From: rmspeers <rmspeers@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Date: Wed, 27 Apr 2011 02:36:32 +0000 (+0000)
Subject: more work on ccspi reflexive jam with autoack. jamming is slow in the autoack mode... 
X-Git-Url: http://git.rot13.org/?p=goodfet;a=commitdiff_plain;h=488bacac294141af99fbec482db6ca21b8019a5e

more work on ccspi reflexive jam with autoack. jamming is slow in the autoack mode and the forged ACK has checksum issues.

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@1019 12e2690d-a6be-4b82-a7b7-67c4a43b65c8
---

diff --git a/client/GoodFETCCSPI.py b/client/GoodFETCCSPI.py
index 78273ac..1c14f85 100644
--- a/client/GoodFETCCSPI.py
+++ b/client/GoodFETCCSPI.py
@@ -192,18 +192,13 @@ class GoodFETCCSPI(GoodFET):
         self.writecmd(self.CCSPIAPP,0xA0,len(data),data);
         return;
 
-    def RF_reflexjam_seq(self):
+    def RF_reflexjam_autoack(self):
         """Place the device into reflexive jamming mode
-           and return the sequence number of the jammed packet."""
-        #TODO make so that this function someone keeps receiving
-        #     the sequence numbers from each jammed frame, or probably
-        #     just make the firmware auto-ack if the frame requests
-        #     an ACK instead of sending data back to client.
-        data = "\0";
-        self.data = data;
+           and that also sends a forged ACK if needed."""
+        data = "";
         self.writecmd(self.CCSPIAPP,0xA1,len(data),data);
-        buffer = self.data;
-        return ord(buffer[3]);
+        time.sleep(30);
+        return;
 
     def RF_modulated_spectrum(self):
         """Hold a carrier wave on the present frequency."""
@@ -282,6 +277,14 @@ class GoodFETCCSPI(GoodFET):
             mdmctrl0=mdmctrl0|0x0020;
         self.poke(0x11,mdmctrl0);
         return;
+    def RF_autoack(self,autoack=1):
+        mdmctrl0=self.peek(0x11);
+        if autoack==0:
+            mdmctrl0=mdmctrl0&(~0x0010);
+        else:
+            mdmctrl0=mdmctrl0|0x0010;
+        self.poke(0x11,mdmctrl0);
+        return;
     packetlen=16;
     def RF_setpacketlen(self,len=16):
         """Set the number of bytes in the expected payload."""
diff --git a/client/goodfet.ccspi b/client/goodfet.ccspi
index f681cad..6c2d242 100755
--- a/client/goodfet.ccspi
+++ b/client/goodfet.ccspi
@@ -56,7 +56,7 @@ if(sys.argv[1]=="modulated_spectrum"):
     while(1):
         time.sleep(1);
 
-if(sys.argv[1]=="reflexjam"):
+if(sys.argv[1]=="reflexjam" or sys.argv[1]=="reflexjamack"):
     #Setup the radio to listen promiscously on a frequency
     client.RF_promiscuity(1);
     client.RF_autocrc(0);
@@ -69,7 +69,10 @@ if(sys.argv[1]=="reflexjam"):
     client.CC_RFST_RX();
     print "Reflexively jamming on %i MHz" % (client.RF_getfreq()/10**6);
     #Now we let the firmware take over, watching for packets and jamming them.
-    client.RF_reflexjam();
+    if sys.argv[1]=="reflexjam":
+        client.RF_reflexjam();
+    elif sys.argv[1]=="reflexjamack":
+        client.RF_reflexjam_autoack();
 
 if(sys.argv[1]=="info"):
     print "Found   %s" % client.identstr();
diff --git a/firmware/apps/radios/ccspi.c b/firmware/apps/radios/ccspi.c
index 524052f..df99ced 100644
--- a/firmware/apps/radios/ccspi.c
+++ b/firmware/apps/radios/ccspi.c
@@ -203,7 +203,7 @@ void ccspi_handle_fn( uint8_t const app,
         SETSS;
 
         //Load the jamming packet.
-        //TODO try to preload this to get faster effects
+        //Note: attempts to preload this actually slowed the jam time down from 7 to 9 bytes.
         CLRSS;
         ccspitrans8(CCSPI_TXFIFO);
         char pkt[15] = {0x0f, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef, 0xba, 0xbe, 0xc0};
@@ -233,12 +233,13 @@ void ccspi_handle_fn( uint8_t const app,
     txdata(app,NOK,0);
 #endif
 
-  case CCSPI_REFLEX_SEQNUM:
+  case CCSPI_REFLEX_AUTOACK:
 #if defined(FIFOP) && defined(SFD) && defined(FIFO) && defined(PLED2DIR) && defined(PLED2PIN) && defined(PLED2OUT)
-    //char byte[4];
+    //txdata(app, verb, 1);
+    debugstr("AutoACK");
+    char byte[4];
     while(1) {
         //Has there been an overflow in the RX buffer?
-        //TODO do we really need to check this??
         if((!FIFO)&&FIFOP){
           //debugstr("Clearing overflow");
           CLRSS;
@@ -252,6 +253,29 @@ void ccspi_handle_fn( uint8_t const app,
 	    PLED2DIR |= PLED2PIN;
 	    PLED2OUT &= ~PLED2PIN;
 
+        //Put radio in TX mode
+        //Note: Not doing this slows down jamming, so can't jam short packets.
+        //      However, if we do this, it seems to mess up our RXFIFO ability.
+        //CLRSS;
+        //ccspitrans8(0x04);
+        //SETSS;
+        //Load the jamming packet
+        CLRSS;
+        ccspitrans8(CCSPI_TXFIFO);
+        char pkt[7] = {0x07, 0x01, 0x08, 0xff, 0xff, 0xff, 0xff};
+        for(i=0;i<pkt[0];i++)
+          ccspitrans8(pkt[i]);
+        SETSS;
+        //Transmit the jamming packet
+        CLRSS;
+        ccspitrans8(0x04);  //STXON
+        SETSS;
+        msdelay(200);       //Instead of examining SFD line status
+        //Flush TX buffer.
+        CLRSS;
+        ccspitrans8(0x09);  //SFLUSHTX
+        SETSS;
+
         //Get the orignally received packet, up to the seqnum field.
         CLRSS;
         ccspitrans8(CCSPI_RXFIFO | 0x40);
@@ -265,31 +289,51 @@ void ccspi_handle_fn( uint8_t const app,
         //Send the sequence number of the jammed packet back to the client
         //itoa(cmddata[3], byte, 16);
         //debugstr(byte);
-        txdata(app,verb,cmddata[3]);
+        //txdata(app,verb,cmddata[3]);
 
-        //Put radio in TX mode
-        CLRSS;
-        ccspitrans8(0x04);
-        SETSS;
+        //TODO turn on AUTOCRC for it to apply to the TX???
+        //     this may overcome issues of bad crc / length issues?
+        //mdmctrl0 (0x11) register set bit 5 to true.
 
-        //Load the packet.
+        //Create the forged ACK packet
+        cmddata[0] = 6;     //length of ack frame plus length
+        cmddata[1] = 0x02;  //first byte of FCF
+        cmddata[2] = 0x00;  //second byte of FCF
+        //[3] is already filled with the sequence number
+        int crc = 0;
+        for(i=1;i<4;i++) {
+            int c = cmddata[i];
+            int q = (crc ^ c) & 15;   		//Do low-order 4 bits
+            crc = (crc / 16) ^ (q * 4225);
+            q = (crc ^ (c / 16)) & 15;		//And high 4 bits
+            crc = (crc / 16) ^ (q * 4225);
+        }
+        cmddata[4] = crc & 0xFF;
+        cmddata[5] = (crc >> 8) & 0xFF;
+
+        for(i=0;i<cmddata[0];i++) {
+            itoa(cmddata[i], byte, 16);
+            debugstr(byte);
+        }
+        //Load the forged ACK packet
         CLRSS;
         ccspitrans8(CCSPI_TXFIFO);
-        char pkt[12] = {0x0c, 0x01, 0x08, 0x82, 0xff, 0xff, 0xff, 0xff, 0xde, 0xad, 0xbe, 0xef};
-        for(i=0;i<pkt[0];i++)
-          ccspitrans8(pkt[i]);
+        for(i=0;i<cmddata[0];i++)
+          ccspitrans8(cmddata[i]);
         SETSS;
-
-        //Transmit the packet.
+        //Transmit the forged ACK packet
+        while(SFD);
         CLRSS;
         ccspitrans8(0x04);  //STXON
         SETSS;
-        msdelay(200);       //Instead of examining SFD line status
-        //Flush TX buffer.
+        msdelay(200);       //TODO try doing this based on SFD line status instead
+        //Flush TX buffer
         CLRSS;
         ccspitrans8(0x09);  //SFLUSHTX
         SETSS;
 
+        //TODO disable AUTOCRC here again to go back to promiscous mode
+
         //Turn off LED 2 (green) as signal
 	    PLED2DIR |= PLED2PIN;
 	    PLED2OUT |= PLED2PIN;
diff --git a/firmware/include/ccspi.h b/firmware/include/ccspi.h
index cec339c..b831bf3 100644
--- a/firmware/include/ccspi.h
+++ b/firmware/include/ccspi.h
@@ -22,8 +22,8 @@
 #define CCSPI_TX_FLUSH 0x83
 //Reflexive jam.
 #define CCSPI_REFLEX 0xA0
-//Reflexive jam that returns jammed frame's seqnum.
-#define CCSPI_REFLEX_SEQNUM 0xA1
+//Reflexive jam that sends a forged ACK frame if one was requested
+#define CCSPI_REFLEX_AUTOACK 0xA1
 
 
 //Bit fields for command word.