expliot.core.interfaces.zbauditor.nrf52840

nRF52840 usb driver.

Classes

NRF52840

Driver for NRF52840 Zigbee Auditor Hardware.

Module Contents

class expliot.core.interfaces.zbauditor.nrf52840.NRF52840(channel=0, page=0)

Bases: expliot.core.interfaces.common_services.ZbAuditorServices

Driver for NRF52840 Zigbee Auditor Hardware.

USB_DIR_OUT = 64
USB_DIR_IN = 192
USB_DATA_EP = 131
USB_VID = 6421
USB_PID = 21018
USB_READ_TIMEOUT_MIN = 100
USB_READ_TIMEOUT_MAX = 2000
USB_MAX_BYTE_READ = 64
SRV_GET_FW_VER = 1
SRV_GET_FW_SRV = 2
SRV_POWER_ON = 32
SRV_GET_POWER_STATUS = 33
SRV_SET_CHANNEL = 34
SRV_SET_SNIFF_START = 35
SRV_SET_SNIFF_STOP = 36
SRV_SEND_PACKET_INJECT = 37
SRV_ZB_NWKSCAN_REQ = 49
SERVICE_RESP_MASK = 128
SRV_GET_FW_VER_RESP = 129
SRV_GET_FW_SRV_RESP = 130
SRV_GET_POWER_STATUS_RESP = 161
SRV_ZB_NWKSCAN_RESP = 177
SRV_GET_FW_VER_RESP_LEN = 5
SRV_GET_FW_SRV_RESP_LEN = 6
SRV_ZB_NWKSCAN_RESP_MIN_LEN = 3
SRV_ZB_NWKSCAN_RESP_DATA_LEN = 1
SRV_RESP_BYTE_1 = 2
SRV_RESP_BYTE_2 = 3
SRV_RESP_BYTE_3 = 4
SRV_RESP_BYTE_4 = 5
SRV_ZB_NWKSCAN_RESP_LEN_INDEX = 1
SRV_ZB_NWKSCAN_RESP_NUM_DEV_INDEX = 3
SRV_ZB_NWKSCAN_RESP_DEV_NUM_LEN = 1
SRV_SET_CH_CHNG_BIT = 1
SRV_RAW_CAPTURE_BIT = 2
SRV_RAW_INJECT_BIT = 4
SRV_NWK_SCAN_BIT = 8
SRV_SUPP_FREQ_2400_BIT = 1
SERVICE_STATUS_OK = 0
SERVICE_STATUS_END = 1
MAC_POWER_ON_STATUS = 1
MAC_24GHZ_CHANNEL_11 = 11
MAC_24GHZ_CHANNEL_26 = 26
MAC_24GHZ_DEFAULT_PAGE = 0
SOF_BYTE = 0
BEACON_INFO_LEN = 28
USB_OPERATION_TIMEOUT = 110
__data_ep = 131
__channel = 0
__radio_on = False
__sniffer_on = False
__fw_version = None
__serial_num = None
rxcount = 0
txcount = 0
dev
_dev_name
get_device_fw_rev()

Read and validate response to GET Firmware Revision Service.

Returns:

Firmware version array (3 bytes)

get_device_fw_rev_str()

Return firmware revision as string.

read_supported_service()

Read and validate response to GET Firmware Capability Service.

Returns:

Firmware Capability

_device_set_channel()

Set the channel in the device MAC hardware.

device_set_channel(channel, page=0)

Set channel locally and of device hardware.

device_radio_on()

Turn on radio and MAC layer.

device_sniffer_on(channel=None, page=0)

Start sniffer service.

static calculate_crc(data)

Return CRC of data.

CRC algorithm implementation is based on pseudo code from Frank da Cruz (June 1986), Kermit Protocol Manual, Sixth Edition Refer: http://reveng.sourceforge.net/crc-catalogue/16.htm#crc.cat.crc-16-kermit

Returns:

a CRC that is the FCS for the frame, as two hex bytes in little-endian order.

_process_sniffer_response(rxframe)

Return dictionary of Zigbee packet and timestamp.

Parameters:

array – Frame data array

Returns:

dictionary {“packet”: zbpacket, “timestamp”: 32bit timestamp}

device_read(timeout=100)

Read packet from USB interface.

If Zigbee packet length is less than 56 bytes process the packet If Zigbee packet length is more than 56 bytes, waits for next chunk

Parameters:

timeout – Time out for read operation

Returns:

Zigbee packet and timestamp as {“packet”: packet, “timestamp”: timestamp (32bit) }

process_scan_response(response)

Return dictionary of number of deivces found in scan.

Includes device Zigbee beacon info.

Parameters:

array – Frame data array

Returns:

Result of Network scan as {“Device Count”: 1, “Beacons”: [{ … }]}

device_scan_zigbee_network(mask=134215680)

Set device in IEEE802.15.4 network scan mode.

Also, the IEEE 802.15.4 channels are scan for beacon and data

Parameters:

mask – channel mask, channel 25 => 0x07000000 .. channel 11 => 0x00000800

Returns:

network scan data

device_inject_packet(packet)

Inject packet too device.

Parameters:

packet – byte array

device_sniffer_off()

Turn off sniffer service.

device_radio_off()

Turn off sniffer and radio.

usb_cntrl_read(brequest, wvalue=0, windex=0, data_or_wlength=None, timeout=100)

USB Control Transfer, EP0 DIR IN.

Parameters:
  • brequest – usb bRequest

  • wvalue – usb wValue

  • windex – usb wIndex

  • data_or_wlength – usb data to be write

  • timeout – timeout for write transaction

Returns:

bytes read from driver (array object)

usb_cntrl_write(brequest, wvalue=0, windex=0, data_or_wlength=None, timeout=200)

USB Control Transfer, EP0 DIR OUT.

Parameters:
  • brequest – usb bRequest

  • wvalue – usb wValue

  • windex – usb wIndex

  • data_or_wlength – usb data to be write

  • timeout – timeout for write transaction

Returns:

number of bytes written

usb_read(size_or_buffer, timeout=200)

USB Bulk read for EP3.

Parameters:
  • size_or_buffer – data buffer or size to be read

  • timeout – Timeout for read transaction

Returns:

bytes read from driver (array object)

get_device_name()

Return the device name.

get_radio_on_flag()

Returns radio_on flag value.

set_radio_on_flag(flag)

Set radio_on flag value.

Parameters:

flag – True or False

get_sniffer_on_flag()

Return the sniffer_on flag value.

set_sniffer_on_flag(flag)

Set sniffer_on flag value.

get_device_serial_num()

Return the device serial number.

close()

Turn off sniffer and radio before closing.

__del__()

Close device.