from GoodFETConsole import GoodFETConsole;
from intelhex import IntelHex;
+
+def printpacket(packet):
+ s="";
+ i=0;
+ #print "Printing packet."
+ for foo in packet:
+ i=i+1;
+ #if i>packet[0]+1: break;
+ s="%s %02x" % (s,foo);
+ print "%s" %s;
+
+def handlesimplicitipacket(packet):
+ s="";
+ i=0;
+
+ for foo in packet:
+ i=i+1;
+ #if i>packet[0]+1: break;
+ s="%s %02x" % (s,foo);
+ print "\n%s" %s;
+
+
+ len=packet[0];
+ if len<12: return;
+
+ dst=[packet[1],
+ packet[2],
+ packet[3],
+ packet[4]];
+ src=[packet[5],
+ packet[6],
+ packet[7],
+ packet[8]];
+ port=packet[9];
+ info=packet[10];
+ seq=packet[11];
+ #payload begins at byte 12.
+
+
+
+ if port==0x03:
+ #print "Join request.";
+ if packet[12]!=1:
+ print "Not a join request. WTF?";
+ return;
+ tid=packet[13];
+ reply=[0x12, #reply is one byte shorter
+ src[0], src[1], src[2], src[3],
+ 1,1,1,1, #my address
+ port, 0x21, seq,
+ 0x81, tid, #reply, tid
+
+ 1,1,1,1,
+ #4,3,2,1, #default join token
+ #8,7,6,5, #default link token
+ #0xFF,0xFF,0xFF,0xFF,
+ 0x00]; #no security
+ printpacket(reply);
+ client.RF_txpacket(reply);
+
+ elif port==0x04:
+ print "Security request.";
+ elif port==0x05:
+ print "Frequency request.";
+ elif port==0x06:
+ print "Management request.";
+ else:
+ print "Unknown Port %02x" %port;
+
if(len(sys.argv)==1):
print "Usage: %s verb [objects]\n" % sys.argv[0];
print "%s erase" % sys.argv[0];
print "%s peek 0x$iram" % sys.argv[0];
print "%s poke 0x$iram 0x$val" % sys.argv[0];
print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
-
+ print "\n"
+ print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0];
print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
+ print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
+ print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
sys.exit();
client.start();
+
if(sys.argv[1]=="carrier"):
if len(sys.argv)>2:
client.RF_setfreq(eval(sys.argv[2]));
client.RF_carrier();
- #printconfig();
- print "\nHolding a carrier wave.";
while(1):
time.sleep(1);
-if(sys.argv[1]=="explore"):
- print "Exploring undefined commands."
- print "Status: %s" %client.status();
+if(sys.argv[1]=="reflex"):
+ client.CC1110_crystal();
+ client.RF_idle();
+
+ client.config_simpliciti();
+
+ threshold=100;
+ if len(sys.argv)>2:
+ client.RF_setfreq(eval(sys.argv[2]));
+ print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
+ print "Jamming if RSSI>=%i" % threshold;
+
+ client.pokebyte(0xFE00,threshold,"xdata"); #Write threshold to shellcode.
+ client.shellcodefile("reflex.ihx");
+ rssi=0;
+ while 1:
+ while(0==client.ishalted()):
+ rssi=0;
+ rssi=client.peek8(0xFE00,"xdata");
+ print "Activated jamming with RSSI of %i, going again for another packet." % rssi;
+ client.resume();
- cmd=0x04; #read status
- for foo in range(0,0x5):
- client.CCcmd([(0x0F<<3)|(0x00)|0x03,0x09<<3]);
- print "Status %02x: %s" % (foo,client.status());
- for foo in range(0,3):
- print "PC: %04x" % client.CCgetPC();
+ RFST=0xDFE1
+ client.CC_RFST_CAL(); #SCAL
+ time.sleep(1);
+
+ maxrssi=0;
+ while 1:
+ client.CC_RFST_RX(); #SRX
+ rssi=client.RF_getrssi();
+ client.CC_RFST_IDLE(); #idle
+ time.sleep(0.01);
+ string="";
+ for foo in range(0,rssi>>2):
+ string=("%s."%string);
+ print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string);
+ if rssi>maxrssi:
+ maxrssi=(rssi);
+ if rssi>threshold:
+ #print "Triggered jamming for 1s.";
+ client.RF_carrier();
+ time.sleep(1);
+ print "JAMMING JAMMING JAMMING JAMMING";
+if(sys.argv[1]=="rssi"):
+ client.CC1110_crystal();
+ client.RF_idle();
+
+ client.config_simpliciti();
+
+ if len(sys.argv)>2:
+ client.RF_setfreq(eval(sys.argv[2]));
+ print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6);
+
+ #FIXME, ugly
+ RFST=0xDFE1
+ client.CC_RFST_CAL();
+ time.sleep(1);
+
+ while 1:
+ client.CC_RFST_RX();
+ rssi=client.RF_getrssi();
+ client.CC_RFST_IDLE(); #idle
+ time.sleep(0.01);
+ string="";
+ for foo in range(0,rssi>>2):
+ string=("%s."%string);
+ print "%02x %04i %s" % (rssi,rssi, string);
+
+if(sys.argv[1]=="sniffsimpliciti"):
+ #TODO remove all poke() calls.
+ region="us";
+ if len(sys.argv)>2:
+ region=sys.argv[2];
+
+ client.CC1110_crystal();
+ client.RF_idle();
+
+ client.config_simpliciti(region);
+
+ print "Listening as %x on %f MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10.0**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ packet=client.RF_rxpacket();
+ printpacket(packet);
+ sys.stdout.flush();
+
+if(sys.argv[1]=="simpliciti"):
+ #TODO remove all poke() calls.
+ region="us";
+ if len(sys.argv)>2:
+ region=sys.argv[2];
+
+ client.CC1110_crystal();
+ client.RF_idle();
+
+ client.config_simpliciti(region);
+
+ print "Listening as %x on %f MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10.0**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ packet=client.RF_rxpacket();
+ handlesimplicitipacket(packet);
+ sys.stdout.flush();
+
+
+
if(sys.argv[1]=="term"):
GoodFETConsole(client).run();
if(sys.argv[1]=="test"):
projects / goodfet / blobdiff