def RF_idle(self):
RFST=0xDFE1
self.pokebyte(RFST,0x04); #Return to idle state.
+
+ def config_simpliciti(self,band="none"):
+ self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control.
+ self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
+
+ #Don't change these while the radio is active.
+ self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ if band=="ismeu" or band=="eu":
+ self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte.
+ if band=="ismus" or band=="us":
+ self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte.
+ if band=="ismlf" or band=="lf":
+ self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
+ self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte.
+ self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte.
+
+ self.pokebysym("MDMCFG4" , 0x7B) # Modem configuration.
+ self.pokebysym("MDMCFG3" , 0x83) # Modem configuration.
+ self.pokebysym("MDMCFG2" , 0x13) # Modem configuration.
+ self.pokebysym("MDMCFG1" , 0x22) # Modem configuration.
+ self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration.
+ self.pokebysym("CHANNR" , 0x00) # Channel number.
+ self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled).
+
+ self.pokebysym("FREND1" , 0xB6) # Front end RX configuration.
+ self.pokebysym("FREND0" , 0x10) # Front end RX configuration.
+ self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration.
+ self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration.
+ self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration.
+
+ self.pokebysym("AGCCTRL2" , 0xC7) # AGC control.
+ self.pokebysym("AGCCTRL1" , 0x00) # AGC control.
+ self.pokebysym("AGCCTRL0" , 0xB2) # AGC control.
+
+ self.pokebysym("TEST2" , 0x81) # Various test settings.
+ self.pokebysym("TEST1" , 0x35) # Various test settings.
+ self.pokebysym("TEST0" , 0x09) # Various test settings.
+ #self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting.
+ self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control.
+ self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control.
+ self.pokebysym("ADDR" , 0x00) # Device address.
+ self.pokebysym("PKTLEN" , 0xFF) # Packet length.
+
+ self.pokebysym("SYNC1",0xAA);
+ self.pokebysym("SYNC0",0xAA);
def RF_carrier(self):
"""Hold a carrier wave on the present frequency."""
RFST=0xDFE1;
- #0a00
- #self.pokebysym("FSCTRL1" , 0x12) # Frequency synthesizer control.
- #self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
self.pokebysym("FSCTRL1" , 0x0a) # Frequency synthesizer control.
self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control.
self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
self.pokebysym("FSCAL0" , 0x11) # Frequency synthesizer calibration.
- #Ossmann's settings, not yet sure how they differ.
- #self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
- #self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
- #self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
- #self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
-
#self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte.
#self.pokebysym("FREQ1" , 0xEC) # Frequency control word, middle byte.
self.pokebysym("AGCCTRL1" , 0x40) # AGC control.
self.pokebysym("AGCCTRL0" , 0x91) # AGC control.
-
-
-
-
-
self.pokebysym("TEST2" , 0x88) # Various test settings.
self.pokebysym("TEST1" , 0x31) # Various test settings.
self.pokebysym("TEST0" , 0x09) # Various test settings.
self.pokebysym("SYNC0",0xAA);
-
+
#while ((MARCSTATE & MARCSTATE_MARC_STATE) != MARC_STATE_TX);
state=0;
return;
-
+ def RF_getsmac(self):
+ """Return the source MAC address."""
+
+ #Register 0A is RX_ADDR_P0, five bytes.
+ mac=self.peekbysym("ADDR");
+ return mac;
+ def RF_setsmac(self,mac):
+ """Set the source MAC address."""
+ self.pokebysym("ADDR",mac);
+ return 0;
+ def RF_gettmac(self):
+ """Return the target MAC address."""
+ return 0;
+ def RF_settmac(self,mac):
+ """Set the target MAC address."""
+ return 0;
+ def RF_rxpacket(self):
+ """Get a packet from the radio. Returns None if none is waiting."""
+ RFST=0xDFE1
+ self.pokebyte(RFST,0x01); #SCAL
+ self.pokebyte(RFST,0x02); #SRX
+
+ print "Packet reception isn't working yet. Returning [RSSI].";
+ time.sleep(0.1);
+ return [chr(self.RF_getrssi())];
+ def RF_txpacket(self,payload):
+ """Transmit a packet. Untested."""
+
+ print "FIXME, Chipcon packet transmission is not yet implemented.";
+ return;
+
def RF_getrssi(self):
"""Returns the received signal strenght, with a weird offset."""
try:
rssireg=self.symbols.get("RSSI");
- return self.CCpeekdatabyte(rssireg);
+ return self.CCpeekdatabyte(rssireg)^0x80;
except:
if self.verbose>0: print "RSSI reg doesn't exist.";
try:
if self.verbose>0: print "RSSIL/RSSIH regs don't exist.";
return 0;
-
+
+
def SRF_loadsymbols(self):
ident=self.CCident();
from GoodFETConsole import GoodFETConsole;
from intelhex import IntelHex;
+
+def printpacket(packet):
+ s="";
+ i=0;
+ for foo in packet:
+ i=i+1;
+ #if i>client.packetlen: break;
+ s="%s %02x" % (s,ord(foo));
+ print "%s" %s;
+
if(len(sys.argv)==1):
print "Usage: %s verb [objects]\n" % sys.argv[0];
print "%s erase" % sys.argv[0];
print "%s peekcode 0x$start [0x$stop]" % sys.argv[0];
print "%s carrier [freq]\n\tHolds a carrier on [freq] Hz." % sys.argv[0];
+ #print "%s reflex [freq]\n\tJams on [freq] Hz." % sys.argv[0];
+ print "%s sniffsimpliciti [us|eu|lf]\n\tSniffs SimpliciTI packets." % sys.argv[0];
sys.exit();
client.start();
+
if(sys.argv[1]=="carrier"):
if len(sys.argv)>2:
client.RF_setfreq(eval(sys.argv[2]));
while(1):
time.sleep(1);
+if(sys.argv[1]=="reflex"):
+ client.CC1110_crystal();
+ client.RF_idle();
+
+ client.config_simpliciti();
+ client.pokebysym("MDMCFG4",0x0c); #ultrawide
+ client.pokebysym("FSCTRL1", 0x12); #IF of 457.031
+ client.pokebysym("FSCTRL0", 0x00);
+ client.pokebysym("FSCAL2", 0x2A); #above mid
+ client.pokebysym("MCSM0" , 0x0) # Main Radio Control State Machine
+
+ client.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration.
+ client.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration.
+ client.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration.
+ client.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration.
+
+ client.pokebysym("TEST2" , 0x88) # Various test settings.
+ client.pokebysym("TEST1" , 0x35) # Various test settings.
+ client.pokebysym("TEST0" , 0x09) # Various test settings.
+
+ threshold=200;
+ if len(sys.argv)>2:
+ client.RF_setfreq(eval(sys.argv[2]));
+ print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
+ print "Jamming if RSSI>=%i" % threshold;
+
+ #FIXME, ugly
+ RFST=0xDFE1
+ client.pokebyte(RFST,0x01); #SCAL
+ time.sleep(1);
+
+ maxrssi=0;
+ while 1:
+
+ client.pokebyte(RFST,0x02); #SRX
+ rssi=client.RF_getrssi();
+ client.pokebyte(RFST,0x04); #idle
+ time.sleep(0.1);
+ rssi=rssi;
+ string="";
+ for foo in range(0,rssi>>2):
+ string=("%s."%string);
+ print "%02x %04i %04i %s" % (rssi,rssi, maxrssi, string);
+ if rssi>maxrssi:
+ maxrssi=(rssi);
+ if rssi>threshold:
+ print "Triggered jamming for 10s.";
+ client.RF_carrier();
+ time.sleep(10);
+
+if(sys.argv[1]=="sniffsimpliciti"):
+ #Reversal of transmitter code from nRF_CMD.c of OpenBeacon
+ #TODO remove all poke() calls.
+
+ client.config_simpliciti("lf");
+ #client.RF_setfreq(2481 * 10**6);
+
+ #OpenBeacon defines these in little endian as follows.
+ #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
+ #0x01, 0x02, 0x03, 0x02, 0x01
+ #client.RF_setsmac(0x0102030201);
+ #'O', 'C', 'A', 'E', 'B'
+ #client.RF_settmac(0x424541434F);
+
+ #Set packet length of 16.
+ #client.RF_setpacketlen(16);
+
+
+ print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
+ client.RF_getfreq()/10**6);
+ #Now we're ready to get packets.
+ while 1:
+ packet=None;
+ while packet==None:
+ #time.sleep(0.1);
+ packet=client.RF_rxpacket();
+ printpacket(packet);
+ sys.stdout.flush();
+
+
+
if(sys.argv[1]=="explore"):
print "Exploring undefined commands."
print "Status: %s" %client.status();
projects / goodfet / commitdiff