| blob | e82bc878b5aac9a7b8cce41c9f96bcc819cd9eca |
1 /*
2 This project is free software: you can redistribute it and/or modify
3 it under the terms of the GNU General Public License as published by
4 the Free Software Foundation, either version 3 of the License, or
5 (at your option) any later version.
7 Multiprotocol is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 GNU General Public License for more details.
12 You should have received a copy of the GNU General Public License
13 along with Multiprotocol. If not, see <http://www.gnu.org/licenses/>.
14 */
16 // sub_protocol: 0=250Kbps, 1=1Mbps, 2=2Mbps. Other values default to 1Mbps.
17 // RX_num = address length 3 or 4 or 5. Other values default to 5.
18 // option = RF channel number 0..84 and -1 = scan all channels. Other values default to RF channel 0.
20 #ifdef XN297DUMP_NRF24L01_INO
22 #include "iface_xn297.h"
24 // Parameters which can be modified
25 #define XN297DUMP_PERIOD_SCAN 50000 // 25000
26 #define XN297DUMP_MAX_RF_CHANNEL 127 // Default 84
28 // Do not touch from there
29 #define XN297DUMP_INITIAL_WAIT 500
30 #define XN297DUMP_MAX_PACKET_LEN 32
31 #define XN297DUMP_CRC_LENGTH 2
33 uint8_t address_length;
34 uint16_t timeH=0;
35 boolean scramble;
36 boolean enhanced;
37 boolean ack;
38 uint8_t pid;
39 uint8_t bitrate;
41 static void __attribute__((unused)) XN297Dump_RF_init()
42 {
43 NRF24L01_Initialize();
44 NRF24L01_SetTxRxMode(RX_EN);
46 NRF24L01_WriteReg(NRF24L01_03_SETUP_AW, 0x01); // 3 bytes RX/TX address
47 NRF24L01_WriteRegisterMulti(NRF24L01_0A_RX_ADDR_P0, (uint8_t*)"\x55\x0F\x71", 3); // set up RX address to xn297 preamble
48 NRF24L01_WriteReg(NRF24L01_11_RX_PW_P0, XN297DUMP_MAX_PACKET_LEN); // Enable rx pipe 0
50 debug("XN297 dump, address length=%d, bitrate=",address_length);
51 switch(bitrate)
52 {
53 case XN297DUMP_250K:
54 NRF24L01_SetBitrate(NRF24L01_BR_250K);
55 debugln("250K");
56 break;
57 case XN297DUMP_2M:
58 NRF24L01_SetBitrate(NRF24L01_BR_2M);
59 debugln("2M");
60 break;
61 default:
62 NRF24L01_SetBitrate(NRF24L01_BR_1M);
63 debugln("1M");
64 break;
66 }
67 }
69 extern const uint8_t xn297_scramble[];
70 extern const uint16_t PROGMEM xn297_crc_xorout_scrambled[];
71 extern const uint16_t PROGMEM xn297_crc_xorout[];
72 extern const uint16_t PROGMEM xn297_crc_xorout_scrambled_enhanced[];
73 extern const uint16_t xn297_crc_xorout_enhanced[];
75 static boolean __attribute__((unused)) XN297Dump_process_packet(void)
76 {
77 uint16_t crcxored;
78 uint8_t packet_sc[XN297DUMP_MAX_PACKET_LEN], packet_un[XN297DUMP_MAX_PACKET_LEN];
79 enhanced=false;
80 // init crc
81 crc = 0xb5d2;
83 /*debug("P: 71 0F 55 ");
84 for(uint8_t i=0; i<XN297DUMP_MAX_PACKET_LEN; i++)
85 debug("%02X ",packet[i]);
86 debugln("");*/
87 //Try normal payload
88 // address
89 for (uint8_t i = 0; i < address_length; i++)
90 {
91 crc16_update( packet[i], 8);
92 packet_un[address_length-1-i]=packet[i];
93 packet_sc[address_length-1-i]=packet[i] ^ xn297_scramble[i];
94 }
96 // payload
97 for (uint8_t i = address_length; i < XN297DUMP_MAX_PACKET_LEN-XN297DUMP_CRC_LENGTH; i++)
98 {
99 crc16_update( packet[i], 8);
100 packet_sc[i] = bit_reverse(packet[i]^xn297_scramble[i]);
101 packet_un[i] = bit_reverse(packet[i]);
102 // check crc
103 crcxored = crc ^ pgm_read_word(&xn297_crc_xorout[i+1 - 3]);
104 if( (crcxored >> 8) == packet[i + 1] && (crcxored & 0xff) == packet[i + 2])
105 {
106 packet_length=i+1;
107 memcpy(packet,packet_un,packet_length);
108 scramble=false;
109 return true;
110 }
111 crcxored = crc ^ pgm_read_word(&xn297_crc_xorout_scrambled[i+1 - 3]);
112 if( (crcxored >> 8) == packet[i + 1] && (crcxored & 0xff) == packet[i + 2])
113 {
114 packet_length=i+1;
115 memcpy(packet,packet_sc,packet_length);
116 scramble=true;
117 return true;
118 }
119 }
121 //Try enhanced payload
122 uint16_t crc_save = 0xb5d2;
123 packet_length=0;
124 for (uint8_t i = 0; i < XN297DUMP_MAX_PACKET_LEN-XN297DUMP_CRC_LENGTH; i++)
125 {
126 packet_sc[i]=packet[i]^xn297_scramble[i];
127 crc = crc_save;
128 crc16_update( packet[i], 8);
129 crc_save = crc;
130 crc16_update( packet[i+1] & 0xC0, 2);
131 crcxored=(packet[i+1]<<10)|(packet[i+2]<<2)|(packet[i+3]>>6) ;
132 if(i>=3)
133 {
134 if((crc ^ pgm_read_word(&xn297_crc_xorout_scrambled_enhanced[i - 3])) == crcxored)
135 { // Found a valid CRC for the enhanced payload mode
136 packet_length=i;
137 scramble=true;
138 i++;
139 packet_sc[i]=packet[i]^xn297_scramble[i];
140 memcpy(packet_un,packet_sc,packet_length+2); // unscramble packet
141 break;
142 }
143 if((crc ^ pgm_read_word(&xn297_crc_xorout_enhanced[i - 3])) == crcxored)
144 { // Found a valid CRC for the enhanced payload mode
145 packet_length=i;
146 scramble=false;
147 memcpy(packet_un,packet,packet_length+2); // packet is unscrambled
148 break;
149 }
150 }
151 }
152 if(packet_length!=0)
153 { // Found a valid CRC for the enhanced payload mode
154 enhanced=true;
155 //check selected address length
156 if((packet_un[address_length]>>1)!=packet_length-address_length)
157 {
158 for(uint8_t i=3;i<=5;i++)
159 if((packet_un[i]>>1)==packet_length-i)
160 address_length=i;
161 debugln("Detected wrong address length, using %d intead", address_length );
162 }
163 pid=((packet_un[address_length]&0x01)<<1)|(packet_un[address_length+1]>>7);
164 ack=(packet_un[address_length+1]>>6)&0x01;
165 // address
166 for (uint8_t i = 0; i < address_length; i++)
167 packet[address_length-1-i]=packet_un[i];
168 // payload
169 for (uint8_t i = address_length; i < packet_length; i++)
170 packet[i] = bit_reverse((packet_un[i+1]<<2)|(packet_un[i+2]>>6));
171 return true;
172 }
174 return false;
175 }
177 static void __attribute__((unused)) XN297Dump_overflow()
178 {
179 if(TIMER2_BASE->SR & TIMER_SR_UIF)
180 { // timer overflow
181 timeH++;
182 TIMER2_BASE->SR = 0x1E5F & ~TIMER_SR_UIF; // Clear Timer2 overflow flag
183 }
184 }
185 static uint16_t XN297Dump_callback()
186 {
187 static uint32_t time=0,*time_rf;
189 //!!!Blocking mode protocol!!!
190 TX_MAIN_PAUSE_off;
191 tx_resume();
192 while(1)
193 {
194 if(sub_protocol<XN297DUMP_AUTO)
195 {
196 if(option==0xFF && bind_counter>XN297DUMP_PERIOD_SCAN)
197 { // Scan frequencies
198 hopping_frequency_no++;
199 bind_counter=0;
200 }
201 if(hopping_frequency_no!=rf_ch_num)
202 { // Channel has changed
203 if(hopping_frequency_no>XN297DUMP_MAX_RF_CHANNEL)
204 hopping_frequency_no=0; // Invalid channel 0 by default
205 rf_ch_num=hopping_frequency_no;
206 debugln("Channel=%d,0x%02X",hopping_frequency_no,hopping_frequency_no);
207 NRF24L01_WriteReg(NRF24L01_05_RF_CH,hopping_frequency_no);
208 // switch to RX mode
209 NRF24L01_WriteReg(NRF24L01_07_STATUS, 0x70); // Clear data ready, data sent, and retransmit
210 NRF24L01_SetTxRxMode(TXRX_OFF);
211 NRF24L01_SetTxRxMode(RX_EN);
212 NRF24L01_FlushRx();
213 NRF24L01_WriteReg(NRF24L01_00_CONFIG, (0 << NRF24L01_00_EN_CRC) // switch to RX mode and disable CRC
214 | (1 << NRF24L01_00_CRCO)
215 | (1 << NRF24L01_00_PWR_UP)
216 | (1 << NRF24L01_00_PRIM_RX));
217 phase=0; // init timer
218 }
219 XN297Dump_overflow();
221 if( NRF24L01_ReadReg(NRF24L01_07_STATUS) & _BV(NRF24L01_07_RX_DR))
222 { // RX fifo data ready
223 if(NRF24L01_ReadReg(NRF24L01_09_CD) || option != 0xFF)
224 {
225 NRF24L01_ReadPayload(packet,XN297DUMP_MAX_PACKET_LEN);
226 XN297Dump_overflow();
227 uint16_t timeL=TCNT1;
228 if(TIMER2_BASE->SR & TIMER_SR_UIF)
229 {//timer just rolled over...
230 XN297Dump_overflow();
231 timeL=0;
232 }
233 if((phase&0x01)==0)
234 {
235 phase=1;
236 time=0;
237 }
238 else
239 time=(timeH<<16)+timeL-time;
240 if(XN297Dump_process_packet())
241 { // valid crc found
242 debug("RX: %5luus C=%d ", time>>1 , hopping_frequency_no);
243 time=(timeH<<16)+timeL;
244 if(enhanced)
245 {
246 debug("Enhanced ");
247 debug("pid=%d ",pid);
248 if(ack) debug("ack ");
249 }
250 debug("S=%c A=",scramble?'Y':'N');
251 for(uint8_t i=0; i<address_length; i++)
252 {
253 debug(" %02X",packet[i]);
254 }
255 debug(" P(%d)=",packet_length-address_length);
256 for(uint8_t i=address_length; i<packet_length; i++)
257 {
258 debug(" %02X",packet[i]);
259 }
260 debugln("");
261 }
262 else
263 {
264 debugln("RX: %5luus C=%d Bad CRC", time>>1 , hopping_frequency_no);
265 }
266 }
268 XN297Dump_overflow();
269 // restart RX mode
270 NRF24L01_WriteReg(NRF24L01_07_STATUS, 0x70); // Clear data ready, data sent, and retransmit
271 NRF24L01_SetTxRxMode(TXRX_OFF);
272 NRF24L01_SetTxRxMode(RX_EN);
273 NRF24L01_FlushRx();
274 NRF24L01_WriteReg(NRF24L01_00_CONFIG, (0 << NRF24L01_00_EN_CRC) // switch to RX mode and disable CRC
275 | (1 << NRF24L01_00_CRCO)
276 | (1 << NRF24L01_00_PWR_UP)
277 | (1 << NRF24L01_00_PRIM_RX));
278 XN297Dump_overflow();
279 }
280 }
281 else if(sub_protocol==XN297DUMP_AUTO)
282 {
283 switch(phase)
284 {
285 case 0:
286 debugln("------------------------");
287 debugln("Detecting XN297 packets.");
288 XN297Dump_RF_init();
289 debug("Trying RF channel: 0");
290 hopping_frequency_no=0;
291 bitrate=0;
292 phase++;
293 break;
294 case 1:
295 if(bind_counter>XN297DUMP_PERIOD_SCAN)
296 { // Scan frequencies
297 hopping_frequency_no++;
298 bind_counter=0;
299 if(hopping_frequency_no>XN297DUMP_MAX_RF_CHANNEL)
300 {
301 hopping_frequency_no=0;
302 bitrate++;
303 bitrate%=3;
304 debugln("");
305 XN297Dump_RF_init();
306 debug("Trying RF channel: 0");
307 }
308 if(hopping_frequency_no)
309 debug(",%d",hopping_frequency_no);
310 NRF24L01_WriteReg(NRF24L01_05_RF_CH,hopping_frequency_no);
311 // switch to RX mode
312 NRF24L01_WriteReg(NRF24L01_07_STATUS, 0x70); // Clear data ready, data sent, and retransmit
313 NRF24L01_SetTxRxMode(TXRX_OFF);
314 NRF24L01_SetTxRxMode(RX_EN);
315 NRF24L01_FlushRx();
316 NRF24L01_WriteReg(NRF24L01_00_CONFIG, (0 << NRF24L01_00_EN_CRC) // switch to RX mode and disable CRC
317 | (1 << NRF24L01_00_CRCO)
318 | (1 << NRF24L01_00_PWR_UP)
319 | (1 << NRF24L01_00_PRIM_RX));
320 }
321 if( NRF24L01_ReadReg(NRF24L01_07_STATUS) & _BV(NRF24L01_07_RX_DR))
322 { // RX fifo data ready
323 if(NRF24L01_ReadReg(NRF24L01_09_CD))
324 {
325 NRF24L01_ReadPayload(packet,XN297DUMP_MAX_PACKET_LEN);
326 if(XN297Dump_process_packet())
327 { // valid crc found
328 debug("\r\n\r\nPacket detected: bitrate=");
329 switch(bitrate)
330 {
331 case XN297DUMP_250K:
332 XN297_Configure(XN297_CRCEN, scramble?XN297_SCRAMBLED:XN297_UNSCRAMBLED, XN297_250K, true);
333 debug("250K");
334 break;
335 case XN297DUMP_2M:
336 XN297_Configure(XN297_CRCEN, scramble?XN297_SCRAMBLED:XN297_UNSCRAMBLED, XN297_1M);
337 NRF24L01_SetBitrate(NRF24L01_BR_2M);
338 debug("2M");
339 break;
340 default:
341 XN297_Configure(XN297_CRCEN, scramble?XN297_SCRAMBLED:XN297_UNSCRAMBLED, XN297_1M);
342 debug("1M");
343 break;
345 }
346 debug(" C=%d ", hopping_frequency_no);
347 if(enhanced)
348 {
349 debug("Enhanced ");
350 debug("pid=%d ",pid);
351 if(ack) debug("ack ");
352 }
353 debug("S=%c A=",scramble?'Y':'N');
354 for(uint8_t i=0; i<address_length; i++)
355 {
356 debug(" %02X",packet[i]);
357 rx_tx_addr[i]=packet[i];
358 }
359 debug(" P(%d)=",packet_length-address_length);
360 for(uint8_t i=address_length; i<packet_length; i++)
361 {
362 debug(" %02X",packet[i]);
363 }
364 packet_length=packet_length-address_length;
365 debugln("\r\n--------------------------------");
366 phase=2;
367 debugln("Identifying all RF channels in use.");
368 bind_counter=0;
369 hopping_frequency_no=0;
370 rf_ch_num=0;
371 packet_count=0;
372 debug("Trying RF channel: 0");
374 XN297_SetTXAddr(rx_tx_addr,address_length);
375 XN297_SetRXAddr(rx_tx_addr,packet_length);
376 XN297_RFChannel(0);
377 XN297_SetTxRxMode(TXRX_OFF);
378 XN297_SetTxRxMode(RX_EN);
379 }
380 }
381 }
382 break;
383 case 2:
384 if(bind_counter>XN297DUMP_PERIOD_SCAN)
385 { // Scan frequencies
386 hopping_frequency_no++;
387 bind_counter=0;
388 if(packet_count && packet_count<=20)
389 debug("\r\nTrying RF channel: ");
390 packet_count=0;
391 if(hopping_frequency_no>XN297DUMP_MAX_RF_CHANNEL)
392 {
393 debug("\r\n\r\n%d RF channels identified:",rf_ch_num);
394 for(uint8_t i=0;i<rf_ch_num;i++)
395 debug(" %d",hopping_frequency[i]);
396 time_rf=(uint32_t*)malloc(rf_ch_num*sizeof(time));
397 if(time_rf==NULL)
398 {
399 debugln("\r\nCan't allocate memory for next phase!!!");
400 phase=0;
401 break;
402 }
403 debugln("\r\n--------------------------------");
404 debugln("Identifying RF channels order.");
405 hopping_frequency_no=1;
406 phase=3;
407 packet_count=0;
408 bind_counter=0;
409 debugln("Time between CH:%d and CH:%d",hopping_frequency[0],hopping_frequency[hopping_frequency_no]);
410 time_rf[hopping_frequency_no]=0xFFFFFFFF;
411 XN297_RFChannel(hopping_frequency[0]);
412 uint16_t timeL=TCNT1;
413 if(TIMER2_BASE->SR & TIMER_SR_UIF)
414 {//timer just rolled over...
415 XN297Dump_overflow();
416 timeL=0;
417 }
418 time=(timeH<<16)+timeL;
419 XN297_SetTxRxMode(TXRX_OFF);
420 XN297_SetTxRxMode(RX_EN);
421 XN297Dump_overflow();
422 break;
423 }
424 debug(",%d",hopping_frequency_no);
425 XN297_RFChannel(hopping_frequency_no);
426 // switch to RX mode
427 XN297_SetTxRxMode(TXRX_OFF);
428 XN297_SetTxRxMode(RX_EN);
429 }
430 if( XN297_IsRX() )
431 { // RX fifo data ready
432 // if(NRF24L01_ReadReg(NRF24L01_09_CD))
433 {
434 uint8_t res;
435 if(enhanced)
436 {
437 res=XN297_ReadEnhancedPayload(packet, packet_length);
438 res++;
439 }
440 else
441 res=XN297_ReadPayload(packet, packet_length);
442 if(res)
443 { // valid crc found
444 XN297Dump_overflow();
445 uint16_t timeL=TCNT1;
446 if(TIMER2_BASE->SR & TIMER_SR_UIF)
447 {//timer just rolled over...
448 XN297Dump_overflow();
449 timeL=0;
450 }
451 if(packet_count==0)
452 {//save channel
453 hopping_frequency[rf_ch_num]=hopping_frequency_no;
454 rf_ch_num++;
455 time=0;
456 }
457 else
458 time=(timeH<<16)+timeL-time;
459 debug("\r\nRX on channel: %d, Time: %5luus P:",hopping_frequency_no, time>>1);
460 time=(timeH<<16)+timeL;
461 for(uint8_t i=0;i<packet_length;i++)
462 debug(" %02X",packet[i]);
463 packet_count++;
464 if(packet_count>20)
465 {//change channel
466 bind_counter=XN297DUMP_PERIOD_SCAN+1;
467 debug("\r\nTrying RF channel: ");
468 }
469 }
470 }
471 // restart RX mode
472 XN297_SetTxRxMode(TXRX_OFF);
473 XN297_SetTxRxMode(RX_EN);
474 }
475 XN297Dump_overflow();
476 break;
477 case 3:
478 if(bind_counter>XN297DUMP_PERIOD_SCAN)
479 { // Scan frequencies
480 hopping_frequency_no++;
481 bind_counter=0;
482 if(hopping_frequency_no>=rf_ch_num)
483 {
484 uint8_t next=0;
485 debugln("\r\n\r\nChannel order:");
486 debugln("%d: 0us",hopping_frequency[0]);
487 uint8_t i=1;
488 do
489 {
490 time=time_rf[i];
491 if(time!=0xFFFFFFFF)
492 {
493 next=i;
494 for(uint8_t j=2;j<rf_ch_num;j++)
495 if(time>time_rf[j])
496 {
497 next=j;
498 time=time_rf[j];
499 }
500 time_rf[next]=-1;
501 debugln("%d: %5luus",hopping_frequency[next],time);
502 i=0;
503 }
504 i++;
505 }
506 while(i<rf_ch_num);
507 free(time_rf);
508 debugln("\r\n--------------------------------");
509 debugln("Identifying Sticks and features.");
510 phase=4;
511 hopping_frequency_no=0;
512 break;
513 }
514 debugln("Time between CH:%d and CH:%d",hopping_frequency[0],hopping_frequency[hopping_frequency_no]);
515 time_rf[hopping_frequency_no]=-1;
516 XN297_RFChannel(hopping_frequency[0]);
517 uint16_t timeL=TCNT1;
518 if(TIMER2_BASE->SR & TIMER_SR_UIF)
519 {//timer just rolled over...
520 XN297Dump_overflow();
521 timeL=0;
522 }
523 time=(timeH<<16)+timeL;
524 // switch to RX mode
525 XN297_SetTxRxMode(TXRX_OFF);
526 XN297_SetTxRxMode(RX_EN);
527 }
528 if( XN297_IsRX() )
529 { // RX fifo data ready
530 //if(NRF24L01_ReadReg(NRF24L01_09_CD))
531 {
532 uint8_t res;
533 if(enhanced)
534 {
535 res=XN297_ReadEnhancedPayload(packet, packet_length);
536 res++;
537 }
538 else
539 res=XN297_ReadPayload(packet, packet_length);
540 if(res)
541 { // valid crc found
542 XN297Dump_overflow();
543 uint16_t timeL=TCNT1;
544 if(TIMER2_BASE->SR & TIMER_SR_UIF)
545 {//timer just rolled over...
546 XN297Dump_overflow();
547 timeL=0;
548 }
549 if(packet_count&1)
550 {
551 time=(timeH<<16)+timeL-time;
552 if(time_rf[hopping_frequency_no] > (time>>1))
553 time_rf[hopping_frequency_no]=time>>1;
554 debugln("Time: %5luus", time>>1);
555 XN297_RFChannel(hopping_frequency[0]);
556 }
557 else
558 {
559 time=(timeH<<16)+timeL;
560 XN297_RFChannel(hopping_frequency[hopping_frequency_no]);
561 }
562 packet_count++;
563 if(packet_count>24)
564 {
565 bind_counter=XN297DUMP_PERIOD_SCAN+1;
566 packet_count=0;
567 }
568 }
569 }
570 // restart RX mode
571 XN297_SetTxRxMode(TXRX_OFF);
572 XN297_SetTxRxMode(RX_EN);
573 }
574 XN297Dump_overflow();
575 break;
576 case 4:
577 if( XN297_IsRX() )
578 { // RX fifo data ready
579 //if(NRF24L01_ReadReg(NRF24L01_09_CD))
580 {
581 uint8_t res;
582 if(enhanced)
583 {
584 res=XN297_ReadEnhancedPayload(packet, packet_length);
585 res++;
586 }
587 else
588 res=XN297_ReadPayload(packet, packet_length);
589 if(res)
590 { // valid crc found
591 if(memcmp(packet_in,packet,packet_length))
592 {
593 debug("P:");
594 for(uint8_t i=0;i<packet_length;i++)
595 debug(" %02X",packet[i]);
596 debugln("");
597 memcpy(packet_in,packet,packet_length);
598 }
599 }
600 }
601 // restart RX mode
602 XN297_SetTxRxMode(TXRX_OFF);
603 XN297_SetTxRxMode(RX_EN);
604 }
605 break;
606 }
607 }
608 else if(sub_protocol == XN297DUMP_NRF)
609 {
610 if(phase==0)
611 {
612 address_length=4;
613 memcpy(rx_tx_addr, (uint8_t *)"\x7E\xB8\x63\xA9", address_length);
615 bitrate=XN297DUMP_250K;
616 packet_length=16;
617 hopping_frequency_no=0x50; //bind 0x50, normal ??
619 NRF24L01_Initialize();
620 NRF24L01_SetTxRxMode(TXRX_OFF);
621 NRF24L01_SetTxRxMode(RX_EN);
622 NRF24L01_WriteReg(NRF24L01_03_SETUP_AW, address_length-2); // RX/TX address length
623 NRF24L01_WriteRegisterMulti(NRF24L01_0A_RX_ADDR_P0, rx_tx_addr, address_length); // set up RX address
624 NRF24L01_WriteReg(NRF24L01_11_RX_PW_P0, packet_length); // Enable rx pipe 0
625 NRF24L01_WriteReg(NRF24L01_05_RF_CH, option); //hopping_frequency_no);
627 debug("NRF dump, len=%d, rf=%d, address length=%d, bitrate=",packet_length,option,address_length); //hopping_frequency_no,address_length);
628 switch(bitrate)
629 {
630 case XN297DUMP_250K:
631 NRF24L01_SetBitrate(NRF24L01_BR_250K);
632 debugln("250K");
633 break;
634 case XN297DUMP_2M:
635 NRF24L01_SetBitrate(NRF24L01_BR_2M);
636 debugln("2M");
637 break;
638 default:
639 NRF24L01_SetBitrate(NRF24L01_BR_1M);
640 debugln("1M");
641 break;
643 }
644 NRF24L01_WriteReg(NRF24L01_00_CONFIG, _BV(NRF24L01_00_PWR_UP) | _BV(NRF24L01_00_PRIM_RX)); //_BV(NRF24L01_00_EN_CRC) | _BV(NRF24L01_00_CRCO) |
645 phase++;
646 }
647 else
648 {
649 if( NRF24L01_ReadReg(NRF24L01_07_STATUS) & _BV(NRF24L01_07_RX_DR))
650 { // RX fifo data ready
651 if(NRF24L01_ReadReg(NRF24L01_09_CD))
652 {
653 NRF24L01_ReadPayload(packet, packet_length);
654 //bool ok=true;
655 uint8_t buffer[40];
656 memcpy(buffer,packet,packet_length);
657 //if(memcmp(&packet_in[0],&packet[0],packet_length))
658 {
659 debug("C: %02X P:", option);
660 for(uint8_t i=0;i<packet_length;i++)
661 debug(" %02X",packet[i]);
662 debugln("");
663 memcpy(packet_in,packet,packet_length);
664 }
665 /*//realign bits
666 for(uint8_t i=0; i<packet_length; i++)
667 buffer[i]=buffer[i+2];
668 //for(uint8_t i=0; i<packet_length; i++)
669 // buffer[i]=(buffer[i]<<4)+(buffer[i+1]>>4);
671 //check for validity and decode
672 memset(packet_in,0,packet_length);
673 for(uint8_t i=0; i<packet_length-2; i++)
674 {
675 for(uint8_t j=0;j<2;j++)
676 {
677 packet_in[i>>2] >>= 1;
678 if( (buffer[i]&0xC0) == 0xC0 && (buffer[i]&0x30) == 0x00 )
679 packet_in[i>>2] |= 0x80;
680 else if( (buffer[i]&0xC0) == 0x00 && (buffer[i]&0x30) == 0x30 )
681 packet_in[i>>2] |= 0x00;
682 else
683 ok=false; // error
684 buffer[i] <<= 4;
685 }
686 }
687 if(ok)
688 {
689 debug("P:(%02X,%02X):",packet[0],packet[1]);
690 for(uint8_t i=0;i<packet_length/4;i++)
691 debug(" %02X",packet_in[i]);
692 debugln("");
693 memcpy(packet_in,packet,packet_length);
694 }
695 }*/
696 /*crc=0;
697 for (uint8_t i = 1; i < 12; ++i)
698 crc16_update( packet[i], 8);
699 if(packet[12]==((crc>>8)&0xFF) && packet[13]==(crc&0xFF))
700 if(memcmp(&packet_in[1],&packet[1],packet_length-1))
701 {
702 debug("P:");
703 for(uint8_t i=0;i<packet_length;i++)
704 debug(" %02X",packet[i]);
705 debug(" CRC: %04X",crc);
706 debugln("");
707 debug("P(%02X):",packet[0]);
708 for(uint8_t i=1;i<packet_length-2;i++)
709 debug(" %02X",((bit_reverse(packet[i])<<1)|(bit_reverse(packet[i-1])>>7))&0xFF);
710 debugln("");
711 memcpy(packet_in,packet,packet_length);
712 }*/
713 }
714 // restart RX mode
715 NRF24L01_WriteReg(NRF24L01_07_STATUS, 0x70); // Clear data ready, data sent, and retransmit
716 NRF24L01_SetTxRxMode(TXRX_OFF);
717 NRF24L01_SetTxRxMode(RX_EN);
718 NRF24L01_FlushRx();
719 NRF24L01_WriteReg(NRF24L01_00_CONFIG, _BV(NRF24L01_00_PWR_UP) | _BV(NRF24L01_00_PRIM_RX)); // _BV(NRF24L01_00_EN_CRC) | _BV(NRF24L01_00_CRCO) |
720 }
721 NRF24L01_WriteReg(NRF24L01_05_RF_CH, option); //hopping_frequency_no);
722 }
723 }
724 else if(sub_protocol == XN297DUMP_CC2500)
725 {
726 #if defined (CC2500_INSTALLED)
727 if(phase==0)
728 {
729 address_length=5;
730 switch(RX_num)
731 {
732 case 0:
733 memcpy(rx_tx_addr, (uint8_t *)"\xAE\xD2\x71\x79\x46", address_length);
734 break;
735 case 1:
736 memcpy(rx_tx_addr, (uint8_t *)"\x5D\xA4\xE2\xF2\x8C", address_length);
737 break;
738 case 2:
739 memcpy(rx_tx_addr, (uint8_t *)"\xBB\x49\xC5\xE5\x18", address_length);
740 break;
741 case 3:
742 memcpy(rx_tx_addr, (uint8_t *)"\x76\x93\x8B\xCA\x30", address_length);
743 break;
744 case 4:
745 memcpy(rx_tx_addr, (uint8_t *)"\xED\x27\x17\x94\x61", address_length);
746 break;
747 case 5:
748 memcpy(rx_tx_addr, (uint8_t *)"\xDA\x4E\x2F\x28\xC2", address_length);
749 break;
750 case 6:
751 memcpy(rx_tx_addr, (uint8_t *)"\xAB\xB4\x9C\x5E\x51", address_length);
752 break;
753 case 7:
754 memcpy(rx_tx_addr, (uint8_t *)"\x57\x69\x38\xBC\xA3", address_length);
755 break;
756 }
757 packet_length=38;
758 hopping_frequency_no=54; //bind 30, normal 54
759 debugln("CC2500 dump, len=%d, rf=%d, address length=%d, bitrate=250K",packet_length,hopping_frequency_no,address_length);
761 //Config CC2500
762 CC2500_250K_Init();
763 CC2500_SetFreqOffset();
764 CC2500_WriteReg(CC2500_04_SYNC1, rx_tx_addr[0]); // Sync word, high byte
765 CC2500_WriteReg(CC2500_05_SYNC0, rx_tx_addr[1]); // Sync word, low byte
766 CC2500_WriteReg(CC2500_09_ADDR, rx_tx_addr[2]); // Set addr
767 CC2500_WriteReg(CC2500_12_MDMCFG2, 0x12); // Modem Configuration, GFSK, 16/16 Sync Word TX&RX
768 CC2500_WriteReg(CC2500_06_PKTLEN, packet_length); // Packet len
770 //2.4001GHz: offfset of 100KHz
771 CC2500_WriteReg(CC2500_0D_FREQ2, 0x5C); // Frequency Control Word, High Byte
772 CC2500_WriteReg(CC2500_0E_FREQ1, 0x4F); // Frequency Control Word, Middle Byte
773 CC2500_WriteReg(CC2500_0F_FREQ0, 0xC1); // Frequency Control Word, Low Byte
775 CC2500_250K_RFChannel(hopping_frequency_no);
777 CC2500_SetTxRxMode(RX_EN);
778 CC2500_Strobe(CC2500_SFRX);
779 CC2500_Strobe(CC2500_SRX);
780 phase++;
781 }
782 else
783 {
784 CC2500_SetFreqOffset();
785 if((CC2500_ReadReg(CC2500_3B_RXBYTES | CC2500_READ_BURST) & 0x7F) == packet_length + 2) // 2 = RSSI + LQI
786 { // RX fifo data ready
787 //debugln("f_off=%02X", CC2500_ReadReg(0x32 | CC2500_READ_BURST));
788 CC2500_ReadData(packet, packet_length+2);
789 bool ok=true;
790 //filter address
791 if(rx_tx_addr[2]!=packet[0] || rx_tx_addr[3]!=packet[1] || rx_tx_addr[4]!=packet[2] )
792 ok=false;
793 //filter constants
794 if(RX_num == 0 && ok)
795 {
796 if (packet[3] != 0x10 || (packet[4] & 0xFC) != 0x54 || packet[5] != 0x64)
797 ok=false;
798 else if(packet[6] != 0x10 && packet[6] != 0x25)
799 ok=false;
800 else if(memcmp(&packet[9],"\xC6\xE7\x50\x02\xAA\x49",6)!=0)
801 ok=false;
802 }
803 else if(RX_num == 4 && ok)
804 {
805 if (packet[3] != 0x05 || (packet[4] & 0xCF) != 0x46)
806 ok=false;
807 else if(packet[5] != 0x41 && packet[5] != 0x42)
808 ok=false;
809 else if((packet[6]&0xF0) != 0x50 && (packet[6]&0xF0) != 0x00)
810 ok=false;
811 else if((packet[8]&0x0F) != 0x0C)
812 ok=false;
813 else if(memcmp(&packet[9],"\x6E\x75\x00\x2A\xA4\x94\xA4\x6F",8)!=0)
814 ok=false;
815 }
816 if(ok)
817 {
818 //uint8_t buffer[100];
819 //memcpy(buffer,packet,packet_length);
820 //if(memcmp(&packet_in[0],&packet[0],packet_length))
821 {
822 debug("P:");
823 for(uint8_t i=0;i<packet_length;i++)
824 debug(" %02X",packet[i]);
825 debugln("");
826 memcpy(packet_in,packet,packet_length);
827 }
828 }
829 CC2500_SetTxRxMode(TXRX_OFF);
830 CC2500_SetTxRxMode(RX_EN);
831 CC2500_Strobe(CC2500_SFRX);
832 CC2500_Strobe(CC2500_SRX);
833 }
834 }
835 #endif
836 }
837 bind_counter++;
838 if(IS_RX_FLAG_on) // Let the radio update the protocol
839 {
840 if(Update_All()) return 10000; // New protocol selected
841 if(prev_option!=option && sub_protocol<XN297DUMP_AUTO)
842 { // option has changed
843 hopping_frequency_no=option;
844 prev_option=option;
845 }
846 }
847 XN297Dump_overflow();
848 }
849 return 100;
850 }
852 void XN297Dump_init(void)
853 {
854 BIND_DONE;
855 if(sub_protocol<XN297DUMP_AUTO)
856 bitrate=sub_protocol;
857 else
858 bitrate=0;
859 address_length=RX_num;
860 if(address_length<3||address_length>5)
861 address_length=5; //default
862 XN297Dump_RF_init();
863 bind_counter=0;
864 rf_ch_num=0xFF;
865 prev_option=option^0x55;
866 phase=0; // init
867 }
869 #endif