"""A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
APP=0x30;
-
-
-
smartrfpath="/opt/smartrf7";
def loadsymbols(self):
try: self.SRF_loadsymbols();
except:
if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath;
def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
+ """Loads the chip XML definitions from SmartRF7."""
fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
#print "Opening %s" % fn;
return xml.dom.minidom.parse(fn)
def CMDrs(self,args=[]):
"""Chip command to grab the radio state."""
- try:
- self.SRF_radiostate();
- except:
- print "Error printing radio state.";
- print "SmartRF not found at %s." % self.smartrfpath;
+ #try:
+ self.SRF_radiostate();
+ #except:
+ # print "Error printing radio state.";
+ # print "SmartRF not found at %s." % self.smartrfpath;
def SRF_bitfieldstr(self,bf):
name="unused";
start=0;
hz=freq*396.728515625;
return hz;
+
+ def RF_getchannel(self):
+ """Get the frequency in Hz."""
+ #FIXME CC1110 specific
+ freq=0;
+ try:
+ freq2=self.peekbysym("FREQ2");
+ freq1=self.peekbysym("FREQ1");
+ freq0=self.peekbysym("FREQ0");
+ freq=(freq2<<16)+(freq1<<8)+freq0;
+ except:
+ freq=0;
+
+ return freq;
+
+
lastshellcode="none";
- def shellcodefile(self,filename,wait=1):
+ def shellcodefile(self,filename,wait=1, alwaysreload=0):
"""Run a fragment of shellcode by name."""
#FIXME: should identify chip model number, use shellcode for that chip.
- if self.lastshellcode!=filename:
+ if self.lastshellcode!=filename or alwaysreload>0:
self.lastshellcode=filename;
file=__file__;
file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
self.pokebysym("ADDR" , 0x01) # Device address.
self.pokebysym("PKTLEN" , 0xFF) # Packet length.
- self.pokebysym("SYNC1",0xD3);
- self.pokebysym("SYNC0",0x91);
+ #Sync word hack
+ self.pokebysym("SYNC1",0x83);
+ self.pokebysym("SYNC0",0xFE);
return;
def config_iclicker(self,band="lf"):
#Mike Ossmann figured most of this out, with help from neighbors.
self.pokebysym("SYNC0",0xB0);
self.pokebysym("ADDR", 0xB0);
return;
+ def config_ook(self,band="none"):
+ self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ elif band=="ismus" or band=="us":
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+
+ #data rate
+ #~1
+ #self.pokebysym("MDMCFG4" , 0x85)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #0.5
+ #self.pokebysym("MDMCFG4" , 0xf4)
+ #self.pokebysym("MDMCFG3" , 0x43)
+ #2.4
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x83)
+
+ #4.8 kbaud
+ #print "Warning: Default to 4.8kbaud.";
+ #self.pokebysym("MDMCFG4" , 0xf7)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #9.6 kbaud
+ #print "Warning: Default to 9.6kbaud.";
+ #
+
+ self.pokebysym("MDMCFG4" , 0xf8)
+ self.pokebysym("MDMCFG3" , 0x83)
+ self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester
+
+ #Kind aright for keeloq
+ print "Warning: Guessing baud rate.";
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x93)
+ #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester
+
+ self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
+ #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
+
+ #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x0B) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xD3);
+ self.pokebysym("SYNC0",0x91);
+
def config_simpliciti(self,band="none"):
self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
0x8900:"cc2431",
0x8100:"cc2510",
0x9100:"cc2511",
- 0xA500:"cc2530", #page 52 of SWRU191
+ 0xA500:"cc2530", #page 57 of SWRU191B
0xB500:"cc2531",
+ 0x9500:"CC2533",
+ 0x8D00:"CC2540",
0xFF00:"CCmissing"};
CCpagesizes={0x01: 1024, #"CC1110",
0x11: 1024, #"CC1111",
0x89: 2048, #"CC2431",
0x81: 1024, #"CC2510",
0x91: 1024, #"CC2511",
- 0xA5: 2048, #"CC2530", #page 52 of SWRU191
+ 0xA5: 2048, #"CC2530", #page 57 of SWRU191B
0xB5: 2048, #"CC2531",
+ 0x95: 2048, #"CC2533",
+ 0x8D: 2048, #"CC2540",
0xFF: 0 } #"CCmissing"};
def infostring(self):
return self.CCidentstr();