projects
/
goodfet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added the option to automatically re-inject packets that we have fuzzed and injected...
[goodfet]
/
client
/
GoodFETNRF.py
diff --git
a/client/GoodFETNRF.py
b/client/GoodFETNRF.py
index
e95b9cf
..
70a0cb1
100644
(file)
--- a/
client/GoodFETNRF.py
+++ b/
client/GoodFETNRF.py
@@
-5,7
+5,7
@@
#
# This code is being rewritten and refactored. You've been warned!
#
# This code is being rewritten and refactored. You've been warned!
-import sys, time, string, cStringIO, struct, glob,
serial,
os;
+import sys, time, string, cStringIO, struct, glob, os;
from GoodFET import GoodFET;
from GoodFET import GoodFET;
@@
-26,6
+26,18
@@
class GoodFETNRF(GoodFET):
self.writecmd(self.NRFAPP,0x00,len(data),data);
return self.data;
self.writecmd(self.NRFAPP,0x00,len(data),data);
return self.data;
+ def tune(self,tuning="aa,c78c65805e,14,09"):
+ """Tune the radio."""
+ #MAC,rA,r5,r6
+ fields=tuning.split(",");
+ ra=int(fields[1],16);
+ r5=int(fields[2],16);
+ r6=int(fields[3],16);
+ self.poke(0x0a,ra,5);
+ self.poke(0x05,r5,1);
+ self.poke(0x06,r6,1);
+ self.RF_setmaclen(3);
+ return;
def peek(self,reg,bytes=-1):
"""Read an NRF Register. For long regs, result is flipped."""
data=[reg,0,0,0,0,0];
def peek(self,reg,bytes=-1):
"""Read an NRF Register. For long regs, result is flipped."""
data=[reg,0,0,0,0,0];
@@
-53,9
+65,11
@@
class GoodFETNRF(GoodFET):
data=data+[(val>>(8*i))&0xFF];
self.writecmd(self.NRFAPP,0x03,len(data),data);
if self.peek(reg,bytes)!=val and reg!=0x07:
data=data+[(val>>(8*i))&0xFF];
self.writecmd(self.NRFAPP,0x03,len(data),data);
if self.peek(reg,bytes)!=val and reg!=0x07:
- print "Warning, failed to set r%02x=%02x, got %02x." %(reg,
- val,
- self.peek(reg,bytes));
+ print "Warning, failed to set r%02x=%02x, got %02x." %(
+ reg,
+ val,
+ self.peek(reg,bytes));
+
return;
def status(self):
return;
def status(self):
@@
-74,7
+88,7
@@
class GoodFETNRF(GoodFET):
return "GFSK";
def RF_getrate(self):
rate=self.peek(0x06)&0x28;
return "GFSK";
def RF_getrate(self):
rate=self.peek(0x06)&0x28;
- if rate==0x2
8
:
+ if rate==0x2
0
:
rate=250*10**3; #256kbps
elif rate==0x08:
rate=2*10**6; #2Mbps
rate=250*10**3; #256kbps
elif rate==0x08:
rate=2*10**6; #2Mbps
@@
-164,7
+178,7
@@
class GoodFETNRF(GoodFET):
"""Hold a carrier wave on the present frequency."""
# Set CONT_WAVE, PLL_LOCK, and 0dBm in RF_SETUP
self.poke(0x06,8+10+4+2);
"""Hold a carrier wave on the present frequency."""
# Set CONT_WAVE, PLL_LOCK, and 0dBm in RF_SETUP
self.poke(0x06,8+10+4+2);
-
+
packetlen=16;
def RF_setpacketlen(self,len=16):
"""Set the number of bytes in the expected payload."""
packetlen=16;
def RF_setpacketlen(self,len=16):
"""Set the number of bytes in the expected payload."""
@@
-178,14
+192,16
@@
class GoodFETNRF(GoodFET):
maclen=5;
def RF_getmaclen(self):
"""Get the number of bytes in the MAC address."""
maclen=5;
def RF_getmaclen(self):
"""Get the number of bytes in the MAC address."""
- choices=[
0
, 3, 4, 5];
+ choices=[
2
, 3, 4, 5];
choice=self.peek(0x03)&3;
self.maclen=choices[choice];
return self.maclen;
def RF_setmaclen(self,len):
"""Set the number of bytes in the MAC address."""
choice=self.peek(0x03)&3;
self.maclen=choices[choice];
return self.maclen;
def RF_setmaclen(self,len):
"""Set the number of bytes in the MAC address."""
- choices=["illegal", "illegal", "illegal",
- 1, 2, 3];
+ choices=["illegal", "illegal",
+ 0, #undocumented
+ 1, 2, 3 #documented
+ ];
choice=choices[len];
self.poke(0x03,choice);
self.maclen=len;
choice=choices[len];
self.poke(0x03,choice);
self.maclen=len;