168 0xff, 0xff, 0xff, 0xff,
169 0xde, 0xad, 0xbe, 0xef,
171 if(sys.argv[1]=="txtoscount"):
173 Clone of what TinyOS's RadioCountToLeds demo code does. Specify a
174 channel a TinyOS mote programmed with RadioCountToLeds is on, and
175 this will act as the second device.
177 if (len(sys.argv)<=3):
178 print "Provide -r to work via replays or -i to work via incrementing itself.";
180 if (sys.argv[3]=="-r"):
181 client.RF_promiscuity(1);
182 client.RF_autocrc(1);
184 freq=eval(sys.argv[2]);
186 client.RF_setfreq(freq);
188 client.RF_setchan(freq);
189 if (sys.argv[3]=="-r"):
191 print "Listening as %010x on %i MHz" % (client.RF_getsmac(), client.RF_getfreq()/10**6);
192 print "Transmitting like the TinyOS CountToRadio program on %i MHz" % (client.RF_getfreq()/10**6);
193 if (sys.argv[3]=="-i"):
195 countpkt = [0x0f, 0x41, 0x88, 0xFF, 0x22, 0x00, 0xff, 0xff, 0x01, 0x00, 0x3f, 0x06, 0x00, 0xFF];
197 if (sys.argv[3]=="-r"): #give -r to do via replays from the other device
200 packet=client.RF_rxpacket();
202 client.RF_txpacket(pkt);
203 elif (sys.argv[3]=="-i"): #give -i to have it increment and send
204 #Use this code for it to actually do increments itself:
208 client.RF_txpacket(pkt);
213 if(sys.argv[1]=="txpiptest" or sys.argv[1]=="txpipscapy"):
215 freq=eval(sys.argv[2]);
217 client.RF_setfreq(freq);
219 client.RF_setchan(freq);
220 print "Transmitting on as %010x on %i MHz" % (
222 client.RF_getfreq()/10**6);
224 client.RF_setsync(0xFFFF);
227 if(sys.argv[1]=="txpiptest"):
230 #Real header, must begin with SFD.
235 0x1f, 0x01, 0x08, 0x82,
236 0xDF, 0xff, 0xff, 0xff,
237 0xde, 0xad, 0xbe, 0xef,
243 0x00, 0xA7, #CC2420 SFD
245 0x0f, 0x01, 0x08, 0x82,
246 0xff, 0xff, 0xff, 0xff,
247 0xde, 0xad, 0xbe, 0xef,
250 0xff, 0xff, 0xff, 0xff,
251 0xff, 0xff, 0xff, 0xff,
252 0xff, 0xff, 0xff, 0xff,
253 0xff, 0xff, 0xff, 0xff,
254 0xff, 0xff, 0xff, 0xff,
255 0xff, 0xff, 0xff, 0xff,
256 0xff, 0xff, 0xff, 0xff,
258 elif(sys.argv[1]=="txpipscapy"):
260 from scapy.all import Dot15d4, Dot15d4FCS, Dot15d4Data, Raw
263 print "To use packet building, Scapy must be installed and have the dot15d4 extension present."
264 print "try: hg clone http://hg.secdev.org/scapy-com";
265 print " sudo ./setup.py install";
266 #Overall method is to build from the inner packet outwards in the pkt string
268 scapyinner = Dot15d4FCS(seqnum=130)/Dot15d4Data()/Raw('\xde\xad\xbe\xef');
269 #pkt = str(scapyinner)[:-2] + '\xba\xbe\xc0';
270 pkt = str(scapyinner); #build inner pkt to bytes, adding FCS automatically
272 pkt = struct.pack('b', len(pkt)) + pkt #prepend with its length
273 pkt = "\x00\x00\x00\x00\xA7" + pkt #add preamble and SFD to inner packet
274 # Make outer (wrapping) packet
275 scapyouter = Dot15d4(seqnum=130)/Dot15d4Data(dest_panid=0xffdf)/Raw('\xde\xad\xbe\xef\xba\xbe\xc0') #TODO why need these last 3 bytes?
276 pkt = str(scapyouter) + pkt
277 pkt = struct.pack('b', len(pkt)) + pkt #prepend with its length
278 pkt = '\x00\x00\x00\x00\xA7' + pkt + ('\xff'*28) #start with preamble/SFD and add 0xff fill at end
279 pkt = struct.pack('b', len(pkt)) + pkt #prepend with its length (originally used \x7f)
280 client.printpacket(pkt)
281 client.RF_autocrc(1);
282 client.RF_txpacket(pkt)
285 if(sys.argv[1]=="peek"):
288 start=int(sys.argv[2],16);
291 stop=int(sys.argv[3],16);
292 print "Peeking from %04x to %04x." % (start,stop);
294 print "%04x: 0x%04x" % (start,client.peek(start));
296 if(sys.argv[1]=="poke"):
300 start=int(sys.argv[2],16);
302 val=int(sys.argv[3],16);
303 print "Poking r%02x to become 0x%04x." % (start,val);
305 client.poke(start,val);