X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2Fgoodfet.cc;h=074fdb2952120c892107531474b85cee4d61a6c3;hp=b051ff04aadd722434893e5757e479b75229e6cf;hb=60199925981808668a7fd5d86602a4e574bc2b63;hpb=3048ba863b5b45b24b0e2f0fdf829eef0389ef6b diff --git a/client/goodfet.cc b/client/goodfet.cc index b051ff0..074fdb2 100755 --- a/client/goodfet.cc +++ b/client/goodfet.cc @@ -18,17 +18,110 @@ def printpacket(packet): i=0; for foo in packet: i=i+1; - #if i>client.packetlen: break; - s="%s %02x" % (s,ord(foo)); - print "%s" %s; + s="%s %02x" % (s,foo); + print "# %s" %s; +simplepacketcount=0; +def handlesimplicitipacket(packet): + s=""; + i=0; + global simplepacketcount; + simplepacketcount=simplepacketcount+1; + + len=packet[0]; + if len<12: return; + + dst=[packet[1], + packet[2], + packet[3], + packet[4]]; + src=[packet[5], + packet[6], + packet[7], + packet[8]]; + port=packet[9]; + info=packet[10]; + seq=packet[11]; + #payload begins at byte 10. + + if packet[len+2]&0x80==0: + print "# Dropped broken packet."; + elif port==0x20: + #data packet + counter=packet[11]; + button=packet[12]; + x=packet[13]; + if x>=128: x=0-(x^0xFF)-1; + y=packet[14]; + if y>=128: y=0-(y^0xFF)-1; + z=packet[15]; + if z>=128: z=0-(z^0xFF)-1; + + print "%09i %03i %4i %4i %4i" % (simplepacketcount,button,x,y,z); + sys.stdout.flush(); + elif port==0x02: + #Link request. Gotta send a proper reply to get data. + tid=packet[13]; + #14 ff ff ff ff 3c b7 e3 98 + #02 03 c9 + #01 97 + #ef be ad de 3d 00 02 + reply=[0x10, + src[0], src[1], src[2], src[3], + 0x78,0x56,0x34,0x10, #my address. + port, 0x21, seq, + 0x81, tid, #reply, tid + + 0x20,0x00,0xad,0xde, #link token + 0x00]; #no security + #printpacket(reply); + print "#FIXME FAST: repeatedly broadcasting ACK to catch LINK on the next attempt."; + for foo in range(1,50): + client.RF_txpacket(reply); + + pass; + elif port==0x03: + #print "Join request."; + #printpacket(packet); + if packet[12]!=1: + print "Not a join request. WTF?"; + return; + tid=packet[13]; + reply=[0x12, #reply is one byte shorter + src[0], src[1], src[2], src[3], + 0x78,0x56,0x34,0x10, #my address. + port, 0x21, seq, + 0x81, tid, #reply, tid + + 0xef,0xbe,0xad,0xde, #Join token + 0x00]; #no security + #printpacket(reply); + print "#FIXME FAST: repeatedly broadcasting ACK to catch JOIN on the next attempt."; + #printpacket(reply); + for foo in range(1,20): + client.RF_txpacket(reply); + print "#Should be connected now."; + + elif port==0x04: + print "Security request."; + elif port==0x05: + print "Frequency request."; + elif port==0x06: + print "Management request."; + else: + print "Unknown Port %02x" %port; + if(len(sys.argv)==1): print "Usage: %s verb [objects]\n" % sys.argv[0]; print "%s erase" % sys.argv[0]; print "%s flash $foo.hex" % sys.argv[0]; print "%s test" % sys.argv[0]; print "%s term" % sys.argv[0]; + print " use \'?\' for list of commands"; print "%s info" % sys.argv[0]; + print "%s infotest" % sys.argv[0]; + print "%s radioinfo [help] [REGISTER_NAME]" % sys.argv[0]; + print "%s specfuncreg [SPECIAL_REGISTER_NAME]" % sys.argv[0]; print "%s halt" % sys.argv[0]; print "%s regs" % sys.argv[0]; print "%s dumpcode $foo.hex [0x$start 0x$stop]" % sys.argv[0]; @@ -40,10 +133,17 @@ if(len(sys.argv)==1): print "%s peek 0x$iram" % sys.argv[0]; print "%s poke 0x$iram 0x$val" % sys.argv[0]; print "%s peekcode 0x$start [0x$stop]" % sys.argv[0]; - + print "\n" + print "%s specan [freq]\n\tSpectrum Analyzer" % sys.argv[0]; + print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0]; print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0]; - #print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0]; + print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0]; print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0]; + print "%s sniffdash7 [lf]\n\tSniffs Dash7. (untested)" % sys.argv[0]; + print "%s snifficlicker [us]\n\tSniffs iClicker." % sys.argv[0]; + print "\n"; + print "%s simpliciti [us|eu|lf]\n\tSimpliciti access point for Chronos watch." % sys.argv[0]; + print "%s iclicker [us|eu|lf]\n\tSniffs iClicker packets as ASCII." % sys.argv[0]; sys.exit(); @@ -56,14 +156,13 @@ client.serInit() client.setup(); client.start(); - +#client.halt(); +#client.pokebyte(0xc7,0x08); if(sys.argv[1]=="carrier"): if len(sys.argv)>2: client.RF_setfreq(eval(sys.argv[2])); client.RF_carrier(); - #printconfig(); - #print "\nHolding a carrier wave."; while(1): time.sleep(1); @@ -72,93 +171,229 @@ if(sys.argv[1]=="reflex"): client.RF_idle(); client.config_simpliciti(); - client.pokebysym("MDMCFG4",0x0c); #ultrawide - client.pokebysym("FSCTRL1", 0x12); #IF of 457.031 - client.pokebysym("FSCTRL0", 0x00); - client.pokebysym("FSCAL2", 0x2A); #above mid - client.pokebysym("MCSM0" , 0x0) # Main Radio Control State Machine - - client.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration. - client.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration. - client.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration. - client.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration. - - client.pokebysym("TEST2" , 0x88) # Various test settings. - client.pokebysym("TEST1" , 0x35) # Various test settings. - client.pokebysym("TEST0" , 0x09) # Various test settings. - threshold=200; + threshold=100; if len(sys.argv)>2: client.RF_setfreq(eval(sys.argv[2])); print "Listening on %f MHz." % (client.RF_getfreq()/10**6); print "Jamming if RSSI>=%i" % threshold; + client.pokebyte(0xFE00,threshold,"xdata"); #Write threshold to shellcode. + client.shellcodefile("reflex.ihx"); + rssi=0; + while 1: + while(0==client.ishalted()): + rssi=0; + rssi=client.peek8(0xFE00,"xdata"); + print "Activated jamming with RSSI of %i, going again for another packet." % rssi; + client.resume(); + + +if(sys.argv[1]=="rssi"): + client.CC1110_crystal(); + client.RF_idle(); + + client.config_simpliciti(); + + if len(sys.argv)>2: + client.RF_setfreq(eval(sys.argv[2])); + print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6); + #FIXME, ugly RFST=0xDFE1 - client.pokebyte(RFST,0x01); #SCAL + client.CC_RFST_CAL(); time.sleep(1); - maxrssi=0; while 1: - - client.pokebyte(RFST,0x02); #SRX + client.CC_RFST_RX(); rssi=client.RF_getrssi(); - client.pokebyte(RFST,0x04); #idle + client.CC_RFST_IDLE(); #idle time.sleep(0.01); - rssi=rssi; string=""; for foo in range(0,rssi>>2): string=("%s."%string); - print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string); - if rssi>maxrssi: - maxrssi=(rssi); - if rssi>threshold: - #print "Triggered jamming for 1s."; - client.RF_carrier(); - time.sleep(1); - print "JAMMING JAMMING JAMMING JAMMING"; + print "%02x %04i %s" % (rssi,rssi, string); +if(sys.argv[1]=="specan"): + print "This doesn't work yet." + + client.CC1110_crystal(); + client.RF_idle(); + + client.config_simpliciti(); + + if len(sys.argv)>2: + client.RF_setfreq(eval(sys.argv[2])); + #print "Listening on %f MHz." % (client.RF_getfreq()/10.0**6); + + client.CChaltcpu(); + client.shellcodefile("specan.ihx",wait=0); + #client.shellcodefile("crystal.ihx",wait=1); + + bytestart=0xf800; + maxchan=10; + round=0; + + print "time freq rssi"; + + while 1: + time.sleep(1); + #client.CChaltcpu(); + + round=round+1; + + dump=""; + for entry in range(0,maxchan): + adr=bytestart+entry*8; + freq=((client.CCpeekdatabyte(adr+0)<<16)+ + (client.CCpeekdatabyte(adr+1)<<8)+ + (client.CCpeekdatabyte(adr+2)<<0)); + hz=freq*396.728515625; + mhz=hz/1000000.0 + rssi=client.CCpeekdatabyte(adr+6); + print "%03i %3.3f %03i" % (round,mhz,rssi); + print dump; + sys.stdout.flush(); + client.CCreleasecpu(); + + +if(sys.argv[1]=="sniff"): + client.CC1110_crystal(); + client.RF_idle(); + + #client.config_simpliciti(region); + + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); if(sys.argv[1]=="sniffsimpliciti"): - #Reversal of transmitter code from nRF_CMD.c of OpenBeacon - #TODO remove all poke() calls. + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; + + client.CC1110_crystal(); + client.RF_idle(); + + client.config_simpliciti(region); + + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); +if(sys.argv[1]=="sniffook"): + region="lf"; + if len(sys.argv)>2: + region=sys.argv[2]; + + client.CC1110_crystal(); + client.RF_idle(); + + client.config_ook(region); + + print "Listening for OOK on %f MHz" % (client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); +if(sys.argv[1]=="sniffdash7"): + region="lf"; + if len(sys.argv)>2: + region=sys.argv[2]; + + client.CC1110_crystal(); + client.RF_idle(); + + client.config_dash7(region); + + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); +if(sys.argv[1]=="snifficlicker"): + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; - client.config_simpliciti("lf"); - #client.RF_setfreq(2481 * 10**6); + client.CC1110_crystal(); + client.RF_idle(); - #OpenBeacon defines these in little endian as follows. - #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses. - #0x01, 0x02, 0x03, 0x02, 0x01 - #client.RF_setsmac(0x0102030201); - #'O', 'C', 'A', 'E', 'B' - #client.RF_settmac(0x424541434F); + client.config_iclicker(region); + + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); +if(sys.argv[1]=="iclicker"): + buttons=[0, 'A', 'j', 3, 4, 'B', + 6, 7, 8, 9, 'E', 0xB, 0xC, + 'C', 'D', 0xF]; + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; - #Set packet length of 16. - #client.RF_setpacketlen(16); + client.CC1110_crystal(); + client.RF_idle(); + client.config_iclicker(region); - print "Listening as %010x on %i MHz" % (client.RF_getsmac(), - client.RF_getfreq()/10**6); + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); #Now we're ready to get packets. while 1: packet=None; while packet==None: - #time.sleep(0.1); packet=client.RF_rxpacket(); printpacket(packet); + button=((packet[5]&1)<<3) | (packet[6]>>5); + print "Button %c" % buttons[button]; + sys.stdout.flush(); + +if(sys.argv[1]=="simpliciti"): + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; + + client.CC1110_crystal(); + client.RF_idle(); + + client.config_simpliciti(region); + + print "# Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + handlesimplicitipacket(packet); sys.stdout.flush(); -if(sys.argv[1]=="explore"): - print "Exploring undefined commands." - print "Status: %s" %client.status(); - - cmd=0x04; #read status - for foo in range(0,0x5): - client.CCcmd([(0x0F<<3)|(0x00)|0x03,0x09<<3]); - print "Status %02x: %s" % (foo,client.status()); - for foo in range(0,3): - print "PC: %04x" % client.CCgetPC(); if(sys.argv[1]=="term"): GoodFETConsole(client).run(); if(sys.argv[1]=="test"): @@ -207,6 +442,11 @@ if(sys.argv[1]=="status"): if(sys.argv[1]=="halt"): print "Halting CPU." client.halt(); + +if(sys.argv[1]=="infotest"): + while 1: + client.start(); + print "Ident %s" % client.CCidentstr(); if(sys.argv[1]=="info"): print "Ident %s" % client.CCidentstr(); @@ -220,6 +460,12 @@ if(sys.argv[1]=="info"): #print "SMAC 0x%010x" % client.RF_getsmac(); #print "TMAC 0x%010x" % client.RF_gettmac(); +if(sys.argv[1]=="radioinfo"): + if (len(sys.argv) - 2) > 0: + client.CMDrs(sys.argv[2:]); + else: + client.CMDrs(); + if(sys.argv[1]=="regs"): client.CMDrs(); @@ -268,6 +514,12 @@ if(sys.argv[1]=="adctest"): if(sys.argv[1]=="config"): print "Config is %02x" % client.CCrd_config(); +if(sys.argv[1]=="specfuncreg" or sys.argv[1]=="sfr"): + if len(sys.argv) > 2: + client.getSPR(sys.argv[2:]); + else: + client.getSPR(); + if(sys.argv[1]=="flash"): f=sys.argv[2]; start=0;