from GoodFETNRF import GoodFETNRF;
from intelhex import IntelHex;
+
+regnames=["CONFIG","EN_AA","EN_RXADDR","SETUP_AW","SETUP_RET",
+ "RF_CH","RF_SETUP","STATUS","OBSERVE_TX","RPD",
+ "RX_ADDR_P0","RX_ADDR_P1","RX_ADDR_P2","RX_ADDR_P3","RX_ADDR_P4","RX_ADDR_P5",
+ "TX_ADDR",
+ "RX_PW_P0","RX_PW_P1","RX_PW_P2","RX_PW_P3","RX_PW_P4","RX_PW_P5",
+ "FIFO_STATUS","?",
+ "?","?","DYNPD","?","?","?","?","?",
+ "?","?","?","?","?","?","?","?"];
+
def printpacket(packet):
s="";
i=0;
print "%s" %s;
def printconfig():
+ print "Encoding %s" % client.RF_getenc();
+ print "Freq %10i MHz" % (client.RF_getfreq()/10**6);
+ print "Rate %10i kbps" % (client.RF_getrate()/1000);
+ print "PacketLen %02i bytes" % client.RF_getpacketlen();
+ #print "MacLen %2i bytes" % client.RF_getmaclen();
print "SMAC 0x%010x" % client.RF_getsmac();
print "TMAC 0x%010x" % client.RF_gettmac();
- print "Freq %10i MHz" % (client.RF_getfreq()/10**6);
- print "PacketLen %02i" % client.RF_getpacketlen();
- print "MacLen %02i" % client.RF_getmaclen();
+
if(len(sys.argv)==1):
print "Usage: %s verb [objects]\n" % sys.argv[0];
print "%s info" % sys.argv[0];
print "%s test" % sys.argv[0];
- print "%s sniffob\n\tSniffs OpenBeacon traffic." % sys.argv[0];
print "%s regs" % sys.argv[0];
+ print "%s pyregs" % sys.argv[0];
+
+ print "%s sniff\n\tSniffs packets by current config." % sys.argv[0];
+ print "%s sniffob\n\tSniffs OpenBeacon traffic." % sys.argv[0];
+ print "%s snifftp\n\tSniffs Tunrning Point Clicker traffic." % sys.argv[0];
+
+ print "%s hosttp\n\tHosts Tunrning Point Clicker traffic." % sys.argv[0];
+
+ print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
sys.exit();
#Initialize FET and set baud rate
printconfig();
if(sys.argv[1]=="test"):
+ print "Old registers:"
+ printconfig();
+
# Set PWR_UP=1 and PRIM_RX=0 in CONFIG.
client.poke(0x00,2);
#Delay of 1.5ms by round-trip.
- # Set CONT_WAVE, PLL_LOCK, and 0dBm in RF_SETUP
- client.poke(0x06,8+10+4+2);
- client.RF_setfreq(2480 * 10**6);
- #Print registers, just for fun.
- print "SMAC 0x%010x" % client.RF_getsmac();
- print "Freq %10i MHz" % (client.RF_getfreq()/10**6);
+ print "\n\n";
+ #Try all data rates
+ for foo in [250*10**3,
+ 1*10**6,
+ 2*10**6]:
+ client.RF_setrate(foo);
+ if(client.RF_getrate()!=foo):
+ print "ERROR Rate %i not supported. Got %i instead." % (foo,
+ client.RF_getrate());
+
+ print "\n\n";
client.poke(0x0A,0xDEADBEEF,5);
- print "SMAC set to %010x" % client.RF_getsmac();
+ #print "SMAC set to %010x" % client.RF_getsmac();
if client.RF_getsmac()!=0xdeadbeef:
print "ERROR: Failed to set MAC address.";
-
+ print "Final registers:"
+ printconfig();
+
+if(sys.argv[1]=="carrier"):
+ if len(sys.argv)>2:
+ client.RF_setfreq(eval(sys.argv[2]));
+ client.RF_carrier();
+ printconfig();
+ print "\nHolding a carrier wave.";
+ while(1):
+ time.sleep(1);
if(sys.argv[1]=="regs"):
for r in range(0,0x20):
- reglen=1;
- if r==0x0a or r==0x0b or r==0x10: reglen=5;
- print "r[0x%02x]=0x%010x" % (r,client.peek(r,reglen));
+ print "r[0x%02x]=0x%010x //%16s " % (r,client.peek(r),regnames[r]);
+if(sys.argv[1]=="pyregs"):
+ for r in range(0,0x20):
+ print "client.set(0x%02x,0x%010x); #%16s " % (r,client.peek(r),regnames[r]);
+
+if(sys.argv[1]=="peek"):
+ start=0x0000;
+ if(len(sys.argv)>2):
+ start=int(sys.argv[2],16);
+ stop=start;
+ if(len(sys.argv)>3):
+ stop=int(sys.argv[3],16);
+ print "Peeking from %02x to %02x." % (start,stop);
+ while start<=stop:
+ print "%02x: %010x" % (start,client.peek(start));
+ start=start+1;
+if(sys.argv[1]=="poke"):
+ start=0x0000;
+ val=0x00;
+ if(len(sys.argv)>2):
+ start=int(sys.argv[2],16);
+ if(len(sys.argv)>3):
+ val=int(sys.argv[3],16);
+ print "Poking %02x to become %010x." % (start,val);
+
+ client.poke(start,val);
+ print "Poked to %04x" % client.peek(start);
if(sys.argv[1]=="sniffob"):
#Reversal of transmitter code from nRF_CMD.c of OpenBeacon
client.poke(0x00,0x00); #Stop nRF
client.poke(0x01,0x00); #Disable Shockburst
client.poke(0x02,0x01); #Set RX Pipe 0
- client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
+
client.RF_setfreq(2481 * 10**6);
client.poke(0x06,0x09); #2MBps, -18dBm in RF_SETUP
client.poke(0x07,0x78); #Reset status register
#OpenBeacon defines these in little endian as follows.
+ client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
#0x01, 0x02, 0x03, 0x02, 0x01
client.RF_setsmac(0x0102030201);
#'O', 'C', 'A', 'E', 'B'
#Set packet length of 16.
client.RF_setpacketlen(16);
+ #Power radio, prime for RX, one-byte checksum.
+ client.poke(0x00,0x70|0x03|0x08); #0x08 for one byte, 0x04 for two.
+
+ print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ #time.sleep(0.1);
+ packet=client.RF_rxpacket();
+ printpacket(packet);
+ sys.stdout.flush();
+
+if(sys.argv[1]=="snifftp"):
+ client.poke(0x00,0x00); #Stop nRF
+ client.poke(0x01,0x00); #Disable Shockburst
+ client.poke(0x02,0x01); #Set RX Pipe 0
+
+ client.RF_setfreq((2400+0x29) * 10**6);
+ client.poke(0x06,0x00); #1Mbps
+ client.poke(0x07,0x78); #Reset status register
+
+ client.RF_setmaclen(3); # SETUP_AW for 3-byte addresses.
+ client.RF_setsmac(0x123456);
+ client.RF_setpacketlen(4);
+
+ #Power radio, prime for RX, two-byte checksum.
+ client.poke(0x00,0x70|0x03|0x04|0x08);
+
+ print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ #time.sleep(0.1);
+ packet=client.RF_rxpacket();
+ printpacket(packet);
+ sys.stdout.flush();
+
+if(sys.argv[1]=="hosttp"):
+ client.poke(0x00,0x00); #Stop nRF
+ client.poke(0x01,0x00); #Disable Shockburst
+ client.poke(0x02,0x01); #Set RX Pipe 0
+
+ chan=0x29;
+
+ client.RF_setfreq((2400+chan) * 10**6);
+ client.poke(0x06,0x00); #1Mbps
+ client.poke(0x07,0x78); #Reset status register
+
+ client.RF_setmaclen(3); # SETUP_AW for 3-byte addresses.
+ client.RF_setsmac(0x123456);
+ client.RF_setpacketlen(4);
+
+ #Power radio, prime for RX, two-byte checksum.
+ client.poke(0x00,0x70|0x03|0x04|0x08);
+
+ print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ packet=client.RF_rxpacket();
+ mac=((ord(packet[0])<<16)+
+ (ord(packet[1])<<8)+
+ ord(packet[2]));
+ key=packet[3];
+ print "%c from %06x" % (key,mac);
+ sys.stdout.flush();
+
+if(sys.argv[1]=="sniff"):
+ #client.poke(0x00,0x00); #Stop nRF
+ client.poke(0x07,0x78); #Reset status register
+
#Power radio, prime for RX, checksum.
client.poke(0x00,0x70|0x03|0x08);
packet=client.RF_rxpacket();
printpacket(packet);
sys.stdout.flush();
+if(sys.argv[1]=="explore"):
+ #client.poke(0x00,0x00); #Stop nRF
+ client.poke(0x07,0x78); #Reset status register
+
+ #Power radio, prime for RX, no checksum.
+ client.poke(0x00,0x70|0x03);
+
+ #Set packet length of 32.
+ #Without checksums, extra data will mix in.
+ client.RF_setpacketlen(32);
+ client.RF_setmaclen(3); # shortest address length
+
+ #Now we're ready to get packets.
+ for smac in [0x0102030201, 0]:
+ client.RF_setsmac(smac);
+ for chan in range(0,0x80):
+ client.RF_setfreq((2400+chan) * 10**6);
+ time.sleep(1);
+ packet=client.RF_rxpacket();
+ if packet!=None:
+ print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10**6);
+ printpacket(packet);
+ sys.stdout.flush();
projects / goodfet / blobdiff