-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Porting rfcat to cheap hardware? #48
Comments
hey @AsFaBw , sadly, the cheaper boards i've seen that RfCat works on already seem to be discontinued (Ciseco URF/SRF USB dongles featuring the CC1111). porting RfCat to other boards with CC1101 radios is possible, but non-trivial. the base RfCat firmware is centered around the 8051 microcontroller in the CC1111. the CC1111 wraps together the CC1101 radio core along with a 8051 microcontroller core and a USB controller. the CC1101 is just the radio, and relies on any number of other microcontrollers and a SPI interface to control the radio. this means a custom firmware for whatever other microcontroller core and USB stack is necessary to be written, basically from scratch. if that's part of the fun for you, awesome! the command and control interface is not that difficult to implement, assuming the USB stack doesn't limit you in some important way. to that end, writing USB firmware is a daunting task, and getting everything correct on even one platform is a new dimension in firmware implementation. i learned a lot, but don't currently have the kind of time it takes to port to another platform. hope this helps, and keep hacking! |
Hi atlas0fd00m,
thanks a lot for the fast feedback and kind of warning. I had a look to the code and recognize what you mean. To get it stable seems for me not like a weekend task😊
I made my first experiences with a CC1101 standalone and also with a CC430 in a chronos watch (https://www.youtube.com/watch?v=k_Fw7ZacG9s / https://www.youtube.com/watch?v=jKvlf8iOvZk )… …but those projects are small against the code size of rfcat… …so I have some respect to go for it😊
It is really a pitty that all the cheap solutions are not available on the market any more.
Best regards & thanks again,
Thomas
|
@atlas0fd00m do you have any documentation related to the actual RfCat (host) <-> MCU (device) transport packets? It doesn't seem that hard to implement such a communication stack in a cheap microcontroller, I was thinking Atmel or STMicro ones. That would make it easily portable between devices since it can make use of the Arduino platform and/or the STM32 ecosystem. TBH I am more inclined to the STM32 platform as it has more processing power, is more extensible and has proper debug support (SWD and JTAG w/ OpenOCD). Either way, even that would be easily ported to Arduino. |
no docs aside from the code. it's a super simple protocol. the idea is to provide a little C2 inside the target hardware. we started off with memory peek and poke capabilities, and built from there. the protocol is at it's foundation unidirectional, where the dongle can originate messages to the Python side and obviously the Python client can originate messages to the dongle. to achieve this, the Python client polls the dongle repeatedly (direct USB EP5 access). there is one minor difference between Python-originated and dongle-originated messages. however, the protocol from there is basically the same in both directions, as indicated by the Python handler code: 1 byte "application" (typically this is used to separate "system" functions from RfCat or other custom apps on the dongle-side, received messages are handled in the next main loop iteration, based on the app/cmd combo, and a response sent back. on the Python-side, received messages deposited into an appropriate "mailbox" until accessed. if the message is a response, chances are good the originating code is waiting for the response so it's handled immediately. alternately, in the case of a the SYSTEM app, debug messages and the like are handled before being pushed into the mailbox system. does this help? i understand that the raw USB nature of RfCat might cause some difficulties. the purpose of RfCat's initial stack was to implement the full USB stack in one file, without licensing cost/constraint. if you end up with a chip you need to modify that approach, we could potentially create a module for accessing your dongle in a slightly different way. |
Thanks a lot for the detailed explanation!!! You mentioned the cheaper Ciseco SRF sticks. |
May be also not cheap solution if no motherboard is available yet... ...but could also be an interesting neighbor... |
Hi @AsFaBw, just ordered one of those last SRF modules from Watterott. Do you know if the needed pins are exposed for flashing? (Oops should have thought of that BEFORE...) |
Yes, they are available. You can open the plastic housing, connect the programmer, program it,, and then close the housing again. By the way: another alternative may be something like following https://github.com/AsFaBw/greatfet-erica ...just started and not sure if it will burn or work:-) |
I actually got the one without housing... who needs that :) |
Hi @AsFaBw, |
Hi @crazyquark, |
@AsFaBw thanks a lot! |
@AsFaBw me again :)... So I wired it up like in this post: https://projectaweek.com/2016/04/11/rfcat-on-ez430-chronos-dongle-with-cc-debug/ P.S. I think the RST pin id not connected properly? I figured it out, the RESET_N pin is actually broken out to a pad on the back of the board, RST is routed via a resistor to DTR actually... so not useful. I managed to flash it after all with TI's Flash Programmer and CC Debugger. |
Just to be sure. You should NOT connect the usb side of the stick.
Just the stick with the cables to the Cc Debugger.
Von meinem iPhone gesendet
… Am 07.09.2019 um 13:59 schrieb Cristian Sandu ***@***.***>:
@AsFaBw me again :)... So I wired it up like in this post: https://projectaweek.com/2016/04/11/rfcat-on-ez430-chronos-dongle-with-cc-debug/
However, the CC debugger does not detect the chip, no matter what I do. Maybe I need to put in bootloader mode or something before connecting?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
I started working on porting to cc1101 via SPI. Porting is not going to be trivial, since many of the tasks executed on the microcontroller must now be done on the host, in this case the RPi running the rfcat python application. Note that not much is functional for now. It can just detect the CC1101 dongle connected to SPI. |
nice work, @maximevince :) i applaud your direction and passion! let me know if i can answer any questions. @ |
@atlas0fd00m thanks! |
Hi, I have the same srf case than you, as TI manuals says for smart RF minimum connection I need to pair DD and DC that I have found in cc debuger connector but I can't find it in SRF. Could you tell me which holes correspond with the pins ? Thank you !! |
ping @AsFaBw |
Hi @crazyquark after no luck with SRF I have bought the same of you. I have URF V 0.3a that is slightly different than http://www.picaxe-shop.de/URF-Module-ohne-Gehaeuse If the two test points in the back of the stick (or in the front in V 0.3)near of the chip are P1 and P2 Could you point me where is RST and Power ? The stick has 1 RST pin hole and 2 PWR pin holes Also, Did you put together Target Voltage Sense and 3.3v connected to PWR ? Thank you ! |
@maximevince Try these CC1101 examples. If you use a 5V Arduino, be sure to use logic level converter to 3.3V CC1101 module https://www.sparkfun.com/products/12009 |
/me facepalm: @maximevince wow, i asked if i could help and now i see how i dropped the ball. |
@atlas0fd00m no worries! I had a basic version working using RPi + CC1101. However, quite some internal registers are different, and I did not pursue it further. But an rfcat-like tool for any kind of cheap sub-ghz chipset would still be really nice, of course. Not sure when I'll pick the side-project up again. I'll be sure to let you know! |
thanks, @maximevince . i agree! travis goodspeed and i started working on a "sdrcat" project years ago, trying to simplify the SDR experience, but alas bitrot and lack of time kept it from becoming a real thing. i'm always open to new hardware for the RfCat interface. currently RfCat works with CC1111 and CC2511 chips (for 2.4GHz). i've got code started to support CC2341 (15.4 chip), but i ran out of time. these all use the same processor (a 8051-based ChipCon chip), radio, and USB interface. the RfCat USB interface is pretty simple (at least at the core requirements), and i'm happy to support/guide anyone who wants to write RfCat firmware for a different piece of hardware. if the radio is the same, we can use some of the existing python/firmware interface code. if not, we can still use the RfCat simplicity and wrap it into the RfCat family. let me know if you'd be interested in implementing a new member of the RfCat family! |
Hello! There is a project similar to rfcat, it may not be as powerful, but this works well with CC1101 modules: https://github.com/rfquack/RFQuack Recently we developed a device (Evil Crow RF), it has an ESP32-PICO module for WiFi and two CC1101 radio modules. I tested with rfquack and it works! The device will go on sale after the Chinese New Year (I am Spanish, but the manufacturing is in China). The device is low-cost and will cost around 20$ - 30$. It would be interesting to implement rfcat on it I attach a picture so you can see the Evil Crow RF device: |
I really love rfcat... ...although the available hardware seems to be for me quite expensive (starting with the TI CC1111EMK ~70Euro as the black chronos board is not available any more).
I wonder for some time, whether there is a possibility to port rfcat for cheaper hardware.
One device I came across is the Max!Cube ( https://www.eq-3.de/produkte/max-heizungssteuerung/max-hausloesung/bc-lgw-o-tw.html ). The device has an CC1101 and is available from 22,95 inclusive shipping (within Germany).
There is already custom firmware available for homeautomation ( https://github.com/heliflieger/a-culfw/tree/master/culfw/Devices/CUBe ).
There is also the possibility to add up to 3 further cheap CC1101 boards into the device.
That could allow to operate one CC1101 in monitor mode, while another could be sending.
Is there somebody out there having the software capabilities to merge the two projects (rfcat/MaxCube interface).
I would be interested in your thoughts and comments...
The text was updated successfully, but these errors were encountered: