Thursday, December 7, 2017

How to use LAUNCHXL-CC2650 to work with Wireshark as Zigbee sniffer.

The following steps show you how to use LAUNCHXL-CC2650 to work with Wireshark as Zigbee sniffer.

1. Download and install PACKET-SNIFFER-2 from http://www.ti.com/tool/PACKET-SNIFFER
 
2. Connect the LaunchPad board to the PC with a USB cable and program sniffer_fw_15_4.hex under C:\Program Files (x86)\Texas Instruments\SmartRF Tools\SmartRF Packet Sniffer 2\sniffer_fw\bin\cc26x0lp\15.4 to your LAUNCHXL-CC2650 using Flash Programmer 2.



3. Start SmartRF Sniffer Agent and select Data -> Data Out to check "Use Pipe".



4. Press the Device Configuration button and select a sniffer device, frequency band and channel to use.



5. Press "Start All" button. The incoming data indicator becomes green and the outgoing data indicator becomes blue.



6. Install Wireshark and create a new desktop shortcut. Then, modify the Target setting of the new Wireshark shortcut to add "-i\\.\pipe\tiwspc_data -k" to the end.



7. Start Wireshark and go to Edit->Preferences...->Protocol->Zigbee to add Zigbee TC Link Key "5a6967426565416c6c69616e63653039".



8. Start the new Wireshark shortcut and you will see Wireshark starts to do Zigbee sniff.


Wednesday, November 29, 2017

Using Contiki UDP client to send ON/OFF command to remote UDP server to toggle LED on CC13xx/CC26xx.

The following steps show you how to revise Contiki UDP client/server examples to allow you send UART ON/OFF command to UDP client, UDP client sends ON/OFF command over the air to UDP server, and UDP server toggles red LED. The following tests are done using two LAUNCHXL-CC1310.

1. Revise the following red lines in udp-client.c
...
#include "net/ip/uip-udp-packet.h"
#include "sys/ctimer.h"
#include "dev/leds.h"
#ifdef WITH_COMPOWER
#include "powertrace.h"
#endif
#include
#include

...
static struct uip_udp_conn *client_conn;
static uip_ipaddr_t server_ipaddr;

char cmd[16];

/*---------------------------------------------------------------------------*/
PROCESS(udp_client_process, "UDP client process");
AUTOSTART_PROCESSES(&udp_client_process);
/*---------------------------------------------------------------------------*/
static int seq_id;
static int reply;
...

/*---------------------------------------------------------------------------*/
static void
send_packet(void *ptr)
{
  char buf[MAX_PAYLOAD_LEN];

#ifdef SERVER_REPLY
  uint8_t num_used = 0;
  uip_ds6_nbr_t *nbr;

  nbr = nbr_table_head(ds6_neighbors);
  while(nbr != NULL) {
    nbr = nbr_table_next(ds6_neighbors, nbr);
    num_used++;
  }

  if(seq_id > 0) {
    ANNOTATE("#A r=%d/%d,color=%s,n=%d %d\n", reply, seq_id,
             reply == seq_id ? "GREEN" : "RED", uip_ds6_route_num_routes(), num_used);
  }
#endif /* SERVER_REPLY */

  seq_id++;
  PRINTF("CMD:%s send to %d SEQ_ID:%d\n",cmd,
         server_ipaddr.u8[sizeof(server_ipaddr.u8) - 1], seq_id);
  sprintf(buf, "%s from the client SEQ_ID:%d ",cmd, seq_id);
  uip_udp_packet_sendto(client_conn, buf, strlen(buf),
                        &server_ipaddr, UIP_HTONS(UDP_SERVER_PORT));
}
/*---------------------------------------------------------------------------*/
...

/*---------------------------------------------------------------------------*/
PROCESS_THREAD(udp_client_process, ev, data)
{
  static struct etimer periodic;
  static struct ctimer backoff_timer;
#if WITH_COMPOWER
  static int print = 0;
#endif

  PROCESS_BEGIN();

  PROCESS_PAUSE();

  cc26xx_uart_set_input(serial_line_input_byte);
 
  set_global_address();

  PRINTF("UDP client process started nbr:%d routes:%d\n",
         NBR_TABLE_CONF_MAX_NEIGHBORS, UIP_CONF_MAX_ROUTES);

  print_local_addresses();

  /* new connection with remote host */
  client_conn = udp_new(NULL, UIP_HTONS(UDP_SERVER_PORT), NULL);
  if(client_conn == NULL) {
    PRINTF("No UDP connection available, exiting the process!\n");
    PROCESS_EXIT();
  }
  udp_bind(client_conn, UIP_HTONS(UDP_CLIENT_PORT));

  PRINTF("Created a connection with the server ");
  PRINT6ADDR(&client_conn->ripaddr);
  PRINTF(" local/remote port %u/%u\n",
    UIP_HTONS(client_conn->lport), UIP_HTONS(client_conn->rport));

#if WITH_COMPOWER
  powertrace_sniff(POWERTRACE_ON);
#endif

  etimer_set(&periodic, SEND_INTERVAL);
  while(1) {
    PROCESS_YIELD();
    if(ev == tcpip_event) {
      tcpip_handler();
    }

    if(ev == serial_line_event_message && data != NULL) {
      printf("command received:%s\n",(char *)data);
      
if(strcmp(data,"ON")==0){
         for(int i=0; i < 16 ; i=i+1) cmd[i]=0x0;
         cmd[0]=0x4F;
         cmd[1]=0x4E;
         leds_on(LEDS_RED);
      }else if(strcmp(data,"OFF")==0){
 
         for(int i=0; i < 16 ; i=i+1) cmd[i]=0x0;        
         cmd[0]=0x4F;
         cmd[1]=0x46;
         cmd[2]=0x46;
         leds_off(LEDS_RED);
      }
      send_packet(NULL); 

    }

    if(etimer_expired(&periodic)) {
      etimer_reset(&periodic);
      ctimer_set(&backoff_timer, SEND_TIME, send_packet, NULL);

#if WITH_COMPOWER
      if (print == 0) {
    powertrace_print("#P");
      }
      if (++print == 3) {
    print = 0;
      }
#endif

    }
  }

  PROCESS_END();
}
/*---------------------------------------------------------------------------*/

2. Build udp-client.bin by "make TARGET=srf06-cc26xx BOARD=launchpad/cc1310 udp-client.bin" and download udp-client.bin to one LAUNCHXL-CC1310.


3. Revise the following red lines in udp-server.c
...
#define DEBUG DEBUG_PRINT
#include "net/ip/uip-debug.h"
#include "dev/leds.h"

#define UIP_IP_BUF   ((struct uip_ip_hdr *)&uip_buf[UIP_LLH_LEN])
...
/*---------------------------------------------------------------------------*/
static void
tcpip_handler(void)
{
  char *appdata;

  if(uip_newdata()) {
    appdata = (char *)uip_appdata;
    appdata[uip_datalen()] = 0;
    PRINTF("DATA recv '%s' from ", appdata);
    if(appdata[0]==0x4F && appdata[1]==0x4E ){
        leds_on(LEDS_RED);
    }
    if(appdata[0]==0x4F && appdata[1]==0x46 && appdata[2]==0x46){
        leds_off(LEDS_RED);
    }
   
    PRINTF("%d",
           UIP_IP_BUF->srcipaddr.u8[sizeof(UIP_IP_BUF->srcipaddr.u8) - 1]);
    PRINTF("\n");
#if SERVER_REPLY
    PRINTF("DATA sending reply\n");
    uip_ipaddr_copy(&server_conn->ripaddr, &UIP_IP_BUF->srcipaddr);
    uip_udp_packet_send(server_conn, "Reply", sizeof("Reply"));
    uip_create_unspecified(&server_conn->ripaddr);
#endif
  }
}
/*---------------------------------------------------------------------------*/
...


4. Build udp-server.bin by "make TARGET=srf06-cc26xx BOARD=launchpad/cc1310 udp-server.bin" and download udp-server.bin to another LAUNCHXL-CC1310.

5. Start UDP server on one LAUNCHXL-CC1310 running udp-server.bin and start UDP client on another LAUNCHXL-CC1310 running udp-client.bin.

  

6. You can enter "ON" and "CTRL+Enter" to send ON command with end character "0x0A" to COM port of LAUNCHXL-CC1310 running UDP client and you will see red led is turned ON on another LAUNCHXL-CC1310 running UDP server.

7. You can enter "OFF" and "CTRL+Enter" to send OFF command with end character "0x0A" to COM port of LAUNCHXL-CC1310 running UDP client and you will see red led is turned OFF on another LAUNCHXL-CC1310 running UDP server.

Monday, October 23, 2017

How to configure 6lbr to make it can do ping6 to a CC26xx/CC13xx node from Raspberry Pi running 6lbr.

The following steps shows you how to configure 6lbr to make it can do ping6 to a CC26xx/CC13xx node from Raspberry Pi running 6lbr.

1. Run "sudo vi /etc/6lbr/6lbr.conf" on Raspberry Pi terminal and use the following bridge mode settings.

RAW_ETH=0
BRIDGE=1
CREATE_BRIDGE=0
DEV_BRIDGE=br0
DEV_TAP=tap0
DEV_ETH=eth0
DEV_ETH_FCS=0

DEV_RADIO=/dev/ttyACM0
BAUDRATE=115200

LOG_LEVEL=3

2. Run "sudo vi /etc/network/interfaces" on Raspberry Pi terminal and Make sure you have the following br0 settings (red lines) added.

auto lo
iface lo inet loopback

auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

#auto wlan1
#allow-hotplug wlan1
#iface wlan1 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface eth0 inet static
address 0.0.0.0

auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
up echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snoopng
post-up ip link set br0 address 'ip link show eth0 | grep ether | awk '{print $2}''


3. Restart your Raspberry Pi (sudo reboot) and 6lbr (sudo service 6lbr start) to apply those changes.

4. Run "sudo route -A inet6 add fd00::/64 gw bbbb::100" to add routing of fd00::/64 to bbbb::100



5. Make sure you enable IP64 on your 6lbr configuration page.



6. Check IPv6 address of your CC26xx/CC13xx node



7. Run "ping6 fd00::212:4b00:e00:cc0" to ping your CC26xx/CC13xx node and get responses.


Thursday, October 19, 2017

Using CC13xx/CC26xx running Contiki OS to toggle LED from UART.

The following example shows how to using CC13xx/CC26xx running Contiki OS to toggle LED from UART.

1. Replace the following code into hell-world.c

#include "contiki.h"
#include "dev/cc26xx-uart.h"
#include "dev/serial-line.h"
#include "dev/leds.h"

#include < stdio.h >/* For printf() */
#include  < string.h >


 PROCESS(test_serial, "Serial line test process");
 AUTOSTART_PROCESSES(&test_serial);

 PROCESS_THREAD(test_serial, ev, data)
 {
   PROCESS_BEGIN();
   cc26xx_uart_set_input(serial_line_input_byte);
  
   printf("Hello, world Serial line test\n");

   for(;;) {
     PROCESS_YIELD();
     if(ev == serial_line_event_message) {
       printf("received line: %s\n", (char *)data);
       if(strcmp(data,"ON")==0)
           leds_on(LEDS_GREEN);
       else if(strcmp(data,"OFF")==0)
           leds_off(LEDS_GREEN);
     }
   }
   PROCESS_END();
 }


2. Build hello-world.bin for LAUNCHXL-CC1310 using  "make TARGET=srf06-cc26xx BOARD=launchpad/cc1310 hello-world.bin"

3. Download hello-world.bin to LAUNCHXL-CC1310 using Flash Programmer 2.

4. Start a terminal tool like teraterm to connect to LAUNCHXL-CC1310 application virtual COM port..

5. Enter "ON" and "CTRL+Enter" to send ON command with end character "0x0A" to LAUNCHXL-CC1310 and you will see green led is turned on

6. Enter "OFF" and "CTRL+Enter" to send OFF command with end character "0x0A" to LAUNCHXL-CC1310 and you will see green led is turned on

Friday, October 6, 2017

Google/Sphinx Speech Recognition using PyAudio and SpeechRecognition module on Raspberry Pi

The following steps show you how to test Google/Sphinx Speech Recognition using PyAudio and SpeechRecognition module on Raspberry Pi using a C-Media USB Microphone.

1. Test USB Microphone

1.A: Use "cat /proc/asound/cards" to check if C-Media USB Microphone is listed.
1.B: Use "alsamixer" to addjust USB Microphone gain
1.C: Use "arecord -D sysdefault:CARD=1 -duration=10 -f cd -vv ~/mic.wav" to record something into mic.wav
1.D: Use "aplay ./mic.wav -D sysdefault:CARD=0" to play mic.wave to verify USB Microphone works fine.

2. Install python3-pip and SpeechRecognition module
sudo apt-get update
sudo apt-get install python3-pip
sudo pip3 install SpeechRecognition

3. Install PyAudio
sudo apt-get install git
sudo git clone http://people.csail.mit.edu/hubert/git/pyaudio.git
sudo apt-get install libportaudio0 libportaudio2 libportaudiocpp0 portaudio19-dev
sudo apt-get install python3-dev
cd pyaudio
sudo python3 setup.py install

4. Install flac which would be used by Google Speech Recognition.
sudo apt-get install flac

5. Test PyAudio and SpeechRecognition module using Googole: Using the following python code saved in google.py and run "python3 google.py"

#!/usr/bin/env python3

import speech_recognition as sr

# obtain audio from the microphone
r = sr.Recognizer()
r.energy_threshold = 4000

while True:
  with sr.Microphone() as source:
    print("Say something!")
    audio = r.listen(source)

  try:
    print("The audio file contains: " + r.recognize_google(audio))

  except sr.UnknownValueError:
    print("Google Speech Recognition could not understand audio")

  except sr.RequestError as e:
    print("Could not request results from Google Speech Recognition service; {0}".format(e))

6. Setup pocketsphinx
sudo apt-get install swig
sudo apt-get install libpulse-dev
sudo pip3 install pocketsphinx


7. Test PyAudio and SpeechRecognition module using pocketsphinx: Using the following python code saved in sphinx.py and run "python3 sphinx.py"

#!/usr/bin/env python3

import speech_recognition as sr

# obtain audio from the microphone
r = sr.Recognizer()
r.energy_threshold = 4000

while True:
  with sr.Microphone() as source:
    print("Say something!")
    audio = r.listen(source)

  try:
    print("Sphinx thinks you said " + r.recognize_sphinx(audio))
  except sr.UnknownValueError:
    print("Sphinx could not understand audio")
  except sr.RequestError as e:
    print("Sphinx error; {0}".format(e))



Sunday, September 3, 2017

Secure Zigbee Pairing Using NFC

As we all know that Zigbee protocol is vulnerable when a new device join the network. If a non-preconfigured device joins a network, a single key may be sent unprotected and enable encrypted communication. This one-time transmission of the unprotected key results in a short time frame of exploitation in which the key could be sniffed by an attacker. We implement a more secure Zigbee Pairing Using NFC and all of implementations are based on TI CC2530-CC2592 and TRF7963A as the following block diagram. The network key is send through TRF7963A from Zigbee coordinator (connecting to IOT GW) to NFC tag which is connected to Zigbee device. So, network key won't go over the air during Zigbee pairing and it won't be captured by any Zigbee sniffer.



The following video gives a demonstration about the process.




Friday, June 23, 2017

Build TI Z-Stack Linux Home Gateway reference design to run on both Linux 16.04 AMD64 (64Bit) and x86 (32Bit).

1. Download Z-Stack_Linux_Gateway-1.0.1-src-linux-installer.run from http://www.ti.com/tool/z-stack-archive.

2.a. If you use  Linux 16.04 x86 (32Bit), you can run Z-Stack_Linux_Gateway-1.0.1-src-linux-installer.run to extract Z-Stack Linux Gateway source code to your Linux Home folder\Z-Stack_Linux_Gateway-1.0.1-src

2.b. If you use  Linux 16.04 AMD64 (64Bit),you can refer to http://processors.wiki.ti.com/index.php/Sitara_Linux_SDK_64_Bit_Ubuntu_Support and have to run the following apt-get install command to install necessary packages before you run Z-Stack_Linux_Gateway-1.0.1-src-linux-installer.run 32 bit script to unpack Z-Stack Linux Gateway source code to your Linux Home folder\Z-Stack_Linux_Gateway-1.0.1-src.

 sudo apt-get install libc6:i386
 sudo apt-get install libx11-6:i386 libasound2:i386 libatk1.0-0:i386 libcairo2:i386 libcups2:i386 libdbus-glib-1-2:i386 libgconf-2-4:i386 libgdk-pixbuf2.0-0:i386 libgtk-3-0:i386 libice6:i386 libncurses5:i386 libsm6:i386 liborbit2:i386 libudev1:i386 libusb-0.1-4:i386 libstdc++6:i386 libxt6:i386 libxtst6:i386 libgnomeui-0:i386 libusb-1.0-0-dev:i386 libcanberra-gtk-module:i386 gtk2-engines-murrine:i386

3. Revise the build script package_builder_bbb (in red) under “your Linux Home folder\Z-Stack_Linux_Gateway-1.0.1-src\Source\scripts\”

...
#Target platform:
    #export TARGET_PLATFORM="BEAGLEBONE_BLACK"
    export TARGET_PLATFORM="x86"

...
    cd $NPI_SOURCE/Projects/tools/LinuxHost
    make clean
    make create_output
    #make arch-all-armBeagleBone CC_armBeagleBone=$COMPILER |& tee -a $MAKE_LOG_FILE
    make $BUILD_TYPE |& tee -a $MAKE_LOG_FILE

...
# *** Copy resources ***********************************************************************************

#cp $NPI_SOURCE/Projects/tools/LinuxHost/out/NPI_lnx_armBeagleBone_server $BINARIES_SERVERS_DIR/NPI_lnx_${PLATFORM_SUBSTRING}_server
cp $NPI_SOURCE/Projects/tools/LinuxHost/out/NPI_lnx_${PLATFORM_SUBSTRING}_server $BINARIES_SERVERS_DIR/NPI_lnx_${PLATFORM_SUBSTRING}_server


4.Download protobuf 2.5.0-9ubuntu1 source package from https://launchpad.net/ubuntu/+source/protobuf/2.5.0-9ubuntu1 and build/install it with the following steps.
 
   4.a. Extra protobuf 2.5.0-9ubuntu1 to protobuf 2.5.0 folder and switch into protobuf 2.5.0 folder
   4.b. run "./configure"
   4.c. run "make"
   4.d. run "sudo make install"
   4.e. run "sudo ldconfig"

5.Download protobuf-c 0.15-1build1 source package from https://launchpad.net/ubuntu/+source/protobuf-c/0.15-1build1 and build/install it with the following steps.
 
   5.a. Extra protobuf-c 0.15-1build1 to protobuf-c-0.15 folder and switch into protobuf-c-0.15 folder
   5.b. run "./configure"
   5.c. run "make"
   5.d. run "sudo make install"
   5.e. run "sudo ldconfig"

6. Create a new folder "tools" and export TCLIB to it using the following lines:

   cd ~
   mkdir tools
   export TCLIB=~/tools

7. Switch to your Linux Home folder\Z-Stack_Linux_Gateway-1.0.1-src\Source\ and run ./build_all

8. The output will be at "your Linux Home folder\Z-Stack_Linux_Gateway-1.0.1-src\Source\ERROR_out\z-stack_linux_gateway_x86_binaries.tar". The build error is due to the lack of comparison file but the output binaries still work on x86 environment.

9. Copy and untar “z-stack_linux_gateway_x86_binaries.tar” to your working directory on x86 (called ).

10. Disable flowcontrol in NPI_Gateway.cfg like the followings:

    ...
    [UART]
    speed=115200 ; speed
    flowcontrol=0 ; 1=enabled 0=disable
    ...

11. Please follow the (Z-Stack Linux Gateway User Guide.pdf, Chap 6.3) to start the application. Please note you have to specify x86 when you run zigbeeHAgw like "sudo ./zigbeeHAgw x86" in one terminal and run "./start_application" on another terminal.