• State Not Answered
  • Replies 2 replies
  • Subscribers 73 subscribers
  • Views 1100 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 102806
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Sniffer doesn't work with v2.2.0 HW revision

ynezz

I can't make sniffer working with my HW, everything seems to be working correctly and as described in the help file, but I've never seen any sniffed packet yet. So I've decided to look at the error further and modified the example.py[1] in SnifferAPI (and some library/API files also) to get more insight what is going on the UART. It seems to me, that the firmware on the device gets stuck in some never ending loop and transmits back only PING_RESP packets, but the host isn't sending any PING_REQ packets so it's quite strange. Or is it intended to work that way?

Here's the log.txt[2] and output from my modified example.py[3].

It's behaving same with the ble-sniffer_win_0.9.7_BETA_849_Sniffer.exe, if I replace modified SnifferCollector.pyc, Packet.pyc and Sniffer.pyc files in library.zip I can see, that it's getting same never ending stream of PING_RESP only packets also. So that's probably why I can't see any sniffed device in the list?

I've tried to flash firmware version 849 and 812, but the result is same. Result is same on both the PCA1000 and PCA10001 devices.

  1. ynezz.true.cz/.../0001-Debug-patch.patch
  2. ynezz.true.cz/.../log.txt
  3. ynezz.true.cz/.../output_example_py.txt

Thanks!

Parents
  • 0

    Ok, I've moved forward little bit. It seems like the sniffer is able to pickup only packets from another nRF51822 device. I've simply flashed PCA1000 with sniffer firmware and PCA10001 with ADV_NONCONN_IND sample and I can see those requests in the sniffer. I'm not able to see any other packets from other devices then from PCA10001 - I've here few BLE devices, like keyboards, phones and tablets, but I'm not able to receive/capture any other packets then from PCA10001/PCA10000 devices. It's quite strange.

    I've dumped radio registers from Sniffer firmware, created custom application which uses the same radio configuration and just dumps every packet to serial, but I'm still not able to see any other packet, then from PCA10001 - same behaviour as with the Sniffer. I'm getting quite desperate here and I'm wondering if I've somehow faulty hardware. I was suspecting some issue with RX/TX part on my PCAxxx units, but as I'm able to discover them via phone/tablet I think, that it should be ok.

    Here's the radio configuration taken from the Sniffer firmware (channel, whitening IV are set correctly in different part, but it's correct probably as CRC on packets from PCA1000 are OK):

    NRF_RADIO->BASE0 = 0x89BED600;
NRF_RADIO->PREFIX0 = 0x0000008E;
NRF_RADIO->RXADDRESSES = 1UL;
NRF_RADIO->MODE = RADIO_MODE_MODE_Ble_1Mbit << RADIO_MODE_MODE_Pos;
  
NRF_RADIO->PCNF0 = (2UL << RADIO_PCNF0_S1LEN_Pos)
                        | (6UL << RADIO_PCNF0_LFLEN_Pos)
                        | (1UL << RADIO_PCNF0_S0LEN_Pos);

NRF_RADIO->PCNF1 = (RADIO_PCNF1_WHITEEN_Enabled << RADIO_PCNF1_WHITEEN_Pos)
                        | (RADIO_PCNF1_ENDIAN_Little << RADIO_PCNF1_ENDIAN_Pos)
                        | (3UL << RADIO_PCNF1_BALEN_Pos)
                        | (0UL << RADIO_PCNF1_STATLEN_Pos)
                        | (MAX_PDU_SIZE << RADIO_PCNF1_MAXLEN_Pos);
  
NRF_RADIO->CRCCNF = (RADIO_CRCCNF_SKIPADDR_Skip << RADIO_CRCCNF_SKIPADDR_Pos)
                        | (RADIO_CRCCNF_LEN_Three << RADIO_CRCCNF_LEN_Pos);

NRF_RADIO->CRCPOLY = 0x65BUL;
NRF_RADIO->CRCINIT = 0x555555UL;

    What I've tried so far:

    ble-sniffer_nrf51822_0.9.5_Sniffer.hex, ble-sniffer_nRF51822_0.9.6_BETA_812_Sniffer.hex and ble-sniffer_nRF51822_0.9.7_BETA_849_Sniffer.hex flashed in Windows from nRFGO, from Sniffer application and manually via J-Link - same result, only packets from PCAxxx device are captured.

    Any hints what might be wrong? I just don't get it, why I'm able to capture BLE packets from only PCAxxx devices...

    Thanks!

Reply
  • 0

    Ok, I've moved forward little bit. It seems like the sniffer is able to pickup only packets from another nRF51822 device. I've simply flashed PCA1000 with sniffer firmware and PCA10001 with ADV_NONCONN_IND sample and I can see those requests in the sniffer. I'm not able to see any other packets from other devices then from PCA10001 - I've here few BLE devices, like keyboards, phones and tablets, but I'm not able to receive/capture any other packets then from PCA10001/PCA10000 devices. It's quite strange.

    I've dumped radio registers from Sniffer firmware, created custom application which uses the same radio configuration and just dumps every packet to serial, but I'm still not able to see any other packet, then from PCA10001 - same behaviour as with the Sniffer. I'm getting quite desperate here and I'm wondering if I've somehow faulty hardware. I was suspecting some issue with RX/TX part on my PCAxxx units, but as I'm able to discover them via phone/tablet I think, that it should be ok.

    Here's the radio configuration taken from the Sniffer firmware (channel, whitening IV are set correctly in different part, but it's correct probably as CRC on packets from PCA1000 are OK):

    NRF_RADIO->BASE0 = 0x89BED600;
NRF_RADIO->PREFIX0 = 0x0000008E;
NRF_RADIO->RXADDRESSES = 1UL;
NRF_RADIO->MODE = RADIO_MODE_MODE_Ble_1Mbit << RADIO_MODE_MODE_Pos;
  
NRF_RADIO->PCNF0 = (2UL << RADIO_PCNF0_S1LEN_Pos)
                        | (6UL << RADIO_PCNF0_LFLEN_Pos)
                        | (1UL << RADIO_PCNF0_S0LEN_Pos);

NRF_RADIO->PCNF1 = (RADIO_PCNF1_WHITEEN_Enabled << RADIO_PCNF1_WHITEEN_Pos)
                        | (RADIO_PCNF1_ENDIAN_Little << RADIO_PCNF1_ENDIAN_Pos)
                        | (3UL << RADIO_PCNF1_BALEN_Pos)
                        | (0UL << RADIO_PCNF1_STATLEN_Pos)
                        | (MAX_PDU_SIZE << RADIO_PCNF1_MAXLEN_Pos);
  
NRF_RADIO->CRCCNF = (RADIO_CRCCNF_SKIPADDR_Skip << RADIO_CRCCNF_SKIPADDR_Pos)
                        | (RADIO_CRCCNF_LEN_Three << RADIO_CRCCNF_LEN_Pos);

NRF_RADIO->CRCPOLY = 0x65BUL;
NRF_RADIO->CRCINIT = 0x555555UL;

    What I've tried so far:

    ble-sniffer_nrf51822_0.9.5_Sniffer.hex, ble-sniffer_nRF51822_0.9.6_BETA_812_Sniffer.hex and ble-sniffer_nRF51822_0.9.7_BETA_849_Sniffer.hex flashed in Windows from nRFGO, from Sniffer application and manually via J-Link - same result, only packets from PCAxxx device are captured.

    Any hints what might be wrong? I just don't get it, why I'm able to capture BLE packets from only PCAxxx devices...

    Thanks!

Children
Related
Terms of service