X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2Fgoodfet.ccspi;h=59eee3319df5c6747be804e661e7b879f269c3c2;hp=78d7691de9f55e17601e0746517cf29622e58f78;hb=0f09afa49bb8b723a270edd816acbdcaddeb7290;hpb=4b4d432fa54e8130f216f97d1a976795f3c446a4 diff --git a/client/goodfet.ccspi b/client/goodfet.ccspi index 78d7691..59eee33 100755 --- a/client/goodfet.ccspi +++ b/client/goodfet.ccspi @@ -5,7 +5,7 @@ # Additions 2011-2012 Ryan Speers ryan@rmspeers.com #N.B., -#Might be CC2420 Specific +#Very CC2420 Specific import sys; import binascii; @@ -13,6 +13,24 @@ import array, time; from GoodFETCCSPI import GoodFETCCSPI; + +#Some quick functions for yanking values out of a packet. +def srcadr(packet): + """Returns the source address of a packet as an integer.""" + return ord(packet[4])+(ord(packet[5])<<8); +def isencrypted(packet): + """Returns true if the packet is encrypted."""; + try: + return ord(packet[1])&0x08; + except: + return False; +def pktnonceseq(packet): + """Returns the nonce sequence of a packet.""" + nonce=0; + for byte in [0xa,9,8,7]: + nonce=(nonce<<8)|ord(packet[byte]); + return nonce; + if(len(sys.argv)==1): print "Usage: %s verb [objects]\n" % sys.argv[0]; print "%s info" % sys.argv[0]; @@ -30,13 +48,18 @@ if(len(sys.argv)==1): print "\n%s surf" % sys.argv[0]; print "%s sniff [chan]" % sys.argv[0]; + print "%s fastsniff [chan]" % sys.argv[0]; print "%s sniffstrings [chan]" % sys.argv[0]; print "%s bsniff [chan]" % sys.argv[0]; print "%s sniffcrypt 0x$key [chan]" % sys.argv[0]; print "%s sniffdissect" % sys.argv[0]; + print "%s sniffnonce" % sys.argv[0]; print "\n%s txtoscount [-i|-r] TinyOS BlinkToLED" % sys.argv[0]; print "%s reflexjam [channel=11] [delay=0]" % sys.argv[0]; + + print "\n%s txpiptest" % sys.argv[0]; + print "%s txpipscapy" % sys.argv[0]; sys.exit(); @@ -215,7 +238,8 @@ if sys.argv[1]=="surf": sys.stdout.flush(); chan=chan+1; -if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstrings"): +if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstrings" or + sys.argv[1]=="sniffnonce" or sys.argv[1]=="fastsniff"): #Promiscuous mode. client.RF_promiscuity(1); client.RF_autocrc(1); @@ -231,10 +255,13 @@ if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstr client.CC_RFST_RX(); print "Listening as %010x on %i MHz" % (client.RF_getsmac(), client.RF_getfreq()/10**6); + #If fastsniffing, then send that command. + if sys.argv[1]=="fastsniff": + client.RF_rxpacketrepeat(); + #Now we're ready to get packets. while 1: - #client.setup(); #Really oughtn't be necessary, but can't hurt. - client.CC_RFST_RX(); + #client.CC_RFST_RX(); # Cop-out that confuses reception! packet=None; while packet==None: @@ -242,7 +269,16 @@ if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstr if sys.argv[1]=="sniffdissect": client.printdissect(packet); elif sys.argv[1]=="sniffstrings": - print packet + print packet; + elif sys.argv[1]=="sniffnonce": + if isencrypted(packet): + try: + print "%04x: %08x -- %s" % (srcadr(packet), + pktnonceseq(packet), + client.packet2str(packet) + ); + except: + pass; else: client.printpacket(packet); sys.stdout.flush(); @@ -284,8 +320,12 @@ if(sys.argv[1]=="sniffcrypt"): if len(sys.argv)>2: key=int(sys.argv[2],16); + nonce=int(sys.argv[3],16); + print "Setting KEY0 to %x" % key; + print "Setting NONCE to %x" % nonce; client.RF_setkey(key); + client.RF_setnonce(nonce); if len(sys.argv)>3: freq=eval(sys.argv[3]); if freq>100: @@ -369,7 +409,7 @@ if(sys.argv[1]=="txpiptest" or sys.argv[1]=="txpipscapy"): client.RF_setfreq(freq); else: client.RF_setchan(freq); - print "Transmitting on as %010x on %i MHz" % ( + print "Transmitting on PIP injection as %010x on %i MHz" % ( client.RF_getsmac(), client.RF_getfreq()/10**6);