2 # GoodFET Chipcon Example
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFETCC import GoodFETCC;
12 from GoodFETConsole import GoodFETConsole;
13 from intelhex import IntelHex;
16 def printpacket(packet):
19 #print "Printing packet."
22 #if i>packet[0]+1: break;
23 s="%s %02x" % (s,foo);
26 def handlesimplicitipacket(packet):
32 #if i>packet[0]+1: break;
33 s="%s %02x" % (s,foo);
51 #payload begins at byte 12.
56 #print "Join request.";
58 print "Not a join request. WTF?";
61 reply=[0x12, #reply is one byte shorter
62 src[0], src[1], src[2], src[3],
65 0x81, tid, #reply, tid
68 #4,3,2,1, #default join token
69 #8,7,6,5, #default link token
73 client.RF_txpacket(reply);
76 print "Security request.";
78 print "Frequency request.";
80 print "Management request.";
82 print "Unknown Port %02x" %port;
85 print "Usage: %s verb [objects]\n" % sys.argv[0];
86 print "%s erase" % sys.argv[0];
87 print "%s flash $foo.hex" % sys.argv[0];
88 print "%s test" % sys.argv[0];
89 print "%s term" % sys.argv[0];
90 print "%s info" % sys.argv[0];
91 print "%s halt" % sys.argv[0];
92 print "%s regs" % sys.argv[0];
93 print "%s dumpcode $foo.hex [0x$start 0x$stop]" % sys.argv[0];
94 print "%s dumpdata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
95 print "%s writedata $foo.hex [0x$start 0x$stop]" % sys.argv[0];
96 print "%s verify $foo.hex [0x$start 0x$stop]" % sys.argv[0];
97 print "%s peekdata 0x$start [0x$stop]" % sys.argv[0];
98 print "%s pokedata 0x$adr 0x$val" % sys.argv[0];
99 print "%s peek 0x$iram" % sys.argv[0];
100 print "%s poke 0x$iram 0x$val" % sys.argv[0];
101 print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
103 print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0];
104 print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
105 print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
106 print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
110 #Initailize FET and set baud rate
111 #client=GoodFET.GoodFETCC.GoodFETCC();
121 if(sys.argv[1]=="carrier"):
123 client.RF_setfreq(eval(sys.argv[2]));
126 #print "\nHolding a carrier wave.";
130 if(sys.argv[1]=="reflex"):
131 client.CC1110_crystal();
134 client.config_simpliciti();
135 client.pokebysym("MDMCFG4", 0x0c); #ultrawide
136 client.pokebysym("FSCTRL1", 0x12); #IF of 457.031
137 client.pokebysym("FSCTRL0", 0x00);
138 client.pokebysym("FSCAL2" , 0x2A); #above mid
139 client.pokebysym("MCSM0" , 0x00); # Main Radio Control State Machine
141 client.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
142 client.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
143 client.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
144 client.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
146 client.pokebysym("TEST2" , 0x88) # Various test settings.
147 client.pokebysym("TEST1" , 0x35) # Various test settings.
148 client.pokebysym("TEST0" , 0x09) # Various test settings.
152 client.RF_setfreq(eval(sys.argv[2]));
153 print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
154 print "Jamming if RSSI>=%i" % threshold;
158 client.CC_RFST_CAL(); #SCAL
164 client.CC_RFST_RX(); #SRX
165 rssi=client.RF_getrssi();
166 client.CC_RFST_IDLE(); #idle
169 for foo in range(0,rssi>>2):
170 string=("%s."%string);
171 print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string);
175 #print "Triggered jamming for 1s.";
178 print "JAMMING JAMMING JAMMING JAMMING";
179 if(sys.argv[1]=="rssi"):
180 client.CC1110_crystal();
183 client.config_simpliciti();
187 client.RF_setfreq(eval(sys.argv[2]));
188 print "Listening on %3.6f MHz." % (client.RF_getfreq()/10.0**6);
192 client.CC_RFST_CAL();
197 rssi=client.RF_getrssi();
198 client.CC_RFST_IDLE(); #idle
201 for foo in range(0,rssi>>2):
202 string=("%s."%string);
203 print "%02x %04i %s" % (rssi,rssi, string);
205 if(sys.argv[1]=="sniffsimpliciti"):
206 #TODO remove all poke() calls.
211 client.CC1110_crystal();
214 client.config_simpliciti(region);
216 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
217 client.RF_getfreq()/10.0**6);
218 #Now we're ready to get packets.
222 packet=client.RF_rxpacket();
226 if(sys.argv[1]=="simpliciti"):
227 #TODO remove all poke() calls.
232 client.CC1110_crystal();
235 client.config_simpliciti(region);
237 print "Listening as %x on %f MHz" % (client.RF_getsmac(),
238 client.RF_getfreq()/10.0**6);
239 #Now we're ready to get packets.
243 packet=client.RF_rxpacket();
244 handlesimplicitipacket(packet);
249 if(sys.argv[1]=="term"):
250 GoodFETConsole(client).run();
251 if(sys.argv[1]=="test"):
253 if(sys.argv[1]=="deadtest"):
254 for i in range(1,10):
255 print "IDENT as %s" % client.CCidentstr();
256 if(sys.argv[1]=="dumpcode"):
261 start=int(sys.argv[3],16);
263 stop=int(sys.argv[4],16);
265 print "Dumping code from %04x to %04x as %s." % (start,stop,f);
269 h[i]=client.CCpeekcodebyte(i);
271 print "Dumped %04x."%i;
274 if(sys.argv[1]=="dumpdata"):
279 start=int(sys.argv[3],16);
281 stop=int(sys.argv[4],16);
283 print "Dumping data from %04x to %04x as %s." % (start,stop,f);
287 h[i]=client.CCpeekdatabyte(i);
289 print "Dumped %04x."%i;
292 if(sys.argv[1]=="status"):
293 print "Status: %s" %client.status();
294 if(sys.argv[1]=="halt"):
297 if(sys.argv[1]=="info"):
298 print "Ident %s" % client.CCidentstr();
301 print "Freq %10.3f MHz" % (client.RF_getfreq()/10**6);
302 print "RSSI %02x" % client.RF_getrssi();
304 print "Freq, RSSI, etc unknown. Install SmartRF7.";
305 #print "Rate %10i kbps" % (client.RF_getrate()/1000);
306 #print "PacketLen %02i bytes" % client.RF_getpacketlen();
307 #print "SMAC 0x%010x" % client.RF_getsmac();
308 #print "TMAC 0x%010x" % client.RF_gettmac();
310 if(sys.argv[1]=="regs"):
313 if(sys.argv[1]=="erase"):
314 print "Status: %s" % client.status();
315 client.CCchiperase();
316 print "Status: %s" %client.status();
318 if(sys.argv[1]=="peekinfo"):
319 print "Select info flash."
320 client.CCwr_config(1);
321 print "Config is %02x" % client.CCrd_config();
325 start=int(sys.argv[2],16);
328 stop=int(sys.argv[3],16);
329 print "Peeking from %04x to %04x." % (start,stop);
331 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
333 if(sys.argv[1]=="poke"):
334 client.CCpokeirambyte(int(sys.argv[2],16),
335 int(sys.argv[3],16));
336 if(sys.argv[1]=="randtest"):
338 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
339 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
340 client.CCpokeirambyte(0xBD,0x01); #RNDH=0x01
341 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
344 for foo in range(1,10):
345 print "%02x" % client.CCpeekirambyte(0xBD); #RNDH
346 client.CCpokeirambyte(0xB4,0x04); #ADCCON1=0x04
347 client.CCreleasecpu();
349 print "%02x" % client.CCpeekdatabyte(0xDF61); #CHIP ID
350 if(sys.argv[1]=="adctest"):
351 # ADCTest 0xDF3A 0xDF3B
352 print "ADC TEST %02x%02x" % (
353 client.CCpeekdatabyte(0xDF3A),
354 client.CCpeekdatabyte(0xDF3B));
355 if(sys.argv[1]=="config"):
356 print "Config is %02x" % client.CCrd_config();
358 if(sys.argv[1]=="flash"):
363 start=int(sys.argv[3],16);
365 stop=int(sys.argv[4],16);
368 if(sys.argv[1]=="lock"):
369 print "Status: %s" %client.status();
371 print "Status: %s" %client.status();
372 if(sys.argv[1]=="flashpage"):
375 target=int(sys.argv[2],16);
376 print "Writing a page of flash from 0xF000 in XDATA"
377 client.CCflashpage(target);
378 if(sys.argv[1]=="erasebuffer"):
379 print "Erasing flash buffer.";
380 client.CCeraseflashbuffer();
382 if(sys.argv[1]=="writedata"):
387 start=int(sys.argv[3],16);
389 stop=int(sys.argv[4],16);
393 for i in h._buf.keys():
394 if(i>=start and i<=stop):
395 client.CCpokedatabyte(i,h[i]);
398 #if(sys.argv[1]=="flashtest"):
399 # client.CCflashtest();
400 if(sys.argv[1]=="peekdata"):
403 start=int(sys.argv[2],16);
406 stop=int(sys.argv[3],16);
407 print "Peeking from %04x to %04x." % (start,stop);
409 print "%04x: %02x" % (start,client.CCpeekdatabyte(start));
411 if(sys.argv[1]=="peek"):
414 start=int(sys.argv[2],16);
417 stop=int(sys.argv[3],16);
418 print "Peeking from %04x to %04x." % (start,stop);
420 print "%04x: %02x" % (start,client.CCpeekirambyte(start));
422 if(sys.argv[1]=="verify"):
427 start=int(sys.argv[3],16);
429 stop=int(sys.argv[4],16);
432 for i in h._buf.keys():
433 if(i>=start and i<stop):
434 peek=client.CCpeekcodebyte(i)
436 print "ERROR at %04x, found %02x not %02x"%(i,peek,h[i]);
439 if(sys.argv[1]=="peekcode"):
442 start=int(sys.argv[2],16);
445 stop=int(sys.argv[3],16);
446 print "Peeking from %04x to %04x." % (start,stop);
448 print "%04x: %02x" % (start,client.CCpeekcodebyte(start));
450 if(sys.argv[1]=="pokedata"):
454 start=int(sys.argv[2],16);
456 val=int(sys.argv[3],16);
457 print "Poking %04x to become %02x." % (start,val);
458 client.CCpokedatabyte(start,val);