C library for the Bus Pirate binary scripting mode

in Bus Pirate by DP | 35 comments

Bquoitin developed a C library for interfacing with the Bus Pirate binary scripting mode. So far he has successfully used it to communicate with various SPI devices:

“libbuspirate” [is] a short C library that allows easy interaction with the Bus Pirate. It was written a few months ago and I’ve been using it several times to interface with SPI devices such as the CC2500 and MRF24J40 RF transceivers and lately with the ENC28J60 Ethernet controller.

Get your own handy Bus Pirate for $30, including world-wide shipping. Also available from our friendly distributors.

Via the contact form.

This entry was posted in Bus Pirate and tagged , .

Comments

  1. Joe Desbonnet says:

    Snap. Was working on exactly the same C library, to talk to the exact same chips (well the MRF24J40 modules), but this library seems to be much further along. Cool! less work for me now :-) Nice thing about a C library (vs Python etc) is that it will work on resource constrained devices like OpenWRT router boxes etc.

  2. Bruno says:

    Joe: if need be, I can also provide a small C library that allows to send/receive frame using IEEE802.15.4 in non-beacon mode with the MRF24J40. The library was tested using various microcontrolers: ATmega328, PIC24FJ64GA002 and LPC2103. I also got a replacement firmware for the bus pirate v3 that turns it into a IEEE802.15.4 sniffer. Let me know if there is interest and I will release it…

  3. Joe Desbonnet says:

    Bruno — yes both would be of interest. Especially the BusPirate as a 802.15.4 sniffer. It was on my todo list for this year (main reason it hasn’t happened so far is because the lag in interaction between PC and MRF24J40 is too slow to get a packet off the device before the next one arrives — custom firmware is probably the way to go). For practical work I’m currently using the the Microchip ZENA. I wrote a small C program to link it to Wireshark (http://jdesbonnet.blogspot.com/2011/02/using-microchip-zena-zigbee802154.html), but the ZENA is way, way, way over priced (and seems to be an abandoned product anyway). MRF24J40MA/B/C + BusPirate would make a nice cheap sniffer.

  4. Ian says:

    I would also be very interested.

  5. will says:

    i was about to purchase the zena but difficult to justify the price and i don’t know of another. not sure if the atmel one would work on my xbee net at home? i’m spoiled by wireshark for sure.

    the “BusPirate as a 802.15.4 sniffer” would be GREAT!! tried the above link to the code but didn’t work.

    • Bruno says:

      Hi Will ! Sorry it looks like I inadvertently switched off the project’s public flag.
      Can you try it again ?

      • will says:

        @bruno

        yes i was able to get in, thank you

      • will says:

        @bruno

        if the RZUSBSTICK doesn’t need to be reprogrammed, and seems like the only affordable zigbee hardware sniffer, guess i’ll get one. as i mentioned, Microchip support emailed today that they wouldn’t use their 2.4Ghz zena stick to sniff zigbee, stated better 3rd party tools. i asked them as i was about to order one.

        there is a guy on freaklabs that put a 802.15.4 sniffer together with arduino based boards, some C# code & wireshark, making use of named pipes. you’ve probably seen it. i’m not familiar with arduino’s. for me a low cost already-made hardware solution blends better currently.

        i did order the bus pirate v3.5 today from adafruit. never used one before but looks like fun.

        no guru here, just a home hobbyist experimenting with getting the mrf24j40maA, atzb-24-a2, and
        xbee talking on the same net. waiting on the other two radios which i recently ordered.

    • Bruno says:

      I have to add that you can get another cheap sniffer from Atmel: it is named the RZUSBSTICK (http://www.atmel.com/tools/RZUSBSTICK.aspx). I got one for about 35 EUR in Europe. I have some python code to make it act as a sniffer (contact me if it makes sense for you). You can also have a look at the KillerBee project for a replacement firmware. However, you need an ATMEL JTAG programmer to flash the RZUSBSTICK which unfortunately is much more expensive than a PicKit.

      • will says:

        @bruno

        thanks for the offer. i did see that atmel has their stick as does TI have one. microchip makes a few vers of their zena dongles but their tech support stated for zigbee sniffing, there are third party versions much better.

        curious, if i purchased the atmel stick and used your py code app, would i be able to use wireshark to view packets? wireshark has a few wrappers now for 802.15.4, or so i read. fraid my programmers are pickit.

        thanks

  6. Joe Desbonnet says:

    MRF24J40MA/B/C ($8 for the A version) and a low cost MCU or the Bus Pirate (maybe with custom firmware to get the thruput) is all you need in theory.

    I’ve already got a working 802.15.4 sniffer using Wireshark + MRF24J40MA (and B) + PIC18F4550 + FTDI cable + Java program to setup the registers and translate the packets into PCAP format for Wireshark. It works *except* I don’t get most of the ACK packets because I’m not offloading the packets fast enough. My problem with the current setup is that I’m using software SPI (the 4550 uses the same lines for the UART and and SPI and it’s easier to bitbang SPI than UART) .

    I just got some PIC24FJ and PIC32MX chip samples which I think will make a better interface.

    Would anyone like to collaborate on a 802.15.4 sniffer?

    • Bruno says:

      Joe, I’m definitely interested to collaborate.

      Note that in my alternative bus pirate firmware, I was able to capture ACK frames only if I put a limit on the length of regular (DATA) frames. If frames are shorter than say 32 bytes, I am able to get the RX interrupt, copy the frame from the transceiver’s RX buffer and clear the RX buffer fast enough to get the subsequent ACK frame. I’m using the hardware SPI port, but I could not use it successfully at 8Mbps. According to the datasheet, the MRF24J40 transceiver is supposed to work with a clock up to 10MHz but I couldn’t get reliable operations at 8MHz. The current code is configured to work at 4MHz (this can be changed easily).

      I faced another problem when reading frames from the transceiver’s internal RX buffer. The datasheet recommends setting the RXDECINV bit to disable reception when reading the RX buffer and clearing RXDECINV when reading is done. When I follow this recommendation, I am not able to capture a single ACK frame. The current code has this RXDECINV bit trickery disabled. The datasheet says that the RX FIFO internal pointer (used by the MAX circuitry) will be cleared when the first byte of the RX buffer is read. My assumption is that it will still work if I am able to read bytes from the RX buffer faster than the RX MAC will write bytes. The RX MAC is not supposed to write faster than 31250 bytes/s (250kbps bitrate). At best, reading a single byte from the RX buffer through SPI requires 3 bytes to be exchanged over the bus (LONG ADDRESS READ) -> at best I should be able to read 166666 bytes/s.

      Anyway, if you get a chance to try the implementation, I will be very interested by your feedback.

  7. Joe Desbonnet says:

    Bruno,
    Thanks for the update. Great to see the link to the source is working again… I was wondering about that. So speed is absolutely critical for getting packets off the MRF24J40 fast enough not to miss the following ACK packet. It seems to be a design oversight by Microchip not to have included better buffering on-chip (I guess under normal usage this sort of speed is not critical. I believe ACKs are handled automatically by the chip). I’m downloading your code now. Hopefully I’ll have time to try to build that in the next few days.

    Joe.

    • Bruno says:

      Joe
      You are right. Under normal usage, the transceiver can be configured to handle ACKs automatically. Anyway, the MRF24J40 is used in Microchip’s Zena sniffer. Therefore we should also be able to capture ACK frames. It might just be a matter of better understanding the datasheet :-) Or perhaps certain features of the transceiver are not revealed in the current revision of the datasheet…

  8. Joe Desbonnet says:

    Bruno, Ah I see they have a new MRF24J40 based ZENA now. And priced more reasonably at €38 (the original was about €120). The original used a CC2420 (formerly from Chipcon and now part of TI). The chip markings were conveniently erased. It must have been embarrassing for them to be using a competitor’s part. Ok, this is encouraging: so it’s obviously possible to use the MRF24J40 as a sniffer… just need to ramp up the SPI speed to near its limit. The datasheet on the new ZENA seems to have more tech details than the last… I must read. Oh.. have the RZUSBSTICK too… but lost interest in it when I discovered I needed to spend another €200+ on a programmer. Is that still the case? For me, one thing that puts Microchip ahead of its competitors: a cheap programmer and free development tools (ok– the free compilers have some limits… but limits I can live with). TI have great hardware, but you need IAR (€2000+) to do anything useful with them.

    • Bruno says:

      The python code I have works with the RZUSBSTICK without the need for a firmware replacement.

      Regarding development tools: I like Microchip MCUs and tools (esp. the PicKit which is inexpensive). even if they took time to become linux/mac os x friendly (MPLAB X).
      I like Atmel 8-bit MCU because the software development suite (gcc and co) has been available early. I have never invested money in hardware for Atmel development tools apart from the Bus Pirate ;-).

      I have not had very good experiences with TI tools and linux/mac os x despite several attempts with the ez430, ez430-rf2500 and the “chronos”. Their USB/serial adapters in particular are really annoying. I spent too much time trying to get them to work with the different dev tools.

  9. will says:

    @Bruno

    >>The python code I have works with the RZUSBSTICK without the need for a firmware replacement.

    i ordered the rz stick today, so i’d like to have that py code you mentioned.

    thx

    • Bruno says:

      Hi Will,
      How can I send you the python code ?
      Bruno

    • Bruno says:

      Will,
      I have put a short description of the code here. There is a download link at the end of the wiki page.
      Bruno

      • Edmund says:

        I’ve tried all of the links to the code and and pictures, and all say “not authorized”. I’m logged in using an account I created in the web site. Are you still making your work available for others to try?

      • Bruno says:

        Edmund,
        Sorry about this. The public status of my project has been changed. Not by me, but presumably by the university forge admins. The project is public again. I will check with the admins why this changes without my consent. Meanwhile, feel free to contact me in case you are not authorized to access the project.
        Bruno

  10. will says:

    thanks Bruno, i downloaded it. the usb stick should arrive soon (hoping).

  11. Bruno says:

    Will,
    OK. Please let me know how it goes.
    Bruno

  12. Bruno says:

    For those who want to connect a MRF24J40MA transceiver module to their Bus Pirate, I have put pictures of the small proto board adapter I use on the wiki page.

  13. Joe Desbonnet says:

    There is another candidate for a nice low cost 802.15.4 sniffer: the STMicroelectronics STM32W-RFCKIT. I wrote up a little howto on this. http://jdesbonnet.blogspot.com/2012/04/stm32w-rfckit-as-low-cost-802154-zigbee.html

    Windows only unfortunately…. but I hope to reverse engineer the firmware protocol and write a Linux Wireshark bridge.

  14. will says:

    joe,

    you’re working on the ‘microchip-zena’ project, yes?

    let me ask, the stm32w-rfckit, this is better than the microchip ZENA solution, yes? less expensive and free wireshark has more features than ZENA.

    will

  15. Joe Desbonnet says:

    Right now I can’t say for sure. But here are some observations so far. 1. In a very unscientific test where both devices were on my desk not far apart, I ran the ZENA (original version) with my software together with the the STM32W-RFCKIT dongle with their Windows based Wireshark server. The STM32W device picked up far more packets from my ZigBee network during the run (see note append to my blog post above). 2. The STM32W-RFCKIT is confined to Windows for the moment, until I get a chance to reverse engineer their firmware’s protocol (they are not willing to share this information unfortunately)… or write my own firmware. 3. The STM32-RFCKIT comes with a dongle and a remote control device for about €33 which certainly represents better value than the original ZENA is still cheaper than the new ZENA. 4. The original ZENA’s software was very limited. I had a quick look at the user manual for the new version. The software looks better, but it’s not Wireshark.

  16. Joe Desbonnet says:

    Ok, almost have the STM32W-RFCKIT sniffer firmware protocol figured. I’ve got as far as a Linux C program that will allow channel change and will dump frames in hex to stdout. Just got a few more fields in the frame header to figure and then to write PCAP format to stdout so that it can be consumed by Wireshark.

  17. will says:

    @Joe,

    appreciate the reply. think i’ll order a stm32w-rfckit soon. good price and better features than the zena from what your experience shows and from what i read.

    the avr dongle arrived though i haven’t sat down and experimented with it yet.

    that’s some quick programming! will be interesting to see your results. cheers

  18. Joe Desbonnet says:

    Ok, first version of the Linux software to use the €33 STM32W-RFCKIT as a 802.15.4/ZigBee network analyzer is now released under BSD licence. See my blog post for details: http://jdesbonnet.blogspot.com/2012/04/stm32w-rfckit-as-802154-network.html

    • Bruno says:

      Joe,

      Congrats ! Amazing work !

      A few days ago, I received a suggestion from the kismet wireless author: modify my firmware to interact with the linux 802.15.4 stack using the serial-dev protocol (http://sourceforge.net/apps/trac/linux-zigbee/wiki/SerialV1). Do you believe it would be feasible to update STM32-RFCKIT to support that protocol (the list of commands you identified looks quite close to what’s needed).

      By the way would it be possible that the unidentified command 0x01 in STM32-RFCKIT serves to enable the 802.15.4 transceiver ?

      Bruno

      • Joe Desbonnet says:

        Bruno,

        It’s very possible some of these ‘extra’ commands are for sending packets and other advanced features. The firmware returns packet metadata eg RSSI which cannot be used with Wireshark, so whoever wrote that firmware took a general view of things (else they could have just sent out plain PCAP format instead). However I think it’s not worth wasting too much effort on that closed source firmware. I only used it because it was the only way of getting a solution out this week. Else I’ll have to skill up on the whole STM32W thing, which would be nice, but I’m short on time these days. To answer your question: yes I think we can do anything with it this hardware. It looks well spec’ed and if it’s anything like the STM32F4-Discovery eval kit it should be easy to get working with a free toolchain (GCC, GDB etc).

        Joe.

  19. will says:

    i got the stm32w dongle to work under windows XP. i never have gotten my fedora16 VM to fully recognize the dongle. could be an issue with the win2003 server host OS though and not the VM. i’ll have to tweak that some more.

    the ST price for the kit is better than the 39+shipping from DiZiC Co. for their dongle though it is enclosed. i’m a hobbiest so not an issue here at home.

    the digi xbee packets i take it are proprietary and diff from the zigbee standard? the ST dongle and wireshark never picked up a thing from them.

    going to try out the python script soon on the razr dongle and check it out too

  20. Joe Desbonnet says:

    @Will: No the Digi XBee Series 2 are ZigBee compatible if you load the right (ZigBee) firmware on to the modules. I’m running a few ZigBee networks where XBee modules are coordinators and end devices together with devices running TI’s ZStack firmware. It’s not always perfect… they sometimes fight with each other :-) … in particular I have some issues with XBee as router together with ZStack end devices, but it’s mostly a happy family.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.