-
Notifications
You must be signed in to change notification settings - Fork 50
Firmware Releases CC1111
Djamil Elaidi edited this page Jul 8, 2021
·
30 revisions
Note: It may happen that we ship new PandwaRF with more recent FW versions than what is already deployed in the field. In the Android app, if you notice you have a "Current CC1111 FW Version" higher than "Last CC1111 FW Version", don't panic, there is no issue and no need to downgrade manually your PandwaRF. If needed your PandwaRF will be automatically upgraded during next FW OTA campaign.
- Fix UART transfer of last two bytes
- Add check of calculated data rate and retry if value below expectations
- Tweaks to DRM algorithm for improved accuracy
- Fixed issue with FreqFinder. Reset data rate to default before FreqFinder/SpecAn
- Fix issue of CC1111 reset seen during TX when connected via USB
- Add support for the reverse brute force feature
- BugFix: NIC message order, Send NIC_RECV_CAPTURE_STARTED before NIC_RECV
- Bug Fix: Data greater than 250 bytes were sent to Nordic causing an error
- Add additional check when starting UART TX to prevent indefinite wait time when the TX interrupt flag is not set again
- Bug Fix, DMA double copy of UART RX data
- CC1111 UART error fix
- fix local variable rawRssiHolder shadowing outer variable
- RX: fix Automatic frequency calibration not set when going from IDLE to RX
- fix no TX after Specan due to MCSM0 calibration mode kept to Never
- TX: limit the number of byte to transmit in NIC XMIT/XMIT_RLE
- UART: force RX DMA start if UART bytes have already been received when arming the RX DMA
- Keil: optimize for size for RogueDebugRevD, RogueDebugRevF & RogueUnitTestRevF due to program size exceeded
- fix mutliple TX blocked due to CTS staying high and TX FIFO never emptied
- fix wrong calculation of TX FIFO size when R > W
- TX FIFO status: move temporary payload array from global to local
- Always enable enable UART0 RX once for all on startup
- use txdata_noDma instead of appReturn to avoid using potentially corrupted uart0.OUTapp & uart0.OUTcmd
- fix detected datarate sent in big endian in ack of CMD_NIC_STOP_DATARATE_DETECTION
- Minor fixes on marauderfreqFinderBandScan() function
- do not clear UART U0CSR.RX_BYTE to avoid potential overflow caused by RTS asserted
- MAJOR fix: Disable UART RX interrupt (URX0IE = 0) until main loop process the message
- UART: always clear UART buffer after uart0 struct for main loop is filled
- RLE: switch UART buffer if more than PKTLEN in RLE encoded buffer
- do not use DMA to send RfCat UART ACK message to Nordic
- if UART msg length is too big, start a DMA, but mark the message as garbage to throw it away
- fix end of NIC XMIT response with UART TX FIFO status being corrupted with next UART transmission
- TX FIFO status: fix local variable respPayload shadowing outer variable
- USB: use different VID/PID for Rogue
- Clear freqFinder.rfFreqBase array at the beginning of every Marauder Start Capture
- Update processMsgSetFreqFinderFreqs() function to enable FreqFinder band scanning
- Minor fixes and refactors
- Update number of bands to scan to 2 (max currently supported)
- Update RSSI break threshold to -50 dB on marauderfreqFinderBandScan() function
- Remove unnecessary channelSpacing parameter from marauderFreqFinderFreqScan() function
- Organize FreqFinder variables into structures
- Get rid of unused variables
- Add CMD_FREQFINDER_SET_FREQS to isCmdValid() function
- Make P2 interrupt handler independent of GOLLUM_USE_USB flag
- Send frequency detected by FreqFinder to host once Rx started
- Add new command to configure the FreqFinder frequencies
- Fix FreqFinder RSSI break threshold
- Fix scanning bug within the first call of the function: perform a SIDLE command before starting the scan
- integrate MarauderFreqFinder to the application state machine
- Add MarauderFreqFinderScan function: scan 2 fixed frequencies (315/433)
- FreqFinder before Rx: go to MAC_STATE_FREQFINDER_BEFORE_RX_PREP state only when the frequency = 0
- FreqFinder optimization: break round 2 when detecting a decreasing RSSI value
- FreqFinder: Add freqfinder fast version: stop first round's scanning as soon as a frequency is found
- Add FreqFinder before RX: Scan and set the frequency before entering RX mode to receive data
- FreqFinder: Fix scanning bug due to the insufficient RSSI waiting time when entering RX mode
- FreqFinder: Fix frequency calculation bug by casting to char
- FreqFinder: Blink during Freq Finder before RX
- FreqFinder Fix: read PKTSTATUS register value to verify carrier sense
- Jamming: add delay between jamming channel spacing: make the noise evenly distributed over the frequency band
- Add new DRM implementation
- Freq Scan: fix false freq found detection
- Fix TX/BF/Jam after specan: Re-enable the charge pump calibration after a SPECAN
- Fix return codes for Rf process functions
- Update setFreq() function to validate when frequency range limits is correct
- Fix LED green blinking with BLINK_ALIVE flag
- Make UART interrupt priority greater than RF interrupt priority
- Define respPayload globally for appReturnTxFifoStatus function
- Apply more robust verification for RfCat header bytes received on UART
Yes I know, this release is dirty, will fix this in next one.
- fix: send RF data detected CMD_NIC_RECV_CAPTURE_STARTED to UART without DMA
- UART TX: fix: Wait until previous UART byte has been sent before sending new byte
- RX remaining data: stay in RX after sending remaining bytes
- send message indicating that RX capture has started
- Brute Force: fix regression causing BF codewords not repeated
- RX: fix remaining data not sent over UART
- always re-enable UART interrupts when we are NOT in TX state
- DRM: disable RX infinite mode
- TX FIFO overflow: De-assert UART CTS when TX Fifo is full to prevent filling TX FIFO faster than RF output
- Fix inconsistent TX FIFO status message by disabling all interrupts during when building message
- fix wrong fifo size check when putting byte into TX FIFO
- Inform Nordic about CC1111 just waking up from interrupt
- do not use DMA finished timer to allow entering PM
- set Sync mode to No preamble/sync, CS above threshold when receiving CMD_RF_SEND_CONFIG
- add CMD to stop all RF by entering directly in MAC state IDLE
- UART: do not send useless random byte in RfCat ACK message
- Rogue: enabled RX infinite mode by default
- Rogue: Set Rx Infinite mode and handle it in rfTxRxIntHandler
- disable preamble/sync in TX by default
- add 5 missing messages to check list (BF/DRM/RLE)
- Fix lost byte in RX when ping pong buffer are switched
- UART send: do not send payload if data ptr is null
- add CMD_NIC_RECV_CAPTURE_STARTED message
- add messages to request and receive un-transmitted data
- TX: RLE decode: handle CMD_NIC_XMIT_RLE message
- TX: RLE decode: fix RLE decoding function
- TX: handle repeat parameter
- TX: fix deadloop in TX w/o Infinite mode due to MARCSTATE set to TX while waiting for first byte to transmit
- DRM: do not allow bit duration caused by noise to stop the DRM process
- DRM/RX: add auto DRM before RX if data rate is set to 0
- Auto DRM: save requested packet length before auto DRM and restore when starting RX
- Auto RX: set default RX filter bandwidth to 150 KHz when receiving CMD_RF_SET_RX_MODE_AUTO
- DRM: handle amplifier and remove superflous startRx
- Auto RX: remove unnecessary setAgc
- TX: do not exit TX infinite mode if TX FIFO is empty
- RLE encoding: prevent buffer overflow if next byte to encode results in 8 bytes (worst case)
- fix register overlap due to MDMCTRL0H
- fix RX buffer 1 not cleared when starting RX
- minimize intermediate frequency and remove modifications outside idle mode
- clean RF registers in idle
- increase FILTER_LENGTH and MAGN_TARGET for better RSSI update rate
- do no set RF amplifiers immediatly upon CMD_RF_SET_TXRX_POWER_AMP_MODE
- handle IdleMode()/RxMode() in MAC_STATE_XX, not when processing messages
- on transition from RX to Idle, send already captured bytes not yet send
- RFIF/RFIM cleaning: enable RF interrupts based on RX/TX state
- remove RFIF_IRQ_TIMEOUT RX timeout RF Interrupt handling
- remove RFIF_IRQ_SFD Start of Frame Delimiter RF Interrupt handling
- save received RX byte only if enough space in RfCat frame (< 250 bytes)
- fix register overlap due to MDMCTRL0H
- fix RX buffer 1 not cleared when starting RX
- minimize intermediate frequency and remove modifications outside idle mode
- clean RF registers in idle
- increase FILTER_LENGTH and MAGN_TARGET for better RSSI update rate
- do no set RF amplifiers immediatly upon CMD_RF_SET_TXRX_POWER_AMP_MODE
- handle IdleMode()/RxMode() in MAC_STATE_XX, not when processing messages
- on transition from RX to Idle, send already captured bytes not yet send
- RFIF/RFIM cleaning: enable RF interrupts based on RX/TX state
- remove RFIF_IRQ_TIMEOUT RX timeout RF Interrupt handling
- remove RFIF_IRQ_SFD Start of Frame Delimiter RF Interrupt handling
- save received RX byte only if enough space in RfCat frame (< 250 bytes)
- Infinite Mode: handle Amplifier setup after strobe cmd
- RLE encoding: force sending CMD_NIC_RECV_RLE messages if size reaches max RfCat frame
- RLE encoding: remove usage of rfTxRleDecodingMode from CMD_NIC_ENCODING_MODE message
- RLE encoding: add CMD_NIC_XMIT_RLE message to transmit compressed frames
- RLE Decoding: Add flag for RLE Decoding which allow to decompress data from SPI memory
- RLE Decoding: Decompress RLE data and store in new buffer with a fix size
- RLE Decoding: Add new function to decode compressed data
- RxStart, SpecanPrep: Rf status updated after strobe cmd
- FreqFinder: update rf_status and handle amplifier before capturing RSSI
- Specan: Rf_status updated and ampli handle
- setRfAmplifiers: shutdown Amplifiers when Idle mode and when we don't know their state
- create temporary state MAC_STATE_XMIT_NIC
- handle IdleMode during gollum Idle state
- fix position of DATA_SIZE field in CMD_RF_SEND_CONFIG message
- FreqFinder: remove old scanning algorithm
- FreqFinder: decrease scanning time & improve precision
- FreqFinder: fix bad cast
- Blink the green LED to indicate RX ongoing
- Data rate detection: fix DR detection not working after FreqFinder
- factorize SpecAn and FreqFinder setup functions
- FreqFinder: add bands 315/433/434/867/868/869/915 MHz
- FreqFinder: simplify: remove parameter and constants for bitmap of the bands to be scanned
- FreqFinder: compute found frequency directly and send result in CMD_FREQFINDER_RESULT message
- FreqFinder: Check if any frequency detected before starting to narrow the channels
- FreqFinder: Scan frequency to a more narrow channel which near to the channel detected during the previous scan
- FreqFinder: Change Power Amplifier Action register to ON RX instead of OFF
- FreqFinder: Shutdown RF RX power amp after frequency is found
- Jamming: larger Jamming BW
- Jamming: blink faster when jamming
- USB: Add USB_DESC_DEBUG for descriptor type with a fixed length so that host can know the exact desc type when launch lsusb
- USB: Fix USBCS0 EP0 Control and Status register so that read only the csReg not the previous value of the USBCS0
- USB: Wait for a received data to be ready in FIFO before read it
- UART: remove all possible baud rates except 230400bps
- Return USB serial number in CMD_STATUS message
- Start the UART TX DMA session by applying a manual DMA trigger instead of sending very first byte
- Do not enable EA Enable All interrupts dynamically
- Do not enable/disable DMA Interrupt dynamically
- prevent possible missing DMA interrupts by using Write-0 design of interrupt flag bits
- Add missing prototype for setRfAmplifiers()
- Fix FW_VERSION string too short
- Remove obsolete code for COMTHINGS_GOLLUM_DONGLE_V1, COMTHINGS_GOLLUM_DONGLE_V2, REV_B
- set RF switches to bypass mode instead of shutdown at startup
- fix RF amplifiers not shutdown after jamming stopped
- Jamming: make Red LED blink more often (Duty 1/2 instead of 1/10)
- fix RF amplifiers not shutdown when set to auto mode in Idle
- shutdown TX RF amplifiers after Brute Force
- exit TX infinite mode before starting a Brute Force
- remove redondant RF registers init to save flash
- RX sensitivity: All DVGA gain settings can be used
- RX sensitivity: disable Absolute carrier sense threshold to avoid capturing saturated data (0xFF)
- fix Close-in Reception by changing Receiver Dynamic Range on CS interrupt
- remove unused code
- disable UART interrupt to protect the clearing of UART buffer from being filled in UART RX interrupt
- fix some warnings with SDCC 3.7.0
- fix build for SDCC 3.7.0 migration
- fix invert parameter value of function setModulation
- prevent possible missing interrupt by using Write-0 design of interrupt flag bits
- Brute Force: send BF state in RfCat BF status message
- UART: wait until previous DMA has finished before sending UART data
- Brute Force: Always send a BF status update for each attempt
- Brute Force: Make sure attempt_per_status_update is different from zero before BF
- Brute Force Stop: Remove all data pending to be transmitted
- fix wrong registers used for FEC and Data Whitening
- factorize stop jamming and stop BF message handling to save flash
- add FEATURE_TX_INFINITE_MODE for Rogue
- fix TX data overwritten by new data in regular PandwaRF (without TX FIFO)
- RX RLE encoding: add config msg and mode to send RX frame with RLE encoding
- RX: add RLE encoding of RX frame from RF to UART
- add on-the-fly RLE encoding function
- BF: fix wrong masking of function Value Word caused by expr without effect
- add deviation parameter to setRfParams() and CMD_RF_SEND_CONFIG message
- add setDeviation function
- do not enter RF Idle mode in MAC_STATE_IDLE
- Infinite mode: set RF amplifiers
- Infinite mode: Inform about TX FIFO status
- Infinite mode: add NIC_XMIT_INFINITE_MODE msg
- Infinite mode: add TX FIFO functions
- return RfCat error message if unsupported app/cmd
- use txdata_uart() for awake and sleep informations from CC1111
- do not awake or asleep CC1111 on USB enable or disable command from Nordic
- fix watchdog timer for CMD_RESET command
- fix RX sniff on USB after a specan
- fix specan on USB after a RX sniff
- remove useless strncmp() function to reduce the binary size
- fix watchdog timer for EP0_CMD_RESET command
- modify the sleep function to be only in PM3 mode
- remove USB code when no USB Stack is needed
- No USB mode: wait in transmit() until TX is finished
- DRM: do not send NIC_DATARATE_DETECTED msg if data rate is invalid
- use 4 bytes for start and stop values in CMD_RF_BRUTE_FORCE_START command
- save RX/TX amp status in SPI memory for the link to button
- FW preparation for Meddler: FreqFinder/Reactive Jamming
- Send acknowledge for PARSE_EXEC_BUTTON command before RF transmit
- Do not enter sleep mode if UART RX buffer is not empty
- Do not enter sleep mode if RF RX or TX ongoing
- Do not transmit garbage data if TX buffer index out of bound
- Fix CMD_PARSE_EXEC_BUTTON command for replay
- Disable UART after command from CC1111 when it will sleep
- Fix high power consumption due to ANT_PWR_EN pull-up
- Set BT_CC_WAKE_UP_CC1111 input in tristate mode to keep low level at startup
- Do not transmit garbage data if TX buffer is not populated
- SpecAn: run calibration on center frequency at startup
- Change SpecAn LED blinking interval to 2/6 instead of 2/10
- Specan: fix wrong RSSI value read due to CHANNR changed while in RX mode
- set TEST0 register to SmartRF value when setting frequency
- Brute Force: add support for long symbols
- memory cleaning: remove unused functions: 2KB flash spared
- RF power: set amplifiers and antenna power with the same messsage
- Brute Force: remove freq/drate/mod from BF messages
- Fix power settings based on modulation format
- Jamming: add stop frequency to jam a frequency range
- Brute Force: send a BF status update at each attempt if connected in USB
- Data Rate Measurement: send meas report only if data detected
- Data Rate Measurement: pass in DRM start message the number of occurence needed for a duration to be elected as the winner
- add message to get the amplifier mode (RF amp external to CC1111)
- remove duplicate USB init when deprecated CMD_USB_ENABLE msg is received
- fix missing USB init if USB unplugged when booting
- brute force: always activate TX power amplifier
- RF jamming: always activate TX power amplifier
- set AGC before entering RX mode
- add settings to automatically enable TX/RX power amplifiers
- Sleep mode: disable TX/RX amplifiers and force RF switches into shutdown mode on sleep
- USB fixes
- Brute Force: change start/stop/status variable from 16 to 32 bits
- Rogue specific code
- Marauder specific code
- update freq/mode/datarate common data structure
- update TESTx registers to improve low data rate sensitivity
- fix wrong freq and mode endianness format of RF_SEND_CONFIG and PARSE_EXEC_BUTTON msg
- Rogue specific code
- Marauder specific code
- Minor changes
- update I2S bootloader presence flag to match CCTL
- fix wrong return value in CMD_RFMODE ack frame
- add helper function for RX config (SYNC/PKT/DW/FEC/CRC)
- Rogue specific code
- Brute Force: replace Sync/Tail words local copy by direct copy to byte table
- Brute Force: fix wrong TX data sent when delay between frame > 0
- minor bit macro replacement for RX/TX/Idle mode entering
- Brute Force: re-arrange Brute Force structure field order
- fix minor warnings and add comments
- Brute Force: add security checks on code length size
- Brute Force: add Brute Force structure init
- Brute force: code simplification & refactor
- Brute Force: avoid sending twice BRUTE_FORCE_STATUS_UPDATE message + remove un-needed status global variable
- Brute Force: copy full sync and tail words instead of storing pointers
- Brute Force: reduce flash memory usage by replacing memcpy
- remove unused code to reduce flash usage
- fix wrong computation of number of BF updates per seconds
- Brute Force: apply Function mask and value to the data to be sent
- handle Brute Force Function Setup message
- Brute force: add support for Little-Endian/Big-Endian transmission
- Brute force: add frame repetition support for SC and SCT patterns
- minor refactor of modulation constants
- fixes for Brute Force tail word support
- use optimized RAM version for macro to generate 16/32 bits value from little endian
- use common data structure for freq/mod/datarate
- add Brute Force setup and start Variable/Fixed support
- fix synchro word sent only for first code word
- Brute force: add ternary and quaternary encoding
- fix wrong bit rate computed - Do not divide by 2
- Initial release
Questions or need help? Get in touch or open an Issue!
Project Information
- PandwaRF Home
- General Overview
- Technical Overview
- Possible Applications
- Development Status
- Requirements
PandwaRF Features
PandwaRF Android Application (Normal Mode)
- Quick Start
- Navigation
- Navigation on Tablet
- Android Permissions
- Activity states
- Kaiju account connection
- Kaiju delete account
- Scan
- Bus Service
- Rx/Tx
- Kaiju Analysis
- Rolling code analysis & generation
- Rx Data Rate Measurement
- Spectrum Analyzer
- RF Power Amplifiers
- RF Brute Force
- RF Brute Force Tutorial
- RF Brute Force Session Import Tutorial
- RF Brute Force De Bruijn
- Protocols
- Jamming
- JavaScript
- FW Update
- Dev Mode
- USB Connection
- Pairing/Bonding
- Keeloq Secure Decrypt
- Get PandwaRF Gov App
PandwaRF Android Application (Dev Mode)
- BLE Perf measurement
- CC1111 RF registers direct access
- BLE Errors
- Bus Service Extended
- BLE Parameters
Marauder Android Application
iOS Application
Linux
Hardware
- Architecture
- Power Management
- Buttons
- LEDs Indication States
- Schematics
- Programming
- Battery
- Antennas
- PandwaRF Bare Settings
- FW releases Nordic
- FW releases CC1111
For developers
- Scripting with JavaScript
- JavaScript Functions Mapping
- Scripting with Python
- BLE Services & Characteristics
- CC1111 RfCat Commands
- PandwaRF Android SDK
- PandwaRF Android API
- RX Data Post Rest API
- Software and available applications
Support
- User Guides
- FAQ
- Tested Devices
- Known Issues
- BLE connection issues
- How to clear secure pairing
- How to report an issue
- PandwaRF test procedure
- Recovery mode
- PandwaRF Device Bounty
- Product return information
- Discord Server
- Forum (legacy)
- Chat (legacy)
- Privacy Policy
- Terms & Conditions
Gimme moar!