CC1110 packet sniffing works!

author travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>

Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)

committer travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>

Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)
author travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)
committer travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)
diff --git a/client/GoodFETCC.py b/client/GoodFETCC.py

index 23e6fca..9c838b1 100644 (file)
--- a/client/GoodFETCC.py
+++ b/client/GoodFETCC.py
@@ -225,7 +225,7 @@ class GoodFETCC(GoodFET):
          self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
          self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
          if band=="ismus" or band=="us":
          self.pokebysym("MDMCFG1"  , 0x22)   # Modem configuration.
          self.pokebysym("MDMCFG0"  , 0xF8)   # Modem configuration.
          if band=="ismus" or band=="us":
-            self.pokebysym("CHANNR"   , 0); # 20)   # Channel number.
+            self.pokebysym("CHANNR"   , 20)   # Channel number.
          else:
              self.pokebysym("CHANNR"   , 0x00)   # Channel number.
          self.pokebysym("DEVIATN"  , 0x42)   # Modem deviation setting (when FSK modulation is enabled).
          else:
              self.pokebysym("CHANNR"   , 0x00)   # Channel number.
          self.pokebysym("DEVIATN"  , 0x42)   # Modem deviation setting (when FSK modulation is enabled).
@@ -245,13 +245,13 @@ class GoodFETCC(GoodFET):
          self.pokebysym("TEST0"    , 0x09)   # Various test settings.
          #self.pokebysym("PA_TABLE0", 0xC0)   # PA output power setting.
          self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control.
          self.pokebysym("TEST0"    , 0x09)   # Various test settings.
          #self.pokebysym("PA_TABLE0", 0xC0)   # PA output power setting.
          self.pokebysym("PKTCTRL1" , 0x04)   # Packet automation control.
-        #self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
-        self.pokebysym("PKTCTRL0" , 0x01)   # Packet automation control, w/o checksum.
+        self.pokebysym("PKTCTRL0" , 0x05)   # Packet automation control, w/ checksum.
+        #self.pokebysym("PKTCTRL0" , 0x01)   # Packet automation control, w/o checksum.
          self.pokebysym("ADDR"     , 0x00)   # Device address.
          self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
          
          self.pokebysym("ADDR"     , 0x00)   # Device address.
          self.pokebysym("PKTLEN"   , 0xFF)   # Packet length.
          
-        self.pokebysym("SYNC1",0x04);
-        self.pokebysym("SYNC0",0x05);
+        self.pokebysym("SYNC1",0xD3);
+        self.pokebysym("SYNC0",0x91);
          
      def RF_carrier(self):
          """Hold a carrier wave on the present frequency."""
          
      def RF_carrier(self):
          """Hold a carrier wave on the present frequency."""
@@ -344,14 +344,16 @@ class GoodFETCC(GoodFET):
          return 0;
      def RF_rxpacket(self):
          """Get a packet from the radio.  Returns None if none is waiting."""
          return 0;
      def RF_rxpacket(self):
          """Get a packet from the radio.  Returns None if none is waiting."""
-        RFST=0xDFE1
-        self.pokebyte(RFST,0x01); #SCAL
+        #RFST=0xDFE1
+        #self.pokebyte(RFST,0x01); #SCAL
          #self.pokebyte(RFST,0x02); #SRX
          
          self.shellcodefile("rxpacket.ihx");
          #time.sleep(1);
          self.halt();
          #self.pokebyte(RFST,0x02); #SRX
          
          self.shellcodefile("rxpacket.ihx");
          #time.sleep(1);
          self.halt();
-        return self.peekblock(0xFE00,32,"data");
+        len=self.peek8(0xFE00,"xdata");
+        #print "Grabbing %i bytes." %len;
+        return self.peekblock(0xFE00,len,"data");
      def RF_txpacket(self,payload):
          """Transmit a packet.  Untested."""
          
      def RF_txpacket(self,payload):
          """Transmit a packet.  Untested."""
          
diff --git a/client/goodfet.cc b/client/goodfet.cc

index 9f0b353..96d2827 100755 (executable)
--- a/client/goodfet.cc
+++ b/client/goodfet.cc
@@ -19,7 +19,7 @@ def printpacket(packet):
      #print "Printing packet."
      for foo in packet:
          i=i+1;
      #print "Printing packet."
      for foo in packet:
          i=i+1;
-        #if i>client.packetlen: break;
+        #if i>packet[0]+1: break;
          s="%s %02x" % (s,foo);
      print "%s" %s;
  
          s="%s %02x" % (s,foo);
      print "%s" %s;
  
@@ -155,15 +155,10 @@ if(sys.argv[1]=="sniffsimpliciti"):
      
      client.config_simpliciti(region);
      
      
      client.config_simpliciti(region);
      
-    #OpenBeacon defines these in little endian as follows.
-    #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses.
-    #0x01, 0x02, 0x03, 0x02, 0x01
-    #client.RF_setsmac(0x0102030201);
-    #'O', 'C', 'A', 'E', 'B'
-    #client.RF_settmac(0x424541434F);
-    
-    #Set packet length of 16.
-    #client.RF_setpacketlen(16);
+    #For BSL sniffing, different frequencies.
+    #client.pokebysym("FREQ2",0x25);
+    #client.pokebysym("FREQ1",0x95);
+    #client.pokebysym("FREQ0",0x55);
      
      
      print "Listening as %x on %f MHz" % (client.RF_getsmac(),
      
      
      print "Listening as %x on %f MHz" % (client.RF_getsmac(),
diff --git a/shellcode/chipcon/cc1110/rxpacket.c b/shellcode/chipcon/cc1110/rxpacket.c

index eb722d1..145d08f 100644 (file)
--- a/shellcode/chipcon/cc1110/rxpacket.c
+++ b/shellcode/chipcon/cc1110/rxpacket.c
@@ -1,7 +1,8 @@
  #include <cc1110.h>
  #include "cc1110-ext.h"
  
  #include <cc1110.h>
  #include "cc1110-ext.h"
  
-char __xdata at 0xfe00 packet[256] ;
+#define MAXLEN 0xFF
+char __xdata at 0xfe00 packet[MAXLEN] ;
  
  //! Receives a packet out of the radio from 0xFE00.
  void main(){
  
  //! Receives a packet out of the radio from 0xFE00.
  void main(){
@@ -23,16 +24,14 @@ void main(){
    RFST=RFST_SRX;
    while(MARCSTATE!=MARC_STATE_RX);
    
    RFST=RFST_SRX;
    while(MARCSTATE!=MARC_STATE_RX);
    
-  while(i!=len+1){
+  while(i<len+1){
      while(!RFTXRXIF); //Wait for byte to be ready.
      RFTXRXIF=0;      //Clear the flag.
      
      if (MARCSTATE == MARC_STATE_RX) {
        packet[i]=RFD; //Grab the next byte.
      while(!RFTXRXIF); //Wait for byte to be ready.
      RFTXRXIF=0;      //Clear the flag.
      
      if (MARCSTATE == MARC_STATE_RX) {
        packet[i]=RFD; //Grab the next byte.
-      //packet[i]=MARCSTATE;
-      //if(packet[i]!=0)
-       i++;
-      //len=packet[0];   //First byte of the packet is the length.
+      i++;
+      len=packet[0];   //First byte of the packet is the length.
      }else
        HALT;
  
      }else
        HALT;
author	travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
	Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)
committer	travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
	Thu, 9 Dec 2010 23:42:00 +0000 (23:42 +0000)
client/GoodFETCC.py		patch \| blob \| history
client/goodfet.cc		patch \| blob \| history
shellcode/chipcon/cc1110/rxpacket.c		patch \| blob \| history