expliot.core.interfaces.zbauditor

Wrapper for ZbAuditor interface.

Submodules

Package Contents

Classes

NRF52840

Driver for NRF52840 Zigbee Auditor Hardware.

ZbAuditor

Zigbee Auditor Class.
class expliot.core.interfaces.zbauditor.NRF52840(channel=0, page=0)

Bases: expliot.core.interfaces.common_services.ZbAuditorServices

Driver for NRF52840 Zigbee Auditor Hardware.

USB_DIR_OUT = 64
USB_DIR_IN = 192
USB_DATA_EP = 131
USB_VID = 6421
USB_PID = 21018
USB_READ_TIMEOUT_MIN = 100
USB_READ_TIMEOUT_MAX = 2000
USB_MAX_BYTE_READ = 64
SRV_GET_FW_VER = 1
SRV_GET_FW_SRV = 2
SRV_POWER_ON = 32
SRV_GET_POWER_STATUS = 33
SRV_SET_CHANNEL = 34
SRV_SET_SNIFF_START = 35
SRV_SET_SNIFF_STOP = 36
SRV_SEND_PACKET_INJECT = 37
SRV_ZB_NWKSCAN_REQ = 49
SERVICE_RESP_MASK = 128
SRV_GET_FW_VER_RESP
SRV_GET_FW_SRV_RESP
SRV_GET_POWER_STATUS_RESP
SRV_ZB_NWKSCAN_RESP
SRV_GET_FW_VER_RESP_LEN = 5
SRV_GET_FW_SRV_RESP_LEN = 6
SRV_ZB_NWKSCAN_RESP_MIN_LEN = 3
SRV_ZB_NWKSCAN_RESP_DATA_LEN = 1
SRV_RESP_BYTE_1 = 2
SRV_RESP_BYTE_2 = 3
SRV_RESP_BYTE_3 = 4
SRV_RESP_BYTE_4 = 5
SRV_ZB_NWKSCAN_RESP_LEN_INDEX = 1
SRV_ZB_NWKSCAN_RESP_NUM_DEV_INDEX = 3
SRV_ZB_NWKSCAN_RESP_DEV_NUM_LEN = 1
SRV_SET_CH_CHNG_BIT = 1
SRV_RAW_CAPTURE_BIT = 2
SRV_RAW_INJECT_BIT = 4
SRV_NWK_SCAN_BIT = 8
SRV_SUPP_FREQ_2400_BIT = 1
SERVICE_STATUS_OK = 0
SERVICE_STATUS_END = 1
MAC_POWER_ON_STATUS = 1
MAC_24GHZ_CHANNEL_11 = 11
MAC_24GHZ_CHANNEL_26 = 26
MAC_24GHZ_DEFAULT_PAGE = 0
SOF_BYTE = 0
BEACON_INFO_LEN = 28
USB_OPERATION_TIMEOUT = 110
get_device_fw_rev()

Read and validate response to GET Firmware Revision Service.

Returns

Firmware version array (3 bytes)

get_device_fw_rev_str()

“Return firmware revision in string format.

read_supported_service()

Read and validate response to GET Firmware Capability Service.

Returns

Firmware Capability

_device_set_channel()

Set the channel in the device MAC hardware.

device_set_channel(channel, page=0)

Set channel locally and of device hardware.

device_radio_on()

Turn on radio and MAC layer.

device_sniffer_on(channel=None, page=0)

Start sniffer service.

static calculate_crc(data)

Return CRC of data.

CRC algorithm implementation is based on pseudo code from Frank da Cruz (June 1986), Kermit Protocol Manual, Sixth Edition Refer: http://reveng.sourceforge.net/crc-catalogue/16.htm#crc.cat.crc-16-kermit

Returns

a CRC that is the FCS for the frame, as two hex bytes in little-endian order.

_process_sniffer_response(rxframe)

Return dictionary of Zigbee packet and timestamp.

Parameters

array – Frame data array

Returns

dictionary {“packet”: zbpacket, “timestamp”: 32bit timestamp}

device_read(timeout=100)

Read packet from USB interface.

If Zigbee packet length is less than 56 bytes process the packet If Zigbee packet length is more than 56 bytes, waits for next chunk

Parameters

timeout – Time out for read operation

Returns

Zigbee packet and timestamp as {“packet”: packet, “timestamp”: timestamp (32bit) }

process_scan_response(response)

Return dictionary of number of deivces found in scan and device zigbee beacon info.

Parameters

array – Frame data array

Returns

Result of Network scan as {“Device Count”: 1, “Beacons”: [{ … }]}

device_scan_zigbee_network(mask=134215680)

Set device in IEEE802.15.4 network scan mode.

Also, the IEEE 802.15.4 channels are scan for beacon and data

Parameters

mask – channel mask, channel 25 => 0x07000000 .. channel 11 => 0x00000800

Returns

network scan data

device_inject_packet(packet)

Inject packet too device.

Parameters

packet – byte array

device_sniffer_off()

Turn off sniffer service.

device_radio_off()

Turn off sniffer and radio.

usb_cntrl_read(brequest, wvalue=0, windex=0, data_or_wlength=None, timeout=100)

USB Control Transfer, EP0 DIR IN.

Parameters

  • brequest – usb bRequest

  • wvalue – usb wValue

  • windex – usb wIndex

  • data_or_wlength – usb data to be write

  • timeout – timeout for write transaction

Returns

bytes read from driver (array object)

usb_cntrl_write(brequest, wvalue=0, windex=0, data_or_wlength=None, timeout=200)

USB Control Transfer, EP0 DIR OUT.

Parameters

  • brequest – usb bRequest

  • wvalue – usb wValue

  • windex – usb wIndex

  • data_or_wlength – usb data to be write

  • timeout – timeout for write transaction

Returns

number of bytes written

usb_read(size_or_buffer, timeout=200)

USB Bulk read for EP3.

Parameters

  • size_or_buffer – data buffer or size to be read

  • timeout – Timeout for read transaction

Returns

bytes read from driver (array object)

get_device_name()

Return the device name.

get_radio_on_flag()

Returns radio_on flag value.

set_radio_on_flag(flag)

Set radio_on flag value.

Parameters

flag – True or False

get_sniffer_on_flag()

Return the sniffer_on flag value.

set_sniffer_on_flag(flag)

Set sniffer_on flag value.

get_device_serial_num()

Return the device serial number.

close()

Turn off sniffer and radio before closing.

__del__()

Close device.

class expliot.core.interfaces.zbauditor.ZbAuditor

Zigbee Auditor Class.

get_interface_info()

Return Device information in dictionary format.

Returns

Dictionary of Device Name, FW Revision, Services

set_channel(channel, page=0)

Validate and Set Channel to Device.

get_channel()

Return Channel from Device.

get_radio_on_flag()

Return status of radio_on flag.

set_radio_on_flag(flag)

Set radio_on flag.

get_sniffer_on_flag()

Return status of sniffer_on flag.

set_sniffer_on_flag(flag)

Set sniffer_on flag.

radio_on()

Turn on device radio.

sniffer_on(channel, page=0)

Turn on device sniffer service.

packet_read(timeout=100)

Read data from device.

radio_off()

Turn off device radio.

sniffer_off()

Turn off device sniffer service.

inject_packet(packet)

Inject packet to Device.

scan_zb_network(mask)

Set Device in network scan mode.

Additionally it return network scan result as dictionary.

get_rxcount()

Return packet receive count from driver.

Returns

rx count

get_txcount()

Return packet transmit count from driver.

Returns

tx count

__del__()

Close the driver.