├── rf4ce
    ├── autognuradio
    │   ├── __init__.py
    │   └── ieee802_15_4_oqpsk_phy.py
    ├── packetprocessor.py
    ├── __init__.py
    ├── linkconfig.py
    ├── rf4ce.py
    └── radio.py
├── LICENSE
├── .gitignore
├── README.md
├── sniffer.py
├── pairing_sniffer.py
└── injector.py


/rf4ce/autognuradio/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/rf4ce/packetprocessor.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | """
 3 | Packet processor tread. Used to process the incoming RF4CE packets.
 4 | """
 5 | 
 6 | import threading
 7 | import Queue
 8 | 
 9 | from linkconfig import LinkConfig
10 | from rf4ce import Rf4ceNode, Rf4ceFrame
11 | 
12 | 
13 | class PacketProcessor(threading.Thread):
14 | 
15 | 	"""Packet processor thread"""
16 | 
17 | 	def __init__(self):
18 | 		threading.Thread.__init__(self)
19 | 		self.q = Queue.Queue()
20 | 		self.stopped = False
21 | 
22 | 	def stop(self):
23 | 		self.stopped = True
24 | 
25 | 	def run(self):
26 | 		while not self.stopped:
27 | 			try:
28 | 				data = self.q.get(timeout=1)
29 | 			except Queue.Empty:
30 | 				continue
31 | 			self.process(data)
32 | 	
33 | 	def feed(self, data):
34 | 		"""Adds packets to the queue"""
35 | 		self.q.put(data)
36 | 
37 | 	def process(self, data):
38 | 		"""This should process the incoming data"""
39 | 		pass
40 | 


--------------------------------------------------------------------------------
/rf4ce/__init__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from rf4ce import Rf4ceNode, Rf4ceFrame, Rf4ceConstants, Rf4ceException
 4 | from linkconfig import LinkConfig
 5 | 
 6 | from scapy.all import Dot15d4FCS, Dot15d4Data, Raw
 7 | 
 8 | # Keep scapy from parsing the RF4CE payload
 9 | Dot15d4Data.payload_guess = [({}, Raw)]
10 | 
11 | import scapy.config
12 | from scapy.themes import ColorOnBlackTheme
13 | scapy.config.conf.color_theme = ColorOnBlackTheme()
14 | 
15 | 
16 | # https://github.com/zeroSteiner/scapy-com/blob/79f55855a4d55b4eaba5370cb4c7b094ab956c79/scapy/layers/dot15d4.py#L856C1-L865C1
17 | def makeFCS(data):
18 |     crc = 0
19 |     for i in range(0, len(data)):
20 |         c = ord(data[i])
21 |         q = (crc ^ c) & 15              #Do low-order 4 bits
22 |         crc = (crc // 16) ^ (q * 4225)
23 |         q = (crc ^ (c // 16)) & 15      #And high 4 bits
24 |         crc = (crc // 16) ^ (q * 4225)
25 |     return struct.pack('<H', crc) #return as bytes in little endian order
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 courk
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | downloads/
 15 | eggs/
 16 | .eggs/
 17 | lib/
 18 | lib64/
 19 | parts/
 20 | sdist/
 21 | var/
 22 | wheels/
 23 | *.egg-info/
 24 | .installed.cfg
 25 | *.egg
 26 | MANIFEST
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | .pytest_cache/
 49 | 
 50 | # Translations
 51 | *.mo
 52 | *.pot
 53 | 
 54 | # Django stuff:
 55 | *.log
 56 | local_settings.py
 57 | db.sqlite3
 58 | 
 59 | # Flask stuff:
 60 | instance/
 61 | .webassets-cache
 62 | 
 63 | # Scrapy stuff:
 64 | .scrapy
 65 | 
 66 | # Sphinx documentation
 67 | docs/_build/
 68 | 
 69 | # PyBuilder
 70 | target/
 71 | 
 72 | # Jupyter Notebook
 73 | .ipynb_checkpoints
 74 | 
 75 | # pyenv
 76 | .python-version
 77 | 
 78 | # celery beat schedule file
 79 | celerybeat-schedule
 80 | 
 81 | # SageMath parsed files
 82 | *.sage.py
 83 | 
 84 | # Environments
 85 | .env
 86 | .venv
 87 | env/
 88 | venv/
 89 | ENV/
 90 | env.bak/
 91 | venv.bak/
 92 | 
 93 | # Spyder project settings
 94 | .spyderproject
 95 | .spyproject
 96 | 
 97 | # Rope project settings
 98 | .ropeproject
 99 | 
100 | # mkdocs documentation
101 | /site
102 | 
103 | # mypy
104 | .mypy_cache/
105 | 


--------------------------------------------------------------------------------
/rf4ce/linkconfig.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | """
 3 | Describes a RF4CE link.
 4 | """
 5 | 
 6 | import json
 7 | import binascii
 8 | 
 9 | from rf4ce import Rf4ceNode
10 | 
11 | 
12 | class LinkConfig(object):
13 | 
14 | 	"""Stores a RF4CE link information.
15 | 
16 | 	Stored RF4CE link information are:
17 | 	source, destination, key, frame_counter, dest_panid
18 | 	"""
19 | 
20 | 	def __init__(self, config_filename=None):
21 | 		self.config_filename = config_filename
22 | 		if config_filename:
23 | 			self.load()
24 | 		else:
25 | 			self.dest_panid = None
26 | 			self.source = None
27 | 			self.destination = None
28 | 			self.key = None
29 | 			self.frame_counter = 0
30 | 
31 | 	def load(self):
32 | 		"""Loads link configuration from supplied JSON file"""
33 | 		try:
34 | 			f = open(self.config_filename, "rb")
35 | 		except IOError:
36 | 			print("Cannot open configuration file '{}'".format(self.config_filename))
37 | 			raise
38 | 
39 | 		try:
40 | 			json_config = json.load(f)
41 | 			self.dest_panid = int(json_config["dest_panid"], 16)
42 | 			self.source = Rf4ceNode(json_config["full_source"], 
43 | 				int(json_config["short_source"], 16))
44 | 			self.destination = Rf4ceNode(json_config["full_destination"],
45 | 				int(json_config["short_destination"], 16))
46 | 			if "key" in json_config:
47 | 				self.key = json_config["key"]
48 | 			else:
49 | 				self.key = None
50 | 			if "frame_counter" in json_config:
51 | 				self.frame_counter = json_config["frame_counter"]
52 | 			else:
53 | 				self.frame_counter = 0
54 | 		except (ValueError, KeyError):
55 | 			print("Invalid JSON file")
56 | 			raise
57 | 
58 | 
59 | 	def save(self, config_filename=None):
60 | 		"""Saves link configuration to supplied JSON file"""
61 | 		if config_filename:
62 | 			self.config_filename = config_filename
63 | 		json_config = {}
64 | 		json_config["full_source"] = self.source.get_long_address()
65 | 		json_config["short_source"] = "0x{:x}".format(self.source.get_short_address())
66 | 		json_config["full_destination"] = self.destination.get_long_address()
67 | 		json_config["short_destination"] = "0x{:x}".format(self.destination.get_short_address())
68 | 		json_config["dest_panid"] = "0x{:x}".format(self.dest_panid)
69 | 		json_config["frame_counter"] = self.frame_counter
70 | 		if self.key:
71 | 			json_config["key"] = self.key
72 | 		try:
73 | 			f = open(self.config_filename, "wb")
74 | 		except IOError:
75 | 			print("Cannot open configuration file '{}'".format(self.config_filename))
76 | 			raise		
77 | 		json.dump(json_config, f, indent=4)
78 | 		f.close()
79 | 
80 | 	def __repr__(self):
81 | 		result = "Link configuration:\n"
82 | 		if self.config_filename:
83 | 			result += "\tLoaded from '{}'\n".format(self.config_filename)
84 | 		result += "\tSource: {}\n".format(self.source)
85 | 		result += "\tDestination: {}\n".format(self.destination)
86 | 		result += "\tPanid: 0x{:x}\n".format(self.dest_panid)
87 | 		if self.key:
88 | 			result += "\tKey: {}\n".format(self.key)
89 | 		result += "\tFrame Counter: {}".format(self.frame_counter)
90 | 		return result
91 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Introduction
 2 | 
 3 | This is a small and simple set of SDR tools that can be used to experiment with the Zigbee RF4CE protocol.
 4 | 
 5 | The following features are supported:
 6 | 
 7 | They do have the following features:
 8 | 
 9 | * RF4CE packets parsing and crafting. This includes support for the AES-128-CCM cryptographic algorithm used by RF4CE devices after the pairing process.
10 | * RF4CE packets sniffing. This includes deciphering packets in case the ciphering key is known. This key can be computed in case the pairing process can be sniffed.
11 | * RF4CE packets injection.
12 | 
13 | # Requirements 
14 | 
15 | My code is based on:
16 | 
17 | * [GNU Radio](https://www.gnuradio.org)GNU Radio
18 | * The IEEE 802.15.4 MAC and PHY layers are provided by the [gr-ieee802-15-4](https://github.com/bastibl/gr-ieee802-15-4/) project
19 | 
20 | I've successfully tested these tools with both a [HackRF](https://greatscottgadgets.com/hackrf) and a newer [PlutoSDR](http://www.analog.com/en/design-center/evaluation-hardware-and-software/evaluation-boards-kits/adalm-pluto.html).
21 | 
22 | Please note that a device like the PlutoSDR supports full-duplex communication. That's why after it has send a packet, it can immediately wait for a `ACK` from the receiver and try to switch frequency if this packet is not acknowledged.
23 | 
24 | The HackRF on the other side is only half-duplex and cannot do that. I haven't find a way to switch between RX and TX modes fast enough to handle `ACK`  packets.
25 | 
26 | In other word, only the PlutoSDR can handle the frequency agility feature of the RF4CE protocol.
27 | 
28 | # Usage #
29 | 
30 | ## Packet Sniffer
31 | 
32 | ```
33 | $ ./sniffer.py -h
34 | usage: sniffer.py [-h] [-l LINK] [-c {15,20,25}] [-s {hackrf,pluto-sdr}]
35 | 
36 | optional arguments:
37 |   -h, --help            show this help message and exit
38 |   -l LINK, --link LINK  JSON file containing link information
39 |   -c {15,20,25}, --channel {15,20,25}
40 |                         RF4CE channel (default: 15)
41 |   -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
42 |                         SDR Device to use (default: pluto-sdr)
43 | ```
44 | 
45 | ## Pairing Sniffer
46 | 
47 | This "pairing sniffer" can be used to generate the optional JSON file containing a link information.
48 | 
49 | ```
50 | $ ./pairing_sniffer.py -h
51 | usage: pairing_sniffer.py [-h] [-c {15,20,25}] [-s {hackrf,pluto-sdr}]
52 |                           output_file
53 | 
54 | positional arguments:
55 |   output_file           output JSON file storing link information
56 | 
57 | optional arguments:
58 |   -h, --help            show this help message and exit
59 |   -c {15,20,25}, --channel {15,20,25}
60 |                         RF4CE channel (default: 15)
61 |   -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
62 |                         SDR Device to use (default: pluto-sdr)
63 | ```
64 | 
65 | ## Packet Injection
66 | 
67 | ```
68 | $ ./injector.py -h
69 | usage: injector.py [-h] [-c {15,20,25}] [-s {hackrf,pluto-sdr}] config_file
70 | 
71 | positional arguments:
72 |   config_file           JSON file containing link information
73 | 
74 | optional arguments:
75 |   -h, --help            show this help message and exit
76 |   -c {15,20,25}, --channel {15,20,25}
77 |                         RF4CE channel (default: 15)
78 |   -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
79 |                         SDR Device to use (default: pluto-sdr)
80 | ```


--------------------------------------------------------------------------------
/sniffer.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python2
  2 | # -*- coding: utf-8 -*-
  3 | """
  4 | Sniffs RF4CE packets. Supports encryption.
  5 | """
  6 | 
  7 | from __future__ import (absolute_import,
  8 |                         print_function, unicode_literals)
  9 | from builtins import *
 10 | 
 11 | import argparse
 12 | from datetime import datetime
 13 | import binascii
 14 | 
 15 | from rf4ce import Dot15d4FCS, Dot15d4Data, Raw, makeFCS
 16 | from rf4ce import LinkConfig, Rf4ceNode, Rf4ceFrame, Rf4ceException
 17 | from rf4ce.radio import RxFlow
 18 | from rf4ce.packetprocessor import PacketProcessor
 19 | import huepy as hue
 20 | 
 21 | 
 22 | class SnifferProcessor(PacketProcessor):
 23 | 
 24 | 	"""Sniffer Packet processor
 25 | 
 26 | 	Parses incoming packets
 27 | 	If possible, decode them
 28 | 	"""
 29 | 
 30 | 	def __init__(self, link_configs=[]):
 31 | 		PacketProcessor.__init__(self)
 32 | 		self.link_configs = link_configs
 33 | 
 34 | 	def process(self, data):
 35 | 		print(hue.bold(hue.green("\n------ {} ------".format(datetime.now()))))
 36 | 		print(hue.yellow("Full packet data: ") + hue.italic(binascii.hexlify(data)))
 37 | 		
 38 | 		# Checks if the 802.15.4 packet is valid
 39 | 		if makeFCS(data[:-2]) != data[-2:]:
 40 | 			print(hue.bad("Invalid packet"))
 41 | 			return
 42 | 
 43 | 		# Parses 802.15.4 packet
 44 | 		packet = Dot15d4FCS(data)
 45 | 		packet.show()
 46 | 
 47 | 		if packet.fcf_frametype == 2: # ACK
 48 | 			return
 49 | 
 50 | 		# Tries to match received packet with a known link
 51 | 		# configuration
 52 | 		matched = False
 53 | 		for link in self.link_configs:
 54 | 			if packet.dest_panid != link.dest_panid:
 55 | 				continue
 56 | 			if packet.fcf_srcaddrmode == 3: # Long addressing mode
 57 | 				if packet.src_addr != link.source.get_long_address():
 58 | 					continue
 59 | 				if packet.dest_addr != link.destination.get_long_address():
 60 | 					continue
 61 | 			else:
 62 | 				if packet.src_addr != link.source.get_short_address():
 63 | 					continue
 64 | 				if packet.dest_addr != link.destination.get_short_address():
 65 | 					continue
 66 | 				source = link.source
 67 | 				destination = link.destination
 68 | 				key = link.key
 69 | 				matched = True
 70 | 
 71 | 		if not matched:
 72 | 			if packet.fcf_srcaddrmode == 3:
 73 | 				source = Rf4ceNode(packet.src_addr, None)
 74 | 				destination = Rf4ceNode(packet.dest_addr, None)
 75 | 			else:
 76 | 				source = Rf4ceNode(None, packet.src_addr)
 77 | 				destination = Rf4ceNode(None, packet.dest_addr)
 78 | 			key = None
 79 | 
 80 | 		# Process RF4CE payload
 81 | 		frame = Rf4ceFrame()
 82 | 		try:
 83 | 			rf4ce_payload = bytes(packet[3].fields["load"])
 84 | 			frame.parse_from_string(rf4ce_payload, source, destination, key)
 85 | 		except Rf4ceException, e:
 86 | 			print(hue.bad("Cannot parse RF4CE frame: {}".format(e)))
 87 | 			return
 88 | 		print("###[ " + hue.bold(hue.yellow("RF4CE")) + " ]###")
 89 | 		print(frame)
 90 | 
 91 | 
 92 | if __name__ == '__main__':
 93 | 
 94 | 	parser = argparse.ArgumentParser()
 95 | 	parser.add_argument("-l", "--link", help="JSON file containing link information")
 96 | 	parser.add_argument("-c", "--channel", help="RF4CE channel (default: 15)", type=int,
 97 | 		choices=[15, 20, 25], default=15)
 98 | 	parser.add_argument("-s", "--sdr", help="SDR Device to use (default: pluto-sdr)", 
 99 | 		choices=["hackrf", "pluto-sdr"], default="pluto-sdr")
100 | 	args = parser.parse_args()
101 | 
102 | 	if args.link:
103 | 		try:
104 | 			link_config = LinkConfig(args.link)
105 | 		except:
106 | 			print(hue.bad("Cannot load configuration file"))
107 | 			exit(-1)
108 | 
109 | 	if args.link:
110 | 		print(link_config)
111 | 	print(hue.info("Sniffing on channel {}".format(args.channel)))
112 | 
113 | 	if args.link:
114 | 		sniffer_processor = SnifferProcessor([link_config])
115 | 	else:
116 | 		sniffer_processor = SnifferProcessor([])
117 | 	tb = RxFlow(args.channel, sniffer_processor, args.sdr)
118 | 	
119 | 	sniffer_processor.start()
120 | 	tb.start()
121 | 
122 | 	try:
123 | 		raw_input(hue.info('Sniffing...\n'))
124 | 	except (EOFError, KeyboardInterrupt):
125 | 		pass
126 | 	
127 | 	print(hue.info("Exiting..."))
128 | 
129 | 	tb.stop()
130 | 	tb.wait()
131 | 	sniffer_processor.stop()
132 | 


--------------------------------------------------------------------------------
/pairing_sniffer.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python2
  2 | # -*- coding: utf-8 -*-
  3 | """
  4 | Sniffs link information, including key, during pairing.
  5 | """
  6 | 
  7 | from __future__ import (absolute_import,
  8 |                         print_function, unicode_literals)
  9 | from builtins import *
 10 | 
 11 | import argparse
 12 | from datetime import datetime
 13 | import binascii
 14 | import functools
 15 | 
 16 | from rf4ce import Dot15d4FCS, Dot15d4Data, Raw, makeFCS
 17 | from rf4ce import LinkConfig, Rf4ceNode, Rf4ceFrame, Rf4ceException, Rf4ceConstants
 18 | from rf4ce.radio import RxFlow
 19 | from rf4ce.packetprocessor import PacketProcessor
 20 | import struct
 21 | import huepy as hue
 22 | 
 23 | 
 24 | class KeyProcessor(PacketProcessor):
 25 | 
 26 | 	"""Key sniffer processor
 27 | 
 28 | 	Sniffs a pairing procedure to get all link
 29 | 	information, including the AES key
 30 | 	"""
 31 | 
 32 | 	def __init__(self):
 33 | 		PacketProcessor.__init__(self)
 34 | 		self.wait_pair_cmd = True
 35 | 		self.key_index = 0
 36 | 		self.key_words = [None] * 0x25
 37 | 		self.link_config = LinkConfig()
 38 | 		self.success = False
 39 | 
 40 | 	def process(self, data):
 41 | 		print(hue.info("Processing packet ..."))
 42 | 
 43 | 		# Check if the 802.15.4 packet is valid
 44 | 		if makeFCS(data[:-2]) != data[-2:]:
 45 | 			print(hue.bad("Invalid packet"))
 46 | 			return
 47 | 
 48 | 		# Parse 802.15.4 packet and extract RF4CE payload
 49 | 		packet = Dot15d4FCS(data)
 50 | 
 51 | 		if packet.fcf_frametype == 2: # ACK
 52 | 			return
 53 | 
 54 | 		# Read source, dest, do not use key
 55 | 		if packet.fcf_srcaddrmode == 3:
 56 | 			source = Rf4ceNode(packet.src_addr, None)
 57 | 			destination = Rf4ceNode(packet.dest_addr, None)
 58 | 		else:
 59 | 			source = Rf4ceNode(None, packet.src_addr)
 60 | 			destination = Rf4ceNode(None, packet.dest_addr)
 61 | 		key = None
 62 | 		
 63 | 		rf4ce_payload = bytes(packet[3].fields["load"])
 64 | 		frame = Rf4ceFrame()
 65 | 		
 66 | 		try:
 67 | 			frame.parse_from_string(rf4ce_payload, source, destination, key)
 68 | 		except Rf4ceException, e:
 69 | 			print(hue.bad("Cannot parse RF4CE frame: {}".format(e)))
 70 | 			return
 71 | 
 72 | 		# Start of a key transmission can be detected with 
 73 | 		# the pairing response command (0x04)
 74 | 		# Short addresses for source and destination are also
 75 | 		# provided by this command
 76 | 		if self.wait_pair_cmd:
 77 | 			if frame.frame_type == Rf4ceConstants.FRAME_TYPE_COMMAND:
 78 | 				if frame.command == 0x04:
 79 | 					print(hue.good("Key transmission started !"))
 80 | 					short_src, short_dest = self.parse_pairing_response(frame.payload)
 81 | 					self.link_config.dest_panid = packet.src_panid
 82 | 					self.link_config.source = Rf4ceNode(packet.dest_addr, short_src)
 83 | 					self.link_config.destination = Rf4ceNode(packet.src_addr, short_dest)
 84 | 					self.wait_pair_cmd = False
 85 | 		# Here, we are now expecting key seed command frames (0x06)
 86 | 		else:
 87 | 			if frame.frame_type != Rf4ceConstants.FRAME_TYPE_COMMAND:
 88 | 				print(hue.bad("Received unexpected frame type: {}".format(frame)))
 89 | 				return
 90 | 			
 91 | 			if frame.command != 0x06:
 92 | 				print(hue.bad("Received unexpected command: {}".format(frame)))
 93 | 				return
 94 | 			
 95 | 			if frame.payload[0] == self.key_index - 1:
 96 | 				self.key_index -= 1
 97 | 				print(hue.info("Key word {} has been sent again".format(self.key_index)))
 98 | 			
 99 | 			if frame.payload[0] != self.key_index:
100 | 				print(hue.bad("Missed key word {} ! Aborting.".format(self.key_index)))
101 | 				self.stop()
102 | 				return
103 | 
104 | 			print(hue.good("Received key word {}".format(self.key_index)))
105 | 
106 | 			self.key_words[self.key_index] = frame.payload[1:]
107 | 			
108 | 			if self.key_index == 0x24:
109 | 				print(hue.good("All key words have been received"))
110 | 				self.link_config.key = binascii.hexlify(self.compute_key(self.key_words))
111 | 				self.link_config.frame_counter = frame.frame_counter
112 | 				self.success = True
113 | 				self.stop()
114 | 			else:
115 | 				self.key_index += 1
116 | 
117 | 	def parse_pairing_response(self, data):
118 | 		"""Extracts allocated network address and network address
119 | 		fields from a pair response command frame payload"""
120 | 		short_src, short_dest = struct.unpack("<HH", data[1:5])
121 | 		return short_src, short_dest
122 | 
123 | 	def xor(self, word1, word2):
124 | 		"""Simple XOR operation between two key words"""
125 | 		return [a ^ b for a, b in zip(word1, word2)]
126 | 
127 | 	def compute_key(self, words):
128 | 		"""Computes the key from all the key words"""
129 | 		seed = functools.reduce(self.xor, words)
130 | 		r = [seed[i*16:(i+1)*16] for i in range(5)]
131 | 		result = functools.reduce(self.xor, r)
132 | 		return bytes(result)
133 | 
134 | 
135 | if __name__ == '__main__':
136 | 
137 | 	parser = argparse.ArgumentParser()
138 | 	parser.add_argument("output_file", help="output JSON file storing link information")
139 | 	parser.add_argument("-c", "--channel", help="RF4CE channel (default: 15)", type=int,
140 | 		choices=[15, 20, 25], default=15)
141 | 	parser.add_argument("-s", "--sdr", help="SDR Device to use (default: pluto-sdr)", 
142 | 		choices=["hackrf", "pluto-sdr"], default="pluto-sdr")
143 | 	args = parser.parse_args()
144 | 
145 | 	print(hue.info("Sniffing on channel {}".format(args.channel)))
146 | 
147 | 	key_processor = KeyProcessor()
148 | 	tb = RxFlow(args.channel, key_processor, args.sdr)
149 | 
150 | 	key_processor.start()
151 | 	tb.start()
152 | 
153 | 	try:
154 | 		while True:
155 | 			print(hue.info("Sniffing..."))
156 | 			key_processor.join(1.0)
157 | 			if not key_processor.isAlive():
158 | 				break
159 | 	except KeyboardInterrupt:
160 | 		pass
161 | 
162 | 	if key_processor.success:
163 | 		print(key_processor.link_config)
164 | 		print(hue.info("Saving link configuration into {}".format(args.output_file)))
165 | 		key_processor.link_config.save(args.output_file)
166 | 
167 | 	print(hue.info("Exiting..."))
168 | 
169 | 	tb.stop()
170 | 	tb.wait()
171 | 	key_processor.stop()
172 | 


--------------------------------------------------------------------------------
/rf4ce/autognuradio/ieee802_15_4_oqpsk_phy.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | ##################################################
 3 | # GNU Radio Python Flow Graph
 4 | # Title: IEEE802.15.4 OQPSK PHY
 5 | # Generated: Wed Jul 12 20:16:06 2017
 6 | ##################################################
 7 | 
 8 | from gnuradio import analog
 9 | from gnuradio import blocks
10 | from gnuradio import digital
11 | from gnuradio import filter
12 | from gnuradio import gr
13 | from gnuradio.filter import firdes
14 | from math import sin, pi
15 | import foo
16 | import ieee802_15_4
17 | import math
18 | import pmt
19 | 
20 | 
21 | class ieee802_15_4_oqpsk_phy(gr.hier_block2):
22 | 
23 |     def __init__(self):
24 |         gr.hier_block2.__init__(
25 |             self, "IEEE802.15.4 OQPSK PHY",
26 |             gr.io_signature(1, 1, gr.sizeof_gr_complex*1),
27 |             gr.io_signature(1, 1, gr.sizeof_gr_complex*1),
28 |         )
29 |         self.message_port_register_hier_in("txin")
30 |         self.message_port_register_hier_out("rxout")
31 | 
32 |         ##################################################
33 |         # Variables
34 |         ##################################################
35 |         self.samp_rate = samp_rate = 4000000
36 | 
37 |         ##################################################
38 |         # Blocks
39 |         ##################################################
40 |         self.single_pole_iir_filter_xx_0 = filter.single_pole_iir_filter_ff(0.00016, 1)
41 |         self.ieee802_15_4_packet_sink_0 = ieee802_15_4.packet_sink(10)
42 |         self.ieee802_15_4_access_code_prefixer_0 = ieee802_15_4.access_code_prefixer()
43 |         self.foo_burst_tagger_0 = foo.burst_tagger(pmt.intern("pdu_length"), 128)
44 |         self.digital_clock_recovery_mm_xx_0 = digital.clock_recovery_mm_ff(2, 0.000225, 0.5, 0.03, 0.0002)
45 |         self.digital_chunks_to_symbols_xx_0 = digital.chunks_to_symbols_bc(([(1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j)]), 16)
46 |         self.blocks_vector_source_x_0 = blocks.vector_source_c([0, sin(pi/4), 1, sin(3*pi/4)], True, 1, [])
47 |         self.blocks_sub_xx_0 = blocks.sub_ff(1)
48 |         self.blocks_repeat_0 = blocks.repeat(gr.sizeof_gr_complex*1, 4)
49 |         self.blocks_pdu_to_tagged_stream_0_0_0 = blocks.pdu_to_tagged_stream(blocks.byte_t, 'pdu_length')
50 |         self.blocks_packed_to_unpacked_xx_0 = blocks.packed_to_unpacked_bb(4, gr.GR_LSB_FIRST)
51 |         self.blocks_multiply_xx_0 = blocks.multiply_vcc(1)
52 |         self.blocks_float_to_complex_0 = blocks.float_to_complex(1)
53 |         self.blocks_delay_0 = blocks.delay(gr.sizeof_float*1, 2)
54 |         self.blocks_complex_to_float_0 = blocks.complex_to_float(1)
55 |         self.analog_quadrature_demod_cf_0 = analog.quadrature_demod_cf(1)
56 | 
57 |         ##################################################
58 |         # Connections
59 |         ##################################################
60 |         self.msg_connect((self.ieee802_15_4_access_code_prefixer_0, 'out'), (self.blocks_pdu_to_tagged_stream_0_0_0, 'pdus'))
61 |         self.msg_connect((self.ieee802_15_4_packet_sink_0, 'out'), (self, 'rxout'))
62 |         self.msg_connect((self, 'txin'), (self.ieee802_15_4_access_code_prefixer_0, 'in'))
63 |         self.connect((self.analog_quadrature_demod_cf_0, 0), (self.blocks_sub_xx_0, 0))
64 |         self.connect((self.analog_quadrature_demod_cf_0, 0), (self.single_pole_iir_filter_xx_0, 0))
65 |         self.connect((self.blocks_complex_to_float_0, 1), (self.blocks_delay_0, 0))
66 |         self.connect((self.blocks_complex_to_float_0, 0), (self.blocks_float_to_complex_0, 0))
67 |         self.connect((self.blocks_delay_0, 0), (self.blocks_float_to_complex_0, 1))
68 |         self.connect((self.blocks_float_to_complex_0, 0), (self.foo_burst_tagger_0, 0))
69 |         self.connect((self.blocks_multiply_xx_0, 0), (self.blocks_complex_to_float_0, 0))
70 |         self.connect((self.blocks_packed_to_unpacked_xx_0, 0), (self.digital_chunks_to_symbols_xx_0, 0))
71 |         self.connect((self.blocks_pdu_to_tagged_stream_0_0_0, 0), (self.blocks_packed_to_unpacked_xx_0, 0))
72 |         self.connect((self.blocks_repeat_0, 0), (self.blocks_multiply_xx_0, 1))
73 |         self.connect((self.blocks_sub_xx_0, 0), (self.digital_clock_recovery_mm_xx_0, 0))
74 |         self.connect((self.blocks_vector_source_x_0, 0), (self.blocks_multiply_xx_0, 0))
75 |         self.connect((self.digital_chunks_to_symbols_xx_0, 0), (self.blocks_repeat_0, 0))
76 |         self.connect((self.digital_clock_recovery_mm_xx_0, 0), (self.ieee802_15_4_packet_sink_0, 0))
77 |         self.connect((self.foo_burst_tagger_0, 0), (self, 0))
78 |         self.connect((self, 0), (self.analog_quadrature_demod_cf_0, 0))
79 |         self.connect((self.single_pole_iir_filter_xx_0, 0), (self.blocks_sub_xx_0, 1))
80 | 
81 |     def get_samp_rate(self):
82 |         return self.samp_rate
83 | 
84 |     def set_samp_rate(self, samp_rate):
85 |         self.samp_rate = samp_rate
86 | 


--------------------------------------------------------------------------------
/rf4ce/rf4ce.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | """
  3 | Classes aimed at parsing and crafting RF4CE payloads.
  4 | """
  5 | 
  6 | from __future__ import (absolute_import, division,
  7 |                         print_function, unicode_literals)
  8 | from builtins import *
  9 | 
 10 | import struct
 11 | import binascii
 12 | 
 13 | from Crypto.Cipher import AES
 14 | from Crypto.Util.strxor import strxor
 15 | import huepy as hue
 16 | 
 17 | class Rf4ceConstants(object):
 18 | 	FRAME_TYPE_RESERVED = 0b00
 19 | 	FRAME_TYPE_DATA = 0b01
 20 | 	FRAME_TYPE_COMMAND = 0b10
 21 | 	FRAME_TYPE_VENDOR = 0b11
 22 | 
 23 | 
 24 | def address_to_raw(address):
 25 | 	"""Converts a string representation of a MAC address
 26 | 	to bytes"""
 27 | 	return bytes([int(n, 16) for n in address.split(":")][::-1])
 28 | 
 29 | 
 30 | def pad128(data):
 31 | 	"""Pads data so its length is a multiple of 128"""
 32 | 	return data + b'\x00' * (16 - (len(data) % 16)) 
 33 | 
 34 | 
 35 | class Rf4ceException(Exception):
 36 | 	pass
 37 | 
 38 | 
 39 | class Rf4ceNode(object):
 40 | 
 41 | 	"""Describes a RF4CE node (target or originator)"""
 42 | 
 43 | 	def __init__(self, long_address, short_address):
 44 | 
 45 | 		if isinstance(long_address, int):
 46 | 			mac = "{:016x}".format(long_address)
 47 | 			mac = ':'.join(mac[i:i+2] for i in range(0, len(mac), 2))
 48 | 			self.long_address = mac
 49 | 		else:
 50 | 			self.long_address = long_address
 51 | 		self.short_address = short_address
 52 | 	
 53 | 	def get_long_address(self):
 54 | 		return self.long_address
 55 | 
 56 | 	def get_short_address(self):
 57 | 		return self.short_address
 58 | 
 59 | 	def __repr__(self):
 60 | 		repr = []
 61 | 		if self.long_address:
 62 | 			repr.append(self.long_address)
 63 | 		if self.short_address:
 64 | 			repr.append(hue.italic("0x{:x}".format(self.short_address)))
 65 | 		return " - ".join(repr)
 66 | 
 67 | 
 68 | class Rf4ceAES(object):
 69 | 
 70 | 	"""Implements the algorythm used by RF4CE to cipher payload"""
 71 | 
 72 | 	def __init__(self, key, source, destination):
 73 | 		self.source = address_to_raw(source.get_long_address())
 74 | 		self.destination = address_to_raw(destination.get_long_address())
 75 | 		self.cipher_engine = AES.new(key, AES.MODE_ECB)
 76 | 
 77 | 		self.M = 4
 78 | 
 79 | 	def E(self, data):
 80 | 		return self.cipher_engine.encrypt(data)
 81 | 
 82 | 	def gen_nonce(self, frame_counter_value):
 83 | 		frame_counter = struct.pack("I", frame_counter_value)
 84 | 		security_level = b'\x05'
 85 | 		return self.source + frame_counter + security_level
 86 | 		
 87 | 	def gen_a(self, frame_control_value, frame_counter_value):
 88 | 		frame_control = struct.pack("B", frame_control_value)
 89 | 		frame_counter = struct.pack("I", frame_counter_value)
 90 | 		return frame_control + frame_counter + self.destination
 91 | 
 92 | 	def gen_auth(self, plain_text, frame_control_value, frame_counter_value):
 93 | 		a = self.gen_a(frame_control_value, frame_counter_value)
 94 | 		nonce = self.gen_nonce(frame_counter_value)
 95 | 		
 96 | 		auth_data = pad128(struct.pack(">H", len(a)) + a)
 97 | 		auth_data += pad128(plain_text)
 98 | 
 99 | 		B = b'\x49' + nonce + struct.pack(">H", len(plain_text))
100 | 		X = b'\x00' * 16
101 | 		X = self.E(strxor(X, B))
102 | 		for i in range(1, len(auth_data) // 16 + 1):
103 | 			B = auth_data[(i-1)*16:i*16]
104 | 			X = self.E(strxor(X, B))		
105 | 
106 | 		return X[:self.M]
107 | 
108 | 	def cipher(self, plain_text, frame_control_value, frame_counter_value):
109 | 		nonce = self.gen_nonce(frame_counter_value)
110 | 
111 | 		T = self.gen_auth(plain_text, frame_control_value, frame_counter_value)
112 | 
113 | 		padded_data = pad128(plain_text)
114 | 
115 | 		flags = b'\x01'
116 | 		A = [flags + nonce + struct.pack(">H", counter) for counter in range(len(padded_data)//16 + 1)]
117 | 
118 | 		U = strxor(T, self.E(A[0])[:self.M])
119 | 
120 | 		ciphered_data = b''
121 | 		for i in range(1, len(padded_data)//16 + 1):
122 | 			data_chunck = padded_data[(i-1)*16:i*16]
123 | 			ciphered_data += strxor(self.E(A[i]), data_chunck)
124 | 
125 | 		ciphered_data = ciphered_data[:len(plain_text)]
126 | 
127 | 		return ciphered_data + U
128 | 
129 | 	def decipher(self, data, frame_control_value, frame_counter_value):
130 | 
131 | 		nonce = self.gen_nonce(frame_counter_value)
132 | 
133 | 		padded_C = pad128(data[:len(data)-self.M])
134 | 		U = data[len(data)-self.M:]
135 | 
136 | 		flags = b'\x01'
137 | 		A = [flags + nonce + struct.pack(">H", counter) for counter in range(len(padded_C)//16 + 1)]
138 | 
139 | 		T = strxor(U, self.E(A[0])[:self.M])
140 | 
141 | 		plain_text = b''
142 | 		for i in range(1, len(padded_C)//16 + 1):
143 | 			data_chunck = padded_C[(i-1)*16:i*16]
144 | 			plain_text += strxor(self.E(A[i]), data_chunck)
145 | 
146 | 		plain_text = plain_text[:len(data)-self.M]
147 | 
148 | 		if self.gen_auth(plain_text, frame_control_value, frame_counter_value) != T:
149 | 			raise Rf4ceException("Frame authentification error")
150 | 
151 | 		return plain_text
152 | 
153 | 
154 | class Rf4ceFrame(object):
155 | 
156 | 	"""Describes a RF4CE frame"""
157 | 
158 | 	def __init__(self):
159 | 		self.source = None
160 | 		self.destination = None
161 | 		self.frame_type = Rf4ceConstants.FRAME_TYPE_RESERVED
162 | 		self.frame_ciphered = False
163 | 		self.protocol_version = 1
164 | 		self.channel_designator = 0
165 | 		self.frame_counter = 0
166 | 		self.payload = None
167 | 		self.profile_indentifier = 0x1
168 | 		self.key = None
169 | 
170 | 	def get_frame_control(self):
171 | 		"""Generates the frame control byte from the frame's parameters"""
172 | 		frame_control = self.frame_type
173 | 		frame_control |= self.frame_ciphered << 2
174 | 		frame_control |= self.protocol_version << 3
175 | 		frame_control |= 1 << 5
176 | 		frame_control |= self.channel_designator << 6
177 | 
178 | 		return frame_control
179 | 
180 | 	def pack(self):
181 | 		"""Returns a string representation of the RF4CE frame
182 | 
183 | 		The string representation returned by this function can be
184 | 		encapsulated into a 802.15.4 packet.
185 | 		"""
186 | 		result = struct.pack("B", self.get_frame_control())
187 | 		result += struct.pack("I", self.frame_counter)
188 | 
189 | 		if self.frame_type == Rf4ceConstants.FRAME_TYPE_COMMAND:
190 | 			data = struct.pack("B", self.command) + self.payload
191 | 			if self.frame_ciphered:
192 | 				cipher = Rf4ceAES(self.key, self.source, self.destination)
193 | 				result += cipher.cipher(data, self.get_frame_control(), self.frame_counter)
194 | 			else:
195 | 				result += data
196 | 
197 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_DATA:
198 | 			result += struct.pack("B", self.profile_indentifier)
199 | 			data = self.payload
200 | 			if self.frame_ciphered:
201 | 				cipher = Rf4ceAES(self.key, self.source, self.destination)
202 | 				result += cipher.cipher(data, self.get_frame_control(), self.frame_counter)
203 | 			else:
204 | 				result += data
205 | 
206 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_VENDOR:
207 | 			result += struct.pack("B", self.profile_indentifier)
208 | 			result += struct.pack("H", self.vendor_indentifier)
209 | 			
210 | 			data = self.payload
211 | 			if self.frame_ciphered:
212 | 				cipher = Rf4ceAES(self.key, self.source, self.destination)
213 | 				result += cipher.cipher(data, self.get_frame_control(), self.frame_counter)
214 | 			else:
215 | 				result += data
216 | 
217 | 		return result
218 | 
219 | 	def parse_from_string(self, data, source, destination, key=None):
220 | 		"""Parses a string representation of a RF4CE frame"""
221 | 		if key:
222 | 			self.key = binascii.unhexlify(key)
223 | 
224 | 		self.source = source
225 | 		self.destination = destination
226 | 
227 | 		frame_control = data[0]
228 | 
229 | 		self.frame_type = frame_control & 0b11
230 | 		
231 | 		if self.frame_type == Rf4ceConstants.FRAME_TYPE_RESERVED:
232 | 			raise Rf4ceException("Unknown frame type")
233 | 
234 | 		if (data[0] & (1 << 2)):
235 | 			self.frame_ciphered = True
236 | 		else:
237 | 			self.frame_ciphered = False
238 | 		
239 | 		self.protocol_version = (frame_control >> 3) & 0b11
240 | 
241 | 		self.channel_designator = (frame_control >> 6) & 0b11
242 | 
243 | 		self.frame_counter = struct.unpack("I", data[1:5])[0]
244 | 
245 | 		if self.frame_type == Rf4ceConstants.FRAME_TYPE_DATA:
246 | 			self.data_frame_from_string(data)
247 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_COMMAND:
248 | 			self.command_frame_from_string(data)
249 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_VENDOR:
250 | 			self.data_frame_from_string(data, True)
251 | 
252 | 	def data_frame_from_string(self, data, vendor_specific=False):
253 | 		"""Parses a RF4CE data pyload from a string"""
254 | 		self.profile_indentifier = data[5]
255 | 		if vendor_specific:
256 | 			self.vendor_indentifier = struct.unpack("H", data[6:8])[0]
257 | 			raw_payload = data[8:]
258 | 		else:
259 | 			raw_payload = data[6:]
260 | 
261 | 		if self.frame_ciphered:
262 | 			if not self.key:
263 | 				raise Rf4ceException("Missing key")
264 | 			cipher = Rf4ceAES(self.key, self.source, self.destination)
265 | 			self.payload = cipher.decipher(raw_payload, self.get_frame_control(), self.frame_counter)
266 | 		else:
267 | 			self.payload = raw_payload
268 | 
269 | 	def command_frame_from_string(self, data):
270 | 		"""Parses a RF4CE command pyload from a string"""
271 | 		raw_payload = data[5:]
272 | 		if self.frame_ciphered:
273 | 			if not self.key:
274 | 				raise Rf4ceException("Missing key")
275 | 			cipher = Rf4ceAES(self.key, self.source, self.destination)
276 | 			command_data = cipher.decipher(raw_payload, self.get_frame_control(), self.frame_counter)
277 | 		else:
278 | 			command_data = raw_payload
279 | 
280 | 		self.command = bytes(command_data)[0]
281 | 		self.payload = command_data[1:]
282 | 
283 | 	def __repr__(self):
284 | 		if self.frame_type == Rf4ceConstants.FRAME_TYPE_DATA:
285 | 			type = hue.lightblue("DATA") + " - "
286 | 			type += "profile:" + hue.lightblue("0x{:x}".format(self.profile_indentifier))
287 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_COMMAND:
288 | 			type = hue.lightblue("COMMAND") + " - "
289 | 			type += "cmd:" + hue.lightblue("0x{:x}".format(self.command))
290 | 		elif self.frame_type == Rf4ceConstants.FRAME_TYPE_VENDOR:
291 | 			type = hue.lightblue("VENDOR") + " - "
292 | 			type += "profile:" + hue.lightblue("0x{:x}").format(self.profile_indentifier)
293 | 			type += " - vendor:" + hue.lightblue("0x{:x}".format(self.vendor_indentifier))
294 | 
295 | 		data = hue.bold(binascii.hexlify(self.payload).decode())
296 | 		counter = hue.lightblue("0x{:x}".format(self.frame_counter))
297 | 
298 | 		result = "({}) -> ({}) : ".format(self.source, self.destination)
299 | 		result += "[{} - counter:{}] : {}".format(type, counter, data)
300 | 
301 | 		return result
302 | 


--------------------------------------------------------------------------------
/injector.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python2
  2 | # -*- coding: utf-8 -*-
  3 | """
  4 | Injects arbitrary RF4CE packets. Support encryption.
  5 | """
  6 | 
  7 | from __future__ import (absolute_import,
  8 |                         print_function, unicode_literals)
  9 | from builtins import *
 10 | 
 11 | import argparse
 12 | import time
 13 | from datetime import datetime
 14 | import binascii
 15 | import readline
 16 | 
 17 | from rf4ce import Dot15d4FCS, Dot15d4Data, Raw, makeFCS
 18 | from rf4ce import LinkConfig, Rf4ceFrame, Rf4ceConstants
 19 | from rf4ce.radio import TxFlow
 20 | from rf4ce.packetprocessor import PacketProcessor
 21 | import huepy as hue
 22 | 
 23 | 
 24 | class AckProcessor(PacketProcessor):
 25 | 
 26 | 	"""ACK processor thread
 27 | 
 28 | 	Thread processing incomming ACK
 29 | 	Full-duplex SDR is needed for this to work
 30 | 	"""
 31 | 
 32 | 	def __init__(self):
 33 | 		PacketProcessor.__init__(self)
 34 | 		self.last_ack = -1
 35 | 
 36 | 	def process(self, data):
 37 | 		"""Parses a 802.15.4 ACK and extract the seqnum"""
 38 | 
 39 | 		# Check if the 802.15.4 packet is valid
 40 | 		if makeFCS(data[:-2]) != data[-2:]:
 41 | 			print(hue.bad("Received invalid packet"))
 42 | 			return
 43 | 
 44 | 		packet = Dot15d4FCS(data)
 45 | 
 46 | 		if packet.fcf_frametype == 2: # ACK
 47 | 			self.last_ack = packet.seqnum
 48 | 
 49 | 	def get_last_ack(self):
 50 | 		"""Returns the seqnum of the last received ACK"""
 51 | 		return self.last_ack
 52 | 
 53 | 
 54 | class InjectorCmd(object):
 55 | 
 56 | 	"""Injector command object
 57 | 
 58 | 	Contains the command & arguments of all possible
 59 | 	injector commands
 60 | 	"""
 61 | 
 62 | 	PACKET = 1
 63 | 	PROFILE = 2
 64 | 	COUNTER = 3
 65 | 	DELAY = 4
 66 | 	CIPHERED = 5
 67 | 	HELP = 6
 68 | 
 69 | 	def to_int(self, n):
 70 | 		if type(n) == int:
 71 | 			return n
 72 | 		if n.startswith("0x"):
 73 | 			return int(n, 16)
 74 | 		else:
 75 | 			return int(n)
 76 | 
 77 | 	def to_bool(self, r):
 78 | 		if type(r) == bool:
 79 | 			return r
 80 | 		n = self.to_int(r)
 81 | 		if not n in (0, 1):
 82 | 			raise ValueError()
 83 | 		return n == 1
 84 | 
 85 | 	def __init__(self, cmd, arg):
 86 | 		self.action = cmd
 87 | 
 88 | 		if self.action == self.PROFILE:
 89 | 			self.arg = self.to_int(arg)
 90 | 		elif self.action == self.COUNTER:
 91 | 			self.arg = self.to_int(arg)
 92 | 		elif self.action == self.DELAY:
 93 | 			self.arg = float(arg)
 94 | 		elif self.action == self.CIPHERED:
 95 | 			self.arg = self.to_bool(arg)
 96 | 		else:
 97 | 			self.arg = arg
 98 | 
 99 | 
100 | class Injector(object):
101 | 
102 | 	"""Injector util main class"""
103 | 
104 | 	def __init__(self, link_config, channel, sdr_device):
105 | 		self.link_config = link_config
106 | 		self.sdr_device = sdr_device
107 | 
108 | 		# Build a RF4CE data frame based on the link configuration
109 | 		self.rf4ce_frame = Rf4ceFrame()
110 | 		self.rf4ce_frame.source = self.link_config.source
111 | 		self.rf4ce_frame.destination = self.link_config.destination
112 | 		self.rf4ce_frame.frame_type = Rf4ceConstants.FRAME_TYPE_DATA
113 | 		if self.link_config.key:
114 | 			self.rf4ce_frame.frame_ciphered = True
115 | 			self.rf4ce_frame.key = binascii.unhexlify(self.link_config.key)
116 | 		else:
117 | 			self.rf4ce_frame.frame_ciphered = False
118 | 		self.rf4ce_frame.frame_counter = self.link_config.frame_counter
119 | 
120 | 		self.seqnum = 0
121 | 		
122 | 		# inter-packet delay
123 | 		self.packet_delay = 0.1
124 | 
125 | 		# Pluto-sdr support full duplex
126 | 		# ACK can be received
127 | 		if self.sdr_device == "pluto-sdr":
128 | 			self.ack_processor = AckProcessor()
129 | 		else:
130 | 			self.ack_processor = None
131 | 
132 | 		self.tb = TxFlow(channel, self.ack_processor, self.sdr_device)
133 | 
134 | 	def run(self):
135 | 		self.log("SRC:({}) -> DST:({})".format(self.link_config.source,
136 | 			self.link_config.destination), hue.info)
137 | 		if not self.link_config.key:
138 | 			self.log("No secured configuration provided. Will only send plaintext packets.", hue.info)
139 | 		self.log("Loading last frame counter: {}".format(self.link_config.frame_counter), hue.info)
140 | 		self.help()
141 | 
142 | 		self.tb.start()
143 | 		if self.ack_processor:
144 | 			self.ack_processor.start()
145 | 
146 | 		# Main loop, iterate through user-supplied commands
147 | 		for cmd in self.prompt():
148 | 			if cmd.action == InjectorCmd.PACKET:
149 | 				self.seqnum = (self.seqnum + 1) % 255
150 | 				self.rf4ce_frame.frame_counter += 1
151 | 				self.rf4ce_frame.payload = cmd.arg
152 | 				data = self.gen_ieee_packet(self.rf4ce_frame.pack())
153 | 
154 | 				self.log("Transmitting {}".format(binascii.hexlify(data)), hue.info)
155 | 
156 | 				if self.sdr_device == "pluto-sdr":
157 | 					self.ack_transmit(data)
158 | 				else:
159 | 					self.tb.transmit(data)
160 | 				
161 | 				time.sleep(self.packet_delay)
162 | 
163 | 			elif cmd.action == InjectorCmd.PROFILE:
164 | 				self.log("Set profile to 0x{:02x}".format(cmd.arg), hue.info)
165 | 				self.rf4ce_frame.profile_indentifier = cmd.arg
166 | 
167 | 			elif cmd.action == InjectorCmd.COUNTER:
168 | 				self.log("Set counter to {}".format(cmd.arg), hue.info)
169 | 				self.rf4ce_frame.frame_counter = cmd.arg
170 | 
171 | 			elif cmd.action == InjectorCmd.DELAY:
172 | 				self.log("Set delay to {}".format(cmd.arg), hue.info)
173 | 				self.packet_delay = cmd.arg
174 | 
175 | 			elif cmd.action == InjectorCmd.CIPHERED:
176 | 				self.log("Set ciphered to {}".format(cmd.arg), hue.info)
177 | 				if cmd.arg:
178 | 					if not link_config.key:
179 | 						self.log("No key provided. Cannot send ciphered packets.", hue.bad)
180 | 					else:
181 | 						self.rf4ce_frame.frame_ciphered = True
182 | 				else:
183 | 					self.rf4ce_frame.frame_ciphered = False
184 | 
185 | 			elif cmd.action == InjectorCmd.HELP:
186 | 				self.help()
187 | 
188 | 		self.link_config.frame_counter = self.rf4ce_frame.frame_counter
189 | 		self.log("Saving last frame counter: {}".format(self.link_config.frame_counter), hue.info)
190 | 		self.link_config.save()
191 | 
192 | 		if self.sdr_device == "pluto-sdr":
193 | 			self.ack_processor.stop()
194 | 
195 | 		self.tb.stop()
196 | 		self.tb.wait()
197 | 
198 | 	def help(self):
199 | 		help_text = """
200 | 	Available commands:
201 | 
202 | 	    counter <value>      Set the frame counter value
203 | 
204 | 	    delay <value>        Minimum delay between packet (seconds)
205 | 
206 | 	    ciphered [0, 1]      Send AES ciphered payloads of cleartext payloads. 
207 | 	                         Only possible if a key has been configured
208 | 
209 | 	    profile <profile>    Select a profile number
210 | 
211 | 	    exit
212 | 
213 | 	Other inputs will be considered as data to be sent.
214 | 		"""
215 | 		print(help_text)
216 | 
217 | 
218 | 	def prompt(self):
219 | 		"""Generates the injector util prompt"""
220 | 		while True:
221 | 			try:
222 | 				if self.rf4ce_frame.frame_ciphered:
223 | 					ciphered_status = "ciphered"
224 | 				else:
225 | 					ciphered_status = "plain"
226 | 				a = hue.lightblue("{}".format(self.rf4ce_frame.frame_counter))
227 | 				b = hue.lightblue("0x{:02x}".format(self.rf4ce_frame.profile_indentifier))
228 | 				c = hue.lightblue(ciphered_status)
229 | 				cmd = raw_input("({} - {} - {})>>> ".format(a, b, c))
230 | 			except KeyboardInterrupt:
231 | 				raise StopIteration
232 | 
233 | 			if cmd.startswith("profile"):
234 | 				try:
235 | 					yield InjectorCmd(InjectorCmd.PROFILE, cmd.split()[1])
236 | 				except:
237 | 					self.log("Malformed command", hue.bad)
238 | 					continue
239 | 
240 | 			elif cmd.startswith("counter"):
241 | 				try:
242 | 					yield InjectorCmd(InjectorCmd.COUNTER, cmd.split()[1])
243 | 				except:
244 | 					self.log("Malformed command", hue.bad)
245 | 					continue
246 | 
247 | 			elif cmd.startswith("delay"):
248 | 				try:
249 | 					yield InjectorCmd(InjectorCmd.DELAY, cmd.split()[1])
250 | 				except:
251 | 					self.log("Malformed command", hue.bad)
252 | 					continue
253 | 
254 | 			elif cmd.startswith("ciphered"):
255 | 				try:
256 | 					yield InjectorCmd(InjectorCmd.CIPHERED, cmd.split()[1])
257 | 				except:
258 | 					self.log("Malformed command", hue.bad)
259 | 					continue
260 | 
261 | 			elif cmd.startswith("help"):
262 | 				yield InjectorCmd(InjectorCmd.HELP, None)
263 | 
264 | 			elif cmd.startswith("exit"):
265 | 				raise StopIteration
266 | 
267 | 			else:
268 | 				for packet in cmd.split():
269 | 					try:
270 | 						data = binascii.unhexlify(packet)
271 | 					except:
272 | 						self.log("Malformed command", hue.bad)
273 | 						continue
274 | 					yield InjectorCmd(InjectorCmd.PACKET, data)
275 | 
276 | 	def gen_ieee_packet(self, data):
277 | 		"""Encapsulates data into a 802.15.4 packet"""
278 | 		packet = Dot15d4FCS() / Dot15d4Data() / Raw(load=data)
279 | 
280 | 		packet.fcf_srcaddrmode = 2
281 | 		packet.fcf_destaddrmode = 2
282 | 
283 | 		packet.fcf_panidcompress = True
284 | 		packet.fcf_ackreq = True
285 | 		packet.seqnum = self.seqnum
286 | 
287 | 		packet.dest_panid = self.link_config.dest_panid
288 | 
289 | 		packet.dest_addr = self.link_config.destination.get_short_address()
290 | 		packet.src_addr = self.link_config.source.get_short_address()
291 | 
292 | 		return packet.build()
293 | 
294 | 	def ack_transmit(self, data, max_freq_retry=5, max_tx_retry=10):
295 | 		"""Transmit data with ACK check
296 | 
297 | 		Tries to transmit a packet until a ACK is received
298 | 		Full-duplex SDR is needed for this to work
299 | 		"""
300 | 		transmit_success = False
301 | 		for freq_retry in range(max_freq_retry):
302 | 			for tx_retry in range(max_tx_retry):
303 | 				self.tb.transmit(data)
304 | 				time.sleep(0.15)
305 | 				if self.ack_processor.get_last_ack() != self.seqnum:
306 | 					self.log("Warning: no ACK received, retrying", hue.bad)
307 | 				else:
308 | 					self.log("ACK received", hue.good)
309 | 					transmit_success = True
310 | 					return True
311 | 			self.log("Warning: switching frequency", hue.bad)
312 | 			self.tb.frequency_switch()
313 | 		return False
314 | 
315 | 	def log(self, data, format=None):
316 | 		if format:
317 | 			print(format("[{}] {}".format(datetime.now(), data)))
318 | 		else:
319 | 			print("[{}] {}".format(datetime.now(), data))
320 | 
321 | 
322 | if __name__ == '__main__':
323 | 
324 | 	parser = argparse.ArgumentParser()
325 | 	parser.add_argument("config_file", help="JSON file containing link information")
326 | 	parser.add_argument("-c", "--channel", help="RF4CE channel (default: 15)", type=int,
327 | 		choices=[15, 20, 25], default=15)
328 | 	parser.add_argument("-s", "--sdr", help="SDR Device to use (default: pluto-sdr)", 
329 | 		choices=["hackrf", "pluto-sdr"], default="pluto-sdr")
330 | 	args = parser.parse_args()
331 | 
332 | 	try:
333 | 		link_config = LinkConfig(args.config_file)
334 | 	except:
335 | 		print(hue.bad("Cannot load configuration file"))
336 | 		exit(-1)
337 | 
338 | 	print(link_config)
339 | 
340 | 	injector = Injector(link_config, args.channel, args.sdr)
341 | 	injector.run()
342 | 


--------------------------------------------------------------------------------
/rf4ce/radio.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | """
  3 | Low level gnuradio graphs for 802.15.4.
  4 | """
  5 | 
  6 | from math import pi, sin
  7 | import numpy
  8 | 
  9 | from gnuradio import blocks
 10 | from gnuradio import digital
 11 | from gnuradio import eng_notation
 12 | from gnuradio import gr
 13 | from gnuradio import iio
 14 | from gnuradio.eng_option import eng_option
 15 | from gnuradio.filter import firdes
 16 | import es
 17 | import foo
 18 | import ieee802_15_4
 19 | import osmosdr
 20 | import pmt
 21 | 
 22 | from autognuradio.ieee802_15_4_oqpsk_phy import ieee802_15_4_oqpsk_phy
 23 | 
 24 | 
 25 | class TxFlow(gr.top_block):
 26 | 
 27 | 	def __init__(self, channel, processor, sdr_device="pluto-sdr"):
 28 | 		gr.top_block.__init__(self, "Tx Flow")
 29 | 
 30 | 		##################################################
 31 | 		# Variables
 32 | 		##################################################
 33 | 		self.channel = channel
 34 | 		self.sdr_device = sdr_device
 35 | 		self.processor = processor
 36 | 
 37 | 		##################################################
 38 | 		# Blocks
 39 | 		##################################################
 40 | 		if self.sdr_device == "hackrf":
 41 | 			self.sdr_sink = osmosdr.sink(args="numchan=1")
 42 | 			self.sdr_sink.set_sample_rate(4e6)
 43 | 			self.sdr_sink.set_center_freq(self.get_center_freq(), 0)
 44 | 			self.sdr_sink.set_freq_corr(0, 0)
 45 | 			self.sdr_sink.set_gain(10, 0)
 46 | 			self.sdr_sink.set_if_gain(20, 0)
 47 | 			self.sdr_sink.set_bb_gain(20, 0)
 48 | 			self.sdr_sink.set_antenna('', 0)
 49 | 			self.sdr_sink.set_bandwidth(0, 0)
 50 | 		elif self.sdr_device == "pluto-sdr":
 51 | 			self.sdr_sink = iio.pluto_sink('192.168.2.1', self.get_center_freq(),
 52 | 				int(4e6), int(4e6), 0x8000, False, 0, '', True)
 53 | 			self.sdr_source = iio.pluto_source('192.168.2.1', self.get_center_freq(),
 54 | 				int(4e6), int(4e6), 0x8000, True, True, True, "manual", 50, '', True)
 55 | 
 56 | 		self.ieee802_15_4_access_code_prefixer_0 = ieee802_15_4.access_code_prefixer()
 57 | 		self.es_source_0 = es.source(1*[gr.sizeof_gr_complex], 1, 2, 0)
 58 | 		self.digital_chunks_to_symbols_xx_0 = digital.chunks_to_symbols_bc(([(1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (1-1j), (-1+1j), (1+1j), (-1-1j), (-1-1j), (1+1j), (-1+1j), (-1+1j), (-1-1j), (1-1j), (-1-1j), (1-1j), (1+1j), (1-1j), (1+1j), (-1+1j), (1+1j), (-1-1j), (1-1j), (-1+1j), (-1+1j), (1-1j), (-1-1j), (-1-1j), (-1+1j), (1+1j), (-1+1j), (1+1j), (1-1j), (1+1j), (1-1j), (-1-1j)]), 16)
 59 | 		self.blocks_vector_source_x_0 = blocks.vector_source_c([0, sin(pi/4), 1, sin(3*pi/4)], True, 1, [])
 60 | 		self.blocks_tagged_stream_to_pdu_0 = blocks.tagged_stream_to_pdu(blocks.complex_t, 'pdu_length')
 61 | 		self.blocks_tagged_stream_multiply_length_0 = blocks.tagged_stream_multiply_length(gr.sizeof_gr_complex*1, 'pdu_length', 128)
 62 | 		self.blocks_tagged_stream_multiply_length_0.set_min_output_buffer(20000)
 63 | 		self.blocks_repeat_0 = blocks.repeat(gr.sizeof_gr_complex*1, 4)
 64 | 		self.blocks_pdu_to_tagged_stream_0_0_0 = blocks.pdu_to_tagged_stream(blocks.byte_t, 'pdu_length')
 65 | 		self.blocks_packed_to_unpacked_xx_0 = blocks.packed_to_unpacked_bb(4, gr.GR_LSB_FIRST)
 66 | 		self.blocks_multiply_xx_0 = blocks.multiply_vcc(1)
 67 | 		self.blocks_float_to_complex_0 = blocks.float_to_complex(1)
 68 | 		self.blocks_delay_0 = blocks.delay(gr.sizeof_float*1, 2)
 69 | 		self.blocks_complex_to_float_0 = blocks.complex_to_float(1)
 70 | 
 71 | 		self.msg_in_0 = msg_block_source()
 72 | 
 73 | 		if self.sdr_device == "pluto-sdr":
 74 | 			self.ieee802_15_4_oqpsk_phy_0 = ieee802_15_4_oqpsk_phy()
 75 | 			self.blocks_null_sink_0 = blocks.null_sink(gr.sizeof_gr_complex*1)
 76 | 
 77 | 			self.msg_out_0 = msg_sink_block(self.processor)
 78 | 
 79 | 		##################################################
 80 | 		# Connections
 81 | 		##################################################
 82 | 		self.msg_connect((self.blocks_tagged_stream_to_pdu_0, 'pdus'), (self.es_source_0, 'schedule_event'))
 83 | 		self.msg_connect((self.ieee802_15_4_access_code_prefixer_0, 'out'), (self.blocks_pdu_to_tagged_stream_0_0_0, 'pdus'))
 84 | 		self.msg_connect((self.msg_in_0, 'msg_out'), (self.ieee802_15_4_access_code_prefixer_0, 'in'))
 85 | 		self.connect((self.blocks_complex_to_float_0, 1), (self.blocks_delay_0, 0))
 86 | 		self.connect((self.blocks_complex_to_float_0, 0), (self.blocks_float_to_complex_0, 0))
 87 | 		self.connect((self.blocks_delay_0, 0), (self.blocks_float_to_complex_0, 1))
 88 | 		self.connect((self.blocks_float_to_complex_0, 0), (self.sdr_sink, 0))
 89 | 		self.connect((self.blocks_multiply_xx_0, 0), (self.blocks_tagged_stream_multiply_length_0, 0))
 90 | 		self.connect((self.blocks_packed_to_unpacked_xx_0, 0), (self.digital_chunks_to_symbols_xx_0, 0))
 91 | 		self.connect((self.blocks_pdu_to_tagged_stream_0_0_0, 0), (self.blocks_packed_to_unpacked_xx_0, 0))
 92 | 		self.connect((self.blocks_repeat_0, 0), (self.blocks_multiply_xx_0, 1))
 93 | 		self.connect((self.blocks_tagged_stream_multiply_length_0, 0), (self.blocks_tagged_stream_to_pdu_0, 0))
 94 | 		self.connect((self.blocks_vector_source_x_0, 0), (self.blocks_multiply_xx_0, 0))
 95 | 		self.connect((self.digital_chunks_to_symbols_xx_0, 0), (self.blocks_repeat_0, 0))
 96 | 		self.connect((self.es_source_0, 0), (self.blocks_complex_to_float_0, 0))
 97 | 
 98 | 		if self.sdr_device == "pluto-sdr":
 99 | 			self.msg_connect((self.ieee802_15_4_oqpsk_phy_0, 'rxout'), (self.msg_out_0, 'msg_in'))
100 | 			self.connect((self.ieee802_15_4_oqpsk_phy_0, 0), (self.blocks_null_sink_0, 0))
101 | 			self.connect((self.sdr_source, 0), (self.ieee802_15_4_oqpsk_phy_0, 0))
102 | 
103 | 
104 | 	def get_channel(self):
105 | 		return self.channel
106 | 
107 | 	def set_channel(self, channel):
108 | 		self.channel = channel
109 | 		if self.sdr_device == "hackrf":
110 | 			self.sdr_source.set_center_freq(self.get_center_freq())
111 | 		elif self.sdr_device == "pluto-sdr":
112 | 			self.sdr_source.set_params(self.get_center_freq(),
113 | 					int(4e6), int(20e6), True, True, True, "manual", 50, '', True)
114 | 			self.sdr_sink.set_params(self.get_center_freq(), int(4e6), int(20e6), 0, '', True)
115 | 
116 | 	def frequency_switch(self):
117 | 		channels = [15, 20, 25]
118 | 		i = channels.index(self.get_channel())
119 | 		self.set_channel(channels[(i+1)%3])
120 | 
121 | 	def get_center_freq(self):
122 | 		return 1000000 * (2400 + 5 * (self.channel - 10))
123 | 
124 | 
125 | 	def transmit(self, data):
126 | 		self.msg_in_0.transmit(data)
127 | 
128 | 
129 | class RxFlow(gr.top_block):
130 | 
131 | 	def __init__(self, channel, processor, device="pluto-sdr"):
132 | 		gr.top_block.__init__(self, "Sniffer Flow")
133 | 
134 | 		self.processor = processor
135 | 
136 | 		##################################################
137 | 		# Variables
138 | 		##################################################
139 | 		self.channel = channel
140 | 		self.device = device
141 | 
142 | 		##################################################
143 | 		# Blocks
144 | 		##################################################
145 | 		if self.device == "hackrf":
146 | 			self.sdr_source = osmosdr.source(args="numchan=1")
147 | 			self.sdr_source.set_sample_rate(4e6)
148 | 			self.sdr_source.set_center_freq(self.get_center_freq(), 0)
149 | 			self.sdr_source.set_freq_corr(0, 0)
150 | 			self.sdr_source.set_dc_offset_mode(0, 0)
151 | 			self.sdr_source.set_iq_balance_mode(0, 0)
152 | 			self.sdr_source.set_gain_mode(False, 0)
153 | 			self.sdr_source.set_gain(14, 0)
154 | 			self.sdr_source.set_if_gain(16, 0)
155 | 			self.sdr_source.set_bb_gain(16, 0)
156 | 			self.sdr_source.set_antenna('', 0)
157 | 			self.sdr_source.set_bandwidth(0, 0)
158 | 		elif self.device == "pluto-sdr":
159 | 			self.sdr_source = iio.pluto_source('192.168.2.1', self.get_center_freq(),
160 | 				int(4e6), int(20e6), 0x8000, True, True, True, "manual", 50, '', True)
161 | 
162 | 
163 | 		self.ieee802_15_4_oqpsk_phy_0 = ieee802_15_4_oqpsk_phy()
164 | 		self.blocks_null_sink_0 = blocks.null_sink(gr.sizeof_gr_complex*1)
165 | 
166 | 		self.msg_out_0 = msg_sink_block(self.processor)
167 | 
168 | 		##################################################
169 | 		# Connections
170 | 		##################################################
171 | 		self.msg_connect((self.ieee802_15_4_oqpsk_phy_0, 'rxout'), (self.msg_out_0, 'msg_in'))
172 | 		self.connect((self.ieee802_15_4_oqpsk_phy_0, 0), (self.blocks_null_sink_0, 0))
173 | 		self.connect((self.sdr_source, 0), (self.ieee802_15_4_oqpsk_phy_0, 0))
174 | 
175 | 	def get_channel(self):
176 | 		return self.channel
177 | 
178 | 	def set_channel(self, channel):
179 | 		self.channel = channel
180 | 		if self.device == "hackrf":
181 | 			self.sdr_source.set_center_freq(self.get_center_freq())
182 | 		elif self.device == "pluto-sdr":
183 | 			self.sdr_source.set_params('192.168.2.1', self.get_center_freq(),
184 | 				int(4e6), int(20e6), 0x8000, True, True, True, "manual", 50, '', True)
185 | 
186 | 	def get_center_freq(self):
187 | 		return 1000000 * (2400 + 5 * (self.channel - 10))
188 | 
189 | 
190 | 
191 | class msg_sink_block(gr.basic_block):
192 | 
193 | 	def __init__(self, processor):
194 | 
195 | 		gr.basic_block.__init__(
196 | 			 self,
197 | 			 name="msg_block",
198 | 			 in_sig=None,
199 | 			 out_sig=None)
200 | 
201 | 		self.processor = processor
202 | 		self.message_port_register_in(pmt.intern('msg_in'))
203 | 		self.set_msg_handler(pmt.intern('msg_in'), self.handle_msg)
204 | 
205 | 	def handle_msg(self, msg):
206 | 		messages = pmt.to_python(msg)
207 | 		for message in messages:
208 | 			if type(message) == numpy.ndarray:
209 | 				self.processor.feed(message.tostring())
210 | 
211 | 
212 | class msg_block_source(gr.basic_block):
213 | 
214 | 	def __init__(self):
215 | 
216 | 		gr.basic_block.__init__(
217 | 			 self,
218 | 			 name="msg_block",
219 | 			 in_sig=None,
220 | 			 out_sig=None)
221 | 
222 | 		self.message_port_register_out(pmt.intern('msg_out'))
223 | 	
224 | 	def transmit(self, data):
225 | 		vector = pmt.make_u8vector(len(data), 0)
226 | 		for i, c in enumerate(data):
227 | 			pmt.u8vector_set(vector, i, ord(data[i]))
228 | 		pdu = pmt.cons(pmt.make_dict(), vector)
229 | 		self.message_port_pub(pmt.intern('msg_out'), pdu)
230 | 


--------------------------------------------------------------------------------