Skip to content
/ ZBOSS_extended Public

ZBOSS packet sniffer extended with injection features for CC2531

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MartinoTommasini/ZBOSS_extended

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
hw
hw
 
 
README.md
README.md
 
 
zboss_firmware.hex
zboss_firmware.hex
 
 

Repository files navigation

ZBOSS_extended

ZBOSS_extended extends the ZBOSS packet sniffer, adding injection features for the CC2531 hardware by Texas Instruments and providing compatibility with KillerBee framework.

Description

ZBOSS packet sniffer is a solution developed by ZBOSS, https://zboss.dsr-wireless.com/, that allows the usage of the CC2531 as a packet sniffer. However it doesn't provide any functionalities regarding the trasmission of packets.
ZBOSS_extended extends the ZBOSS packet sniffer firmware implementing injection capabilities in the firmware and modifying it in order to provide support to KillerBee framework.

How to use it

The file zboss_firmware.hex is the hex of the firmware. It can be flashed to the CC2531 using the CC debugger by Texas Instruments or using a Raspberry Pi. Further instruction on the flashing process and alternative methods can be found in the Zigbee2Mqtt website, https://www.zigbee2mqtt.io/.

The source code of the firmware is available in the hw folder.
Once the project is loaded in IAR, it has to be configured to run on CC2531. Go to Project->Edit Configurations->CC2531.

Datasheet CC2531: https://www.ti.com/lit/ug/swru191f/swru191f.pdf?ts=1596190022846&ref_url=https%253A%252F%252Fwww.ti.com%252Fproduct%252FCC2531

In order to add the new features mentioned above, changes has been apported to the following original ZBOSS files:

  • hw/usb/class_cdc/usb_uart.c
  • hw/zb_sniffer_radio.h
  • hw/zb_sniffer.c
  • hw/zb_sniffer_radio.c
  • hw/zb_sniffer_transport.c

Note

The killerbee driver for this firmware is not merged in the official killerbee repository yet. Therefore, this firmware does not work out-of-the-box with https://github.com/riverloopsec/killerbee .
The driver and the minor additions needed to allow compatibility between Killerbee and ZBOSS_extended are already implemented in https://github.com/MartinoTommasini/killerbee.
Driver file:

  • killerbee/dev_cc2531_zboss.py.

Small additions to:

  • killerbee/init.py
  • killerbee/kbutils.py

TODO:

  • Add support for 64 byte packets arriving from the host to the CC2531 endpoints.
  • Remove reduntant passage of Len field to the host.

About

ZBOSS packet sniffer extended with injection features for CC2531

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages