/PHANTOM-3-STANDARD

Used hackrf one to sniffer nrf24l0 and so on wireless packet.Application in PHANTOM 3 STANDARD RC signal sniffer.

Primary LanguageC

PHANTOM-3-STANDARD

Used hackrf one to sniffer PHANTOM 3 STANDARD RC signal

  • capture抓包模块
    基于hackrf_transfer.c源码,只保留了必需的参数。只能指定一个载波频率抓包(默认设置针对大疆3标准版抓包)

    Usage:
    [-h help] # Display this text.
    [-f freq_hz] # Frequency in Hz [0MHz to 7250MHz].
    [-a amp_enable] # RX/TX RF amplifier 1=Enable, 0=Disable.
    [-l gain_db] # RX LNA (IF) gain, 0-40dB, 8dB steps.
    [-g gain_db] # RX VGA (baseband) gain, 0-62dB, 2dB steps.
    [-s sample_rate_hz] # Sample rate in Hz (4/8/10/12.5/16/20MHz, default 1MHz).
    [-n num_samples] # Number of samples to transfer (default is unlimited).
    [-r ] # Receive data into file (use '-' for stdout).
    Default set : -f 5738000000 -a 1 -l 32 -g 20 -s 1000000 -n 1000000 -r data/1M_5738_recive_1s.iq

    参数解释:
    载波频率5738MHz,启用外部放大器,IF增益32db,BB增益20db,采样率1MHz,采样点1M,保存文件名data/1M_5738_recive_1s.iq

    $ ./capture -f 5738000000 -a 1 -l 32 -g 20 -s 1000000 -n 1000000 -r data/1M_5738_recive_1s.iq

    或者直接运行

    $ ./capture

    执行结果如图所示:
    capture

  • decode解码模块
    对离线数据包进行解调和解析。参数包括preamble长度和值,MAC地址长度,是否是ESB模式,PCF长度,CRC长度,时隙个数,时隙时长,需要解码对数据文件,数据文件的采样率。(默认设置针对大疆3标准版解码)。

    Usage:
    [-h] # Display this text.
    [-i] # preamble length [1 to 8].Default 1.
    [-j] # preamble [1 to 8 bytes].Default '0xAA'.
    [-m] # mac address [1 to 5].Default 5.
    [-e] # if use esb [1 yes, 0 no].Default 1.
    [-p] # pcf len. Default 2.
    [-c] # crc len. Default 2.
    [-t] # slot number. Default 16.
    [-y] # period per signal.Deafult 7(ms).
    [-r] # signal file. Default 'data/1M_5738_recive_1s.iq'.
    [-s] # sample rate. Deafult 1MHz.
    Default set : -i 1 -j 0xAA -m 5 -e 1 -p 2 -c 2 -t 16 -y 7 -s 1000000 -r data/1M_5738_recive_1s.iq

    参数解释:
    preamble长度1字节,preamble是0xAA,MAC地址长度5字节,使用esb模式,pcf长度2字节,crc长度2字节,包含16个时隙(计算周期),每个时隙长度7ms,信号文件'data/1M_5738_recive_1s.iq',采样率1MHz

    $ ./decode -i 1 -j 0xAA -m 5 -e 1 -p 2 -c 2 -t 16 -y 7 -s 1000000 -r data/1M_5738_recive_1s.iq

    或者直接运行

    $ ./decode

    执行结果如图所示:
    decode

  • scan_phantom扫描模块
    实时扫描指定载波频率开始的n个信道,每个信道带宽1M.扫描完成之后计算出'时隙'大小,'突发'大小.

    Usage:
    [-h] # Display this text.
    [-i] # Preamble length [1 to 8].Default 1.
    [-j] # Preamble [1 to 8 bytes].Default '0xAA'.
    [-m] # Mac address [1 to 5].Default 5.
    [-e] # If use esb [1 yes, 0 no].Default 1.
    [-p] # Pcf len. Default 2.
    [-c] # Crc len. Default 2.
    [-q] # Channles count, should less 200. Default 127.
    [-S] # Size per channel. Default 1.
    [-f] # Start frequency in Hz [1MHz to 6000MHz].
    [-a] # RX/TX RF amplifier 1=Enable, 0=Disable.
    [-l] # RX LNA (IF) gain, 0-40dB, 8dB steps.
    [-g] # RX VGA (baseband) gain, 0-62dB, 2dB steps.
    [-s] # Sample rate in Hz (4/8/10/12.5/16/20MHz, default 1MHz).
    Default set : -i 1 -j 0xAA -m 5 -e 1 -p 2 -c 2 -q 127 -S 1 -f 5725000000 -a 1 -l 32 -g 20 -s 1000000

    参数解释: preamble长度1字节,preamble是0xAA,MAC地址长度5字节,使用esb模式,pcf长度2字节,crc长度2字节,扫描信道数目127,每个信道采大小1MHz,起始载波频率5725MHz,启用外部放大器,中频增益32db,基带增益20db,采样率1MHz

    $ ./scan_phantom -i 1 -j 0xAA -m 5 -e 1 -p 2 -c 2 -q 127 -S 1 -f 5725000000 -a 1 -l 32 -g 20 -s 1000000

    或者直接运行

    $ ./scan_phantom

    执行结果如图所示:
    scan_phantom

  • calc_hopping计算跳频图案模块

    • 开发中

update:

  • Suport set args.(2017.03.14)
  • It default use 1MHz sample rate.(2017.02.22)
  • It default use 4MHz sample rate.(before)