+ """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
+ APP=0x30;
+
+
+
+
+ smartrfpath="/opt/smartrf7";
+ def loadsymbols(self):
+ try: self.SRF_loadsymbols();
+ except:
+ if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath;
+ def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
+ fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
+ #print "Opening %s" % fn;
+ return xml.dom.minidom.parse(fn)
+
+ def CMDrs(self,args=[]):
+ """Chip command to grab the radio state."""
+ try:
+ self.SRF_radiostate();
+ except:
+ print "Error printing radio state.";
+ print "SmartRF not found at %s." % self.smartrfpath;
+ def SRF_bitfieldstr(self,bf):
+ name="unused";
+ start=0;
+ stop=0;
+ access="";
+ reset="0x00";
+ description="";
+ for e in bf.childNodes:
+ if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
+ elif e.localName=="Start": start=e.childNodes[0].nodeValue;
+ elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
+ return " [%s:%s] %30s " % (start,stop,name);
+ def SRF_radiostate(self):
+ ident=self.CCident();
+ chip=self.CCversions.get(ident&0xFF00);
+ dom=self.SRF_chipdom(chip,"register_definition.xml");
+ for e in dom.getElementsByTagName("registerdefinition"):
+ for f in e.childNodes:
+ if f.localName=="DeviceName":
+ print "// %s RadioState" % (f.childNodes[0].nodeValue);
+ elif f.localName=="Register":
+ name="unknownreg";
+ address="0xdead";
+ description="";
+ bitfields="";
+ for g in f.childNodes:
+ if g.localName=="Name":
+ name=g.childNodes[0].nodeValue;
+ elif g.localName=="Address":
+ address=g.childNodes[0].nodeValue;
+ elif g.localName=="Description":
+ if g.childNodes:
+ description=g.childNodes[0].nodeValue;
+ elif g.localName=="Bitfield":
+ bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
+ #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
+ print "%-10s=0x%02x; /* %-50s */" % (
+ name,self.CCpeekdatabyte(eval(address)), description);
+ if bitfields!="": print bitfields.rstrip();
+ def RF_setfreq(self,frequency):
+ """Set the frequency in Hz."""
+ #FIXME CC1110 specific
+
+ hz=frequency;
+ freq=int(hz/396.728515625);
+
+ freq0=freq&0xFF;
+ freq1=(freq&0xFF00)>>8;
+ freq2=(freq&0xFF0000)>>16;
+
+ self.pokebysym("FREQ2",freq2);
+ self.pokebysym("FREQ1",freq1);
+ self.pokebysym("FREQ0",freq0);
+
+
+ def RF_getfreq(self):
+ """Get the frequency in Hz."""
+ #FIXME CC1110 specific
+
+ #return (2400+self.peek(0x05))*10**6
+ #self.poke(0x05,chan);
+
+ #freq2=self.CCpeekdatabyte(0xdf09);
+ #freq1=self.CCpeekdatabyte(0xdf0a);
+ #freq0=self.CCpeekdatabyte(0xdf0b);
+ freq=0;
+ try:
+ freq2=self.peekbysym("FREQ2");
+ freq1=self.peekbysym("FREQ1");
+ freq0=self.peekbysym("FREQ0");
+ freq=(freq2<<16)+(freq1<<8)+freq0;
+ except:
+ freq=0;
+
+ hz=freq*396.728515625;
+
+ return hz;
+
+ def shellcode(self,code,wait=1):
+ """Copy a block of code into RAM and execute it."""
+ i=0;
+ ram=0xF000;
+ for byte in code:
+ self.pokebyte(0xF000+i,byte);
+ i=i+1;
+ print "Code loaded, executing."
+ self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
+ self.resume();
+ while wait>0 and (0==self.CCstatus()&0x20):
+ time.sleep(0.1);
+ print "Waiting for shell code to return.";
+ return;
+ def CC1110_crystal(self):
+ """Start the main crystal of the CC1110 oscillating, needed for radio use."""
+ code=[0x53, 0xBE, 0xFB, #anl SLEEP, #0xFB
+ #one:
+ 0xE5, 0xBE, #mov a,SLEEP
+ 0x30, 0xE6, 0xFB, #jnb acc.6, back
+ 0x53, 0xc6, 0xB8, #anl CLKCON, #0xB8
+ #two
+ 0xE5, 0xC6, #mov a,CLKCON
+ 0x20, 0xE6, 0xFB, #jb acc.6, two
+ 0x43, 0xBE, 0x04, #orl SLEEP, #0x04
+ 0xA5, #HALT
+ ];
+ self.shellcode(code);
+ return;
+ def RF_idle(self):
+ RFST=0xDFE1
+ self.pokebyte(RFST,0x04); #Return to idle state.
+
+ def RF_carrier(self):
+ """Hold a carrier wave on the present frequency."""
+
+ self.CC1110_crystal(); #FIXME, '1110 specific.
+ self.RF_idle();
+
+ #self.resume();
+ #time.sleep(1);
+ #self.halt();
+
+ RFST=0xDFE1;
+
+
+ #0a00
+ #self.pokebysym("FSCTRL1" , 0x12) # Frequency synthesizer control.
+ #self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL1" , 0x0a) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xA9) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x0A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
+
+ #Ossmann's settings, not yet sure how they differ.
+ #self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ #self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+
+ #self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
+ #self.pokebysym("FREQ1" , 0xEC) # Frequency control word, middle byte.
+ #self.pokebysym("FREQ0" , 0x4E) # Frequency control word, low byte.
+ self.pokebysym("MDMCFG4" , 0x86) # Modem configuration.
+ self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
+ self.pokebysym("MDMCFG2" , 0x30) # Modem configuration.
+ self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+ self.pokebysym("DEVIATN" , 0x00) # Modem deviation setting (when FSK modulation is enabled).
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x14) # Main Radio Control State Machine configuration.
+ self.pokebysym("FOCCFG" , 0x16) # Frequency Offset Compensation Configuration.
+ self.pokebysym("BSCFG" , 0x6C) # Bit synchronization Configuration.
+
+ self.pokebysym("AGCCTRL2" , 0x03) # AGC control.
+ self.pokebysym("AGCCTRL1" , 0x40) # AGC control.
+ self.pokebysym("AGCCTRL0" , 0x91) # AGC control.
+
+
+
+
+
+
+ self.pokebysym("TEST2" , 0x88) # Various test settings.
+ self.pokebysym("TEST1" , 0x31) # Various test settings.
+ self.pokebysym("TEST0" , 0x09) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
+ self.pokebysym("PKTCTRL0" , 0x22) # Packet automation control.
+ self.pokebysym("ADDR" , 0x00) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xAA);
+ self.pokebysym("SYNC0",0xAA);
+
+
+
+ #while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
+ state=0;
+
+ while((state!=0x13)):
+ self.pokebyte(RFST,0x03); #RFST=RFST_STX
+ time.sleep(0.1);
+ state=self.peekbysym("MARCSTATE")&0x1F;
+ print "state=%02x" % state;
+ print "Holding a carrier on %f MHz." % (self.RF_getfreq()/10**6);
+
+ #Not needed, radio works when CPU is halted.
+ #self.resume();
+
+ return;
+
+
+ def RF_getrssi(self):
+ """Returns the received signal strenght, with a weird offset."""
+ try:
+ rssireg=self.symbols.get("RSSI");
+ return self.CCpeekdatabyte(rssireg);
+ except:
+ if self.verbose>0: print "RSSI reg doesn't exist.";
+ try:
+ #RSSI doesn't exist on 2.4GHz devices. Maybe RSSIL and RSSIH?
+ rssilreg=self.symbols.get("RSSIL");
+ rssil=self.CCpeekdatabyte(rssilreg);
+ rssihreg=self.symbols.get("RSSIL");
+ rssih=self.CCpeekdatabyte(rssihreg);
+ return (rssih<<8)|rssil;
+ except:
+ if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
+
+ return 0;
+
+
+ def SRF_loadsymbols(self):
+ ident=self.CCident();
+ chip=self.CCversions.get(ident&0xFF00);
+ dom=self.SRF_chipdom(chip,"register_definition.xml");
+ for e in dom.getElementsByTagName("registerdefinition"):
+ for f in e.childNodes:
+ if f.localName=="Register":
+ name="unknownreg";
+ address="0xdead";
+ description="";
+ bitfields="";
+ for g in f.childNodes:
+ if g.localName=="Name":
+ name=g.childNodes[0].nodeValue;
+ elif g.localName=="Address":
+ address=g.childNodes[0].nodeValue;
+ elif g.localName=="Description":
+ if g.childNodes:
+ description=g.childNodes[0].nodeValue;
+ elif g.localName=="Bitfield":
+ bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
+ #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
+ self.symbols.define(eval(address),name,description,"data");
+ def halt(self):
+ """Halt the CPU."""
+ self.CChaltcpu();