2 # GoodFET Chipcon RF Radio Client
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
8 import sys, time, string, cStringIO, struct, glob, serial, os;
10 from GoodFET import GoodFET;
12 class GoodFETCCSPI(GoodFET):
14 CCversions={0x233d: "CC2420",
17 """Move the FET into the CCSPI application."""
18 self.writecmd(self.CCSPIAPP,0x10,0,self.data); #CCSPI/SETUP
20 #Set up the radio for ZigBee
21 self.strobe(0x01); #SXOSCON
22 self.strobe(0x02); #SCAL
23 self.poke(0x11, 0x0AC2); #MDMCTRL0
24 self.poke(0x12, 0x0500); #MDMCTRL1
25 self.poke(0x1C, 0x007F); #IOCFG0
26 self.poke(0x19, 0x01C4); #SECCTRL0, disabling crypto
30 return self.peek(0x1E); #MANFIDL
32 manfidl=self.peek(0x1E);
33 #manfidh=self.peek(0x1f);
35 return "%s" % (self.CCversions[manfidl]);
37 return "Unknown0x%04x" % manfidl;
38 def trans8(self,byte):
39 """Read and write 8 bits by CCSPI."""
40 data=self.CCSPItrans([byte]);
44 """Exchange data by CCSPI."""
46 self.writecmd(self.CCSPIAPP,0x00,len(data),data);
48 def strobe(self,reg=0x00):
49 """Strobes a strobe register, returning the status."""
52 return ord(self.data[0]);
53 def CC_RFST_IDLE(self):
54 """Switch the radio to idle mode, clearing overflows and errors."""
55 self.strobe(0x06); #SRXOFF
57 """Switch the radio to TX mode."""
58 self.strobe(0x04); #0x05 for CCA
60 """Switch the radio to RX mode."""
62 def CC_RFST_CAL(self):
63 """Calibrate strobe the radio."""
65 def CC_RFST(self,state=0x00):
68 def peek(self,reg,bytes=2):
69 """Read a CCSPI Register. For long regs, result is flipped."""
71 #Reg is ORed with 0x40 by the GoodFET.
74 #Automatically calibrate the len.
77 self.writecmd(self.CCSPIAPP,0x02,len(data),data);
80 (ord(self.data[1])<<8)
83 def poke(self,reg,val,bytes=2):
84 """Write a CCSPI Register."""
85 data=[reg,(val>>8)&0xFF,val&0xFF];
86 self.writecmd(self.CCSPIAPP,0x03,len(data),data);
87 if self.peek(reg,bytes)!=val and reg!=0x18:
88 print "Warning, failed to set r%02x=0x%04x, got %02x." %(
91 self.peek(reg,bytes));
95 """Read the status byte."""
96 statusbits={0x80: "?",
97 0x40: "XOSC16M_STABLE",
104 status=self.strobe(0x00);
109 str="%s %s" % (statusbits[i],str);
113 #Radio stuff begins here.
114 def RF_setenc(self,code="802.15.4"):
115 """Set the encoding type."""
118 """Get the encoding type."""
120 def RF_getrate(self):
122 def RF_setrate(self,rate=0):
124 def RF_getsync(self):
125 return self.peek(0x14);
126 def RF_setsync(self,sync=0xa70F):
127 """Set the SYNC preamble.
128 Use 0xA70F for 0xA7."""
129 self.poke(0x14,sync);
132 def RF_setfreq(self,frequency):
133 """Set the frequency in Hz."""
134 mhz=frequency/1000000;
135 fsctrl=0x8000; #self.peek(0x18)&(~0x3FF);
136 fsctrl=fsctrl+int(mhz-2048)
137 self.poke(0x18,fsctrl);
139 def RF_getfreq(self):
140 """Get the frequency in Hz."""
141 fsctrl=self.peek(0x18);
142 mhz=2048+(fsctrl&0x3ff)
144 def RF_setchan(self,channel):
145 if channel < 11 or channel > 26:
146 print "Only 802.15.4 channels 11 to 26 are currently supported.";
148 self.RF_setfreq( ( (channel-11)*5 + 2405 ) * 1000000 );
149 def RF_getsmac(self):
150 """Return the source MAC address."""
152 def RF_setsmac(self,mac):
153 """Set the source MAC address."""
155 def RF_gettmac(self):
156 """Return the target MAC address."""
158 def RF_settmac(self,mac):
159 """Set the target MAC address."""
161 def RF_getrssi(self):
162 """Returns the received signal strenght, with a weird offset."""
163 rssival=self.peek(0x13)&0xFF; #raw RSSI register
165 lastpacket=range(0,0xff);
166 def RF_rxpacket(self):
167 """Get a packet from the radio. Returns None if none is waiting. In
168 order to not require the SFD, FIFO, or FIFOP lines, this
169 implementation works by comparing the buffer to the older
175 self.writecmd(self.CCSPIAPP,0x80,len(data),data);
178 self.lastpacket=buffer;
182 def RF_txpacket(self,packet):
183 """Send a packet through the radio."""
184 self.writecmd(self.CCSPIAPP,0x81,len(packet),packet);
189 def RF_reflexjam(self):
190 """Place the device into reflexive jamming mode."""
192 self.writecmd(self.CCSPIAPP,0xA0,len(data),data);
195 def RF_reflexjam_seq(self):
196 """Place the device into reflexive jamming mode
197 and return the sequence number of the jammed packet."""
198 #TODO make so that this function someone keeps receiving
199 # the sequence numbers from each jammed frame, or probably
200 # just make the firmware auto-ack if the frame requests
201 # an ACK instead of sending data back to client.
204 self.writecmd(self.CCSPIAPP,0xA1,len(data),data);
206 return ord(buffer[3]);
208 def RF_modulated_spectrum(self):
209 """Hold a carrier wave on the present frequency."""
210 # print "Don't know how to hold a carrier.";
214 # set MDMCTRL1.TX_MODE to 3 0x12 3:2
217 mdmctrl1=self.peek(0x12);
218 #print "mdmctrl1 was %04x" % mdmctrl1;
219 mdmctrl1=mdmctrl1|0x00c0; #MDMCTRL1.TX_MODE = 3
220 self.poke(0x12, mdmctrl1); #MDMCTRL1
222 mdmctrl1=self.peek(0x12);
223 #print "mdmctrl1 is %04x" % mdmctrl1;
225 # http://e2e.ti.com/support/low_power_rf/f/155/t/15914.aspx?PageIndex=2
227 self.strobe(0x02); #STXCAL
228 #print "STXCAL status: %s" % self.status()
231 self.strobe(0x09); #SFLUSHTX
232 #print "SFLUSHTX status: %s" % self.status()
234 self.strobe(0x04); #STXON
235 #print "STXON status: %s" % self.status()
237 def RF_carrier(self):
238 """Hold a carrier wave on the present frequency."""
239 # print "Don't know how to hold a carrier.";
243 # set MDMCTRL1.TX_MODE to 2 or 3 0x12 3:2
244 # set DACTST to 0x1800 0x2E
247 mdmctrl1=self.peek(0x12);
248 #print "mdmctrl1 was %04x" % mdmctrl1;
249 mdmctrl1=mdmctrl1|0x0080;
250 mdmctrl1=mdmctrl1&0x0080; #MDMCTRL1.TX_MODE = 2
251 self.poke(0x12, mdmctrl1); #MDMCTRL1
253 mdmctrl1=self.peek(0x12);
254 #print "mdmctrl1 is %04x" % mdmctrl1;
256 self.poke(0x2E, 0x1800); #DACTST
257 dactst=self.peek(0x2E);
258 #print "dactst is %04x" % dactst;
260 # see above for why this is here
261 self.strobe(0x02); #STXCAL
262 #print "STXCAL status: %s" % self.status()
263 self.strobe(0x09); #SFLUSHTX
264 #print "SFLUSHTX status: %s" % self.status()
266 self.strobe(0x04); #STXON
267 #print "STXON status: %s" % self.status()
269 def RF_promiscuity(self,promiscuous=1):
270 mdmctrl0=self.peek(0x11);
272 mdmctrl0=mdmctrl0&(~0x800);
274 mdmctrl0=mdmctrl0|0x800;
275 self.poke(0x11,mdmctrl0);
277 def RF_autocrc(self,autocrc=1):
278 mdmctrl0=self.peek(0x11);
280 mdmctrl0=mdmctrl0&(~0x0020);
282 mdmctrl0=mdmctrl0|0x0020;
283 self.poke(0x11,mdmctrl0);
286 def RF_setpacketlen(self,len=16):
287 """Set the number of bytes in the expected payload."""
288 #self.poke(0x11,len);
290 def RF_getpacketlen(self):
291 """Set the number of bytes in the expected payload."""
292 #len=self.peek(0x11);
296 def RF_getmaclen(self):
297 """Get the number of bytes in the MAC address."""
298 choices=[0, 3, 4, 5];
299 choice=self.peek(0x03)&3;
300 self.maclen=choices[choice];
302 def RF_setmaclen(self,len):
303 """Set the number of bytes in the MAC address."""
304 choices=["illegal", "illegal", "illegal",
307 self.poke(0x03,choice);
309 def printpacket(self,packet):
313 s="%s %02x" % (s,ord(foo));
316 def printdissect(self,packet):
318 from scapy.all import Dot15d4
320 print "To use packet disection, Scapy must be installed and have the Dot15d4 extension present."
321 print "try: hg clone http://hg.secdev.org/scapy-com";
322 print " sudo ./setup.py install";
323 self.printpacket(packet);
325 scapyd = Dot15d4(packet[1:]);