More OOK stuff.

[goodfet] / client / GoodFETCC.py

diff --git a/client/GoodFETCC.py b/client/GoodFETCC.py
index 3be0ca4..c37f540 100644 (file)
--- a/client/GoodFETCC.py
+++ b/client/GoodFETCC.py
@@ -134,7 +134,7 @@ class GoodFETCC(GoodFET):
             self.lastshellcode=filename;
             file=__file__;
             file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
-            path=file.replace("client/GoodFETCC.py","shellcode/chipcon/cc1110/");
+            path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/");
             filename=path+filename;
         
             #Load the shellcode.
@@ -275,12 +275,157 @@ class GoodFETCC(GoodFET):
         self.pokebysym("ADDR"     , 0x01)   # Device address.
         self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
         
+        self.pokebysym("SYNC1",0xD3);
+        self.pokebysym("SYNC0",0x91);
+        return;
+    def config_iclicker(self,band="lf"):
+        #Mike Ossmann figured most of this out, with help from neighbors.
+        
+        self.pokebysym("FSCTRL1"  , 0x06)   # Frequency synthesizer control.
+        self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
+        
+        #Don't change these while the radio is active.
+        self.pokebysym("FSCAL3"   , 0xE9)
+        self.pokebysym("FSCAL2"   , 0x2A)
+        self.pokebysym("FSCAL1"   , 0x00)
+        self.pokebysym("FSCAL0"   , 0x1F)
+        
+        if band=="ismeu" or band=="eu":
+            print "The EU band is unknown.";
+        elif band=="ismus" or band=="us":
+            #905.5MHz
+            self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
+            self.pokebysym("FREQ1"    , 0xD3)   # Frequency control word, middle byte.
+            self.pokebysym("FREQ0"    , 0xAC)   # Frequency control word, low byte.
+        elif band=="ismlf" or band=="lf":
+            print "There is no LF version of the iclicker."
+        elif band=="none":
+            pass;
+        else:
+            #Got a frequency, not a band.
+            self.RF_setfreq(eval(band));
+        # 812.5kHz bandwidth, 152.34 kbaud
+        self.pokebysym("MDMCFG4"  , 0x1C)   
+        self.pokebysym("MDMCFG3"  , 0x80)
+        # no FEC, 2 byte preamble, 250kHz chan spacing
+        
+        #15/16 sync
+        #self.pokebysym("MDMCFG2"  , 0x01)
+        #16/16 sync
+        self.pokebysym("MDMCFG2"  , 0x02)
+        
+        self.pokebysym("MDMCFG1"  , 0x03)
+        self.pokebysym("MDMCFG0"  , 0x3b)
+        
+        self.pokebysym("CHANNR"   , 0x2e)   # Channel zero.
+        
+        #self.pokebysym("DEVIATN"  , 0x71)  # 118.5
+        self.pokebysym("DEVIATN"  , 0x72)   # 253.9 kHz deviation
+        
+        self.pokebysym("FREND1"   , 0x56)   # Front end RX configuration.
+        self.pokebysym("FREND0"   , 0x10)   # Front end RX configuration.
+        self.pokebysym("MCSM2"    , 0x07)
+        self.pokebysym("MCSM1"    , 0x30)   #Auto freq. cal.
+        self.pokebysym("MCSM0"    , 0x14)
+        
+        self.pokebysym("TEST2"    , 0x88)   # 
+        self.pokebysym("TEST1"    , 0x31)   # 
+        self.pokebysym("TEST0"    , 0x09)   # High VCO (Upper band.)
+        self.pokebysym("PA_TABLE0", 0xC0)   # Max output power.
+        self.pokebysym("PKTCTRL1" , 0x45)   # Preamble qualidy 2*4=6, adr check, status
+        self.pokebysym("PKTCTRL0" , 0x00)   # No whitening, CR, fixed len.
+        
+        self.pokebysym("PKTLEN"   , 0x09)   # Packet length.
+        
+        self.pokebysym("SYNC1",0xB0);
+        self.pokebysym("SYNC0",0xB0);
+        self.pokebysym("ADDR", 0xB0);
+        return;
+    def config_ook(self,band="none"):
+        self.pokebysym("FSCTRL1"  , 0x0C) #08   # Frequency synthesizer control.
+        self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
+        
+        #Don't change these while the radio is active.
+        self.pokebysym("FSCAL3"   , 0xEA)   # Frequency synthesizer calibration.
+        self.pokebysym("FSCAL2"   , 0x2A)   # Frequency synthesizer calibration.
+        self.pokebysym("FSCAL1"   , 0x00)   # Frequency synthesizer calibration.
+        self.pokebysym("FSCAL0"   , 0x1F)   # Frequency synthesizer calibration.
         
+        if band=="ismeu" or band=="eu":
+            self.pokebysym("FREQ2"    , 0x21)   # Frequency control word, high byte.
+            self.pokebysym("FREQ1"    , 0x71)   # Frequency control word, middle byte.
+            self.pokebysym("FREQ0"    , 0x7a)   # Frequency control word, low byte.
+        elif band=="ismus" or band=="us":
+            self.pokebysym("FREQ2"    , 0x22)   # Frequency control word, high byte.
+            self.pokebysym("FREQ1"    , 0xB1)   # Frequency control word, middle byte.
+            self.pokebysym("FREQ0"    , 0x3B)   # Frequency control word, low byte.
+        elif band=="ismlf" or band=="lf":
+            self.pokebysym("FREQ2"    , 0x0C)   # Frequency control word, high byte.
+            self.pokebysym("FREQ1"    , 0x1D)   # Frequency control word, middle byte.
+            self.pokebysym("FREQ0"    , 0x89)   # Frequency control word, low byte.
+        elif band=="none":
+            pass;
+        else:
+            #Got a frequency, not a band.
+            self.RF_setfreq(eval(band));
         
+        #data rate
+        #~1
+        #self.pokebysym("MDMCFG4"  , 0x85)
+        #self.pokebysym("MDMCFG3"  , 0x83)
+        #0.5
+        #self.pokebysym("MDMCFG4"  , 0xf4)
+        #self.pokebysym("MDMCFG3"  , 0x43)
+        #2.4
+        #self.pokebysym("MDMCFG4"  , 0xf6)
+        #self.pokebysym("MDMCFG3"  , 0x83)
+        
+        #4.8 kbaud
+        #print "Warning: Default to 4.8kbaud.";
+        #self.pokebysym("MDMCFG4"  , 0xf7)
+        #self.pokebysym("MDMCFG3"  , 0x83)
+        #9.6 kbaud
+        #print "Warning: Default to 9.6kbaud.";
+        #
+        
+        self.pokebysym("MDMCFG4"  , 0xf8)
+        self.pokebysym("MDMCFG3"  , 0x83)
+        self.pokebysym("MDMCFG2"  , 0x34)   # OOK, carrier-sense, no-manchester
+        
+        #Kind aright for keeloq
+        print "Warning: Guessing baud rate.";
+        #self.pokebysym("MDMCFG4"  , 0xf6)
+        #self.pokebysym("MDMCFG3"  , 0x93)
+        #self.pokebysym("MDMCFG2"  , 0x3C)   # OOK, carrier-sense, manchester
+        
+        self.pokebysym("MDMCFG1"  , 0x00)   # Modem configuration.
+        self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
+        self.pokebysym("CHANNR"   , 0x00)   # Channel number.
+        
+        self.pokebysym("FREND1"   , 0x56)   # Front end RX configuration.
+        self.pokebysym("FREND0"   , 0x11)   # Front end RX configuration.
+        self.pokebysym("MCSM0"    , 0x18)   # Main Radio Control State Machine configuration.
+        #self.pokebysym("FOCCFG"   , 0x1D)   # Frequency Offset Compensation Configuration.
+        #self.pokebysym("BSCFG"    , 0x1C)   # Bit synchronization Configuration.
+        
+        #self.pokebysym("AGCCTRL2" , 0xC7)   # AGC control.
+        #self.pokebysym("AGCCTRL1" , 0x00)   # AGC control.
+        #self.pokebysym("AGCCTRL0" , 0xB2)   # AGC control.
+        
+        self.pokebysym("TEST2"    , 0x81)   # Various test settings.
+        self.pokebysym("TEST1"    , 0x35)   # Various test settings.
+        self.pokebysym("TEST0"    , 0x0B)   # Various test settings.
+        self.pokebysym("PA_TABLE0", 0xc2)   # Max output power.
+        self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control, w/ lqi
+        #self.pokebysym("PKTCTRL1" , 0x00)   # Packet automation control. w/o lqi
+        #self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
+        self.pokebysym("PKTCTRL0" , 0x00)   # Packet automation control, w/o checksum, fixed length
+        self.pokebysym("ADDR"     , 0x01)   # Device address.
+        self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
         
         self.pokebysym("SYNC1",0xD3);
         self.pokebysym("SYNC0",0x91);
-        return;
+        
     def config_simpliciti(self,band="none"):
         self.pokebysym("FSCTRL1"  , 0x0C) #08   # Frequency synthesizer control.
         self.pokebysym("FSCTRL0"  , 0x00)   # Frequency synthesizer control.
@@ -690,7 +835,12 @@ class GoodFETCC(GoodFET):
         """Start debugging."""
         self.setup();
         self.writecmd(self.APP,0x20,0,self.data);
-        ident=self.CCidentstr();
+        ident=self.CCident();
+        if ident==0xFFFF or ident==0x0000:
+            self.writecmd(self.APP,0x20,0,self.data);
+            ident=self.CCident();
+        
+        
         #print "Target identifies as %s." % ident;
         #print "Status: %s." % self.status();
         self.CCreleasecpu();