X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2Fgoodfet.cc;h=26648bcf263c9db708b2a42a85e6a57e2cdc77d7;hp=b051ff04aadd722434893e5757e479b75229e6cf;hb=77720e2680a4cda7305339510616cd707df423ba;hpb=3048ba863b5b45b24b0e2f0fdf829eef0389ef6b diff --git a/client/goodfet.cc b/client/goodfet.cc index b051ff0..26648bc 100755 --- a/client/goodfet.cc +++ b/client/goodfet.cc @@ -16,12 +16,71 @@ from intelhex import IntelHex; def printpacket(packet): s=""; i=0; + #print "Printing packet." for foo in packet: i=i+1; - #if i>client.packetlen: break; - s="%s %02x" % (s,ord(foo)); + #if i>packet[0]+1: break; + s="%s %02x" % (s,foo); print "%s" %s; +def handlesimplicitipacket(packet): + s=""; + i=0; + + for foo in packet: + i=i+1; + #if i>packet[0]+1: break; + s="%s %02x" % (s,foo); + print "\n%s" %s; + + + len=packet[0]; + if len<12: return; + + dst=[packet[1], + packet[2], + packet[3], + packet[4]]; + src=[packet[5], + packet[6], + packet[7], + packet[8]]; + port=packet[9]; + info=packet[10]; + seq=packet[11]; + #payload begins at byte 12. + + + + if port==0x03: + #print "Join request."; + if packet[12]!=1: + print "Not a join request. WTF?"; + return; + tid=packet[13]; + reply=[0x12, #reply is one byte shorter + src[0], src[1], src[2], src[3], + 1,1,1,1, #my address + port, 0x21, seq, + 0x81, tid, #reply, tid + + 1,1,1,1, + #4,3,2,1, #default join token + #8,7,6,5, #default link token + #0xFF,0xFF,0xFF,0xFF, + 0x00]; #no security + printpacket(reply); + client.RF_txpacket(reply); + + elif port==0x04: + print "Security request."; + elif port==0x05: + print "Frequency request."; + elif port==0x06: + print "Management request."; + else: + print "Unknown Port %02x" %port; + if(len(sys.argv)==1): print "Usage: %s verb [objects]\n" % sys.argv[0]; print "%s erase" % sys.argv[0]; @@ -40,9 +99,10 @@ if(len(sys.argv)==1): print "%s peek 0x$iram" % sys.argv[0]; print "%s poke 0x$iram 0x$val" % sys.argv[0]; print "%s peekcode 0x$start [0x$stop]" % sys.argv[0]; - + print "\n" + print "%s rssi [freq]\n\tGraphs signal strength on [freq] Hz." % sys.argv[0]; print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0]; - #print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0]; + print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0]; print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0]; sys.exit(); @@ -72,11 +132,11 @@ if(sys.argv[1]=="reflex"): client.RF_idle(); client.config_simpliciti(); - client.pokebysym("MDMCFG4",0x0c); #ultrawide - client.pokebysym("FSCTRL1", 0x12); #IF of 457.031 + client.pokebysym("MDMCFG4", 0x0c); #ultrawide + client.pokebysym("FSCTRL1", 0x12); #IF of 457.031 client.pokebysym("FSCTRL0", 0x00); - client.pokebysym("FSCAL2", 0x2A); #above mid - client.pokebysym("MCSM0" , 0x0) # Main Radio Control State Machine + client.pokebysym("FSCAL2" , 0x2A); #above mid + client.pokebysym("MCSM0" , 0x00); # Main Radio Control State Machine client.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration. client.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration. @@ -95,17 +155,16 @@ if(sys.argv[1]=="reflex"): #FIXME, ugly RFST=0xDFE1 - client.pokebyte(RFST,0x01); #SCAL + client.CC_RFST_CAL(); #SCAL time.sleep(1); maxrssi=0; while 1: - client.pokebyte(RFST,0x02); #SRX + client.CC_RFST_RX(); #SRX rssi=client.RF_getrssi(); - client.pokebyte(RFST,0x04); #idle + client.CC_RFST_IDLE(); #idle time.sleep(0.01); - rssi=rssi; string=""; for foo in range(0,rssi>>2): string=("%s."%string); @@ -117,48 +176,76 @@ if(sys.argv[1]=="reflex"): client.RF_carrier(); time.sleep(1); print "JAMMING JAMMING JAMMING JAMMING"; +if(sys.argv[1]=="rssi"): + client.CC1110_crystal(); + client.RF_idle(); + + client.config_simpliciti(); + + threshold=200; + if len(sys.argv)>2: + client.RF_setfreq(eval(sys.argv[2])); + print "Listening on %3.6f MHz." % (client.RF_getfreq()/10.0**6); + + #FIXME, ugly + RFST=0xDFE1 + client.CC_RFST_CAL(); + time.sleep(1); + + while 1: + client.CC_RFST_RX(); + rssi=client.RF_getrssi(); + client.CC_RFST_IDLE(); #idle + time.sleep(0.01); + string=""; + for foo in range(0,rssi>>2): + string=("%s."%string); + print "%02x %04i %s" % (rssi,rssi, string); if(sys.argv[1]=="sniffsimpliciti"): - #Reversal of transmitter code from nRF_CMD.c of OpenBeacon #TODO remove all poke() calls. + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; + + client.CC1110_crystal(); + client.RF_idle(); - client.config_simpliciti("lf"); - #client.RF_setfreq(2481 * 10**6); + client.config_simpliciti(region); - #OpenBeacon defines these in little endian as follows. - #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses. - #0x01, 0x02, 0x03, 0x02, 0x01 - #client.RF_setsmac(0x0102030201); - #'O', 'C', 'A', 'E', 'B' - #client.RF_settmac(0x424541434F); + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); + #Now we're ready to get packets. + while 1: + packet=None; + while packet==None: + packet=client.RF_rxpacket(); + printpacket(packet); + sys.stdout.flush(); + +if(sys.argv[1]=="simpliciti"): + #TODO remove all poke() calls. + region="us"; + if len(sys.argv)>2: + region=sys.argv[2]; - #Set packet length of 16. - #client.RF_setpacketlen(16); + client.CC1110_crystal(); + client.RF_idle(); + client.config_simpliciti(region); - print "Listening as %010x on %i MHz" % (client.RF_getsmac(), - client.RF_getfreq()/10**6); + print "Listening as %x on %f MHz" % (client.RF_getsmac(), + client.RF_getfreq()/10.0**6); #Now we're ready to get packets. while 1: packet=None; while packet==None: - #time.sleep(0.1); packet=client.RF_rxpacket(); - printpacket(packet); + handlesimplicitipacket(packet); sys.stdout.flush(); -if(sys.argv[1]=="explore"): - print "Exploring undefined commands." - print "Status: %s" %client.status(); - - cmd=0x04; #read status - for foo in range(0,0x5): - client.CCcmd([(0x0F<<3)|(0x00)|0x03,0x09<<3]); - print "Status %02x: %s" % (foo,client.status()); - for foo in range(0,3): - print "PC: %04x" % client.CCgetPC(); if(sys.argv[1]=="term"): GoodFETConsole(client).run(); if(sys.argv[1]=="test"):