Packet sniffing kinda works.

author travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>

Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)

committer travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>

Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)
author travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)
committer travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)
diff --git a/client/GoodFET.py b/client/GoodFET.py

index 4c6e3ed..98c2494 100755 (executable)
--- a/client/GoodFET.py
+++ b/client/GoodFET.py
@@ -382,7 +382,7 @@ class GoodFET:
          #TODO include memory in symbol.
          reg=self.symbols.get(name);
          return self.pokebyte(reg,val);
          #TODO include memory in symbol.
          reg=self.symbols.get(name);
          return self.pokebyte(reg,val);
-    def pokebyte(self,address,value):
+    def pokebyte(self,address,value,memory="vn"):
          """Set a byte of memory by the monitor."""
          self.data=[address&0xff,address>>8,value];
          self.writecmd(0,0x03,3,self.data);
          """Set a byte of memory by the monitor."""
          self.data=[address&0xff,address>>8,value];
          self.writecmd(0,0x03,3,self.data);
@@ -544,6 +544,12 @@ class GoodFET:
          for foo in range(0,length):
              data[foo]=self.peek8(address+foo,memory);
          return data;
          for foo in range(0,length):
              data[foo]=self.peek8(address+foo,memory);
          return data;
+    def pokeblock(self,address,bytes,memory="vn"):
+        """Poke a block of a data into memory at an address."""
+        for foo in bytes:
+            self.pokebyte(address,foo,memory);
+            address=address+1;
+        return;
      def loadsymbols(self):
          """Load symbols from a file."""
          return;
      def loadsymbols(self):
          """Load symbols from a file."""
          return;
diff --git a/client/GoodFETCC.py b/client/GoodFETCC.py

index 3fe5870..23e6fca 100644 (file)
--- a/client/GoodFETCC.py
+++ b/client/GoodFETCC.py
@@ -114,7 +114,29 @@ class GoodFETCC(GoodFET):
          hz=freq*396.728515625;
          
          return hz;
          hz=freq*396.728515625;
          
          return hz;
-    
+    def shellcodefile(self,filename,wait=1):
+        """Run a fragment of shellcode by name."""
+        #FIXME: should identify chip model number, use shellcode for that chip.
+        file=__file__;
+        file=file.replace("GoodFETCC.pyc","GoodFETCC.py");
+        path=file.replace("client/GoodFETCC.py","shellcode/chipcon/cc1110/");
+        #print "File\t%s" % file;
+        #print "Path\t%s" % path;
+        filename=path+filename;
+        #print "Loading shelcode from %s" % filename;
+        
+        #Load the shellcode.
+        h=IntelHex(filename);
+        for i in h._buf.keys():
+            self.CCpokedatabyte(i,h[i]);
+        
+        #Execute it.
+        self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000
+        self.resume();
+        while wait>0 and (0==self.CCstatus()&0x20):
+            time.sleep(0.1);
+            #print "Waiting for shell code to return.";
+        return;
      def shellcode(self,code,wait=1):
          """Copy a block of code into RAM and execute it."""
          i=0;
      def shellcode(self,code,wait=1):
          """Copy a block of code into RAM and execute it."""
          i=0;
@@ -143,6 +165,9 @@ class GoodFETCC(GoodFET):
                0xA5,             #HALT
                ];
          self.shellcode(code);
                0xA5,             #HALT
                ];
          self.shellcode(code);
+        
+        #Slower to load, but produced from C.
+        #self.shellcodefile("crystal.ihx");
          return;
      def RF_idle(self):
          """Move the radio to its idle state."""
          return;
      def RF_idle(self):
          """Move the radio to its idle state."""
@@ -199,7 +224,10 @@ class GoodFETCC(GoodFET):
          self.pokebysym("MDMCFG2"  , 0x13)   # Modem configuration.
          self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
          self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
          self.pokebysym("MDMCFG2"  , 0x13)   # Modem configuration.
          self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
          self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
-        self.pokebysym("CHANNR"   , 0x00)   # Channel number.
+        if band=="ismus" or band=="us":
+            self.pokebysym("CHANNR"   , 0); # 20)   # Channel number.
+        else:
+            self.pokebysym("CHANNR"   , 0x00)   # Channel number.
          self.pokebysym("DEVIATN"  , 0x42)   # Modem deviation setting (when FSK modulation is enabled).
          
          self.pokebysym("FREND1"   , 0xB6)   # Front end RX configuration.
          self.pokebysym("DEVIATN"  , 0x42)   # Modem deviation setting (when FSK modulation is enabled).
          
          self.pokebysym("FREND1"   , 0xB6)   # Front end RX configuration.
@@ -217,12 +245,13 @@ class GoodFETCC(GoodFET):
          self.pokebysym("TEST0"    , 0x09)   # Various test settings.
          #self.pokebysym("PA_TABLE0", 0xC0)   # PA output power setting.
          self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control.
          self.pokebysym("TEST0"    , 0x09)   # Various test settings.
          #self.pokebysym("PA_TABLE0", 0xC0)   # PA output power setting.
          self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control.
-        self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control.
+        #self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
+        self.pokebysym("PKTCTRL0" , 0x01)   # Packet automation control, w/o checksum.
          self.pokebysym("ADDR"     , 0x00)   # Device address.
          self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
          
          self.pokebysym("ADDR"     , 0x00)   # Device address.
          self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
          
-        self.pokebysym("SYNC1",0xAA);
-        self.pokebysym("SYNC0",0xAA);
+        self.pokebysym("SYNC1",0x04);
+        self.pokebysym("SYNC0",0x05);
          
      def RF_carrier(self):
          """Hold a carrier wave on the present frequency."""
          
      def RF_carrier(self):
          """Hold a carrier wave on the present frequency."""
@@ -317,11 +346,12 @@ class GoodFETCC(GoodFET):
          """Get a packet from the radio.  Returns None if none is waiting."""
          RFST=0xDFE1
          self.pokebyte(RFST,0x01); #SCAL
          """Get a packet from the radio.  Returns None if none is waiting."""
          RFST=0xDFE1
          self.pokebyte(RFST,0x01); #SCAL
-        self.pokebyte(RFST,0x02); #SRX
+        #self.pokebyte(RFST,0x02); #SRX
          
          
-        print "Packet reception isn't working yet.  Returning [RSSI].";
-        time.sleep(0.1);
-        return [chr(self.RF_getrssi())];
+        self.shellcodefile("rxpacket.ihx");
+        #time.sleep(1);
+        self.halt();
+        return self.peekblock(0xFE00,32,"data");
      def RF_txpacket(self,payload):
          """Transmit a packet.  Untested."""
          
      def RF_txpacket(self,payload):
          """Transmit a packet.  Untested."""
          
@@ -502,12 +532,12 @@ class GoodFETCC(GoodFET):
      def CCdebuginstr(self,instr):
          self.writecmd(self.APP,0x88,len(instr),instr);
          return ord(self.data[0]);
      def CCdebuginstr(self,instr):
          self.writecmd(self.APP,0x88,len(instr),instr);
          return ord(self.data[0]);
-    def peekblock(self,adr,length,memory="vn"):
-        """Return a block of data."""
-        data=[adr&0xff, (adr&0xff00)>>8,
-              length&0xFF,(length&0xFF00)>>8];
-        self.writecmd(self.APP,0x91,4,data);
-        return [ord(x) for x in self.data]
+    #def peekblock(self,adr,length,memory="vn"):
+    #    """Return a block of data, broken"""
+    #    data=[adr&0xff, (adr&0xff00)>>8,
+    #          length&0xFF,(length&0xFF00)>>8];
+    #    self.writecmd(self.APP,0x91,4,data);
+    #    return [ord(x) for x in self.data]
      def peek8(self,address, memory="code"):
          if(memory=="code" or memory=="flash" or memory=="vn"):
              return self.CCpeekcodebyte(address);
      def peek8(self,address, memory="code"):
          if(memory=="code" or memory=="flash" or memory=="vn"):
              return self.CCpeekcodebyte(address);
diff --git a/client/goodfet.cc b/client/goodfet.cc

index 48729fc..9f0b353 100755 (executable)
--- a/client/goodfet.cc
+++ b/client/goodfet.cc
@@ -16,10 +16,11 @@ from intelhex import IntelHex;
  def printpacket(packet):
      s="";
      i=0;
  def printpacket(packet):
      s="";
      i=0;
+    #print "Printing packet."
      for foo in packet:
          i=i+1;
          #if i>client.packetlen: break;
      for foo in packet:
          i=i+1;
          #if i>client.packetlen: break;
-        s="%s %02x" % (s,ord(foo));
+        s="%s %02x" % (s,foo);
      print "%s" %s;
  
  if(len(sys.argv)==1):
      print "%s" %s;
  
  if(len(sys.argv)==1):
@@ -126,7 +127,7 @@ if(sys.argv[1]=="rssi"):
      threshold=200;
      if len(sys.argv)>2:
          client.RF_setfreq(eval(sys.argv[2]));
      threshold=200;
      if len(sys.argv)>2:
          client.RF_setfreq(eval(sys.argv[2]));
-    print "Listening on %f MHz." % (client.RF_getfreq()/10**6);
+    print "Listening on %3.6f MHz." % (client.RF_getfreq()/10.0**6);
          
      #FIXME, ugly
      RFST=0xDFE1
          
      #FIXME, ugly
      RFST=0xDFE1
@@ -145,13 +146,14 @@ if(sys.argv[1]=="rssi"):
  
  if(sys.argv[1]=="sniffsimpliciti"):
      #TODO remove all poke() calls.
  
  if(sys.argv[1]=="sniffsimpliciti"):
      #TODO remove all poke() calls.
+    region="us";
+    if len(sys.argv)>2:
+        region=sys.argv[2];
      
      client.CC1110_crystal();
      client.RF_idle();
      
      
      client.CC1110_crystal();
      client.RF_idle();
      
-    
-    client.config_simpliciti("lf");
-    #client.RF_setfreq(2481 * 10**6);
+    client.config_simpliciti(region);
      
      #OpenBeacon defines these in little endian as follows.
      #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
      
      #OpenBeacon defines these in little endian as follows.
      #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
@@ -164,8 +166,8 @@ if(sys.argv[1]=="sniffsimpliciti"):
      #client.RF_setpacketlen(16);
      
      
      #client.RF_setpacketlen(16);
      
      
-    print "Listening as %010x on %i MHz" % (client.RF_getsmac(),
-                                           client.RF_getfreq()/10**6);
+    print "Listening as %x on %f MHz" % (client.RF_getsmac(),
+                                           client.RF_getfreq()/10.0**6);
      #Now we're ready to get packets.
      while 1:
          packet=None;
      #Now we're ready to get packets.
      while 1:
          packet=None;
@@ -177,16 +179,6 @@ if(sys.argv[1]=="sniffsimpliciti"):
  
  
  
  
  
  
-if(sys.argv[1]=="explore"):
-    print "Exploring undefined commands."
-    print "Status: %s" %client.status();
-    
-    cmd=0x04; #read status
-    for foo in range(0,0x5):
-        client.CCcmd([(0x0F<<3)|(0x00)|0x03,0x09<<3]);
-        print "Status %02x: %s" % (foo,client.status());
-    for foo in range(0,3):
-        print "PC: %04x" % client.CCgetPC();
  if(sys.argv[1]=="term"):
      GoodFETConsole(client).run();
  if(sys.argv[1]=="test"):
  if(sys.argv[1]=="term"):
      GoodFETConsole(client).run();
  if(sys.argv[1]=="test"):
author	travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
	Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)
committer	travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
	Thu, 9 Dec 2010 22:49:56 +0000 (22:49 +0000)
client/GoodFET.py		patch \| blob \| history
client/GoodFETCC.py		patch \| blob \| history
client/goodfet.cc		patch \| blob \| history