from GoodFET import GoodFET;
from intelhex import IntelHex;
-import xml.dom.minidom;
+import xml.dom.minidom, time;
class GoodFETCC(GoodFET):
"""A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
APP=0x30;
+
+
+
+
smartrfpath="/opt/smartrf7";
+ def loadsymbols(self):
+ try: self.SRF_loadsymbols();
+ except:
+ if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath;
def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
- print "Opening %s" % fn;
+ #print "Opening %s" % fn;
return xml.dom.minidom.parse(fn)
+
def CMDrs(self,args=[]):
"""Chip command to grab the radio state."""
- self.SRF_radiostate();
+ try:
+ self.SRF_radiostate();
+ except:
+ print "Error printing radio state.";
+ print "SmartRF not found at %s." % self.smartrfpath;
def SRF_bitfieldstr(self,bf):
name="unused";
start=0;
print "%-10s=0x%02x; /* %-50s */" % (
name,self.CCpeekdatabyte(eval(address)), description);
if bitfields!="": print bitfields.rstrip();
+ def RF_setfreq(self,frequency):
+ """Set the frequency in Hz."""
+ #FIXME CC1110 specific
+
+ hz=frequency;
+ freq=int(hz/396.728515625);
+
+ freq0=freq&0xFF;
+ freq1=(freq&0xFF00)>>8;
+ freq2=(freq&0xFF0000)>>16;
+
+ self.pokebysym("FREQ2",freq2);
+ self.pokebysym("FREQ1",freq1);
+ self.pokebysym("FREQ0",freq0);
+
+
+ def RF_getfreq(self):
+ """Get the frequency in Hz."""
+ #FIXME CC1110 specific
+
+ #return (2400+self.peek(0x05))*10**6
+ #self.poke(0x05,chan);
+
+ #freq2=self.CCpeekdatabyte(0xdf09);
+ #freq1=self.CCpeekdatabyte(0xdf0a);
+ #freq0=self.CCpeekdatabyte(0xdf0b);
+ freq=0;
+ try:
+ freq2=self.peekbysym("FREQ2");
+ freq1=self.peekbysym("FREQ1");
+ freq0=self.peekbysym("FREQ0");
+ freq=(freq2<<16)+(freq1<<8)+freq0;
+ except:
+ freq=0;
+
+ hz=freq*396.728515625;
+
+ return hz;
+
+
+ def CC1110_crystal(self):
+ """Start the main crystal of the CC1110 oscillating, needed for radio use."""
+
+ #//C code for the same.
+ #SLEEP &= ~SLEEP_OSC_PD;
+ #while( !(SLEEP & SLEEP_XOSC_S) );
+ #CLKCON = (CLKCON & ~(CLKCON_CLKSPD | CLKCON_OSC)) | CLKSPD_DIV_1;
+ #while (CLKCON & CLKCON_OSC);
+ #SLEEP |= SLEEP_OSC_PD;
+
+ #registers and constants.
+ #FIXME cc1110 specific
+ SLEEP=0xDFBE;
+ SLEEP_OSC_PD=0x04;
+ CLKCON=0xDFC6;
+ SLEEP_XOSC_S=0x40;
+ CLKCON_CLKSPD=0x07
+ CLKCON_OSC=0x40;
+ CLKSPD_DIV_1=0x00;
+
+ sleep=self.peekbyte(SLEEP);
+ sleep&=~SLEEP_XOSC_S;
+ self.pokebyte(SLEEP,sleep);
+ while(0==(self.peekbyte(SLEEP)&SLEEP_XOSC_S)):
+ time.sleep(0.1);
+ clkcon=self.peekbyte(CLKCON);
+ clkcon=(clkcon & ~(CLKCON_CLKSPD | CLKCON_OSC)) | CLKSPD_DIV_1
+ self.pokebyte(CLKCON,clkcon);
+ clkcon=0;
+ while(clkcon&CLKCON_OSC):
+ clkcon=self.peekbyte(CLKCON);
+ sleep=self.peekbyte(SLEEP);
+ sleep|=SLEEP_OSC_PD;
+ self.pokebyte(SLEEP,sleep);
+
+ return;
+ def RF_idle(self):
+ RFST=0xDFE1
+ self.pokebyte(RFST,0x04); #Return to idle state.
+
+ def RF_carrier(self):
+ """Hold a carrier wave on the present frequency."""
+
+ self.CC1110_crystal(); #FIXME, '1110 specific.
+ self.RF_idle();
+
+ #self.resume();
+ #time.sleep(1);
+ #self.halt();
+
+ RFST=0xDFE1;
+
+
+ #0a00
+ #self.pokebysym("FSCTRL1" , 0x12) # Frequency synthesizer control.
+ #self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL1" , 0x0a) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
+
+ #Ossmann's settings, not yet sure how they differ.
+ #self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+
+ #self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
+ #self.pokebysym("FREQ1" , 0xEC) # Frequency control word, middle byte.
+ #self.pokebysym("FREQ0" , 0x4E) # Frequency control word, low byte.
+ self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
+ self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
+ self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
+ self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+ self.pokebysym("DEVIATN" , 0x00) # Modem deviation setting (when FSK modulation is enabled).
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x14) # Main Radio Control State Machine configuration.
+ self.pokebysym("FOCCFG" , 0x16) # Frequency Offset Compensation Configuration.
+ self.pokebysym("BSCFG" , 0x6C) # Bit synchronization Configuration.
+
+ self.pokebysym("AGCCTRL2" , 0x03) # AGC control.
+ self.pokebysym("AGCCTRL1" , 0x40) # AGC control.
+ self.pokebysym("AGCCTRL0" , 0x91) # AGC control.
+
+
+
+
+
+
+ self.pokebysym("TEST2" , 0x88) # Various test settings.
+ self.pokebysym("TEST1" , 0x31) # Various test settings.
+ self.pokebysym("TEST0" , 0x09) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
+ self.pokebysym("PKTCTRL0" , 0x22) # Packet automation control.
+ self.pokebysym("ADDR" , 0x00) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xAA);
+ self.pokebysym("SYNC0",0xAA);
+
+
+
+ #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
+ state=0;
+
+ while((state!=0x13)):
+ self.pokebyte(RFST,0x03); #RFST=RFST_STX
+ time.sleep(0.1);
+ state=self.peekbysym("MARCSTATE")&0x1F;
+ print "state=%02x" % state;
+ print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
+
+ #Not needed, radio works when CPU is halted.
+ #self.resume();
+
+ return;
+
+
+ def RF_getrssi(self):
+ """Returns the received signal strenght, with a weird offset."""
+ try:
+ rssireg=self.symbols.get("RSSI");
+ return self.CCpeekdatabyte(rssireg);
+ except:
+ if self.verbose>0: print "RSSI reg doesn't exist.";
+ try:
+ #RSSI doesn't exist on 2.4GHz devices. Maybe RSSIL and RSSIH?
+ rssilreg=self.symbols.get("RSSIL");
+ rssil=self.CCpeekdatabyte(rssilreg);
+ rssihreg=self.symbols.get("RSSIL");
+ rssih=self.CCpeekdatabyte(rssihreg);
+ return (rssih<<8)|rssil;
+ except:
+ if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
+
+ return 0;
+
+
+ def SRF_loadsymbols(self):
+ ident=self.CCident();
+ chip=self.CCversions.get(ident&0xFF00);
+ dom=self.SRF_chipdom(chip,"register_definition.xml");
+ for e in dom.getElementsByTagName("registerdefinition"):
+ for f in e.childNodes:
+ if f.localName=="Register":
+ name="unknownreg";
+ address="0xdead";
+ description="";
+ bitfields="";
+ for g in f.childNodes:
+ if g.localName=="Name":
+ name=g.childNodes[0].nodeValue;
+ elif g.localName=="Address":
+ address=g.childNodes[0].nodeValue;
+ elif g.localName=="Description":
+ if g.childNodes:
+ description=g.childNodes[0].nodeValue;
+ elif g.localName=="Bitfield":
+ bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
+ #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
+ self.symbols.define(eval(address),name,description,"data");
def halt(self):
"""Halt the CPU."""
self.CChaltcpu();
CCversions={0x0100:"cc1110",
+ 0x1100:"cc1111",
0x8500:"cc2430",
0x8900:"cc2431",
0x8100:"cc2510",
0xB500:"cc2531",
0xFF00:"CCmissing"};
CCpagesizes={0x01: 1024, #"CC1110",
+ 0x11: 1024, #"CC1111",
0x85: 2048, #"CC2430",
0x89: 2048, #"CC2431",
0x81: 1024, #"CC2510",
def CCidentstr(self):
ident=self.CCident();
chip=self.CCversions.get(ident&0xFF00);
- return "%s/r%02x" % (chip, ident&0xFF);
+ pagesize=self.CCpagesizes.get(ident>0xFF);
+ try:
+ return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
+ except:
+ return "%04x" % ident;
def CCident(self):
"""Get a chipcon's ID."""
self.writecmd(self.APP,0x8B,0,None);
size=self.CCpagesizes.get(chip);
if(size<10):
print "ERROR: Pagesize undefined.";
- print "chip=%02x" %chip;
+ print "chip=%0.4x" %chip;
sys.exit(1);
#return 2048;
return size;
+ def getpc(self):
+ return self.CCgetPC();
def CCgetPC(self):
"""Get a chipcon's PC."""
self.writecmd(self.APP,0x83,0,None);
def CCdebuginstr(self,instr):
self.writecmd(self.APP,0x88,len(instr),instr);
return ord(self.data[0]);
+ def peekblock(self,adr,length,memory="vn"):
+ """Return a block of data."""
+ data=[adr&0xff, (adr&0xff00)>>8,
+ length&0xFF,(length&0xFF00)>>8];
+ self.writecmd(self.APP,0x91,4,data);
+ return [ord(x) for x in self.data]
def peek8(self,address, memory="code"):
if(memory=="code" or memory=="flash" or memory=="vn"):
return self.CCpeekcodebyte(address);
self.data=[adr&0xff, val&0xff];
self.writecmd(self.APP,0x02, 2, self.data);
return ord(self.data[0]);
-
+ def pokebyte(self,adr,val,mem="data"):
+ if mem!="data":
+ print "FIXME: poking of non data bytes not yet supported.";
+ self.CCpokedatabyte(adr,val);
def CCpokedatabyte(self,adr,val):
"""Write a byte to data memory."""
self.data=[adr&0xff, (adr&0xff00)>>8, val];
def erase(self):
"""Erase all of the target's memory."""
self.CCchiperase();
+ self.start();
def CCstatus(self):
"""Check the status."""
#print "Status: %s." % self.status();
self.CCreleasecpu();
self.CChaltcpu();
- #print "Status: %s." % self.status();
+ #Get SmartRF Studio regs if they exist.
+ self.loadsymbols();
def stop(self):
"""Stop debugging."""
(adr>>24)&0xFF];
print "Flashing buffer to 0x%06x" % adr;
self.writecmd(self.APP,0x95,4,data);
+
+ def setsecret(self,value):
+ """Set a secret word for later retreival. Used by glitcher."""
+ page = 0x0000;
+ pagelen = self.CCpagesize(); #Varies by chip.
+ print "page=%04x, pagelen=%04x" % (page,pagelen);
+
+ self.CCeraseflashbuffer();
+ print "Setting secret to %x" % value;
+ self.CCpokedatabyte(0xF000,value);
+ self.CCpokedatabyte(0xF800,value);
+ print "Setting secret to %x==%x" % (value,
+ self.CCpeekdatabyte(0xf000));
+ self.CCflashpage(0);
+ print "code[0]=%x" % self.CCpeekcodebyte(0);
+ def getsecret(self):
+ """Get a secret word. Used by glitcher."""
+ secret=self.CCpeekcodebyte(0);
+ #print "Got secret %02x" % secret;
+ return secret;
+
+ def dump(self,file,start=0,stop=0xffff):
+ """Dump an intel hex file from code memory."""
+ print "Dumping code from %04x to %04x as %s." % (start,stop,file);
+ h = IntelHex(None);
+ i=start;
+ while i<=stop:
+ h[i]=self.CCpeekcodebyte(i);
+ if(i%0x100==0):
+ print "Dumped %04x."%i;
+ h.write_hex_file(file); #buffer to disk.
+ i+=1;
+ h.write_hex_file(file);
def flash(self,file):
"""Flash an intel hex file to code memory."""
projects / goodfet / blobdiff