Carrier and specan shellcode for CC1110.
[goodfet] / client / GoodFETCC.py
1 #!/usr/bin/env python
2 # GoodFET Client Library
3
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
5 #
6 # This code is being rewritten and refactored.  You've been warned!
7
8 import sys;
9 import binascii;
10
11 from GoodFET import GoodFET;
12 from intelhex import IntelHex;
13
14 import xml.dom.minidom, time, os;
15
16 class GoodFETCC(GoodFET):
17     """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
18     APP=0x30;
19     
20     smartrfpath=None;
21     def __init__(self,filename=None):
22         """GoodFETCC constructor.
23         Mostly concerned with finding SmartRF7."""
24         if self.smartrfpath==None:
25             self.smartrfpath=os.environ.get("SMARTRF");
26         if self.smartrfpath==None and os.name=='nt':
27             pf=os.environ['PROGRAMFILES'];
28             self.smartrfpath="%s\\\\Texas Instruments\\\\SmartRF Tools\\\\SmartRF Studio 7" % pf;
29             
30         if self.smartrfpath==None:
31             self.smartrfpath="/opt/smartrf7";
32         
33     haveloadedsymbols=False;
34     def loadsymbols(self):
35         if self.haveloadedsymbols:
36             return;
37         try:
38             self.SRF_loadsymbols();
39             self.haveloadedsymbols=True;
40         except:
41             print "SmartRF not found for this chip.";
42     def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
43         """Loads the chip XML definitions from SmartRF7."""
44         fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
45         #print "Opening %s" % fn;
46         return xml.dom.minidom.parse(fn)
47         
48     def CMDrs(self,args=[]):
49         """Chip command to grab the radio state."""
50         #try:
51         self.SRF_radiostate();
52         #except:
53         #    print "Error printing radio state.";
54         #    print "SmartRF not found at %s." % self.smartrfpath;
55     def SRF_bitfieldstr(self,bf):
56         name="unused";
57         start=0;
58         stop=0;
59         access="";
60         reset="0x00";
61         description="";
62         for e in bf.childNodes:
63             if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
64             elif e.localName=="Start": start=e.childNodes[0].nodeValue;
65             elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
66         return "   [%s:%s] %30s " % (start,stop,name);
67
68     def SRF_radiostate(self):
69         ident=self.CCident();
70         chip=self.CCversions.get(ident&0xFF00);
71         dom=self.SRF_chipdom(chip,"register_definition.xml");
72         for e in dom.getElementsByTagName("registerdefinition"):
73             for f in e.childNodes:
74                 if f.localName=="DeviceName":
75                     print "// %s RadioState" % (f.childNodes[0].nodeValue);
76                 elif f.localName=="Register":
77                     name="unknownreg";
78                     address="0xdead";
79                     description="";
80                     bitfields="";
81                     for g in f.childNodes:
82                         if g.localName=="Name":
83                             name=g.childNodes[0].nodeValue;
84                         elif g.localName=="Address":
85                             address=g.childNodes[0].nodeValue;
86                         elif g.localName=="Description":
87                             if g.childNodes:
88                                 description=g.childNodes[0].nodeValue;
89                         elif g.localName=="Bitfield":
90                             bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
91                     #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
92                     print "%-10s=0x%02x; /* %-50s */" % (
93                         name,self.CCpeekdatabyte(eval(address)), description);
94                     if bitfields!="": print bitfields.rstrip();
95
96     def SRF_radiostate_select(self,args=[]):
97         lreg = []
98         ident=self.CCident();
99         chip=self.CCversions.get(ident&0xFF00);
100         dom=self.SRF_chipdom(chip,"register_definition.xml");
101         for reg in args:
102             if reg.lower() == "help":
103                 lreg = "help"
104                 break
105             lreg.append(reg.lower())
106         for e in dom.getElementsByTagName("registerdefinition"):
107             for f in e.childNodes:
108                 if f.localName=="DeviceName":
109                     print "// %s RadioState" % (f.childNodes[0].nodeValue);
110                 elif f.localName=="Register":
111                     name="unknownreg";
112                     address="0xdead";
113                     description="";
114                     bitfields="";
115                     for g in f.childNodes:
116                         if g.localName=="Name":
117                             name=g.childNodes[0].nodeValue;
118                         elif g.localName=="Address":
119                             address=g.childNodes[0].nodeValue;
120                         elif g.localName=="Description":
121                             if g.childNodes:
122                                 description=g.childNodes[0].nodeValue;
123                         elif g.localName=="Bitfield":
124                             bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
125                     #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
126                     if lreg == "help":
127                         print "%-10s /* %-50s */" % (name, description);
128                     elif name.lower() in lreg:
129                         print "%-10s=0x%02x; /* %-50s */" % (
130                             name,self.CCpeekdatabyte(eval(address)), description);
131                         if bitfields!="": print bitfields.rstrip();
132
133     def RF_setfreq(self,frequency):
134         """Set the frequency in Hz."""
135         #FIXME CC1110 specific
136         #Some frequencies fail, probably and FSCAL thing.
137         
138         hz=frequency;
139         freq=int(hz/396.728515625);
140         
141         freq0=freq&0xFF;
142         freq1=(freq&0xFF00)>>8;
143         freq2=(freq&0xFF0000)>>16;
144         
145         self.pokebysym("FREQ2",freq2);
146         self.pokebysym("FREQ1",freq1);
147         self.pokebysym("FREQ0",freq0);
148         
149         self.pokebysym("TEST1",0x31);
150         self.pokebysym("TEST0",0x09);
151         
152         
153         #self.pokebysym("FSCAL2" ,   0x2A);  #above mid
154         self.pokebysym("FSCAL2" ,   0x0A);  #beneath mid
155         
156         #self.CC_RFST_CAL(); #SCAL
157         #time.sleep(1);
158     
159         
160     def RF_getfreq(self):
161         """Get the frequency in Hz."""
162         #FIXME CC1110 specific
163         
164         #return (2400+self.peek(0x05))*10**6
165         #self.poke(0x05,chan);
166         
167         #freq2=self.CCpeekdatabyte(0xdf09);
168         #freq1=self.CCpeekdatabyte(0xdf0a);
169         #freq0=self.CCpeekdatabyte(0xdf0b);
170         freq=0;
171         try:
172             freq2=self.peekbysym("FREQ2");
173             freq1=self.peekbysym("FREQ1");
174             freq0=self.peekbysym("FREQ0");
175             freq=(freq2<<16)+(freq1<<8)+freq0;
176         except:
177             freq=0;
178             
179         hz=freq*396.728515625;
180         
181         return hz;
182     
183     def RF_getchannel(self):
184         """Get the hex channel."""
185         #FIXME CC1110 specific
186         freq=0;
187         try:
188             freq2=self.peekbysym("FREQ2");
189             freq1=self.peekbysym("FREQ1");
190             freq0=self.peekbysym("FREQ0");
191             freq=(freq2<<16)+(freq1<<8)+freq0;
192         except:
193             freq=0;
194             
195         return freq;
196     
197     
198     lastshellcode="none";
199     def shellcodefile(self,filename,wait=1, alwaysreload=0):
200         """Run a fragment of shellcode by name."""
201         #FIXME: should identify chip model number, use shellcode for that chip.
202         
203         if self.lastshellcode!=filename or alwaysreload>0:
204             self.lastshellcode=filename;
205             file=__file__;
206             file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
207             #TODO make this generic
208             path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
209             filename=path+filename;
210         
211             #Load the shellcode.
212             h=IntelHex(filename);
213             for i in h._buf.keys():
214                 self.CCpokedatabyte(i,h[i]);
215         
216         #Execute it.
217         self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
218         self.resume();
219         while wait>0 and (0==self.CCstatus()&0x20):
220             a=1;
221             #time.sleep(0.1);
222             #print "Waiting for shell code to return.";
223         return;
224     def ishalted(self):
225         return self.CCstatus()&0x20;
226     def shellcode(self,code,wait=1):
227         """Copy a block of code into RAM and execute it."""
228         i=0;
229         ram=0xF000;
230         for byte in code:
231             self.pokebyte(0xF000+i,byte);
232             i=i+1;
233         #print "Code loaded, executing."
234         self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
235         self.resume();
236         while wait>0 and (0==self.CCstatus()&0x20):
237             a=1;
238             #time.sleep(0.1);
239             #print "Waiting for shell code to return.";
240         return;
241     def CC1110_crystal(self):
242         """Start the main crystal of the CC1110 oscillating, needed for radio use."""
243         code=[0x53, 0xBE, 0xFB, #anl SLEEP, #0xFB
244               #one:
245               0xE5, 0xBE,       #mov a,SLEEP
246               0x30, 0xE6, 0xFB, #jnb acc.6, back
247               0x53, 0xc6, 0xB8, #anl CLKCON, #0xB8
248               #two
249               0xE5, 0xC6,       #mov a,CLKCON
250               0x20, 0xE6, 0xFB, #jb acc.6, two
251               0x43, 0xBE, 0x04, #orl SLEEP, #0x04
252               0xA5,             #HALT
253               ];
254         self.shellcode(code);
255         
256         #Slower to load, but produced from C.
257         #self.shellcodefile("crystal.ihx");
258         return;
259     def RF_idle(self):
260         """Move the radio to its idle state."""
261         self.CC_RFST_IDLE();
262         return;
263     
264     #Chipcon RF strobes.  CC1110 specific
265     RFST_IDLE=0x04;
266     RFST_RX=0x02;
267     RFST_TX=0x03;
268     RFST_CAL=0x01;
269     def CC_RFST_IDLE(self):
270         """Switch the radio to idle mode, clearing overflows and errors."""
271         self.CC_RFST(self.RFST_IDLE);
272     def CC_RFST_TX(self):
273         """Switch the radio to TX mode."""
274         self.CC_RFST(self.RFST_TX);
275     def CC_RFST_RX(self):
276         """Switch the radio to RX mode."""
277         self.CC_RFST(self.RFST_RX);
278     def CC_RFST_CAL(self):
279         """Calibrate strobe the radio."""
280         self.CC_RFST(self.RFST_CAL);
281     def CC_RFST(self,state=RFST_IDLE):
282         RFST=0xDFE1
283         self.pokebyte(RFST,state); #Return to idle state.
284         return;
285     def config_dash7(self,band="lf"):
286         #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
287         #Waiting for official confirmation of the accuracy.
288
289         self.pokebysym("FSCTRL1"  , 0x08)   # Frequency synthesizer control.
290         self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
291         
292         #Don't change these while the radio is active.
293         self.pokebysym("FSCAL3"   , 0xEA)   # Frequency synthesizer calibration.
294         self.pokebysym("FSCAL2"   , 0x2A)   # Frequency synthesizer calibration.
295         self.pokebysym("FSCAL1"   , 0x00)   # Frequency synthesizer calibration.
296         self.pokebysym("FSCAL0"   , 0x1F)   # Frequency synthesizer calibration.
297         
298         if band=="ismeu" or band=="eu":
299             print "There is no official eu band for dash7."
300             self.pokebysym("FREQ2"    , 0x21)   # Frequency control word, high byte.
301             self.pokebysym("FREQ1"    , 0x71)   # Frequency control word, middle byte.
302             self.pokebysym("FREQ0"    , 0x7a)   # Frequency control word, low byte.
303         elif band=="ismus" or band=="us":
304             print "There is no official us band for dash7."
305             self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
306             self.pokebysym("FREQ1"    , 0xB1)   # Frequency control word, middle byte.
307             self.pokebysym("FREQ0"    , 0x3B)   # Frequency control word, low byte.
308         elif band=="ismlf" or band=="lf":
309             # 433.9198 MHz, same as Simpliciti.
310             self.pokebysym("FREQ2"    , 0x10)   # Frequency control word, high byte.
311             self.pokebysym("FREQ1"    , 0xB0)   # Frequency control word, middle byte.
312             self.pokebysym("FREQ0"    , 0x71)   # Frequency control word, low byte.
313         elif band=="none":
314             pass;
315         else:
316             #Got a frequency, not a band.
317             self.RF_setfreq(eval(band));
318         self.pokebysym("MDMCFG4"  , 0x8B)   # 62.5 kbps w/ 200 kHz filter
319         self.pokebysym("MDMCFG3"  , 0x3B)
320         self.pokebysym("MDMCFG2"  , 0x11)
321         self.pokebysym("MDMCFG1"  , 0x02)
322         self.pokebysym("MDMCFG0"  , 0x53)
323         self.pokebysym("CHANNR"   , 0x00)   # Channel zero.
324         self.pokebysym("DEVIATN"  , 0x50)   # 50 kHz deviation
325         
326         self.pokebysym("FREND1"   , 0xB6)   # Front end RX configuration.
327         self.pokebysym("FREND0"   , 0x10)   # Front end RX configuration.
328         self.pokebysym("MCSM2"    , 0x1E)
329         self.pokebysym("MCSM1"    , 0x3F)
330         self.pokebysym("MCSM0"    , 0x30)
331         self.pokebysym("FOCCFG"   , 0x1D)   # Frequency Offset Compensation Configuration.
332         self.pokebysym("BSCFG"    , 0x1E)   # 6.25% data error rate
333         
334         self.pokebysym("AGCCTRL2" , 0xC7)   # AGC control.
335         self.pokebysym("AGCCTRL1" , 0x00)   # AGC control.
336         self.pokebysym("AGCCTRL0" , 0xB2)   # AGC control.
337         
338         self.pokebysym("TEST2"    , 0x81)   # Various test settings.
339         self.pokebysym("TEST1"    , 0x35)   # Various test settings.
340         self.pokebysym("TEST0"    , 0x09)   # Various test settings.
341         self.pokebysym("PA_TABLE0", 0xc0)   # Max output power.
342         self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control, w/ lqi
343         #self.pokebysym("PKTCTRL1" , 0x00)   # Packet automation control. w/o lqi
344         self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
345         #self.pokebysym("PKTCTRL0" , 0x00)   # Packet automation control, w/o checksum, fixed length
346         self.pokebysym("ADDR"     , 0x01)   # Device address.
347         self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
348         
349         #Sync word hack
350         self.pokebysym("SYNC1",0x83);
351         self.pokebysym("SYNC0",0xFE);
352         return;
353     def config_iclicker(self,band="lf"):
354         #Mike Ossmann figured most of this out, with help from neighbors.
355         
356         self.pokebysym("FSCTRL1"  , 0x06)   # Frequency synthesizer control.
357         self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
358         
359         #Don't change these while the radio is active.
360         self.pokebysym("FSCAL3"   , 0xE9)
361         self.pokebysym("FSCAL2"   , 0x2A)
362         self.pokebysym("FSCAL1"   , 0x00)
363         self.pokebysym("FSCAL0"   , 0x1F)
364         
365         if band=="ismeu" or band=="eu":
366             print "The EU band is unknown.";
367         elif band=="ismus" or band=="us":
368             #905.5MHz
369             self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
370             self.pokebysym("FREQ1"    , 0xD3)   # Frequency control word, middle byte.
371             self.pokebysym("FREQ0"    , 0xAC)   # Frequency control word, low byte.
372         elif band=="ismlf" or band=="lf":
373             print "There is no LF version of the iclicker."
374         elif band=="none":
375             pass;
376         else:
377             #Got a frequency, not a band.
378             self.RF_setfreq(eval(band));
379         # 812.5kHz bandwidth, 152.34 kbaud
380         self.pokebysym("MDMCFG4"  , 0x1C)   
381         self.pokebysym("MDMCFG3"  , 0x80)
382         # no FEC, 2 byte preamble, 250kHz chan spacing
383         
384         #15/16 sync
385         #self.pokebysym("MDMCFG2"  , 0x01)
386         #16/16 sync
387         self.pokebysym("MDMCFG2"  , 0x02)
388         
389         self.pokebysym("MDMCFG1"  , 0x03)
390         self.pokebysym("MDMCFG0"  , 0x3b)
391         
392         self.pokebysym("CHANNR"   , 0x2e)   # Channel zero.
393         
394         #self.pokebysym("DEVIATN"  , 0x71)  # 118.5
395         self.pokebysym("DEVIATN"  , 0x72)   # 253.9 kHz deviation
396         
397         self.pokebysym("FREND1"   , 0x56)   # Front end RX configuration.
398         self.pokebysym("FREND0"   , 0x10)   # Front end RX configuration.
399         self.pokebysym("MCSM2"    , 0x07)
400         self.pokebysym("MCSM1"    , 0x30)   #Auto freq. cal.
401         self.pokebysym("MCSM0"    , 0x14)
402         
403         self.pokebysym("TEST2"    , 0x88)   # 
404         self.pokebysym("TEST1"    , 0x31)   # 
405         self.pokebysym("TEST0"    , 0x09)   # High VCO (Upper band.)
406         self.pokebysym("PA_TABLE0", 0xC0)   # Max output power.
407         self.pokebysym("PKTCTRL1" , 0x45)   # Preamble qualidy 2*4=6, adr check, status
408         self.pokebysym("PKTCTRL0" , 0x00)   # No whitening, CR, fixed len.
409         
410         self.pokebysym("PKTLEN"   , 0x09)   # Packet length.
411         
412         self.pokebysym("SYNC1",0xB0);
413         self.pokebysym("SYNC0",0xB0);
414         self.pokebysym("ADDR", 0xB0);
415         return;
416     def config_ook(self,band="none"):
417         self.pokebysym("FSCTRL1"  , 0x0C) #08   # Frequency synthesizer control.
418         self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
419         
420         #Don't change these while the radio is active.
421         self.pokebysym("FSCAL3"   , 0xEA)   # Frequency synthesizer calibration.
422         self.pokebysym("FSCAL2"   , 0x2A)   # Frequency synthesizer calibration.
423         self.pokebysym("FSCAL1"   , 0x00)   # Frequency synthesizer calibration.
424         self.pokebysym("FSCAL0"   , 0x1F)   # Frequency synthesizer calibration.
425         
426         if band=="ismeu" or band=="eu":
427             self.pokebysym("FREQ2"    , 0x21)   # Frequency control word, high byte.
428             self.pokebysym("FREQ1"    , 0x71)   # Frequency control word, middle byte.
429             self.pokebysym("FREQ0"    , 0x7a)   # Frequency control word, low byte.
430         elif band=="ismus" or band=="us":
431             self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
432             self.pokebysym("FREQ1"    , 0xB1)   # Frequency control word, middle byte.
433             self.pokebysym("FREQ0"    , 0x3B)   # Frequency control word, low byte.
434         elif band=="ismlf" or band=="lf":
435             self.pokebysym("FREQ2"    , 0x0C)   # Frequency control word, high byte.
436             self.pokebysym("FREQ1"    , 0x1D)   # Frequency control word, middle byte.
437             self.pokebysym("FREQ0"    , 0x89)   # Frequency control word, low byte.
438         elif band=="none":
439             pass;
440         else:
441             #Got a frequency, not a band.
442             self.RF_setfreq(eval(band));
443         
444         #data rate
445         #~1
446         #self.pokebysym("MDMCFG4"  , 0x85)
447         #self.pokebysym("MDMCFG3"  , 0x83)
448         #0.5
449         #self.pokebysym("MDMCFG4"  , 0xf4)
450         #self.pokebysym("MDMCFG3"  , 0x43)
451         #2.4
452         #self.pokebysym("MDMCFG4"  , 0xf6)
453         #self.pokebysym("MDMCFG3"  , 0x83)
454         
455         #4.8 kbaud
456         #print "Warning: Default to 4.8kbaud.";
457         #self.pokebysym("MDMCFG4"  , 0xf7)
458         #self.pokebysym("MDMCFG3"  , 0x83)
459         #9.6 kbaud
460         #print "Warning: Default to 9.6kbaud.";
461         #
462         
463         self.pokebysym("MDMCFG4"  , 0xf8)
464         self.pokebysym("MDMCFG3"  , 0x83)
465         self.pokebysym("MDMCFG2"  , 0x34)   # OOK, carrier-sense, no-manchester
466         
467         #Kind aright for keeloq
468         print "Warning: Guessing baud rate.";
469         #self.pokebysym("MDMCFG4"  , 0xf6)
470         #self.pokebysym("MDMCFG3"  , 0x93)
471         #self.pokebysym("MDMCFG2"  , 0x3C)   # OOK, carrier-sense, manchester
472         
473         self.pokebysym("MDMCFG1"  , 0x00)   # Modem configuration.
474         self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
475         self.pokebysym("CHANNR"   , 0x00)   # Channel number.
476         
477         self.pokebysym("FREND1"   , 0x56)   # Front end RX configuration.
478         self.pokebysym("FREND0"   , 0x11)   # Front end RX configuration.
479         self.pokebysym("MCSM0"    , 0x18)   # Main Radio Control State Machine configuration.
480         #self.pokebysym("FOCCFG"   , 0x1D)   # Frequency Offset Compensation Configuration.
481         #self.pokebysym("BSCFG"    , 0x1C)   # Bit synchronization Configuration.
482         
483         #self.pokebysym("AGCCTRL2" , 0xC7)   # AGC control.
484         #self.pokebysym("AGCCTRL1" , 0x00)   # AGC control.
485         #self.pokebysym("AGCCTRL0" , 0xB2)   # AGC control.
486         
487         self.pokebysym("TEST2"    , 0x81)   # Various test settings.
488         self.pokebysym("TEST1"    , 0x35)   # Various test settings.
489         self.pokebysym("TEST0"    , 0x0B)   # Various test settings.
490         self.pokebysym("PA_TABLE0", 0xc2)   # Max output power.
491         self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control, w/ lqi
492         #self.pokebysym("PKTCTRL1" , 0x00)   # Packet automation control. w/o lqi
493         #self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
494         self.pokebysym("PKTCTRL0" , 0x00)   # Packet automation control, w/o checksum, fixed length
495         self.pokebysym("ADDR"     , 0x01)   # Device address.
496         self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
497         
498         self.pokebysym("SYNC1",0xD3);
499         self.pokebysym("SYNC0",0x91);
500         
501     def config_simpliciti(self,band="none"):
502         self.pokebysym("FSCTRL1"  , 0x0C) #08   # Frequency synthesizer control.
503         self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
504         
505         #Don't change these while the radio is active.
506         self.pokebysym("FSCAL3"   , 0xEA)   # Frequency synthesizer calibration.
507         self.pokebysym("FSCAL2"   , 0x2A)   # Frequency synthesizer calibration.
508         self.pokebysym("FSCAL1"   , 0x00)   # Frequency synthesizer calibration.
509         self.pokebysym("FSCAL0"   , 0x1F)   # Frequency synthesizer calibration.
510         
511         if band=="ismeu" or band=="eu":
512             self.pokebysym("FREQ2"    , 0x21)   # Frequency control word, high byte.
513             self.pokebysym("FREQ1"    , 0x71)   # Frequency control word, middle byte.
514             self.pokebysym("FREQ0"    , 0x7a)   # Frequency control word, low byte.
515         elif band=="ismus" or band=="us":
516             self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
517             self.pokebysym("FREQ1"    , 0xB1)   # Frequency control word, middle byte.
518             self.pokebysym("FREQ0"    , 0x3B)   # Frequency control word, low byte.
519         elif band=="ismlf" or band=="lf":
520             self.pokebysym("FREQ2"    , 0x10)   # Frequency control word, high byte.
521             self.pokebysym("FREQ1"    , 0xB0)   # Frequency control word, middle byte.
522             self.pokebysym("FREQ0"    , 0x71)   # Frequency control word, low byte.
523         elif band=="none":
524             band="none";
525         else:
526             #Got a frequency, not a band.
527             self.RF_setfreq(eval(band));
528         self.pokebysym("MDMCFG4"  , 0x7B)   # Modem configuration.
529         self.pokebysym("MDMCFG3"  , 0x83)   # Modem configuration.
530         self.pokebysym("MDMCFG2"  , 0x13)   # Modem configuration.
531         self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
532         self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
533         if band=="ismus" or band=="us":
534             self.pokebysym("CHANNR"   , 20)   # Channel number.
535         else:
536             self.pokebysym("CHANNR"   , 0x00)   # Channel number.
537         self.pokebysym("DEVIATN"  , 0x42)   # Modem deviation setting (when FSK modulation is enabled).
538         
539         self.pokebysym("FREND1"   , 0xB6)   # Front end RX configuration.
540         self.pokebysym("FREND0"   , 0x10)   # Front end RX configuration.
541         self.pokebysym("MCSM0"    , 0x18)   # Main Radio Control State Machine configuration.
542         self.pokebysym("FOCCFG"   , 0x1D)   # Frequency Offset Compensation Configuration.
543         self.pokebysym("BSCFG"    , 0x1C)   # Bit synchronization Configuration.
544         
545         self.pokebysym("AGCCTRL2" , 0xC7)   # AGC control.
546         self.pokebysym("AGCCTRL1" , 0x00)   # AGC control.
547         self.pokebysym("AGCCTRL0" , 0xB2)   # AGC control.
548         
549         self.pokebysym("TEST2"    , 0x81)   # Various test settings.
550         self.pokebysym("TEST1"    , 0x35)   # Various test settings.
551         self.pokebysym("TEST0"    , 0x09)   # Various test settings.
552         self.pokebysym("PA_TABLE0", 0xc0)   # Max output power.
553         self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control, w/ lqi
554         #self.pokebysym("PKTCTRL1" , 0x00)   # Packet automation control. w/o lqi
555         self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
556         #self.pokebysym("PKTCTRL0" , 0x00)   # Packet automation control, w/o checksum, fixed length
557         self.pokebysym("ADDR"     , 0x01)   # Device address.
558         self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
559         
560         self.pokebysym("SYNC1",0xD3);
561         self.pokebysym("SYNC0",0x91);
562         
563     def RF_carrier(self):
564         """Hold a carrier wave on the present frequency."""
565         
566         self.CC1110_crystal(); #FIXME, '1110 specific.
567         self.RF_idle();
568         
569         
570         RFST=0xDFE1;
571         
572         self.config_simpliciti();
573         
574         #Don't change these while the radio is active.
575         #self.pokebysym("FSCAL3"   , 0xA9)   # Frequency synthesizer calibration.
576         #self.pokebysym("FSCAL2"   , 0x0A)   # Frequency synthesizer calibration.
577         #self.pokebysym("FSCAL1"   , 0x00)   # Frequency synthesizer calibration.
578         #self.pokebysym("FSCAL0"   , 0x11)   # Frequency synthesizer calibration.
579         
580         #Ramp up the power.
581         #self.pokebysym("PA_TABLE0", 0xFF)   # PA output power setting.
582         
583         #This is what drops to OOK.
584         #Comment to keep GFSK, might be better at jamming.
585         self.pokebysym("MDMCFG4"  , 0x86)   # Modem configuration.
586         self.pokebysym("MDMCFG3"  , 0x83)   # Modem configuration.
587         self.pokebysym("MDMCFG2"  , 0x30)   # Modem configuration.
588         self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
589         self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
590         
591         self.pokebysym("SYNC1",0xAA);
592         self.pokebysym("SYNC0",0xAA);
593         
594         #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX); 
595         state=0;
596         
597         while((state!=0x13)):
598             self.pokebyte(RFST,0x03); #RFST=RFST_STX
599             time.sleep(0.1);
600             state=self.peekbysym("MARCSTATE")&0x1F;
601             #print "state=%02x" % state;
602         print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
603         
604         return;
605             
606     def RF_getsmac(self):
607         """Return the source MAC address."""
608         
609         #Register 0A is RX_ADDR_P0, five bytes.
610         mac=self.peekbysym("ADDR");
611         return mac;
612     def RF_setsmac(self,mac):
613         """Set the source MAC address."""
614         self.pokebysym("ADDR",mac);
615         return 0;
616     def RF_gettmac(self):
617         """Return the target MAC address."""
618         return 0;
619     def RF_settmac(self,mac):
620         """Set the target MAC address."""
621         return 0;
622     def RF_rxpacket(self):
623         """Get a packet from the radio.  Returns None if none is waiting."""
624         self.shellcodefile("rxpacket.ihx");
625         len=self.peek8(0xFE00,"xdata");
626         return self.peekblock(0xFE00,len+3,"data");
627     def RF_txpacket(self,packet):
628         """Transmit a packet.  Untested."""
629         
630         self.pokeblock(0xFE00,packet,"data");
631         self.shellcodefile("txpacket.ihx");
632         return;
633     def RF_txrxpacket(self,packet):
634         """Transmit a packet.  Untested."""
635         
636         self.pokeblock(0xFE00,packet,"data");
637         self.shellcodefile("txrxpacket.ihx");
638         len=self.peek8(0xFE00,"xdata");
639         return self.peekblock(0xFE00,len+3,"data");
640
641     def RF_getrssi(self):
642         """Returns the received signal strenght, with a weird offset."""
643         try:
644             rssireg=self.symbols.get("RSSI");
645             return self.CCpeekdatabyte(rssireg)^0x80;
646         except:
647             if self.verbose>0: print "RSSI reg doesn't exist.";
648         try:
649             #RSSI doesn't exist on some 2.4GHz devices.  Maybe RSSIL and RSSIH?
650             rssilreg=self.symbols.get("RSSIL");
651             rssil=self.CCpeekdatabyte(rssilreg);
652             rssihreg=self.symbols.get("RSSIL");
653             rssih=self.CCpeekdatabyte(rssihreg);
654             return (rssih<<8)|rssil;
655         except:
656             if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
657         
658         return 0;
659     
660     def SRF_loadsymbols(self):
661         ident=self.CCident();
662         chip=self.CCversions.get(ident&0xFF00);
663         dom=self.SRF_chipdom(chip,"register_definition.xml");
664         for e in dom.getElementsByTagName("registerdefinition"):
665             for f in e.childNodes:
666                 if f.localName=="Register":
667                     name="unknownreg";
668                     address="0xdead";
669                     description="";
670                     bitfields="";
671                     for g in f.childNodes:
672                         if g.localName=="Name":
673                             name=g.childNodes[0].nodeValue;
674                         elif g.localName=="Address":
675                             address=g.childNodes[0].nodeValue;
676                         elif g.localName=="Description":
677                             if g.childNodes:
678                                 description=g.childNodes[0].nodeValue;
679                         elif g.localName=="Bitfield":
680                             bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
681                     #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
682                     self.symbols.define(eval(address),name,description,"data");
683     def halt(self):
684         """Halt the CPU."""
685         self.CChaltcpu();
686     def CChaltcpu(self):
687         """Halt the CPU."""
688         self.writecmd(self.APP,0x86,0,self.data);
689     def resume(self):
690         self.CCreleasecpu();
691     def CCreleasecpu(self):
692         """Resume the CPU."""
693         self.writecmd(self.APP,0x87,0,self.data);
694     def test(self):
695         self.CCreleasecpu();
696         self.CChaltcpu();
697         #print "Status: %s" % self.CCstatusstr();
698         
699         #Grab ident three times, should be equal.
700         ident1=self.CCident();
701         ident2=self.CCident();
702         ident3=self.CCident();
703         if(ident1!=ident2 or ident2!=ident3):
704             print "Error, repeated ident attempts unequal."
705             print "%04x, %04x, %04x" % (ident1, ident2, ident3);
706         
707         #Single step, printing PC.
708         print "Tracing execution at startup."
709         for i in range(1,15):
710             pc=self.CCgetPC();
711             byte=self.CCpeekcodebyte(i);
712             #print "PC=%04x, %02x" % (pc, byte);
713             self.CCstep_instr();
714         
715         print "Verifying that debugging a NOP doesn't affect the PC."
716         for i in range(1,15):
717             pc=self.CCgetPC();
718             self.CCdebuginstr([0x00]);
719             if(pc!=self.CCgetPC()):
720                 print "ERROR: PC changed during CCdebuginstr([NOP])!";
721         
722         print "Checking pokes to XRAM."
723         for i in range(self.execbuf,self.execbuf+0x20):
724             self.CCpokedatabyte(i,0xde);
725             if(self.CCpeekdatabyte(i)!=0xde):
726                 print "Error in XDATA at 0x%04x" % i;
727         
728         #print "Status: %s." % self.CCstatusstr();
729         #Exit debugger
730         self.stop();
731         print "Done.";
732
733     def setup(self):
734         """Move the FET into the Chipcon 8051 application."""
735         #print "Initializing Chipcon.";
736         self.writecmd(self.APP,0x10,0,self.data);
737     def CCrd_config(self):
738         """Read the config register of a Chipcon."""
739         self.writecmd(self.APP,0x82,0,self.data);
740         return ord(self.data[0]);
741     def CCwr_config(self,config):
742         """Write the config register of a Chipcon."""
743         self.writecmd(self.APP,0x81,1,[config&0xFF]);
744     def CClockchip(self):
745         """Set the flash lock bit in info mem."""
746         self.writecmd(self.APP, 0x9A, 0, None);
747     def lock(self):
748         """Set the flash lock bit in info mem."""
749         self.CClockchip();
750     
751
752     CCversions={0x0100:"CC1110",
753                 0x1100:"CC1111",
754                 0x8500:"CC2430",
755                 0x8900:"CC2431",
756                 0x8100:"CC2510",
757                 0x9100:"CC2511",
758                 0xA500:"CC2530", #page 57 of SWRU191B
759                 0xB500:"CC2531",
760                 0x9500:"CC2533",
761                 0x8D00:"CC2540",
762                 0xFF00:"CCmissing"};
763     execbuf=None;
764     CCexecbuf= {0x0100:0xF000,
765                 0x1100:0xF000,
766                 0x8500:0xF000,
767                 0x8900:0xF000,
768                 0x8100:0xF000,
769                 0x9100:0xF000,
770                 0xA500:0x0000, #CC2530
771                 0xB500:0x8000,
772                 0x9500:0x8000,
773                 0x8D00:0x8000,
774                 0xFF00:None} #missing
775     CCpagesizes={0x01: 1024, #"CC1110",
776                  0x11: 1024, #"CC1111",
777                  0x85: 2048, #"CC2430",
778                  0x89: 2048, #"CC2431",
779                  0x81: 1024, #"CC2510",
780                  0x91: 1024, #"CC2511",
781                  0xA5: 2048, #"CC2530", #page 57 of SWRU191B
782                  0xB5: 2048, #"CC2531",
783                  0x95: 2048, #"CC2533",
784                  0x8D: 2048, #"CC2540",
785                  0xFF: None}
786     def infostring(self):
787         return self.CCidentstr();
788     def CCidentstr(self):
789         ident=self.CCident();
790         chip=self.CCversions.get(ident&0xFF00);
791         execbuf=self.CCexecbuf.get(ident&0xFF00);
792         pagesize=self.CCpagesizes.get(ident>0xFF);
793         self.execbuf=execbuf;
794         
795         try:
796             return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize); 
797         except:
798             return "%04x" % ident;
799     def CCident(self):
800         """Get a chipcon's ID."""
801         self.writecmd(self.APP,0x8B,0,None);
802         chip=ord(self.data[0]);
803         rev=ord(self.data[1]);
804         return (chip<<8)+rev;
805     def CCpagesize(self):
806         """Get a chipcon's ID."""
807         self.writecmd(self.APP,0x8B,0,None);
808         chip=ord(self.data[0]);
809         size=self.CCpagesizes.get(chip);
810         if(size<10):
811             print "ERROR: Pagesize undefined.";
812             print "chip=%0.4x" %chip;
813             sys.exit(1);
814             #return 2048;
815         return size;
816     def getpc(self):
817         return self.CCgetPC();
818     def CCgetPC(self):
819         """Get a chipcon's PC."""
820         self.writecmd(self.APP,0x83,0,None);
821         hi=ord(self.data[0]);
822         lo=ord(self.data[1]);
823         return (hi<<8)+lo;
824     def CCcmd(self,phrase):
825         self.writecmd(self.APP,0x00,len(phrase),phrase);
826         val=ord(self.data[0]);
827         print "Got %02x" % val;
828         return val;
829     def CCdebuginstr(self,instr):
830         self.writecmd(self.APP,0x88,len(instr),instr);
831         return ord(self.data[0]);
832     #def peekblock(self,adr,length,memory="vn"):
833     #    """Return a block of data, broken"""
834     #    data=[adr&0xff, (adr&0xff00)>>8,
835     #          length&0xFF,(length&0xFF00)>>8];
836     #    self.writecmd(self.APP,0x91,4,data);
837     #    return [ord(x) for x in self.data]
838     def peek8(self,address, memory="code"):
839         if(memory=="code" or memory=="flash" or memory=="vn"):
840             return self.CCpeekcodebyte(address);
841         elif(memory=="data" or memory=="xdata" or memory=="ram"):
842             return self.CCpeekdatabyte(address);
843         elif(memory=="idata" or memory=="iram"):
844             return self.CCpeekirambyte(address);
845         print "%s is an unknown memory." % memory;
846         return 0xdead;
847     def CCpeekcodebyte(self,adr):
848         """Read the contents of code memory at an address."""
849         self.data=[adr&0xff, (adr&0xff00)>>8];
850         self.writecmd(self.APP,0x90,2,self.data);
851         return ord(self.data[0]);
852     def CCpeekdatabyte(self,adr):
853         """Read the contents of data memory at an address."""
854         self.data=[adr&0xff, (adr&0xff00)>>8];
855         self.writecmd(self.APP,0x91, 2, self.data);
856         return ord(self.data[0]);
857     def CCpeekirambyte(self,adr):
858         """Read the contents of IRAM at an address."""
859         self.data=[adr&0xff];
860         self.writecmd(self.APP,0x02, 1, self.data);
861         return ord(self.data[0]);
862     def CCpeekiramword(self,adr):
863         """Read the little-endian contents of IRAM at an address."""
864         return self.CCpeekirambyte(adr)+(
865             self.CCpeekirambyte(adr+1)<<8);
866     def CCpokeiramword(self,adr,val):
867         self.CCpokeirambyte(adr,val&0xff);
868         self.CCpokeirambyte(adr+1,(val>>8)&0xff);
869     def CCpokeirambyte(self,adr,val):
870         """Write the contents of IRAM at an address."""
871         self.data=[adr&0xff, val&0xff];
872         self.writecmd(self.APP,0x02, 2, self.data);
873         return ord(self.data[0]);
874     def pokebyte(self,adr,val,mem="xdata"):
875         self.CCpokedatabyte(adr,val);
876     def CCpokedatabyte(self,adr,val):
877         """Write a byte to data memory."""
878         self.data=[adr&0xff, (adr&0xff00)>>8, val];
879         self.writecmd(self.APP, 0x92, 3, self.data);
880         return ord(self.data[0]);
881     def CCchiperase(self):
882         """Erase all of the target's memory."""
883         self.writecmd(self.APP,0x80,0,None);
884     def erase(self):
885         """Erase all of the target's memory."""
886         self.CCchiperase();
887         self.start();
888     
889     def CCstatus(self):
890         """Check the status."""
891         self.writecmd(self.APP,0x84,0,None);
892         return ord(self.data[0])
893     #Same as CC2530
894     CCstatusbits={0x80 : "erase_busy",
895                   0x40 : "pcon_idle",
896                   0x20 : "cpu_halted",
897                   0x10 : "pm0",
898                   0x08 : "halt_status",
899                   0x04 : "locked",
900                   0x02 : "oscstable",
901                   0x01 : "overflow"
902                   };
903     CCconfigbits={0x20 : "soft_power_mode",   #new for CC2530
904                   0x08 : "timers_off",
905                   0x04 : "dma_pause",
906                   0x02 : "timer_suspend",
907                   0x01 : "sel_flash_info_page" #stricken from CC2530
908                   };
909                   
910     def status(self):
911         """Check the status as a string."""
912         status=self.CCstatus();
913         str="";
914         i=1;
915         while i<0x100:
916             if(status&i):
917                 str="%s %s" %(self.CCstatusbits[i],str);
918             i*=2;
919         return str;
920     def start(self):
921         """Start debugging."""
922         ident=0x0000;
923         #while ident==0xFFFF or ident==0x0000:
924         self.setup();
925         self.writecmd(self.APP,0x20,0,self.data);
926         identa=self.CCident();
927         self.CCidentstr();
928         
929         ident=self.CCident();
930         #Get SmartRF Studio regs if they exist.
931         self.loadsymbols(); 
932         print "Status: %s" % self.status();
933     def stop(self):
934         """Stop debugging."""
935         self.writecmd(self.APP,0x21,0,self.data);
936     def CCstep_instr(self):
937         """Step one instruction."""
938         self.writecmd(self.APP,0x89,0,self.data);
939     def CCeraseflashbuffer(self):
940         """Erase the 2kB flash buffer"""
941         self.writecmd(self.APP,0x99);
942     def CCflashpage(self,adr):
943         """Flash 2kB a page of flash from 0xF000 in XDATA"""
944         data=[adr&0xFF,
945               (adr>>8)&0xFF,
946               (adr>>16)&0xFF,
947               (adr>>24)&0xFF];
948         print "Flashing buffer to 0x%06x" % adr;
949         self.writecmd(self.APP,0x95,4,data);
950     
951     def setsecret(self,value):
952         """Set a secret word for later retreival.  Used by glitcher."""
953         page = 0x0000;
954         pagelen = self.CCpagesize(); #Varies by chip.
955         print "page=%04x, pagelen=%04x" % (page,pagelen);
956         
957         self.CCeraseflashbuffer();
958         print "Setting secret to %x" % value;
959         self.CCpokedatabyte(0xF000,value);
960         self.CCpokedatabyte(0xF800,value);
961         print "Setting secret to %x==%x" % (value,
962                                             self.CCpeekdatabyte(0xf000));
963         self.CCflashpage(0);
964         print "code[0]=%x" % self.CCpeekcodebyte(0);
965     def getsecret(self):
966         """Get a secret word.  Used by glitcher."""
967         secret=self.CCpeekcodebyte(0);
968         #print "Got secret %02x" % secret;
969         return secret;
970     
971     #FIXME: This is CC1110-specific and duplicates functionality of 
972     #       SmartRF7 integration.
973     CCspecfuncregs={
974         'P0':0x80,
975         'SP':0x81,
976         'DPL0':0x82,
977         'DPH0':0x83,
978         'DPL1':0x84,
979         'DPH1':0x85,
980         'U0CSR':0x86,
981         'PCON':0x87,
982         'TCON':0x88,
983         'P0IFG':0x89,
984         'P1IFG':0x8A,
985         'P2IFG':0x8B,
986         'PICTL':0x8C,
987         'P1IEN':0x8D,
988         'P0INP':0x8F,
989         'P1':0x90,
990         'RFIM':0x91,
991         'DPS':0x92,
992         'MPAGE':0x93,
993         'ENDIAN':0x95,
994         'S0CON':0x98,
995         'IEN2':0x9A,
996         'S1CON':0x9B,
997         'T2CT':0x9C,
998         'T2PR':0x9D,
999         'T2CTL':0x9E,
1000         'P2':0xA0,
1001         'WORIRQ':0xA1,
1002         'WORCTRL':0xA2,
1003         'WOREVT0':0xA3,
1004         'WOREVT1':0xA4,
1005         'WORTIME0':0xA5,
1006         'WORTIME1':0xA6,
1007         'IEN0':0xA8,
1008         'IP0':0xA9,
1009         'FWT':0xAB,
1010         'FADDRL':0xAC,
1011         'FADDRH':0xAD,
1012         'FCTL':0xAE,
1013         'FWDATA':0xAF,
1014         'ENCDI':0xB1,
1015         'ENCDO':0xB2,
1016         'ENCCS':0xB3,
1017         'ADCCON1':0xB4,
1018         'ADCCON2':0xB5,
1019         'ADCCON3':0xB6,
1020         'IEN1':0xB8,
1021         'IP1':0xB9,
1022         'ADCL':0xBA,
1023         'ADCH':0xBB,
1024         'RNDL':0xBC,
1025         'RNDH':0xBD,
1026         'SLEEP':0xBE,
1027         'IRCON':0xC0,
1028         'U0DBUF':0xC1,
1029         'U0BAUD':0xC2,
1030         'U0UCR':0xC4,
1031         'U0GCR':0xC5,
1032         'CLKCON':0xC6,
1033         'MEMCTR':0xC7,
1034         'WDCTL':0xC9,
1035         'T3CNT':0xCA,
1036         'T3CTL':0xCB,
1037         'T3CCTL0':0xCC,
1038         'T3CC0':0xCD,
1039         'T3CCTL1':0xCE,
1040         'T3CC1':0xCF,
1041         'PSW':0xD0,
1042         'DMAIRQ':0xD1,
1043         'DMA1CFGL':0xD2,
1044         'DMA1CFGH':0xD3,
1045         'DMA0CFGL':0xD4,
1046         'DMA0CFGH':0xD5,
1047         'DMAARM':0xD6,
1048         'DMAREQ':0xD7,
1049         'TIMIF':0xD8,
1050         'RFD':0xD9,
1051         'T1CC0L':0xDA,
1052         'T1CC0H':0xDB,
1053         'T1CC1L':0xDC,
1054         'T1CC1H':0xDD,
1055         'T1CC2L':0xDE,
1056         'T1CC2H':0xDF,
1057         'ACC':0xE0,
1058         'RFST':0xE1,
1059         'T1CNTL':0xE2,
1060         'T1CNTH':0xE3,
1061         'T1CTL':0xE4,
1062         'T1CCTL0':0xE5,
1063         'T1CCTL1':0xE6,
1064         'T1CCTL2':0xE7,
1065         'IRCON2':0xE8,
1066         'RFIF':0xE9,
1067         'T4CNT':0xEA,
1068         'T4CTL':0xEB,
1069         'T4CCTL0':0xEC,
1070         'T4CC0':0xED,
1071         'T4CCTL1':0xEE,
1072         'T4CC1':0xEF,
1073         'B':0xF0,
1074         'PERCFG':0xF1,
1075         'ADCCFG':0xF2,
1076         'P0SEL':0xF3,
1077         'P1SEL':0xF4,
1078         'P2SEL':0xF5,
1079         'P1INP':0xF6,
1080         'P2INP':0xF7,
1081         'U1CSR':0xF8,
1082         'U1DBUF':0xF9,
1083         'U1BAUD':0xFA,
1084         'U1UCR':0xFB,
1085         'U1GCR':0xFC,
1086         'P0DIR':0xFD,
1087         'P1DIR':0xFE,
1088         'P2DIR':0xFF
1089     }
1090     def getSPR(self,args=[]):
1091         """Get special function registers."""
1092         print "Special Function Registers:"
1093         if len(args):
1094             for e in args:
1095                 print "    %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1096         else:
1097             for e in self.CCspecfuncregs.keys():
1098                 print "    %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
1099     
1100     def dump(self,file,start=0,stop=0xffff):
1101         """Dump an intel hex file from code memory."""
1102         print "Dumping code from %04x to %04x as %s." % (start,stop,file);
1103         h = IntelHex(None);
1104         i=start;
1105         while i<=stop:
1106             h[i]=self.CCpeekcodebyte(i);
1107             if(i%0x100==0):
1108                 print "Dumped %04x."%i;
1109                 h.write_hex_file(file); #buffer to disk.
1110             i+=1;
1111         h.write_hex_file(file);
1112
1113     def flash(self,file):
1114         """Flash an intel hex file to code memory."""
1115         print "Flashing %s" % file;
1116         
1117         h = IntelHex(file);
1118         page = 0x0000;
1119         pagelen = self.CCpagesize(); #Varies by chip.
1120         
1121         #print "page=%04x, pagelen=%04x" % (page,pagelen);
1122         
1123         bcount = 0;
1124         
1125         #Wipe the RAM buffer for the next flash page.
1126         self.CCeraseflashbuffer();
1127         for i in h._buf.keys():
1128             while(i>=page+pagelen):
1129                 if bcount>0:
1130                     self.CCflashpage(page);
1131                     #client.CCeraseflashbuffer();
1132                     bcount=0;
1133                     print "Flashed page at %06x" % page
1134                 page+=pagelen;
1135                     
1136             #Place byte into buffer.
1137             self.CCpokedatabyte(0xF000+i-page,
1138                                 h[i]);
1139             bcount+=1;
1140             if(i%0x100==0):
1141                 print "Buffering %04x toward %06x" % (i,page);
1142         #last page
1143         self.CCflashpage(page);
1144         print "Flashed final page at %06x" % page;
1145