Welcome to the uracoli Blog

µracoli stands for microcontroller radio communications library and is intended to be a package that demonstrates capabilities and usage of Atmel's IEEE-802.15.4 radio transceivers AT86RF{230,231,212} in combination with AVR 8 bit microcontrollers (e.g. ATmega16, ATmega1281, ATmega128RFA1, ...).

Donnerstag, 4. April 2013

STK500 + Mega16L + RZ600 Radio Board = Sniffer

Recently on AVR-Freaks there was a discussion how to sniff frames with a RZ600 radio board, that is eventually available. After a look in the data sheets, I figured out that the stone old µracoli-target stkm16 can be easily modified to do this job.

STK500 with RZ600 Radio Board - the JTAG-ICE in the background was used for debugging and is normally not needed, a simple 6pin ISP cable would be sufficient to flash the ATmega16L

Here is the recipe:
  • take a STK500 
  • an ATmega16L (because of 3.3V) in DIP (or better a Mega64)
  • 3 x double wires
  • a RZ600 board (I used the one with AT86RF230)
  • a power supply
  • a RS232 cable
Assemble the above components:
  • double check if only the mega16L plugs in the STK500
  • wire PD0/1 to RXD/TXD of RS232 spare
  • wire PA4 ... PA7 with LED0...3 (if you like blinking LEDs)
  • plug RZ600 on PORTB
  • set he STK500 jumpers :  
    • VTARGET, AREF, RESET, XTAL1, BSEL2 connected,
    • OSCSEL connected 1-2 (SW clock from STK500)
Next compile the target stkm16 (will come with version 0.4.0 soon, meanwhile
pull the repository and use rel_0.4.0 branch)  and configure the STK500.
  • connect the serial interface to RS232-CTRL
  • avrdude -P /dev/ttyS0 -p m16 -c stk500v2 -tF
  • type  fosc 3.6864
  • type  vtarg 3.4
This ensures that RZ600 radio board operates at a valid voltage level
and the SW clock with a baudrate friendly frequency is used

Now flash the firmware sniffer_stkm16.hex and set the fuses to lf = 0xfe, hf = 0x91.

Next run the script sniffer.py from uracoli-sniffer-.zip
 python sniffer.py -p /dev/ttyS0:115200 -c 17 | wireshark -ki -
and voila - we can sniff.

Wireshark and Sniffer Frontend - for those who look at details they will see it is an older screenshot :-)

However there are some limitations. Because there is just 1K of RAM in the Mega16, you can't  buffer much data and so you will loose some frames if a large traffic peak occurs in your network.

Keine Kommentare:

Kommentar veröffentlichen