'goodfet.nrf sniffnike' for sniffing Nike+iPod packets.
[goodfet] / client / GoodFETNRF.py
1 #!/usr/bin/env python
2 # GoodFET Nordic RF Radio Client
3
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
5 #
6 # This code is being rewritten and refactored.  You've been warned!
7
8 import sys, time, string, cStringIO, struct, glob, serial, os;
9
10 from GoodFET import GoodFET;
11
12 class GoodFETNRF(GoodFET):
13     NRFAPP=0x50;
14     def NRFsetup(self):
15         """Move the FET into the NRF application."""
16         self.writecmd(self.NRFAPP,0x10,0,self.data); #NRF/SETUP
17         
18     def NRFtrans8(self,byte):
19         """Read and write 8 bits by NRF."""
20         data=self.NRFtrans([byte]);
21         return ord(data[0]);
22     
23     def NRFtrans(self,data):
24         """Exchange data by NRF."""
25         self.data=data;
26         self.writecmd(self.NRFAPP,0x00,len(data),data);
27         return self.data;
28     
29     def tune(self,tuning="aa,c78c65805e,14,09"):
30         """Tune the radio."""
31         #MAC,rA,r5,r6
32         fields=tuning.split(",");
33         ra=int(fields[1],16);
34         r5=int(fields[2],16);
35         r6=int(fields[3],16);
36         self.poke(0x0a,ra,5);
37         self.poke(0x05,r5,1);
38         self.poke(0x06,r6,1);
39         self.RF_setmaclen(3);
40         return;
41     def peek(self,reg,bytes=-1):
42         """Read an NRF Register.  For long regs, result is flipped."""
43         data=[reg,0,0,0,0,0];
44         
45         #Automatically calibrate the len.
46         if bytes==-1:
47             bytes=1;
48             if reg==0x0a or reg==0x0b or reg==0x10: bytes=5;
49         
50         self.writecmd(self.NRFAPP,0x02,len(data),data);
51         toret=0;
52         for i in range(0,bytes):
53             toret=toret|(ord(self.data[i+1])<<(8*i));
54         return toret;
55     def poke(self,reg,val,bytes=-1):
56         """Write an NRF Register."""
57         data=[reg];
58         
59         #Automatically calibrate the len.
60         if bytes==-1:
61             bytes=1;
62             if reg==0x0a or reg==0x0b or reg==0x10: bytes=5;
63         
64         for i in range(0,bytes):
65             data=data+[(val>>(8*i))&0xFF];
66         self.writecmd(self.NRFAPP,0x03,len(data),data);
67         if self.peek(reg,bytes)!=val and reg!=0x07:
68             print "Warning, failed to set r%02x=%02x, got %02x." %(reg,
69                                                                  val,
70                                                                  self.peek(reg,bytes));
71         return;
72     
73     def status(self):
74         """Read the status byte."""
75         status=self.peek(0x07);
76         print "Status=%02x" % status;
77     
78     #Radio stuff begins here.
79     def RF_setenc(self,code="GFSK"):
80         """Set the encoding type."""
81         if code!=GFSK:
82             return "%s not supported by the NRF24L01.  Try GFSK."
83         return;
84     def RF_getenc(self):
85         """Get the encoding type."""
86         return "GFSK";
87     def RF_getrate(self):
88         rate=self.peek(0x06)&0x28;
89         if rate==0x28:
90             rate=250*10**3; #256kbps
91         elif rate==0x08:
92             rate=2*10**6;  #2Mbps
93         elif rate==0x00: 
94             rate=1*10**6;  #1Mbps
95         return rate;
96     def RF_setrate(self,rate=2*10**6):
97         r6=self.peek(0x06); #RF_SETUP register
98         r6=r6&(~0x28);   #Clear rate fields.
99         if rate==2*10**6:
100             r6=r6|0x08;
101         elif rate==1*10**6:
102             r6=r6;
103         elif rate==250*10**3:
104             r6=r6|0x20;
105         print "Setting r6=%02x." % r6;
106         self.poke(0x06,r6); #Write new rate.
107     def RF_setfreq(self,frequency):
108         """Set the frequency in Hz."""
109         
110         #On the NRF24L01+, register 0x05 is the offset in
111         #MHz above 2400.
112         
113         chan=frequency/1000000-2400;
114         self.poke(0x05,chan);
115
116
117     def RF_getfreq(self):
118         """Get the frequency in Hz."""
119         
120         #On the NRF24L01+, register 0x05 is the offset in
121         #MHz above 2400.
122         
123         return (2400+self.peek(0x05))*10**6
124         self.poke(0x05,chan);
125     def RF_getsmac(self):
126         """Return the source MAC address."""
127         
128         #Register 0A is RX_ADDR_P0, five bytes.
129         mac=self.peek(0x0A, 5);
130         return mac;
131     def RF_setsmac(self,mac):
132         """Set the source MAC address."""
133         
134         #Register 0A is RX_ADDR_P0, five bytes.
135         self.poke(0x0A, mac, 5);
136         return mac;
137     def RF_gettmac(self):
138         """Return the target MAC address."""
139         
140         #Register 0x10 is TX_ADDR, five bytes.
141         mac=self.peek(0x10, 5);
142         return mac;
143     def RF_settmac(self,mac):
144         """Set the target MAC address."""
145         
146         #Register 0x10 is TX_ADDR, five bytes.
147         self.poke(0x10, mac, 5);
148         return mac;
149
150     def RF_rxpacket(self):
151         """Get a packet from the radio.  Returns None if none is waiting."""
152         if self.peek(0x07) & 0x40:
153             #Packet has arrived.
154             self.writecmd(self.NRFAPP,0x80,0,None); #RX Packet
155             data=self.data;
156             self.poke(0x07,0x40);#clear bit.
157             return data;
158         elif self.peek(0x07)==0:
159             self.writecmd(self.NRFAPP,0x82,0,None); #Flush
160             self.poke(0x07,0x40);#clear bit.
161         return None;
162     def RF_txpacket(self,payload):
163         """Transmit a packet.  Untested."""
164         if self.peek(0x07) & 0x40:
165             #Packet has arrived.
166             self.writecmd(self.NRFAPP,0x81,0,None); #RX Packet
167             data=self.data;
168             self.poke(0x07,0x40);#clear bit.
169             return data;
170         elif self.peek(0x07)==0:
171             self.writecmd(self.NRFAPP,0x83,0,None); #Flush
172             self.poke(0x07,0x40);#clear bit.
173         return None;
174
175     def RF_carrier(self):
176         """Hold a carrier wave on the present frequency."""
177         # Set CONT_WAVE, PLL_LOCK, and 0dBm in RF_SETUP            
178         self.poke(0x06,8+10+4+2); 
179     
180     packetlen=16;
181     def RF_setpacketlen(self,len=16):
182         """Set the number of bytes in the expected payload."""
183         self.poke(0x11,len);
184         self.packetlen=len;
185     def RF_getpacketlen(self):
186         """Set the number of bytes in the expected payload."""
187         len=self.peek(0x11);
188         self.packetlen=len;
189         return len;
190     maclen=5;
191     def RF_getmaclen(self):
192         """Get the number of bytes in the MAC address."""
193         choices=[2, 3, 4, 5];
194         choice=self.peek(0x03)&3;
195         self.maclen=choices[choice];
196         return self.maclen;
197     def RF_setmaclen(self,len):
198         """Set the number of bytes in the MAC address."""
199         choices=["illegal", "illegal",
200                  0,       #undocumented 
201                  1, 2, 3  #documented
202                  ];
203         choice=choices[len];
204         self.poke(0x03,choice);
205         self.maclen=len;