self.pokebysym("TEST1",0x31);
self.pokebysym("TEST0",0x09);
- #self.pokebysym("PA_TABLE0" , 0x60); #above mid
#self.pokebysym("FSCAL2" , 0x2A); #above mid
self.pokebysym("FSCAL2" , 0x0A); #beneath mid
self.lastshellcode=filename;
file=__file__;
file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
- path=file.replace("client/GoodFETCC.py","shellcode/chipcon/cc1110/");
+ path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
filename=path+filename;
#Load the shellcode.
RFST=0xDFE1
self.pokebyte(RFST,state); #Return to idle state.
return;
+ def config_dash7(self,band="lf"):
+ #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010.
+ #Waiting for official confirmation of the accuracy.
+
+ self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ print "There is no official eu band for dash7."
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ elif band=="ismus" or band=="us":
+ print "There is no official us band for dash7."
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ # 433.9198 MHz, same as Simpliciti.
+ self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+ self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter
+ self.pokebysym("MDMCFG3" , 0x3B)
+ self.pokebysym("MDMCFG2" , 0x11)
+ self.pokebysym("MDMCFG1" , 0x02)
+ self.pokebysym("MDMCFG0" , 0x53)
+ self.pokebysym("CHANNR" , 0x00) # Channel zero.
+ self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation
+
+ self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM2" , 0x1E)
+ self.pokebysym("MCSM1" , 0x3F)
+ self.pokebysym("MCSM0" , 0x30)
+ self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate
+
+ self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x09) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xD3);
+ self.pokebysym("SYNC0",0x91);
+ return;
+ def config_iclicker(self,band="lf"):
+ #Mike Ossmann figured most of this out, with help from neighbors.
+
+ self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xE9)
+ self.pokebysym("FSCAL2" , 0x2A)
+ self.pokebysym("FSCAL1" , 0x00)
+ self.pokebysym("FSCAL0" , 0x1F)
+
+ if band=="ismeu" or band=="eu":
+ print "The EU band is unknown.";
+ elif band=="ismus" or band=="us":
+ #905.5MHz
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ print "There is no LF version of the iclicker."
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+ # 812.5kHz bandwidth, 152.34 kbaud
+ self.pokebysym("MDMCFG4" , 0x1C)
+ self.pokebysym("MDMCFG3" , 0x80)
+ # no FEC, 2 byte preamble, 250kHz chan spacing
+
+ #15/16 sync
+ #self.pokebysym("MDMCFG2" , 0x01)
+ #16/16 sync
+ self.pokebysym("MDMCFG2" , 0x02)
+
+ self.pokebysym("MDMCFG1" , 0x03)
+ self.pokebysym("MDMCFG0" , 0x3b)
+
+ self.pokebysym("CHANNR" , 0x2e) # Channel zero.
+
+ #self.pokebysym("DEVIATN" , 0x71) # 118.5
+ self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation
+
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM2" , 0x07)
+ self.pokebysym("MCSM1" , 0x30) #Auto freq. cal.
+ self.pokebysym("MCSM0" , 0x14)
+
+ self.pokebysym("TEST2" , 0x88) #
+ self.pokebysym("TEST1" , 0x31) #
+ self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.)
+ self.pokebysym("PA_TABLE0", 0xC0) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status
+ self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len.
+
+ self.pokebysym("PKTLEN" , 0x09) # Packet length.
+
+ self.pokebysym("SYNC1",0xB0);
+ self.pokebysym("SYNC0",0xB0);
+ self.pokebysym("ADDR", 0xB0);
+ return;
+ def config_ook(self,band="none"):
+ self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ elif band=="ismus" or band=="us":
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ elif band=="ismlf" or band=="lf":
+ self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte.
+ elif band=="none":
+ pass;
+ else:
+ #Got a frequency, not a band.
+ self.RF_setfreq(eval(band));
+
+ #data rate
+ #~1
+ #self.pokebysym("MDMCFG4" , 0x85)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #0.5
+ #self.pokebysym("MDMCFG4" , 0xf4)
+ #self.pokebysym("MDMCFG3" , 0x43)
+ #2.4
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x83)
+
+ #4.8 kbaud
+ #print "Warning: Default to 4.8kbaud.";
+ #self.pokebysym("MDMCFG4" , 0xf7)
+ #self.pokebysym("MDMCFG3" , 0x83)
+ #9.6 kbaud
+ #print "Warning: Default to 9.6kbaud.";
+ #
+
+ self.pokebysym("MDMCFG4" , 0xf8)
+ self.pokebysym("MDMCFG3" , 0x83)
+ self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester
+
+ #Kind aright for keeloq
+ print "Warning: Guessing baud rate.";
+ #self.pokebysym("MDMCFG4" , 0xf6)
+ #self.pokebysym("MDMCFG3" , 0x93)
+ #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester
+
+ self.pokebysym("MDMCFG1" , 0x00) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+
+ self.pokebysym("FREND1" , 0x56) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x11) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
+ #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
+
+ #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ #self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x0B) # Various test settings.
+ self.pokebysym("PA_TABLE0", 0xc2) # Max output power.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
+ #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
+ #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
+ self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length
+ self.pokebysym("ADDR" , 0x01) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xD3);
+ self.pokebysym("SYNC0",0x91);
def config_simpliciti(self,band="none"):
- self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control.
self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
#Don't change these while the radio is active.
self.pokebysym("TEST2" , 0x81) # Various test settings.
self.pokebysym("TEST1" , 0x35) # Various test settings.
self.pokebysym("TEST0" , 0x09) # Various test settings.
- self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
+ self.pokebysym("PA_TABLE0", 0xc0) # Max output power.
self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi
#self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi
self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum.
"""Get a packet from the radio. Returns None if none is waiting."""
self.shellcodefile("rxpacket.ihx");
len=self.peek8(0xFE00,"xdata");
- return self.peekblock(0xFE00,len+1,"data");
+ return self.peekblock(0xFE00,len+3,"data");
def RF_txpacket(self,packet):
"""Transmit a packet. Untested."""
self.pokeblock(0xFE00,packet,"data");
self.shellcodefile("txrxpacket.ihx");
len=self.peek8(0xFE00,"xdata");
- return self.peekblock(0xFE00,len+1,"data");
+ return self.peekblock(0xFE00,len+3,"data");
def RF_getrssi(self):
"""Returns the received signal strenght, with a weird offset."""
"""Start debugging."""
self.setup();
self.writecmd(self.APP,0x20,0,self.data);
- ident=self.CCidentstr();
+ ident=self.CCident();
+ if ident==0xFFFF or ident==0x0000:
+ self.writecmd(self.APP,0x20,0,self.data);
+ ident=self.CCident();
+
+
#print "Target identifies as %s." % ident;
#print "Status: %s." % self.status();
self.CCreleasecpu();