From 24f2f10289211210c754d91093e7e4e38692dc42 Mon Sep 17 00:00:00 2001
From: travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Date: Wed, 19 Jan 2011 21:15:08 +0000
Subject: [PATCH] Fixed a lot of autotuning scripts. Should result in fewer
 false positives, especially after finding a successful lock.

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@846 12e2690d-a6be-4b82-a7b7-67c4a43b65c8
---
 client/goodfet.nrf                            | 18 ++++--
 .../shellcode/chipcon/cc1110/reflexframe.ihx  | 64 +++++++++----------
 2 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/client/goodfet.nrf b/client/goodfet.nrf
index ec3535e..57766c4 100755
--- a/client/goodfet.nrf
+++ b/client/goodfet.nrf
@@ -268,6 +268,7 @@ class AutoTuner():
     rate=False;
     chan=False;
     sync=False;
+    startch=0; #Useful for forcing an early match.
     def init(self,goodfet,
              rate=True,chan=True,sync=True):
         """Initializes a link to the GoodFET for autotuning."""
@@ -279,6 +280,11 @@ class AutoTuner():
         client.poke(0x00,0x00); #Stop nRF
         client.poke(0x01,0x00); #Disable Shockburst
         client.poke(0x02,0x01); #Set RX Pipe 0
+        
+        #Disable shockburst.
+        client.poke(0x1C,0x00);
+        client.poke(0x1D,0x00);
+    
         client.RF_setmaclen(2); # SETUP_AW for shortest
         
         #historic
@@ -317,10 +323,12 @@ class AutoTuner():
     def handle(self,packet):
         """Handles a packet."""
         #printpacket(packet);
+        
         if not self.validmac(packet):
-            #print "Dropped packet:";
+            #print "Dropped packet from %s" % self.packetaddr(packet,justmac=True);
             #printpacket(packet);
             return;
+        
         addr=self.packetaddr(packet);
         
         #Increment the address count.
@@ -342,6 +350,7 @@ class AutoTuner():
         It's important that this not get triggered by false positives."""
         
         while 1:
+            self.retune();
             start=time.mktime(time.localtime());
             while (time.mktime(time.localtime())-start) < delay:
                 packet=None;
@@ -356,7 +365,6 @@ class AutoTuner():
                     #Tune it in here?
                     client.tune(addr);
                     return addr;
-            self.retune();
             sys.stdout.flush();
         
     def retune(self):
@@ -388,7 +396,7 @@ class AutoTuner():
         
         if self.chan:
             self.client.poke(0x05,
-                             (count+0x12)&0x7f);
+                             (count+self.startch)&0x7f);
             print "Tuned to %i MHz" % (
                 self.client.RF_getfreq()
                 /(10**6));
@@ -459,9 +467,9 @@ if(sys.argv[1]=="sniffmskb"):
         print "Searching for a keyboard.";
         
         guesser=AutoTuner();
-        guesser.init(client, rate=False, sync=True, chan=False);
+        guesser.init(client, rate=False, sync=True, chan=True);
         guesser.selftune(threshold=4,forever=False,
-                         delay=3.0);
+                         delay=10.0);
     
     client.poke(0x00,0x00); #Stop nRF
     client.poke(0x01,0x00); #Disable Shockburst
diff --git a/client/shellcode/chipcon/cc1110/reflexframe.ihx b/client/shellcode/chipcon/cc1110/reflexframe.ihx
index 6e4e7ea..3a53612 100644
--- a/client/shellcode/chipcon/cc1110/reflexframe.ihx
+++ b/client/shellcode/chipcon/cc1110/reflexframe.ihx
@@ -1,45 +1,41 @@
 :03F0000002F00813
 :03F0610002F003B7
-:05F0030012F10F80FE78
+:05F0030012F0DE80FEAA
 :0DF0640090DF10E090FDF0F090DF0FE090E5
 :0EF07100FDF1F090DF0EE090FDF2F090DF0D6B
 :0EF07F00E090FDF3F090DF0CE090FDF4F02245
 :0DF08D0090FDF0E090DF10F090FDF1E090BC
 :0EF09A00DF0FF090FDF2E090DF0EF090FDF33E
 :0EF0A800E090DF0DF090FDF4E090DF0CF02220
-:03F0B60053BEFB4B
-:08F0B900E5BE30E6FB53C6B8CA
-:0EF0C100E5C620E6FB43BE0490DF0C7486F02B
-:0DF0CF0090DF0D7483F090DF0E7430F09030
-:0CF0DC00DF0F7422F090DF1074F8F022B7
-:04F0E800AA82AB83CA
-:05F0EC001ABAFF011B30
-:0EF0F100C3E49A74808BF063F08095F0500FAA
-:04F0FF007CB07D0460
-:05F103001CBCFF011D12
-:06F10800EC4D70F780DE03
-:01F10E0022DE
-:09F10F0090FE00E0C2A812F064B9
-:03F1180075E1049A
-:0EF11B0090DF3BE0FABA01F812F08D12F145D8
-:09F1290012F0B675E10475E10372
-:0EF1320090DF3BE0FA53021FBA13F590000A7B
-:05F1400012F0E880D38D
-:02F145007A004E
-:03F14700BA4000CB
-:0DF14A00500B8A827583FE74FFF00A80F07E
-:05F15700C2A875E104EF
-:0BF15C0090DF3BE0FABA01F875E10219
-:0DF1670090DF3BE0FABA0DF890DF02E09077
-:05F17400FE00F07A012D
-:03F17900BA0300D6
-:02F17C0050132E
-:05F17E0010890280FB76
-:0EF183008A030A8B827583FEE5D9FBF080E8D3
-:04F1910075E10422FE
+:01F0B6002237
+:04F0B700AA82AB83FB
+:05F0BB001ABAFF011B61
+:0EF0C000C3E49A74808BF063F08095F0500FDB
+:04F0CE007CB07D0491
+:05F0D2001CBCFF011D44
+:06F0D700EC4D70F780DE35
+:01F0DD002210
+:09F0DE0090FE00E0C2A812F064EB
+:03F0E70075E104CC
+:0EF0EA0090DF3BE0FABA01F812F08D12F1143B
+:09F0F80012F0B675E10475E103A4
+:0EF1010090DF3BE0FA53021FBA13F59000C8EE
+:05F10F0012F0B780D3EF
+:02F114007A007F
+:03F11600BA4000FC
+:0DF11900500B8A827583FE74FFF00A80F0AF
+:05F12600C2A875E10420
+:0BF12B0090DF3BE0FABA01F875E1024A
+:0DF1360090DF3BE0FABA0DF890DF02E090A8
+:05F14300FE00F07A015E
+:03F14800BA030007
+:02F14B0050135F
+:05F14D0010890280FBA7
+:0EF152008A030A8B827583FEE5D9FBF080E804
+:04F1600075E104222F
 :06F03700E478FFF6D8FDAD
 :08F015007900E94400601B7A58
-:05F01D000090F199785C
+:05F01D000090F168788D
 :03F02200007593E3
 :0AF0250000E493F2A308B80002050E
 :08F02F0093D9F4DAF27593FFA6
@@ -49,6 +45,6 @@
 :08F04E007800E84400600C7931
 :0BF0560000900000E4F0A3D8FCD9FA01
 :03F0080075810708
-:0AF00B0012F195E582600302F003A4
-:04F19500758200225D
+:0AF00B0012F164E582600302F003D5
+:04F16400758200228E
 :00000001FF
-- 
2.20.1