X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2Fgoodfet.ccspi;h=10a1392f52a52950f4f4e4526357dba79facadcd;hp=6654e279e2bc3094667dbc7a034aca695578977c;hb=0d6f0d8ae390c2ae59cf92d6f37f363aa2e68c80;hpb=db9bb1922d4093829cb9d7eb9d37a2dbce96b0ae diff --git a/client/goodfet.ccspi b/client/goodfet.ccspi index 6654e27..10a1392 100755 --- a/client/goodfet.ccspi +++ b/client/goodfet.ccspi @@ -13,10 +13,27 @@ import array, time; from GoodFETCCSPI import GoodFETCCSPI; + +#Some quick functions for yanking values out of a packet. +def srcadr(packet): + """Returns the source address of a packet as an integer.""" + return ord(packet[4])+(ord(packet[5])<<8); +def isencrypted(packet): + """Returns true if the packet is encrypted."""; + return ord(packet[1])&0x08; +def pktnonceseq(packet): + """Returns the nonce sequence of a packet.""" + nonce=0; + for byte in [0xa,9,8,7]: + nonce=(nonce<<8)|ord(packet[byte]); + return nonce; + if(len(sys.argv)==1): print "Usage: %s verb [objects]\n" % sys.argv[0]; print "%s info" % sys.argv[0]; print "%s regs" % sys.argv[0]; + print "%s ram" % sys.argv[0]; + print "%s ramtest" % sys.argv[0]; print "%s test" % sys.argv[0]; print "%s peek 0x$start [0x$stop]" % sys.argv[0]; print "%s poke 0x$adr 0x$val" % sys.argv[0]; @@ -28,9 +45,11 @@ if(len(sys.argv)==1): print "\n%s surf" % sys.argv[0]; print "%s sniff [chan]" % sys.argv[0]; + print "%s sniffstrings [chan]" % sys.argv[0]; print "%s bsniff [chan]" % sys.argv[0]; print "%s sniffcrypt 0x$key [chan]" % sys.argv[0]; print "%s sniffdissect" % sys.argv[0]; + print "%s sniffnonce" % sys.argv[0]; print "\n%s txtoscount [-i|-r] TinyOS BlinkToLED" % sys.argv[0]; print "%s reflexjam [channel=11] [delay=0]" % sys.argv[0]; @@ -96,6 +115,32 @@ if(sys.argv[1]=="regs"): for adr in range(0x10,0x40): #*1024): val=client.peek(adr); print "%04x:=0x%04x" % (adr,val); +if(sys.argv[1]=="ram"): + for adr in range(0x0,0x16D,16): + row=client.peekram(adr,32); + s=""; + for foo in row: + s=s+(" %02x" % ord(foo)) + print "%04x: %s" % (adr,s); +if(sys.argv[1]=="ramtest"): + client.pokeram(0x00,[0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef, + 0xde,0xad,0xbe,0xef]); + + for adr in range(0x0,0x16D,16): + row=client.peekram(adr,32); + s=""; + for foo in row: + s=s+(" %02x" % ord(foo)) + print "%04x: %s" % (adr,s); if(sys.argv[1]=="test"): data=client.trans([0x20, 0xde, 0xad]); print "%02x %02x" % (ord(data[1]), ord(data[2])); @@ -186,7 +231,8 @@ if sys.argv[1]=="surf": sys.stdout.flush(); chan=chan+1; -if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect"): +if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstrings" or + sys.argv[1]=="sniffnonce"): #Promiscuous mode. client.RF_promiscuity(1); client.RF_autocrc(1); @@ -212,6 +258,11 @@ if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect"): packet=client.RF_rxpacket(); if sys.argv[1]=="sniffdissect": client.printdissect(packet); + elif sys.argv[1]=="sniffstrings": + print packet; + elif sys.argv[1]=="sniffnonce": + if isencrypted(packet): + print "%04x: %08x" % (srcadr(packet),pktnonceseq(packet)); else: client.printpacket(packet); sys.stdout.flush(); @@ -253,8 +304,12 @@ if(sys.argv[1]=="sniffcrypt"): if len(sys.argv)>2: key=int(sys.argv[2],16); + nonce=int(sys.argv[3],16); + print "Setting KEY0 to %x" % key; + print "Setting NONCE to %x" % nonce; client.RF_setkey(key); + client.RF_setnonce(nonce); if len(sys.argv)>3: freq=eval(sys.argv[3]); if freq>100: