From 436c63f2da19f4f9acdb0fe752d66192594cd318 Mon Sep 17 00:00:00 2001
From: travisutk <travisutk@12e2690d-a6be-4b82-a7b7-67c4a43b65c8>
Date: Thu, 20 May 2010 07:24:30 +0000
Subject: [PATCH] Script for sniffing OpenBeacon packets with NRF. Not very
 pretty yet, but it confirms that the radio works.

git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@535 12e2690d-a6be-4b82-a7b7-67c4a43b65c8
---
 client/GoodFETNRF.py | 31 ++++++++++++++++++++++++++++++-
 client/goodfet.nrf   | 39 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 68 insertions(+), 2 deletions(-)

diff --git a/client/GoodFETNRF.py b/client/GoodFETNRF.py
index 0c62cdf..98b3a91 100644
--- a/client/GoodFETNRF.py
+++ b/client/GoodFETNRF.py
@@ -46,7 +46,6 @@ class GoodFETNRF(GoodFET):
     
     def status(self):
         """Read the status byte."""
-        self.poke(0x07,0x78); #Reset status
         status=self.peek(0x07);
         print "Status=%02x" % status;
     
@@ -66,3 +65,33 @@ class GoodFETNRF(GoodFET):
         #Register 0A is RX_ADDR_P0, five bytes.
         mac=self.peek(0x0A, 5);
         return mac;
+    def RF_setsmac(self,mac):
+        """Set the source MAC address."""
+        
+        #Register 0A is RX_ADDR_P0, five bytes.
+        self.poke(0x0A, mac, 5);
+        return mac;
+    def RF_gettmac(self):
+        """Return the target MAC address."""
+        
+        #Register 0x10 is TX_ADDR, five bytes.
+        mac=self.peek(0x0A, 5);
+        return mac;
+    def RF_settmac(self,mac):
+        """Set the target MAC address."""
+        
+        #Register 0x10 is TX_ADDR, five bytes.
+        self.poke(0x10, mac, 5);
+        return mac;
+    def RF_rxpacket(self):
+        """Get a packet from the radio.  Returns None if none is waiting."""
+        if self.peek(0x07) & 0x40:
+            #Packet has arrived.
+            self.writecmd(self.NRFAPP,0x80,0,None); #RX Packet
+            data=self.data;
+            self.poke(0x07,0x40);#clear bit.
+            return data;
+        elif self.peek(0x07)==0:
+            self.writecmd(self.NRFAPP,0x82,0,None); #Flush
+            self.poke(0x07,0x40);#clear bit.
+        return None;
diff --git a/client/goodfet.nrf b/client/goodfet.nrf
index 1a5a503..6cb92ae 100755
--- a/client/goodfet.nrf
+++ b/client/goodfet.nrf
@@ -6,6 +6,7 @@
 import sys;
 import binascii;
 import array;
+import time;
 
 from GoodFETNRF import GoodFETNRF;
 from intelhex import IntelHex;
@@ -47,4 +48,40 @@ if(sys.argv[1]=="regs"):
     for r in range(0,30):
         print "r[0x%02x]=0x%02x" % (r,client.peek(r));
 
-
+if(sys.argv[1]=="sniffob"):
+    #Reversal of transmitter code from nRF_CMD.c
+    client.poke(0x00,0x00); #Stop nRF
+    client.poke(0x01,0x00); #Disable Shockburst
+    client.poke(0x02,0x01); #Set RX Pipe 0
+    client.poke(0x03,0x03); #SETUP_AW for 5-byte addresses.
+    client.RF_freq(2481 * 10**6);
+    client.poke(0x06,0x09); #2MBps, -18dBm in RF_SETUP
+    client.poke(0x07,0x78); #Reset status register
+    
+    #OpenBeacon defines these in little endian as follows.
+    #0x01, 0x02, 0x03, 0x02, 0x01
+    client.RF_setsmac(0x0102030201);
+    #'O', 'C', 'A', 'E', 'B'
+    client.RF_settmac(0x424541434F);
+    
+    #Set packet length of 16.
+    client.poke(0x11,16);
+    
+    client.status();
+    #Power radio, prime for RX, checksum.
+    client.poke(0x00,0x70|0x03|0x08);
+    
+    
+    print "Listening as %010x on channel %03i" % (client.RF_getsmac(),client.peek(0x05));
+    #Now we're ready to get packets.
+    
+    while 1:
+        packet=None;
+        while packet==None:
+            time.sleep(0.1);
+            client.status();
+            packet=client.RF_rxpacket();
+        s="";
+        for foo in packet:
+            s="%s %02x" % (s,ord(foo));
+        print "Got %s" %s;
-- 
2.20.1