Mirror/FlipperZeroNRFJammer
1
0
Fork 0
mirror of https://github.com/huuck/FlipperZeroNRFJammer.git synced 2026-04-23 20:59:58 -07:00
Code Issues Packages Projects Releases Wiki Activity

added sources

Browse Source
This commit is contained in:
huuck
2024-12-03 21:41:56 +00:00
parent 8f23f8b5d0
commit 607588030f
9 changed files with 1316 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
application.fam Normal file
View File

@@ -0,0 +1,32 @@
App(
appid="nrf24_jammer",
name="[NRF24] Jammer",
apptype=FlipperAppType.EXTERNAL,
entry_point="jammer_app",
requires=[
"gui",
"dialogs",
],
stack_size=2 * 1024,
order=60,
fap_icon="jammer_10px.png",
fap_category="GPIO",
fap_author="@hookgab",
fap_version=(1, 0),
fap_description="2.4Ghz jammer leveraging NRF24",
fap_icon_assets="images",
fap_private_libs=[
Lib(
name="nrf24",
sources=[
"nrf24.c",
],
),
Lib(
name="string_polyfill",
sources=[
"stringp.c",
],
),
],
)

BIN
images/badusb_10px.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 576 B

BIN
images/sub1_10px.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 299 B

276
jammer.c Normal file
View File

@@ -0,0 +1,276 @@
#include <furi.h>
#include <gui/gui.h>
#include <dialogs/dialogs.h>
#include <input/input.h>
#include <stdlib.h>
#include <furi_hal.h>
#include <furi_hal_gpio.h>
#include <furi_hal_spi.h>
#include <furi_hal_interrupt.h>
#include <furi_hal_resources.h>
#include <nrf24.h>
#include <notification/notification_messages.h>
#include <dolphin/dolphin.h>
#include "nrf24_jammer_icons.h"
#include <stringp.h>
#define TAG "jammer"
typedef struct {
FuriMutex* mutex;
bool is_thread_running;
bool is_nrf24_connected;
bool close_thread_please;
uint8_t jam_type; // 0:narrow, 1:wide, 2:all
FuriThread* mjthread;
} PluginState;
typedef enum {
EventTypeTick,
EventTypeKey,
} EventType;
typedef struct {
EventType type;
InputEvent input;
} PluginEvent;
static void render_callback(Canvas* const canvas, void* ctx) {
furi_assert(ctx);
const PluginState* plugin_state = ctx;
furi_mutex_acquire(plugin_state->mutex, FuriWaitForever);
// border around the edge of the screen
canvas_draw_frame(canvas, 0, 0, 128, 64);
canvas_set_font(canvas, FontSecondary);
if(!plugin_state->is_thread_running) {
canvas_set_font(canvas, FontPrimary);
char tmp[128];
char *jam_types[] = {"narrow", "wide", "full"};
snprintf(tmp, 128, "^ type:%s", jam_types[plugin_state->jam_type]);
canvas_draw_str_aligned(canvas, 10, 3, AlignLeft, AlignTop, tmp);
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(canvas, 10, 40, AlignLeft, AlignBottom, "Press Ok button to start");
if(!plugin_state->is_nrf24_connected) {
canvas_draw_str_aligned(
canvas, 10, 60, AlignLeft, AlignBottom, "Connect NRF24 to GPIO!");
}
} else if(plugin_state->is_thread_running) {
canvas_set_font(canvas, FontPrimary);
char tmp[128];
char *jam_types[] = {"narrow", "wide", "full"};
snprintf(tmp, 128, "^ type:%s", jam_types[plugin_state->jam_type]);
canvas_draw_str_aligned(canvas, 10, 3, AlignLeft, AlignTop, tmp);
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(canvas, 3, 30, AlignLeft, AlignBottom, "Causing mayhem...");
canvas_draw_str_aligned(canvas, 3, 40, AlignLeft, AlignBottom, "Please wait!");
canvas_draw_str_aligned(
canvas, 3, 50, AlignLeft, AlignBottom, "Press back to exit.");
} else {
canvas_draw_str_aligned(canvas, 3, 10, AlignLeft, AlignBottom, "Unknown Error");
canvas_draw_str_aligned(canvas, 3, 20, AlignLeft, AlignBottom, "press back");
canvas_draw_str_aligned(canvas, 3, 30, AlignLeft, AlignBottom, "to exit");
}
furi_mutex_release(plugin_state->mutex);
}
static void input_callback(InputEvent* input_event, void* ctx) {
furi_assert(ctx);
FuriMessageQueue* event_queue = ctx;
PluginEvent event = {.type = EventTypeKey, .input = *input_event};
furi_message_queue_put(event_queue, &event, FuriWaitForever);
}
static void jammer_state_init(PluginState* const plugin_state) {
plugin_state->is_thread_running = false;
}
// entrypoint for worker
static int32_t mj_worker_thread(void* ctx) {
PluginState* plugin_state = ctx;
FURI_LOG_D(TAG, "starting to jam");
char tmp[128];
// make sure the NRF24 is powered down so we can do all the initial setup
nrf24_set_idle(nrf24_HANDLE);
uint8_t mac[] = { 0xDE, 0xAD}; // DEAD BEEF FEED
uint8_t ping_packet[] = {0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF,0xDE, 0xAD, 0xBE, 0xEF}; // 32 bytes, in case we ever need to experiment with bigger packets
plugin_state->is_thread_running = true;
uint8_t conf = 0;
nrf24_configure(nrf24_HANDLE, 2, mac, mac, 2, 1, true, true);
// set PA level to maximum
uint8_t setup;
nrf24_read_reg(nrf24_HANDLE, REG_RF_SETUP, &setup,1);
setup &= 0xF8;
setup |= 7;
snprintf(tmp, 128, "NRF24 SETUP REGISTER: %d", setup);
FURI_LOG_D(TAG, tmp);
nrf24_read_reg(nrf24_HANDLE, REG_CONFIG, &conf,1);
snprintf(tmp, 128, "NRF24 CONFIG REGISTER: %d", conf);
FURI_LOG_D(TAG, tmp);
nrf24_write_reg(nrf24_HANDLE, REG_RF_SETUP, setup);
#define size 32
uint8_t status = 0;
uint8_t tx[size + 1];
uint8_t rx[size + 1];
memset(tx, 0, size + 1);
memset(rx, 0, size + 1);
tx[0] = W_TX_PAYLOAD_NOACK;
memcpy(&tx[1], ping_packet, size);
#define nrf24_TIMEOUT 500
// push data to the TX register
nrf24_spi_trx(nrf24_HANDLE, tx, 0, size + 1, nrf24_TIMEOUT);
// put the module in TX mode
nrf24_set_tx_mode(nrf24_HANDLE);
// send one test packet (for debug reasons)
while(!(status & (TX_DS | MAX_RT)))
{
status = nrf24_status(nrf24_HANDLE);
snprintf(tmp, 128, "NRF24 STATUS REGISTER: %d", status);
FURI_LOG_D(TAG, tmp);
}
// various types of hopping I empirically found
uint8_t hopping_channels_2[128];
for(int i = 0; i < 128; i++) hopping_channels_2[i] = i;
uint8_t hopping_channels_1[] = {32,34, 46,48, 50, 52, 0, 1, 2, 4, 6, 8, 22, 24, 26, 28, 30, 74, 76, 78, 80, 82, 84,86 };
uint8_t hopping_channels_0[] = {2, 26, 80};
uint8_t hopping_channels_len[] = {3, 24, 124};
uint8_t chan = 0;
uint8_t limit = 0;
do {
limit = hopping_channels_len[plugin_state->jam_type];
for(int ch = 0;ch < limit; ch++) {
switch(plugin_state->jam_type) {
case 0: chan = hopping_channels_0[ch]; break;
case 1: chan = hopping_channels_1[ch]; break;
case 2: chan = hopping_channels_2[ch]; break;
default: break;
}
// change channel
nrf24_write_reg(nrf24_HANDLE, REG_RF_CH, chan);
// push new data to the TX register
nrf24_spi_trx(nrf24_HANDLE, tx, 0, 2, nrf24_TIMEOUT);
}
} while(!plugin_state->close_thread_please);
plugin_state->is_thread_running = false;
nrf24_set_idle(nrf24_HANDLE);
return 0;
}
int32_t jammer_app(void* p) {
UNUSED(p);
FuriMessageQueue* event_queue = furi_message_queue_alloc(8, sizeof(PluginEvent));
dolphin_deed(DolphinDeedPluginStart);
PluginState* plugin_state = malloc(sizeof(PluginState));
jammer_state_init(plugin_state);
plugin_state->mutex = furi_mutex_alloc(FuriMutexTypeNormal);
if(!plugin_state->mutex) {
FURI_LOG_E("jammer", "cannot create mutex\r\n");
furi_message_queue_free(event_queue);
free(plugin_state);
return 255;
}
NotificationApp* notification = furi_record_open(RECORD_NOTIFICATION);
// Set system callbacks
ViewPort* view_port = view_port_alloc();
view_port_draw_callback_set(view_port, render_callback, plugin_state);
view_port_input_callback_set(view_port, input_callback, event_queue);
// Open GUI and register view_port
Gui* gui = furi_record_open(RECORD_GUI);
gui_add_view_port(gui, view_port, GuiLayerFullscreen);
plugin_state->mjthread = furi_thread_alloc();
furi_thread_set_name(plugin_state->mjthread, "MJ Worker");
furi_thread_set_stack_size(plugin_state->mjthread, 2048);
furi_thread_set_context(plugin_state->mjthread, plugin_state);
furi_thread_set_callback(plugin_state->mjthread, mj_worker_thread);
FURI_LOG_D(TAG, "nrf24 init...");
nrf24_init();
FURI_LOG_D(TAG, "nrf24 init done!");
PluginEvent event;
for(bool processing = true; processing;) {
FuriStatus event_status = furi_message_queue_get(event_queue, &event, 100);
furi_mutex_acquire(plugin_state->mutex, FuriWaitForever);
if(event_status == FuriStatusOk) {
// press events
if(event.type == EventTypeKey) {
if(event.input.type == InputTypePress) {
switch(event.input.key) {
case InputKeyUp:
plugin_state->jam_type = (plugin_state->jam_type + 1) % 3;
break;
case InputKeyDown:
break;
case InputKeyRight:
break;
case InputKeyLeft:
break;
case InputKeyOk:
if(!nrf24_check_connected(nrf24_HANDLE)) {
plugin_state->is_nrf24_connected = false;
view_port_update(view_port);
notification_message(notification, &sequence_error);
} else if(!plugin_state->is_thread_running) {
furi_thread_start(plugin_state->mjthread);
view_port_update(view_port);
}
break;
case InputKeyBack:
FURI_LOG_D(TAG, "CLOSE_PLZ");
if(!plugin_state->is_thread_running) processing = false;
plugin_state->close_thread_please = true;
if(plugin_state->is_thread_running && plugin_state->mjthread) {
furi_thread_join(
plugin_state->mjthread); // wait until thread is finished
}
plugin_state->close_thread_please = false;
break;
default:
break;
}
}
}
}
view_port_update(view_port);
furi_mutex_release(plugin_state->mutex);
}
furi_thread_free(plugin_state->mjthread);
FURI_LOG_D(TAG, "nrf24 deinit...");
nrf24_deinit();
view_port_enabled_set(view_port, false);
gui_remove_view_port(gui, view_port);
furi_record_close(RECORD_GUI);
furi_record_close(RECORD_NOTIFICATION);
view_port_free(view_port);
furi_message_queue_free(event_queue);
furi_mutex_free(plugin_state->mutex);
free(plugin_state);
return 0;
}

BIN
jammer_10px.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 912 B

540
lib/nrf24/nrf24.c Normal file
View File

@@ -0,0 +1,540 @@
#include "nrf24.h"
#include <furi.h>
#include <furi_hal.h>
#include <furi_hal_resources.h>
#include <assert.h>
#include <string.h>
void nrf24_init() {
furi_hal_gpio_init_simple(&gpio_ext_pc3, GpioModeOutputPushPull);
furi_hal_gpio_write(&gpio_ext_pc3, true);
furi_hal_spi_bus_handle_init(nrf24_HANDLE);
furi_hal_spi_acquire(nrf24_HANDLE);
furi_hal_gpio_init(nrf24_CE_PIN, GpioModeOutputPushPull, GpioPullUp, GpioSpeedVeryHigh);
furi_hal_gpio_write(nrf24_CE_PIN, false);
}
void nrf24_deinit() {
furi_hal_spi_release(nrf24_HANDLE);
furi_hal_spi_bus_handle_deinit(nrf24_HANDLE);
furi_hal_gpio_write(nrf24_CE_PIN, false);
furi_hal_gpio_init(nrf24_CE_PIN, GpioModeAnalog, GpioPullNo, GpioSpeedLow);
// resetting the CS pins to floating
furi_hal_gpio_init_simple(&gpio_ext_pc3, GpioModeAnalog);
}
void nrf24_spi_trx(
FuriHalSpiBusHandle* handle,
uint8_t* tx,
uint8_t* rx,
uint8_t size,
uint32_t timeout) {
UNUSED(timeout);
furi_hal_gpio_write(handle->cs, false);
furi_hal_spi_bus_trx(handle, tx, rx, size, nrf24_TIMEOUT);
furi_hal_gpio_write(handle->cs, true);
}
uint8_t nrf24_write_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t data) {
uint8_t tx[2] = {W_REGISTER | (REGISTER_MASK & reg), data};
uint8_t rx[2] = {0};
nrf24_spi_trx(handle, tx, rx, 2, nrf24_TIMEOUT);
return rx[0];
}
uint8_t
nrf24_write_buf_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t* data, uint8_t size) {
uint8_t tx[size + 1];
uint8_t rx[size + 1];
memset(rx, 0, size + 1);
tx[0] = W_REGISTER | (REGISTER_MASK & reg);
memcpy(&tx[1], data, size);
nrf24_spi_trx(handle, tx, rx, size + 1, nrf24_TIMEOUT);
return rx[0];
}
uint8_t nrf24_read_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t* data, uint8_t size) {
uint8_t tx[size + 1];
uint8_t rx[size + 1];
memset(rx, 0, size + 1);
tx[0] = R_REGISTER | (REGISTER_MASK & reg);
memset(&tx[1], 0, size);
nrf24_spi_trx(handle, tx, rx, size + 1, nrf24_TIMEOUT);
memcpy(data, &rx[1], size);
return rx[0];
}
uint8_t nrf24_flush_rx(FuriHalSpiBusHandle* handle) {
uint8_t tx[] = {FLUSH_RX};
uint8_t rx[] = {0};
nrf24_spi_trx(handle, tx, rx, 1, nrf24_TIMEOUT);
return rx[0];
}
uint8_t nrf24_flush_tx(FuriHalSpiBusHandle* handle) {
uint8_t tx[] = {FLUSH_TX};
uint8_t rx[] = {0};
nrf24_spi_trx(handle, tx, rx, 1, nrf24_TIMEOUT);
return rx[0];
}
uint8_t nrf24_get_maclen(FuriHalSpiBusHandle* handle) {
uint8_t maclen;
nrf24_read_reg(handle, REG_SETUP_AW, &maclen, 1);
maclen &= 3;
return maclen + 2;
}
uint8_t nrf24_set_maclen(FuriHalSpiBusHandle* handle, uint8_t maclen) {
assert(maclen > 1 && maclen < 6);
uint8_t status = 0;
status = nrf24_write_reg(handle, REG_SETUP_AW, maclen - 2);
return status;
}
uint8_t nrf24_status(FuriHalSpiBusHandle* handle) {
uint8_t status;
uint8_t tx[] = {R_REGISTER | (REGISTER_MASK & REG_STATUS)};
nrf24_spi_trx(handle, tx, &status, 1, nrf24_TIMEOUT);
return status;
}
uint32_t nrf24_get_rate(FuriHalSpiBusHandle* handle) {
uint8_t setup = 0;
uint32_t rate = 0;
nrf24_read_reg(handle, REG_RF_SETUP, &setup, 1);
setup &= 0x28;
if(setup == 0x20)
rate = 250000; // 250kbps
else if(setup == 0x08)
rate = 2000000; // 2Mbps
else if(setup == 0x00)
rate = 1000000; // 1Mbps
return rate;
}
uint8_t nrf24_set_rate(FuriHalSpiBusHandle* handle, uint32_t rate) {
uint8_t r6 = 0;
uint8_t status = 0;
if(!rate) rate = 2000000;
nrf24_read_reg(handle, REG_RF_SETUP, &r6, 1); // RF_SETUP register
r6 = r6 & (~0x28); // Clear rate fields.
if(rate == 2000000)
r6 = r6 | 0x08;
else if(rate == 1000000)
r6 = r6;
else if(rate == 250000)
r6 = r6 | 0x20;
status = nrf24_write_reg(handle, REG_RF_SETUP, r6); // Write new rate.
return status;
}
uint8_t nrf24_get_chan(FuriHalSpiBusHandle* handle) {
uint8_t channel = 0;
nrf24_read_reg(handle, REG_RF_CH, &channel, 1);
return channel;
}
uint8_t nrf24_set_chan(FuriHalSpiBusHandle* handle, uint8_t chan) {
uint8_t status;
status = nrf24_write_reg(handle, REG_RF_CH, chan);
return status;
}
uint8_t nrf24_get_src_mac(FuriHalSpiBusHandle* handle, uint8_t* mac) {
uint8_t size = 0;
uint8_t status = 0;
size = nrf24_get_maclen(handle);
status = nrf24_read_reg(handle, REG_RX_ADDR_P0, mac, size);
return status;
}
uint8_t nrf24_set_src_mac(FuriHalSpiBusHandle* handle, uint8_t* mac, uint8_t size) {
uint8_t status = 0;
uint8_t clearmac[] = {0, 0, 0, 0, 0};
nrf24_set_maclen(handle, size);
nrf24_write_buf_reg(handle, REG_RX_ADDR_P0, clearmac, 5);
status = nrf24_write_buf_reg(handle, REG_RX_ADDR_P0, mac, size);
return status;
}
uint8_t nrf24_get_dst_mac(FuriHalSpiBusHandle* handle, uint8_t* mac) {
uint8_t size = 0;
uint8_t status = 0;
size = nrf24_get_maclen(handle);
status = nrf24_read_reg(handle, REG_TX_ADDR, mac, size);
return status;
}
uint8_t nrf24_set_dst_mac(FuriHalSpiBusHandle* handle, uint8_t* mac, uint8_t size) {
uint8_t status = 0;
uint8_t clearmac[] = {0, 0, 0, 0, 0};
nrf24_set_maclen(handle, size);
nrf24_write_buf_reg(handle, REG_TX_ADDR, clearmac, 5);
status = nrf24_write_buf_reg(handle, REG_TX_ADDR, mac, size);
return status;
}
uint8_t nrf24_get_packetlen(FuriHalSpiBusHandle* handle) {
uint8_t len = 0;
nrf24_read_reg(handle, RX_PW_P0, &len, 1);
return len;
}
uint8_t nrf24_set_packetlen(FuriHalSpiBusHandle* handle, uint8_t len) {
uint8_t status = 0;
status = nrf24_write_reg(handle, RX_PW_P0, len);
return status;
}
uint8_t nrf24_rxpacket(FuriHalSpiBusHandle* handle, uint8_t* packet, uint8_t* packetsize, bool full) {
uint8_t status = 0;
uint8_t size = 0;
uint8_t tx_pl_wid[] = {R_RX_PL_WID, 0};
uint8_t rx_pl_wid[] = {0, 0};
uint8_t tx_cmd[33] = {0}; // 32 max payload size + 1 for command
uint8_t tmp_packet[33] = {0};
status = nrf24_status(handle);
if(status & RX_DR) {
if(full)
size = nrf24_get_packetlen(handle);
else {
nrf24_spi_trx(handle, tx_pl_wid, rx_pl_wid, 2, nrf24_TIMEOUT);
size = rx_pl_wid[1];
}
tx_cmd[0] = R_RX_PAYLOAD;
nrf24_spi_trx(handle, tx_cmd, tmp_packet, size + 1, nrf24_TIMEOUT);
nrf24_write_reg(handle, REG_STATUS, RX_DR); // clear bit.
memcpy(packet, &tmp_packet[1], size);
} else if(status == 0) {
nrf24_flush_rx(handle);
nrf24_write_reg(handle, REG_STATUS, RX_DR); // clear bit.
}
*packetsize = size;
return status;
}
uint8_t nrf24_txpacket(FuriHalSpiBusHandle* handle, uint8_t* payload, uint8_t size, bool ack) {
uint8_t status = 0;
uint8_t tx[size + 1];
uint8_t rx[size + 1];
memset(tx, 0, size + 1);
memset(rx, 0, size + 1);
if(!ack)
tx[0] = W_TX_PAYLOAD_NOACK;
else
tx[0] = W_TX_PAYLOAD;
memcpy(&tx[1], payload, size);
nrf24_spi_trx(handle, tx, rx, size + 1, nrf24_TIMEOUT);
nrf24_set_tx_mode(handle);
while(!(status & (TX_DS | MAX_RT))) status = nrf24_status(handle);
if(status & MAX_RT) nrf24_flush_tx(handle);
nrf24_set_idle(handle);
nrf24_write_reg(handle, REG_STATUS, TX_DS | MAX_RT);
return status & TX_DS;
}
uint8_t nrf24_power_up(FuriHalSpiBusHandle* handle) {
uint8_t status = 0;
uint8_t cfg = 0;
nrf24_read_reg(handle, REG_CONFIG, &cfg, 1);
cfg = cfg | 2;
status = nrf24_write_reg(handle, REG_CONFIG, cfg);
furi_delay_ms(5000);
return status;
}
uint8_t nrf24_set_idle(FuriHalSpiBusHandle* handle) {
uint8_t status = 0;
uint8_t cfg = 0;
nrf24_read_reg(handle, REG_CONFIG, &cfg, 1);
cfg &= 0xfc; // clear bottom two bits to power down the radio
status = nrf24_write_reg(handle, REG_CONFIG, cfg);
//nr204_write_reg(handle, REG_EN_RXADDR, 0x0);
furi_hal_gpio_write(nrf24_CE_PIN, false);
return status;
}
uint8_t nrf24_set_rx_mode(FuriHalSpiBusHandle* handle) {
uint8_t status = 0;
uint8_t cfg = 0;
//status = nrf24_write_reg(handle, REG_CONFIG, 0x0F); // enable 2-byte CRC, PWR_UP, and PRIM_RX
nrf24_read_reg(handle, REG_CONFIG, &cfg, 1);
cfg |= 0x03; // PWR_UP, and PRIM_RX
status = nrf24_write_reg(handle, REG_CONFIG, cfg);
//nr204_write_reg(REG_EN_RXADDR, 0x03) // Set RX Pipe 0 and 1
furi_hal_gpio_write(nrf24_CE_PIN, true);
furi_delay_ms(2000);
return status;
}
uint8_t nrf24_set_tx_mode(FuriHalSpiBusHandle* handle) {
uint8_t status = 0;
uint8_t cfg = 0;
furi_hal_gpio_write(nrf24_CE_PIN, false);
nrf24_write_reg(handle, REG_STATUS, 0x30);
//status = nrf24_write_reg(handle, REG_CONFIG, 0x0E); // enable 2-byte CRC, PWR_UP
nrf24_read_reg(handle, REG_CONFIG, &cfg, 1);
cfg &= 0xfe; // disable PRIM_RX
cfg |= 0x02; // PWR_UP
status = nrf24_write_reg(handle, REG_CONFIG, cfg);
furi_hal_gpio_write(nrf24_CE_PIN, true);
// no need to do any delay, just fire and forget
return status;
}
void nrf24_configure(
FuriHalSpiBusHandle* handle,
uint8_t rate,
uint8_t* srcmac,
uint8_t* dstmac,
uint8_t maclen,
uint8_t channel,
bool noack,
bool disable_aa) {
assert(channel <= 125);
assert(rate == 1 || rate == 2);
if(rate == 2)
rate = 8; // 2Mbps
else
rate = 0; // 1Mbps
nrf24_write_reg(handle, REG_CONFIG, 0x00); // Stop nRF
nrf24_set_idle(handle);
nrf24_write_reg(handle, REG_STATUS, 0x1c); // clear interrupts
if(disable_aa)
nrf24_write_reg(handle, REG_EN_AA, 0x00); // Disable Shockburst
else
nrf24_write_reg(handle, REG_EN_AA, 0x1F); // Enable Shockburst
nrf24_write_reg(handle, REG_DYNPD, 0x3F); // enable dynamic payload length on all pipes
if(noack)
nrf24_write_reg(handle, REG_FEATURE, 0x05); // disable payload-with-ack, enable noack
else {
nrf24_write_reg(handle, REG_CONFIG, 0x0C); // 2 byte CRC
nrf24_write_reg(handle, REG_FEATURE, 0x07); // enable dyn payload and ack
nrf24_write_reg(
handle, REG_SETUP_RETR, 0x1f); // 15 retries for AA, 500us auto retransmit delay
}
nrf24_set_idle(handle);
nrf24_flush_rx(handle);
nrf24_flush_tx(handle);
if(maclen) nrf24_set_maclen(handle, maclen);
if(srcmac) nrf24_set_src_mac(handle, srcmac, maclen);
if(dstmac) nrf24_set_dst_mac(handle, dstmac, maclen);
nrf24_write_reg(handle, REG_RF_CH, channel);
nrf24_write_reg(handle, REG_RF_SETUP, rate);
furi_delay_ms(200);
}
void nrf24_init_promisc_mode(FuriHalSpiBusHandle* handle, uint8_t channel, uint8_t rate) {
//uint8_t preamble[] = {0x55, 0x00}; // little endian
uint8_t preamble[] = {0xAA, 0x00}; // little endian
//uint8_t preamble[] = {0x00, 0x55}; // little endian
//uint8_t preamble[] = {0x00, 0xAA}; // little endian
nrf24_write_reg(handle, REG_CONFIG, 0x00); // Stop nRF
nrf24_write_reg(handle, REG_STATUS, 0x1c); // clear interrupts
nrf24_write_reg(handle, REG_DYNPD, 0x0); // disable shockburst
nrf24_write_reg(handle, REG_EN_AA, 0x00); // Disable Shockburst
nrf24_write_reg(handle, REG_FEATURE, 0x05); // disable payload-with-ack, enable noack
nrf24_set_maclen(handle, 2); // shortest address
nrf24_set_src_mac(handle, preamble, 2); // set src mac to preamble bits to catch everything
nrf24_set_packetlen(handle, 32); // set max packet length
nrf24_set_idle(handle);
nrf24_flush_rx(handle);
nrf24_flush_tx(handle);
nrf24_write_reg(handle, REG_RF_CH, channel);
nrf24_write_reg(handle, REG_RF_SETUP, rate);
// prime for RX, no checksum
nrf24_write_reg(handle, REG_CONFIG, 0x03); // PWR_UP and PRIM_RX, disable AA and CRC
furi_hal_gpio_write(nrf24_CE_PIN, true);
furi_delay_ms(100);
}
void hexlify(uint8_t* in, uint8_t size, char* out) {
memset(out, 0, size * 2);
for(int i = 0; i < size; i++)
snprintf(out + strlen(out), sizeof(out + strlen(out)), "%02X", in[i]);
}
uint64_t bytes_to_int64(uint8_t* bytes, uint8_t size, bool bigendian) {
uint64_t ret = 0;
for(int i = 0; i < size; i++)
if(bigendian)
ret |= bytes[i] << ((size - 1 - i) * 8);
else
ret |= bytes[i] << (i * 8);
return ret;
}
void int64_to_bytes(uint64_t val, uint8_t* out, bool bigendian) {
for(int i = 0; i < 8; i++) {
if(bigendian)
out[i] = (val >> ((7 - i) * 8)) & 0xff;
else
out[i] = (val >> (i * 8)) & 0xff;
}
}
uint32_t bytes_to_int32(uint8_t* bytes, bool bigendian) {
uint32_t ret = 0;
for(int i = 0; i < 4; i++)
if(bigendian)
ret |= bytes[i] << ((3 - i) * 8);
else
ret |= bytes[i] << (i * 8);
return ret;
}
void int32_to_bytes(uint32_t val, uint8_t* out, bool bigendian) {
for(int i = 0; i < 4; i++) {
if(bigendian)
out[i] = (val >> ((3 - i) * 8)) & 0xff;
else
out[i] = (val >> (i * 8)) & 0xff;
}
}
uint64_t bytes_to_int16(uint8_t* bytes, bool bigendian) {
uint16_t ret = 0;
for(int i = 0; i < 2; i++)
if(bigendian)
ret |= bytes[i] << ((1 - i) * 8);
else
ret |= bytes[i] << (i * 8);
return ret;
}
void int16_to_bytes(uint16_t val, uint8_t* out, bool bigendian) {
for(int i = 0; i < 2; i++) {
if(bigendian)
out[i] = (val >> ((1 - i) * 8)) & 0xff;
else
out[i] = (val >> (i * 8)) & 0xff;
}
}
// handle iffyness with preamble processing sometimes being a bit (literally) off
void alt_address_old(uint8_t* packet, uint8_t* altaddr) {
uint8_t macmess_hi_b[4];
uint8_t macmess_lo_b[2];
uint32_t macmess_hi;
uint16_t macmess_lo;
uint8_t preserved;
// get first 6 bytes into 32-bit and 16-bit variables
memcpy(macmess_hi_b, packet, 4);
memcpy(macmess_lo_b, packet + 4, 2);
macmess_hi = bytes_to_int32(macmess_hi_b, true);
//preserve least 7 bits from hi that will be shifted down to lo
preserved = macmess_hi & 0x7f;
macmess_hi >>= 7;
macmess_lo = bytes_to_int16(macmess_lo_b, true);
macmess_lo >>= 7;
macmess_lo = (preserved << 9) | macmess_lo;
int32_to_bytes(macmess_hi, macmess_hi_b, true);
int16_to_bytes(macmess_lo, macmess_lo_b, true);
memcpy(altaddr, &macmess_hi_b[1], 3);
memcpy(altaddr + 3, macmess_lo_b, 2);
}
bool validate_address(uint8_t* addr) {
uint8_t bad[][3] = {{0x55, 0x55}, {0xAA, 0xAA}, {0x00, 0x00}, {0xFF, 0xFF}};
for(int i = 0; i < 4; i++)
for(int j = 0; j < 2; j++)
if(!memcmp(addr + j * 2, bad[i], 2)) return false;
return true;
}
bool nrf24_sniff_address(FuriHalSpiBusHandle* handle, uint8_t maclen, uint8_t* address) {
bool found = false;
uint8_t packet[32] = {0};
uint8_t packetsize;
//char printit[65];
uint8_t status = 0;
status = nrf24_rxpacket(handle, packet, &packetsize, true);
if(status & RX_DR) {
if(validate_address(packet)) {
for(int i = 0; i < maclen; i++) address[i] = packet[maclen - 1 - i];
/*
alt_address(packet, packet);
for(i = 0; i < maclen; i++)
address[i + 5] = packet[maclen - 1 - i];
*/
//memcpy(address, packet, maclen);
//hexlify(packet, packetsize, printit);
found = true;
}
}
return found;
}
uint8_t nrf24_find_channel(
FuriHalSpiBusHandle* handle,
uint8_t* srcmac,
uint8_t* dstmac,
uint8_t maclen,
uint8_t rate,
uint8_t min_channel,
uint8_t max_channel,
bool autoinit) {
uint8_t ping_packet[] = {0x0f, 0x0f, 0x0f, 0x0f}; // this can be anything, we just need an ack
uint8_t ch = max_channel + 1; // means fail
nrf24_configure(handle, rate, srcmac, dstmac, maclen, 2, false, false);
for(ch = min_channel; ch <= max_channel + 1; ch++) {
nrf24_write_reg(handle, REG_RF_CH, ch);
if(nrf24_txpacket(handle, ping_packet, 4, true)) break;
}
if(autoinit) {
FURI_LOG_D("nrf24", "initializing radio for channel %d", ch);
nrf24_configure(handle, rate, srcmac, dstmac, maclen, ch, false, false);
return ch;
}
return ch;
}
bool nrf24_check_connected(FuriHalSpiBusHandle* handle) {
uint8_t status = nrf24_status(handle);
if(status != 0x00) {
return true;
} else {
return false;
}
}
uint8_t nrf24_set_mac(uint8_t mac_addr, uint8_t *mac, uint8_t mlen) {
uint8_t addr[5];
for(int i = 0; i < mlen; i++) addr[i] = mac[mlen - i - 1];
return nrf24_write_buf_reg(nrf24_HANDLE, mac_addr, addr, mlen);
}

396
lib/nrf24/nrf24.h Normal file
View File

@@ -0,0 +1,396 @@
#pragma once
#include <stdbool.h>
#include <stdint.h>
#include <furi_hal_spi.h>
#ifdef __cplusplus
extern "C" {
#endif
#define R_REGISTER 0x00
#define W_REGISTER 0x20
#define REGISTER_MASK 0x1F
#define ACTIVATE 0x50
#define R_RX_PL_WID 0x60
#define R_RX_PAYLOAD 0x61
#define W_TX_PAYLOAD 0xA0
#define W_TX_PAYLOAD_NOACK 0xB0
#define W_ACK_PAYLOAD 0xA8
#define FLUSH_TX 0xE1
#define FLUSH_RX 0xE2
#define REUSE_TX_PL 0xE3
#define RF24_NOP 0xFF
#define REG_CONFIG 0x00
#define REG_EN_AA 0x01
#define REG_EN_RXADDR 0x02
#define REG_SETUP_AW 0x03
#define REG_SETUP_RETR 0x04
#define REG_DYNPD 0x1C
#define REG_FEATURE 0x1D
#define REG_RF_SETUP 0x06
#define REG_STATUS 0x07
#define REG_RX_ADDR_P0 0x0A
#define REG_RX_ADDR_P1 0x0B
#define REG_RX_ADDR_P2 0x0C
#define REG_RX_ADDR_P3 0x0D
#define REG_RX_ADDR_P4 0x0E
#define REG_RX_ADDR_P5 0x0F
#define REG_RF_CH 0x05
#define REG_TX_ADDR 0x10
#define REG_FIFO_STATUS 0x17
#define RX_PW_P0 0x11
#define RX_PW_P1 0x12
#define RX_PW_P2 0x13
#define RX_PW_P3 0x14
#define RX_PW_P4 0x15
#define RX_PW_P5 0x16
#define RX_DR 0x40
#define TX_DS 0x20
#define MAX_RT 0x10
#define nrf24_TIMEOUT 500
#define nrf24_CE_PIN &gpio_ext_pb2
#define nrf24_HANDLE &furi_hal_spi_bus_handle_external
void nrf24_spi_trx(
FuriHalSpiBusHandle* handle,
uint8_t* tx,
uint8_t* rx,
uint8_t size,
uint32_t timeout);
/* Low level API */
/** Write device register
*
* @param handle - pointer to FuriHalSpiHandle
* @param reg - register
* @param data - data to write
*
* @return device status
*/
uint8_t nrf24_write_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t data);
/** Write buffer to device register
*
* @param handle - pointer to FuriHalSpiHandle
* @param reg - register
* @param data - data to write
* @param size - size of data to write
*
* @return device status
*/
uint8_t nrf24_write_buf_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t* data, uint8_t size);
/** Read device register
*
* @param handle - pointer to FuriHalSpiHandle
* @param reg - register
* @param[out] data - pointer to data
*
* @return device status
*/
uint8_t nrf24_read_reg(FuriHalSpiBusHandle* handle, uint8_t reg, uint8_t* data, uint8_t size);
/** Power up the radio for operation
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_power_up(FuriHalSpiBusHandle* handle);
/** Power down the radio
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_set_idle(FuriHalSpiBusHandle* handle);
/** Sets the radio to RX mode
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_set_rx_mode(FuriHalSpiBusHandle* handle);
/** Sets the radio to TX mode
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_set_tx_mode(FuriHalSpiBusHandle* handle);
/*=============================================================================================================*/
/* High level API */
/** Must call this before using any other nrf24 API
*
*/
void nrf24_init();
/** Must call this when we end using nrf24 device
*
*/
void nrf24_deinit();
/** Send flush rx command
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_flush_rx(FuriHalSpiBusHandle* handle);
/** Send flush tx command
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return device status
*/
uint8_t nrf24_flush_tx(FuriHalSpiBusHandle* handle);
/** Gets the RX packet length in data pipe 0
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return packet length in data pipe 0
*/
uint8_t nrf24_get_packetlen(FuriHalSpiBusHandle* handle);
/** Sets the RX packet length in data pipe 0
*
* @param handle - pointer to FuriHalSpiHandle
* @param len - length to set
*
* @return device status
*/
uint8_t nrf24_set_packetlen(FuriHalSpiBusHandle* handle, uint8_t len);
/** Gets configured length of MAC address
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return MAC address length
*/
uint8_t nrf24_get_maclen(FuriHalSpiBusHandle* handle);
/** Sets configured length of MAC address
*
* @param handle - pointer to FuriHalSpiHandle
* @param maclen - length to set MAC address to, must be greater than 1 and less than 6
*
* @return MAC address length
*/
uint8_t nrf24_set_maclen(FuriHalSpiBusHandle* handle, uint8_t maclen);
/** Gets the current status flags from the STATUS register
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return status flags
*/
uint8_t nrf24_status(FuriHalSpiBusHandle* handle);
/** Gets the current transfer rate
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return transfer rate in bps
*/
uint32_t nrf24_get_rate(FuriHalSpiBusHandle* handle);
/** Sets the transfer rate
*
* @param handle - pointer to FuriHalSpiHandle
* @param rate - the transfer rate in bps
*
* @return device status
*/
uint8_t nrf24_set_rate(FuriHalSpiBusHandle* handle, uint32_t rate);
/** Gets the current channel
* In nrf24, the channel number is multiplied times 1MHz and added to 2400MHz to get the frequency
*
* @param handle - pointer to FuriHalSpiHandle
*
* @return channel
*/
uint8_t nrf24_get_chan(FuriHalSpiBusHandle* handle);
/** Sets the channel
*
* @param handle - pointer to FuriHalSpiHandle
* @param frequency - the frequency in hertz
*
* @return device status
*/
uint8_t nrf24_set_chan(FuriHalSpiBusHandle* handle, uint8_t chan);
/** Gets the source mac address
*
* @param handle - pointer to FuriHalSpiHandle
* @param[out] mac - the source mac address
*
* @return device status
*/
uint8_t nrf24_get_src_mac(FuriHalSpiBusHandle* handle, uint8_t* mac);
/** Sets the source mac address
*
* @param handle - pointer to FuriHalSpiHandle
* @param mac - the mac address to set
* @param size - the size of the mac address (2 to 5)
*
* @return device status
*/
uint8_t nrf24_set_src_mac(FuriHalSpiBusHandle* handle, uint8_t* mac, uint8_t size);
/** Gets the dest mac address
*
* @param handle - pointer to FuriHalSpiHandle
* @param[out] mac - the source mac address
*
* @return device status
*/
uint8_t nrf24_get_dst_mac(FuriHalSpiBusHandle* handle, uint8_t* mac);
/** Sets the dest mac address
*
* @param handle - pointer to FuriHalSpiHandle
* @param mac - the mac address to set
* @param size - the size of the mac address (2 to 5)
*
* @return device status
*/
uint8_t nrf24_set_dst_mac(FuriHalSpiBusHandle* handle, uint8_t* mac, uint8_t size);
/** Reads RX packet
*
* @param handle - pointer to FuriHalSpiHandle
* @param[out] packet - the packet contents
* @param[out] packetsize - size of the received packet
* @param full - boolean set to true, packet length is determined by RX_PW_P0 register, false it is determined by dynamic payload length command
*
* @return device status
*/
uint8_t
nrf24_rxpacket(FuriHalSpiBusHandle* handle, uint8_t* packet, uint8_t* packetsize, bool full);
/** Sends TX packet
*
* @param handle - pointer to FuriHalSpiHandle
* @param packet - the packet contents
* @param size - packet size
* @param ack - boolean to determine whether an ACK is required for the packet or not
*
* @return device status
*/
uint8_t nrf24_txpacket(FuriHalSpiBusHandle* handle, uint8_t* payload, uint8_t size, bool ack);
/** Configure the radio
* This is not comprehensive, but covers a lot of the common configuration options that may be changed
* @param handle - pointer to FuriHalSpiHandle
* @param rate - transfer rate in Mbps (1 or 2)
* @param srcmac - source mac address
* @param dstmac - destination mac address
* @param maclen - length of mac address
* @param channel - channel to tune to
* @param noack - if true, disable auto-acknowledge
* @param disable_aa - if true, disable ShockBurst
*
*/
void nrf24_configure(
FuriHalSpiBusHandle* handle,
uint8_t rate,
uint8_t* srcmac,
uint8_t* dstmac,
uint8_t maclen,
uint8_t channel,
bool noack,
bool disable_aa);
// Set mac address (MSB first), Return: Status
uint8_t nrf24_set_mac(uint8_t mac_addr, uint8_t *mac, uint8_t mlen);
/** Configures the radio for "promiscuous mode" and primes it for rx
* This is not an actual mode of the nrf24, but this function exploits a few bugs in the chip that allows it to act as if it were.
* See http://travisgoodspeed.blogspot.com/2011/02/promiscuity-is-nrf24l01s-duty.html for details.
* @param handle - pointer to FuriHalSpiHandle
* @param channel - channel to tune to
* @param rate - transfer rate in Mbps (1 or 2)
*/
void nrf24_init_promisc_mode(FuriHalSpiBusHandle* handle, uint8_t channel, uint8_t rate);
/** Listens for a packet and returns first possible address sniffed
* Call this only after calling nrf24_init_promisc_mode
* @param handle - pointer to FuriHalSpiHandle
* @param maclen - length of target mac address
* @param[out] addresses - sniffed address
*
* @return success
*/
bool nrf24_sniff_address(FuriHalSpiBusHandle* handle, uint8_t maclen, uint8_t* address);
/** Sends ping packet on each channel for designated tx mac looking for ack
*
* @param handle - pointer to FuriHalSpiHandle
* @param srcmac - source address
* @param dstmac - destination address
* @param maclen - length of address
* @param rate - transfer rate in Mbps (1 or 2)
* @param min_channel - channel to start with
* @param max_channel - channel to end at
* @param autoinit - if true, automatically configure radio for this channel
*
* @return channel that the address is listening on, if this value is above the max_channel param, it failed
*/
uint8_t nrf24_find_channel(
FuriHalSpiBusHandle* handle,
uint8_t* srcmac,
uint8_t* dstmac,
uint8_t maclen,
uint8_t rate,
uint8_t min_channel,
uint8_t max_channel,
bool autoinit);
/** Converts 64 bit value into uint8_t array
* @param val - 64-bit integer
* @param[out] out - bytes out
* @param bigendian - if true, convert as big endian, otherwise little endian
*/
void int64_to_bytes(uint64_t val, uint8_t* out, bool bigendian);
/** Converts 32 bit value into uint8_t array
* @param val - 32-bit integer
* @param[out] out - bytes out
* @param bigendian - if true, convert as big endian, otherwise little endian
*/
void int32_to_bytes(uint32_t val, uint8_t* out, bool bigendian);
/** Converts uint8_t array into 32 bit value
* @param bytes - uint8_t array
* @param bigendian - if true, convert as big endian, otherwise little endian
*
* @return 32-bit value
*/
uint32_t bytes_to_int32(uint8_t* bytes, bool bigendian);
/** Check if the nrf24 is connected
* @param handle - pointer to FuriHalSpiHandle
*
* @return true if connected, otherwise false
*/
bool nrf24_check_connected(FuriHalSpiBusHandle* handle);
#ifdef __cplusplus
}
#endif

55
lib/string_polyfill/stringp.c Normal file
View File

@@ -0,0 +1,55 @@
#include <stringp.h>
char *strcat_(char *dest, const char *src) {
int len = strlen(dest);
strcpy(dest + len, src);
return dest;
}
char *rawmemchr_(char *s, char c) {
int len = strlen(s);
return memchr(s, c, len);
}
char *strpbrk_(char *s1, const char *s2) {
if((s1 == NULL) || (s2 == NULL))
return NULL;
while(*s1) {
// Return s1 char position if found in s2
if(strchr(s2, *s1)) {
return s1;
} else {
s1++;
}
}
return NULL;
}
char *strtok_(char *s, const char *delim) {
static char *olds;
char *token;
if (s == NULL)
s = olds;
// Scan leading delimiters
s += strspn(s, delim);
if (*s == '\0') {
olds = s;
return NULL;
}
// Find the end of the token.
token = s;
s = strpbrk_(token, delim);
if (s == NULL)
// This token finishes the string.
olds = rawmemchr_(token, '\0');
else {
// Terminate the token and make OLDS point past it.
*s = '\0';
olds = s + 1;
}
return token;
}

17
lib/string_polyfill/stringp.h Normal file
View File

@@ -0,0 +1,17 @@
#pragma once
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
// NOTE The following functions are not available in the OFW, so we need to reimplement them as a polyfill.
char *strcat_(char *dest, const char *src);
char *rawmemchr_(char *s, char c);
char *strpbrk_(char *s1, const char *s2);
char *strtok_(char *s, const char *delim);
#ifdef __cplusplus
}
#endif