from GoodFET import GoodFET;
from intelhex import IntelHex;
-import xml.dom.minidom, time;
+import xml.dom.minidom, time, os;
class GoodFETCC(GoodFET):
"""A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
APP=0x30;
-
-
-
- smartrfpath="/opt/smartrf7";
+ smartrfpath=None;
+ def __init__(self,filename=None):
+ """GoodFETCC constructor.
+ Mostly concerned with finding SmartRF7."""
+ if self.smartrfpath==None:
+ self.smartrfpath=os.environ.get("SMARTRF");
+ if self.smartrfpath==None and os.name=='nt':
+ pf=os.environ['PROGRAMFILES'];
+ self.smartrfpath="%s\\\\Texas Instruments\\\\SmartRF Tools\\\\SmartRF Studio 7" % pf;
+
+ if self.smartrfpath==None:
+ self.smartrfpath="/opt/smartrf7";
+
+ haveloadedsymbols=False;
def loadsymbols(self):
- try: self.SRF_loadsymbols();
+ if self.haveloadedsymbols:
+ return;
+ try:
+ self.SRF_loadsymbols();
+ self.haveloadedsymbols=True;
except:
- if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath;
+ ident=self.CCident();
+ if ident==0x0000 or ident==0xFFFF:
+ print "Chip ID is 0x%04x, implying a wiring problem." % ident;
+ else:
+ print "SmartRF not found for chip 0x%04x." % ident;
def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
+ """Loads the chip XML definitions from SmartRF7."""
fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
#print "Opening %s" % fn;
return xml.dom.minidom.parse(fn)
def CMDrs(self,args=[]):
"""Chip command to grab the radio state."""
- try:
- self.SRF_radiostate();
- except:
- print "Error printing radio state.";
- print "SmartRF not found at %s." % self.smartrfpath;
+ #try:
+ self.SRF_radiostate();
+ #except:
+ # print "Error printing radio state.";
+ # print "SmartRF not found at %s." % self.smartrfpath;
def SRF_bitfieldstr(self,bf):
name="unused";
start=0;
elif e.localName=="Start": start=e.childNodes[0].nodeValue;
elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
return " [%s:%s] %30s " % (start,stop,name);
+
def SRF_radiostate(self):
ident=self.CCident();
chip=self.CCversions.get(ident&0xFF00);
print "%-10s=0x%02x; /* %-50s */" % (
name,self.CCpeekdatabyte(eval(address)), description);
if bitfields!="": print bitfields.rstrip();
+
+ def SRF_radiostate_select(self,args=[]):
+ lreg = []
+ ident=self.CCident();
+ chip=self.CCversions.get(ident&0xFF00);
+ dom=self.SRF_chipdom(chip,"register_definition.xml");
+ for reg in args:
+ if reg.lower() == "help":
+ lreg = "help"
+ break
+ lreg.append(reg.lower())
+ for e in dom.getElementsByTagName("registerdefinition"):
+ for f in e.childNodes:
+ if f.localName=="DeviceName":
+ print "// %s RadioState" % (f.childNodes[0].nodeValue);
+ elif f.localName=="Register":
+ name="unknownreg";
+ address="0xdead";
+ description="";
+ bitfields="";
+ for g in f.childNodes:
+ if g.localName=="Name":
+ name=g.childNodes[0].nodeValue;
+ elif g.localName=="Address":
+ address=g.childNodes[0].nodeValue;
+ elif g.localName=="Description":
+ if g.childNodes:
+ description=g.childNodes[0].nodeValue;
+ elif g.localName=="Bitfield":
+ bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
+ #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
+ if lreg == "help":
+ print "%-10s /* %-50s */" % (name, description);
+ elif name.lower() in lreg:
+ print "%-10s=0x%02x; /* %-50s */" % (
+ name,self.CCpeekdatabyte(eval(address)), description);
+ if bitfields!="": print bitfields.rstrip();
+
def RF_setfreq(self,frequency):
"""Set the frequency in Hz."""
#FIXME CC1110 specific
+ #Some frequencies fail, probably and FSCAL thing.
hz=frequency;
freq=int(hz/396.728515625);
self.pokebysym("FREQ1",freq1);
self.pokebysym("FREQ0",freq0);
-
+ self.pokebysym("TEST1",0x31);
+ self.pokebysym("TEST0",0x09);
+
+
+ #self.pokebysym("FSCAL2" , 0x2A); #above mid
+ self.pokebysym("FSCAL2" , 0x0A); #beneath mid
+
+ #self.CC_RFST_CAL(); #SCAL
+ #time.sleep(1);
+
+
def RF_getfreq(self):
"""Get the frequency in Hz."""
#FIXME CC1110 specific
hz=freq*396.728515625;
return hz;
- def shellcodefile(self,filename,wait=1):
+
+ def RF_getchannel(self):
+ """Get the hex channel."""
+ #FIXME CC1110 specific
+ freq=0;
+ try:
+ freq2=self.peekbysym("FREQ2");
+ freq1=self.peekbysym("FREQ1");
+ freq0=self.peekbysym("FREQ0");
+ freq=(freq2<<16)+(freq1<<8)+freq0;
+ except:
+ freq=0;
+
+ return freq;
+
+
+ lastshellcode="none";
+ def shellcodefile(self,filename,wait=1, alwaysreload=0):
"""Run a fragment of shellcode by name."""
#FIXME: should identify chip model number, use shellcode for that chip.
- file=__file__;
- file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
- path=file.replace("client/GoodFETCC.py","shellcode/chipcon/cc1110/");
- #print "File\t%s" % file;
- #print "Path\t%s" % path;
- filename=path+filename;
- #print "Loading shelcode from %s" % filename;
-
- #Load the shellcode.
- h=IntelHex(filename);
- for i in h._buf.keys():
- self.CCpokedatabyte(i,h[i]);
+ if self.lastshellcode!=filename or alwaysreload>0:
+ self.lastshellcode=filename;
+ file=__file__;
+ file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
+ #TODO make this generic
+ path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
+ filename=path+filename;
+
+ #Load the shellcode.
+ h=IntelHex(filename);
+ for i in h._buf.keys():
+ self.CCpokedatabyte(i,h[i]);
#Execute it.
self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
self.resume();
while wait>0 and (0==self.CCstatus()&0x20):
- time.sleep(0.1);
+ a=1;
#print "Waiting for shell code to return.";
return;
+ def ishalted(self):
+ return self.CCstatus()&0x20;
def shellcode(self,code,wait=1):
"""Copy a block of code into RAM and execute it."""
i=0;
self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
self.resume();
while wait>0 and (0==self.CCstatus()&0x20):
- time.sleep(0.1);
+ a=1;
+ #time.sleep(0.1);
#print "Waiting for shell code to return.";
return;
def CC1110_crystal(self):
RFST=0xDFE1
self.pokebyte(RFST,state); #Return to idle state.
return;
-
- def config_simpliciti(self,band="none"):
+ def config_dash7(self,band="lf"):
+ #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
+ #Waiting for official confirmation of the accuracy.
+
self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
if band=="ismeu" or band=="eu":
+ print "There is no official eu band for dash7."
self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
- if band=="ismus" or band=="us":
+ elif band=="ismus" or band=="us":
+ print "There is no official us band for dash7."
self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
- if band=="ismlf" or band=="lf":
+ elif band=="ismlf" or band=="lf":
+ # 433.9198 MHz, same as Simpliciti.
self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+ self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter
+ self.pokebysym("MDMCFG3" , 0x3B)
+ self.pokebysym("MDMCFG2" , 0x11)
+ self.pokebysym("MDMCFG1" , 0x02)
+ self.pokebysym("MDMCFG0" , 0x53)
+ self.pokebysym("CHANNR" , 0x00) # Channel zero.
+ self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation
+
+ self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM2" , 0x1E)
+ self.pokebysym("MCSM1" , 0x3F)
+ self.pokebysym("MCSM0" , 0x30)
+ self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate
+
+ self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x09) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ #Sync word hack
+ self.pokebysym("SYNC1",0x83);
+ self.pokebysym("SYNC0",0xFE);
+ return;
+ def config_iclicker(self,band="lf"):
+ #Mike Ossmann figured most of this out, with help from neighbors.
+ self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xE9)
+ self.pokebysym("FSCAL2" , 0x2A)
+ self.pokebysym("FSCAL1" , 0x00)
+ self.pokebysym("FSCAL0" , 0x1F)
+
+ if band=="ismeu" or band=="eu":
+ print "The EU band is unknown.";
+ elif band=="ismus" or band=="us":
+ #905.5MHz
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ print "There is no LF version of the iclicker."
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+ # 812.5kHz bandwidth, 152.34 kbaud
+ self.pokebysym("MDMCFG4" , 0x1C)
+ self.pokebysym("MDMCFG3" , 0x80)
+ # no FEC, 2 byte preamble, 250kHz chan spacing
+
+ #15/16 sync
+ #self.pokebysym("MDMCFG2" , 0x01)
+ #16/16 sync
+ self.pokebysym("MDMCFG2" , 0x02)
+
+ self.pokebysym("MDMCFG1" , 0x03)
+ self.pokebysym("MDMCFG0" , 0x3b)
+
+ self.pokebysym("CHANNR" , 0x2e) # Channel zero.
+
+ #self.pokebysym("DEVIATN" , 0x71) # 118.5
+ self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation
+
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM2" , 0x07)
+ self.pokebysym("MCSM1" , 0x30) #Auto freq. cal.
+ self.pokebysym("MCSM0" , 0x14)
+
+ self.pokebysym("TEST2" , 0x88) #
+ self.pokebysym("TEST1" , 0x31) #
+ self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.)
+ self.pokebysym("PA_TABLE0", 0xC0) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status
+ self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len.
+
+ self.pokebysym("PKTLEN" , 0x09) # Packet length.
+
+ self.pokebysym("SYNC1",0xB0);
+ self.pokebysym("SYNC0",0xB0);
+ self.pokebysym("ADDR", 0xB0);
+ return;
+ def config_ook(self,band="none"):
+ self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ elif band=="ismus" or band=="us":
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+
+ #data rate
+ #~1
+ #self.pokebysym("MDMCFG4" , 0x85)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #0.5
+ #self.pokebysym("MDMCFG4" , 0xf4)
+ #self.pokebysym("MDMCFG3" , 0x43)
+ #2.4
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x83)
+
+ #4.8 kbaud
+ #print "Warning: Default to 4.8kbaud.";
+ #self.pokebysym("MDMCFG4" , 0xf7)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #9.6 kbaud
+ #print "Warning: Default to 9.6kbaud.";
+ #
+
+ self.pokebysym("MDMCFG4" , 0xf8)
+ self.pokebysym("MDMCFG3" , 0x83)
+ self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester
+
+ #Kind aright for keeloq
+ print "Warning: Guessing baud rate.";
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x93)
+ #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester
+
+ self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
+ #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
+
+ #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x0B) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xD3);
+ self.pokebysym("SYNC0",0x91);
+
+ def config_simpliciti(self,band="none"):
+ self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ elif band=="ismus" or band=="us":
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
+ elif band=="none":
+ band="none";
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
self.pokebysym("MDMCFG4" , 0x7B) # Modem configuration.
self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
self.pokebysym("MDMCFG2" , 0x13) # Modem configuration.
self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
if band=="ismus" or band=="us":
- self.pokebysym("CHANNR" , 0); # 20) # Channel number.
+ self.pokebysym("CHANNR" , 20) # Channel number.
else:
self.pokebysym("CHANNR" , 0x00) # Channel number.
self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled).
self.pokebysym("TEST2" , 0x81) # Various test settings.
self.pokebysym("TEST1" , 0x35) # Various test settings.
self.pokebysym("TEST0" , 0x09) # Various test settings.
- #self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
- self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
- #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
- self.pokebysym("PKTCTRL0" , 0x01) # Packet automation control, w/o checksum.
- self.pokebysym("ADDR" , 0x00) # Device address.
+ self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
self.pokebysym("PKTLEN" , 0xFF) # Packet length.
- self.pokebysym("SYNC1",0x04);
- self.pokebysym("SYNC0",0x05);
+ self.pokebysym("SYNC1",0xD3);
+ self.pokebysym("SYNC0",0x91);
def RF_carrier(self):
"""Hold a carrier wave on the present frequency."""
self.CC1110_crystal(); #FIXME, '1110 specific.
self.RF_idle();
- #self.resume();
- #time.sleep(1);
- #self.halt();
RFST=0xDFE1;
-
- self.pokebysym("FSCTRL1" , 0x0a) # Frequency synthesizer control.
- self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+ self.config_simpliciti();
#Don't change these while the radio is active.
- self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
- self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
- self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
- self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
+ #Ramp up the power.
+ #self.pokebysym("PA_TABLE0", 0xFF) # PA output power setting.
- #self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
- #self.pokebysym("FREQ1" , 0xEC) # Frequency control word, middle byte.
- #self.pokebysym("FREQ0" , 0x4E) # Frequency control word, low byte.
+ #This is what drops to OOK.
+ #Comment to keep GFSK, might be better at jamming.
self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
- self.pokebysym("CHANNR" , 0x00) # Channel number.
- self.pokebysym("DEVIATN" , 0x00) # Modem deviation setting (when FSK modulation is enabled).
- self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
-
- self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
- self.pokebysym("MCSM0" , 0x14) # Main Radio Control State Machine configuration.
- self.pokebysym("FOCCFG" , 0x16) # Frequency Offset Compensation Configuration.
- self.pokebysym("BSCFG" , 0x6C) # Bit synchronization Configuration.
-
- self.pokebysym("AGCCTRL2" , 0x03) # AGC control.
- self.pokebysym("AGCCTRL1" , 0x40) # AGC control.
- self.pokebysym("AGCCTRL0" , 0x91) # AGC control.
-
- self.pokebysym("TEST2" , 0x88) # Various test settings.
- self.pokebysym("TEST1" , 0x31) # Various test settings.
- self.pokebysym("TEST0" , 0x09) # Various test settings.
- self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
- self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
- self.pokebysym("PKTCTRL0" , 0x22) # Packet automation control.
- self.pokebysym("ADDR" , 0x00) # Device address.
- self.pokebysym("PKTLEN" , 0xFF) # Packet length.
self.pokebysym("SYNC1",0xAA);
self.pokebysym("SYNC0",0xAA);
-
-
#while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
state=0;
#print "state=%02x" % state;
print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
- #Not needed, radio works when CPU is halted.
- #self.resume();
-
return;
def RF_getsmac(self):
return 0;
def RF_rxpacket(self):
"""Get a packet from the radio. Returns None if none is waiting."""
- RFST=0xDFE1
- self.pokebyte(RFST,0x01); #SCAL
- #self.pokebyte(RFST,0x02); #SRX
-
self.shellcodefile("rxpacket.ihx");
- #time.sleep(1);
- self.halt();
- return self.peekblock(0xFE00,32,"data");
- def RF_txpacket(self,payload):
+ len=self.peek8(0xFE00,"xdata");
+ return self.peekblock(0xFE00,len+3,"data");
+ def RF_txpacket(self,packet):
"""Transmit a packet. Untested."""
- print "FIXME, Chipcon packet transmission is not yet implemented.";
+ self.pokeblock(0xFE00,packet,"data");
+ self.shellcodefile("txpacket.ihx");
return;
+ def RF_txrxpacket(self,packet):
+ """Transmit a packet. Untested."""
+
+ self.pokeblock(0xFE00,packet,"data");
+ self.shellcodefile("txrxpacket.ihx");
+ len=self.peek8(0xFE00,"xdata");
+ return self.peekblock(0xFE00,len+3,"data");
def RF_getrssi(self):
"""Returns the received signal strenght, with a weird offset."""
except:
if self.verbose>0: print "RSSI reg doesn't exist.";
try:
- #RSSI doesn't exist on 2.4GHz devices. Maybe RSSIL and RSSIH?
+ #RSSI doesn't exist on some 2.4GHz devices. Maybe RSSIL and RSSIH?
rssilreg=self.symbols.get("RSSIL");
rssil=self.CCpeekdatabyte(rssilreg);
rssihreg=self.symbols.get("RSSIL");
return 0;
-
-
def SRF_loadsymbols(self):
ident=self.CCident();
chip=self.CCversions.get(ident&0xFF00);
if(ident1!=ident2 or ident2!=ident3):
print "Error, repeated ident attempts unequal."
print "%04x, %04x, %04x" % (ident1, ident2, ident3);
-
+
#Single step, printing PC.
print "Tracing execution at startup."
for i in range(1,15):
print "ERROR: PC changed during CCdebuginstr([NOP])!";
print "Checking pokes to XRAM."
- for i in range(0xf000,0xf020):
+ for i in range(self.execbuf,self.execbuf+0x20):
self.CCpokedatabyte(i,0xde);
if(self.CCpeekdatabyte(i)!=0xde):
print "Error in XDATA at 0x%04x" % i;
print "Done.";
def setup(self):
- """Move the FET into the CC2430/CC2530 application."""
+ """Move the FET into the Chipcon 8051 application."""
#print "Initializing Chipcon.";
self.writecmd(self.APP,0x10,0,self.data);
def CCrd_config(self):
0x8900:"cc2431",
0x8100:"cc2510",
0x9100:"cc2511",
- 0xA500:"cc2530", #page 52 of SWRU191
+ 0xA500:"cc2530", #page 57 of SWRU191B
0xB500:"cc2531",
+ 0x9500:"cc2533",
+ 0x8D00:"cc2540",
0xFF00:"CCmissing"};
+ execbuf=None;
+ CCexecbuf= {0x0100:0xF000,
+ 0x1100:0xF000,
+ 0x8500:0xF000,
+ 0x8900:0xF000,
+ 0x8100:0xF000,
+ 0x9100:0xF000,
+ 0xA500:0x0000, #CC2530
+ 0xB500:0x8000,
+ 0x9500:0x8000,
+ 0x8D00:0x8000,
+ 0xFF00:None} #missing
CCpagesizes={0x01: 1024, #"CC1110",
0x11: 1024, #"CC1111",
0x85: 2048, #"CC2430",
0x89: 2048, #"CC2431",
0x81: 1024, #"CC2510",
0x91: 1024, #"CC2511",
- 0xA5: 2048, #"CC2530", #page 52 of SWRU191
+ 0xA5: 2048, #"CC2530", #page 57 of SWRU191B
0xB5: 2048, #"CC2531",
- 0xFF: 0 } #"CCmissing"};
+ 0x95: 2048, #"CC2533",
+ 0x8D: 2048, #"CC2540",
+ 0xFF: None}
def infostring(self):
return self.CCidentstr();
def CCidentstr(self):
ident=self.CCident();
chip=self.CCversions.get(ident&0xFF00);
+ execbuf=self.CCexecbuf.get(ident&0xFF00);
pagesize=self.CCpagesizes.get(ident>0xFF);
+ self.execbuf=execbuf;
+
try:
return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
except:
self.data=[adr&0xff, val&0xff];
self.writecmd(self.APP,0x02, 2, self.data);
return ord(self.data[0]);
- def pokebyte(self,adr,val,mem="data"):
- if mem!="data":
- print "FIXME: poking of non data bytes not yet supported.";
+ def pokebyte(self,adr,val,mem="xdata"):
self.CCpokedatabyte(adr,val);
def CCpokedatabyte(self,adr,val):
"""Write a byte to data memory."""
return str;
def start(self):
"""Start debugging."""
+ ident=0x0000;
+ #while ident==0xFFFF or ident==0x0000:
self.setup();
self.writecmd(self.APP,0x20,0,self.data);
- ident=self.CCidentstr();
- #print "Target identifies as %s." % ident;
- #print "Status: %s." % self.status();
- self.CCreleasecpu();
- self.CChaltcpu();
+ identa=self.CCident();
+ self.CCidentstr();
+
+ ident=self.CCident();
#Get SmartRF Studio regs if they exist.
self.loadsymbols();
-
+ #print "Status: %s" % self.status();
def stop(self):
"""Stop debugging."""
self.writecmd(self.APP,0x21,0,self.data);
#print "Got secret %02x" % secret;
return secret;
+ #FIXME: This is CC1110-specific and duplicates functionality of
+ # SmartRF7 integration.
+ CCspecfuncregs={
+ 'P0':0x80,
+ 'SP':0x81,
+ 'DPL0':0x82,
+ 'DPH0':0x83,
+ 'DPL1':0x84,
+ 'DPH1':0x85,
+ 'U0CSR':0x86,
+ 'PCON':0x87,
+ 'TCON':0x88,
+ 'P0IFG':0x89,
+ 'P1IFG':0x8A,
+ 'P2IFG':0x8B,
+ 'PICTL':0x8C,
+ 'P1IEN':0x8D,
+ 'P0INP':0x8F,
+ 'P1':0x90,
+ 'RFIM':0x91,
+ 'DPS':0x92,
+ 'MPAGE':0x93,
+ 'ENDIAN':0x95,
+ 'S0CON':0x98,
+ 'IEN2':0x9A,
+ 'S1CON':0x9B,
+ 'T2CT':0x9C,
+ 'T2PR':0x9D,
+ 'T2CTL':0x9E,
+ 'P2':0xA0,
+ 'WORIRQ':0xA1,
+ 'WORCTRL':0xA2,
+ 'WOREVT0':0xA3,
+ 'WOREVT1':0xA4,
+ 'WORTIME0':0xA5,
+ 'WORTIME1':0xA6,
+ 'IEN0':0xA8,
+ 'IP0':0xA9,
+ 'FWT':0xAB,
+ 'FADDRL':0xAC,
+ 'FADDRH':0xAD,
+ 'FCTL':0xAE,
+ 'FWDATA':0xAF,
+ 'ENCDI':0xB1,
+ 'ENCDO':0xB2,
+ 'ENCCS':0xB3,
+ 'ADCCON1':0xB4,
+ 'ADCCON2':0xB5,
+ 'ADCCON3':0xB6,
+ 'IEN1':0xB8,
+ 'IP1':0xB9,
+ 'ADCL':0xBA,
+ 'ADCH':0xBB,
+ 'RNDL':0xBC,
+ 'RNDH':0xBD,
+ 'SLEEP':0xBE,
+ 'IRCON':0xC0,
+ 'U0DBUF':0xC1,
+ 'U0BAUD':0xC2,
+ 'U0UCR':0xC4,
+ 'U0GCR':0xC5,
+ 'CLKCON':0xC6,
+ 'MEMCTR':0xC7,
+ 'WDCTL':0xC9,
+ 'T3CNT':0xCA,
+ 'T3CTL':0xCB,
+ 'T3CCTL0':0xCC,
+ 'T3CC0':0xCD,
+ 'T3CCTL1':0xCE,
+ 'T3CC1':0xCF,
+ 'PSW':0xD0,
+ 'DMAIRQ':0xD1,
+ 'DMA1CFGL':0xD2,
+ 'DMA1CFGH':0xD3,
+ 'DMA0CFGL':0xD4,
+ 'DMA0CFGH':0xD5,
+ 'DMAARM':0xD6,
+ 'DMAREQ':0xD7,
+ 'TIMIF':0xD8,
+ 'RFD':0xD9,
+ 'T1CC0L':0xDA,
+ 'T1CC0H':0xDB,
+ 'T1CC1L':0xDC,
+ 'T1CC1H':0xDD,
+ 'T1CC2L':0xDE,
+ 'T1CC2H':0xDF,
+ 'ACC':0xE0,
+ 'RFST':0xE1,
+ 'T1CNTL':0xE2,
+ 'T1CNTH':0xE3,
+ 'T1CTL':0xE4,
+ 'T1CCTL0':0xE5,
+ 'T1CCTL1':0xE6,
+ 'T1CCTL2':0xE7,
+ 'IRCON2':0xE8,
+ 'RFIF':0xE9,
+ 'T4CNT':0xEA,
+ 'T4CTL':0xEB,
+ 'T4CCTL0':0xEC,
+ 'T4CC0':0xED,
+ 'T4CCTL1':0xEE,
+ 'T4CC1':0xEF,
+ 'B':0xF0,
+ 'PERCFG':0xF1,
+ 'ADCCFG':0xF2,
+ 'P0SEL':0xF3,
+ 'P1SEL':0xF4,
+ 'P2SEL':0xF5,
+ 'P1INP':0xF6,
+ 'P2INP':0xF7,
+ 'U1CSR':0xF8,
+ 'U1DBUF':0xF9,
+ 'U1BAUD':0xFA,
+ 'U1UCR':0xFB,
+ 'U1GCR':0xFC,
+ 'P0DIR':0xFD,
+ 'P1DIR':0xFE,
+ 'P2DIR':0xFF
+ }
+ def getSPR(self,args=[]):
+ """Get special function registers."""
+ print "Special Function Registers:"
+ if len(args):
+ for e in args:
+ print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
+ else:
+ for e in self.CCspecfuncregs.keys():
+ print " %-8s : 0x%0.2x"%(e,self.CCpeekcodebyte(self.CCspecfuncregs[e]))
+
def dump(self,file,start=0,stop=0xffff):
"""Dump an intel hex file from code memory."""
print "Dumping code from %04x to %04x as %s." % (start,stop,file);
projects / goodfet / blobdiff