X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;ds=sidebyside;f=client%2Fgoodfet.ccspi;h=6654e279e2bc3094667dbc7a034aca695578977c;hb=321a7a6d808dbfaecadfe9b2201ee4ee949d1cc1;hp=b40d123c5e1c14304930b0483740c975d4190850;hpb=3ce193dd33e5e9e4c16989d85b8fb15715b139de;p=goodfet diff --git a/client/goodfet.ccspi b/client/goodfet.ccspi index b40d123..6654e27 100755 --- a/client/goodfet.ccspi +++ b/client/goodfet.ccspi @@ -29,6 +29,7 @@ if(len(sys.argv)==1): print "\n%s surf" % sys.argv[0]; print "%s sniff [chan]" % sys.argv[0]; print "%s bsniff [chan]" % sys.argv[0]; + print "%s sniffcrypt 0x$key [chan]" % sys.argv[0]; print "%s sniffdissect" % sys.argv[0]; print "\n%s txtoscount [-i|-r] TinyOS BlinkToLED" % sys.argv[0]; @@ -238,6 +239,39 @@ if(sys.argv[1]=="bsniff"): client.printpacket(packet); sys.stdout.flush(); +if(sys.argv[1]=="sniffcrypt"): + print "Zigbee crypto is pretty damned complicated, and this doesn't work yet."; + #Just broadcast. + client.RF_promiscuity(1); + client.RF_setsmac(0xFFFFFFFF); + client.RF_autocrc(1); + #client.poke(0x19, 0x03C7); #SECCTRL0, enabling CCM crypto w/ KEY0 + client.poke(0x19, 0x03C6); #SECCTRL0, enabling CTRL crypto w/ KEY0 + + #What follows is the nonce. + client.poke(0x20, 0x000a); #SECCTRL1, skipping 10 bytes of header + + if len(sys.argv)>2: + key=int(sys.argv[2],16); + print "Setting KEY0 to %x" % key; + client.RF_setkey(key); + if len(sys.argv)>3: + freq=eval(sys.argv[3]); + if freq>100: + client.RF_setfreq(freq); + else: + client.RF_setchan(freq); + client.CC_RFST_RX(); + print "Listening as %010x on %i MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacketdec(); + client.printpacket(packet); + sys.stdout.flush(); + if(sys.argv[1]=="txtest"): if len(sys.argv)>2: freq=eval(sys.argv[2]);