From: travisutk Date: Sat, 29 Sep 2012 15:19:59 +0000 (+0000) Subject: Extensions to the CCSPI module for faster sniffing. X-Git-Url: http://git.rot13.org/?p=goodfet;a=commitdiff_plain;h=064d6b06568f16badffdf04e515824172c6bca68 Extensions to the CCSPI module for faster sniffing. Added 'goodfet.ccspi fastsniff' for REALLY fast sniffing. git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@1283 12e2690d-a6be-4b82-a7b7-67c4a43b65c8 --- diff --git a/client/GoodFETCCSPI.py b/client/GoodFETCCSPI.py index 4905dfb..518add3 100644 --- a/client/GoodFETCCSPI.py +++ b/client/GoodFETCCSPI.py @@ -210,6 +210,13 @@ class GoodFETCCSPI(GoodFET): return None; return buffer; + def RF_rxpacketrepeat(self): + """Gets packets from the radio, ignoring all future requests so as + not to waste time. Call RF_rxpacket() after this.""" + + self.writecmd(self.CCSPIAPP,0x91,0,None); + return None; + def RF_rxpacketdec(self): """Get and decrypt a packet from the radio. Returns None if none is waiting.""" @@ -357,11 +364,13 @@ class GoodFETCCSPI(GoodFET): self.poke(0x03,choice); self.maclen=len; def printpacket(self,packet,prefix="#"): + print self.packet2str(packet,prefix); + def packet2str(self,packet,prefix="#"): s=""; i=0; for foo in packet: s="%s %02x" % (s,ord(foo)); - print "%s%s" % (prefix,s); + return "%s%s" % (prefix,s); def printdissect(self,packet): try: diff --git a/client/goodfet.ccspi b/client/goodfet.ccspi index 10a1392..59eee33 100755 --- a/client/goodfet.ccspi +++ b/client/goodfet.ccspi @@ -5,7 +5,7 @@ # Additions 2011-2012 Ryan Speers ryan@rmspeers.com #N.B., -#Might be CC2420 Specific +#Very CC2420 Specific import sys; import binascii; @@ -20,7 +20,10 @@ def srcadr(packet): return ord(packet[4])+(ord(packet[5])<<8); def isencrypted(packet): """Returns true if the packet is encrypted."""; - return ord(packet[1])&0x08; + try: + return ord(packet[1])&0x08; + except: + return False; def pktnonceseq(packet): """Returns the nonce sequence of a packet.""" nonce=0; @@ -45,6 +48,7 @@ if(len(sys.argv)==1): print "\n%s surf" % sys.argv[0]; print "%s sniff [chan]" % sys.argv[0]; + print "%s fastsniff [chan]" % sys.argv[0]; print "%s sniffstrings [chan]" % sys.argv[0]; print "%s bsniff [chan]" % sys.argv[0]; print "%s sniffcrypt 0x$key [chan]" % sys.argv[0]; @@ -53,6 +57,9 @@ if(len(sys.argv)==1): print "\n%s txtoscount [-i|-r] TinyOS BlinkToLED" % sys.argv[0]; print "%s reflexjam [channel=11] [delay=0]" % sys.argv[0]; + + print "\n%s txpiptest" % sys.argv[0]; + print "%s txpipscapy" % sys.argv[0]; sys.exit(); @@ -232,7 +239,7 @@ if sys.argv[1]=="surf": chan=chan+1; if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstrings" or - sys.argv[1]=="sniffnonce"): + sys.argv[1]=="sniffnonce" or sys.argv[1]=="fastsniff"): #Promiscuous mode. client.RF_promiscuity(1); client.RF_autocrc(1); @@ -248,10 +255,13 @@ if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstr client.CC_RFST_RX(); print "Listening as %010x on %i MHz" % (client.RF_getsmac(), client.RF_getfreq()/10**6); + #If fastsniffing, then send that command. + if sys.argv[1]=="fastsniff": + client.RF_rxpacketrepeat(); + #Now we're ready to get packets. while 1: - #client.setup(); #Really oughtn't be necessary, but can't hurt. - client.CC_RFST_RX(); + #client.CC_RFST_RX(); # Cop-out that confuses reception! packet=None; while packet==None: @@ -262,7 +272,13 @@ if(sys.argv[1]=="sniff" or sys.argv[1]=="sniffdissect" or sys.argv[1]=="sniffstr print packet; elif sys.argv[1]=="sniffnonce": if isencrypted(packet): - print "%04x: %08x" % (srcadr(packet),pktnonceseq(packet)); + try: + print "%04x: %08x -- %s" % (srcadr(packet), + pktnonceseq(packet), + client.packet2str(packet) + ); + except: + pass; else: client.printpacket(packet); sys.stdout.flush(); @@ -393,7 +409,7 @@ if(sys.argv[1]=="txpiptest" or sys.argv[1]=="txpipscapy"): client.RF_setfreq(freq); else: client.RF_setchan(freq); - print "Transmitting on as %010x on %i MHz" % ( + print "Transmitting on PIP injection as %010x on %i MHz" % ( client.RF_getsmac(), client.RF_getfreq()/10**6); diff --git a/firmware/apps/radios/ccspi.c b/firmware/apps/radios/ccspi.c index 9a9c13d..dd70a3d 100644 --- a/firmware/apps/radios/ccspi.c +++ b/firmware/apps/radios/ccspi.c @@ -222,8 +222,6 @@ void ccspi_handle_fn( uint8_t const app, unsigned long i; u8 j; - //debugstr("Chipcon SPI handler."); - switch(verb){ case PEEK: cmddata[0]|=0x40; //Set the read bit. @@ -258,9 +256,25 @@ void ccspi_handle_fn( uint8_t const app, ); txdata(app,verb,0); break; + case CCSPI_REPEAT_RX: + + /* CCSPI_REPEAT_RX repeatedly requests new packets, forwarding + them to the server without waiting for the next request. This + allows for sniffing of packets that would otherwise overflow + the buffer. + */ + + //debugstr("Looping CCSPI_RX."); + + //Loop forever in RX mode. + while(1){ + ccspi_handle_fn(app,CCSPI_RX,0); + } + break; case CCSPI_RX: #ifdef FIFOP //Has there been an overflow? + if((!FIFO)&&FIFOP){ debugstr("Clearing overflow"); CLRSS; @@ -270,7 +284,7 @@ void ccspi_handle_fn( uint8_t const app, txdata(app,verb,0); //no packet return; } - + /* Uncomment this to wait around a bit for the packet. Might reduce dropped packet count. i=1000; //Number of tries. diff --git a/firmware/include/ccspi.h b/firmware/include/ccspi.h index c9280e7..7f6bb2d 100644 --- a/firmware/include/ccspi.h +++ b/firmware/include/ccspi.h @@ -16,6 +16,8 @@ #define CCSPI_RX 0x80 //Grab and decrypt a packet, if one is available. #define CCSPI_RXDEC 0x90 +//Keep grabbing packets, ignoring further commands. +#define CCSPI_REPEAT_RX 0x91 //Send a packet. #define CCSPI_TX 0x81 //Flush RX