diff options
Diffstat (limited to 'src/target')
| -rw-r--r-- | src/target/firmware/calypso/dsp.c | 14 | ||||
| -rw-r--r-- | src/target/firmware/calypso/dsp_sniffcode.c | 61 | ||||
| -rw-r--r-- | src/target/firmware/include/calypso/dsp.h | 1 | ||||
| -rw-r--r-- | src/target/firmware/layer1/prim_sniff.c | 4 |
4 files changed, 53 insertions, 27 deletions
diff --git a/src/target/firmware/calypso/dsp.c b/src/target/firmware/calypso/dsp.c index 0ca272ec..ff1a05b5 100644 --- a/src/target/firmware/calypso/dsp.c +++ b/src/target/firmware/calypso/dsp.c @@ -230,6 +230,14 @@ static void dsp_set_params(int16_t *param_tab, int param_size) dsp_api.param->d_gprs_install_address = DSP_SNIFF_PATCH_START; + /* Set MCSI burst start magic, stored in unused holes. + * The sniffing task will send those over MCSI at the begin + * of each burst, in this case ASCII "IQDATAv1" */ + dsp_api.param->d_hole2_param[0] = 0x4951; + dsp_api.param->d_hole2_param[1] = 0x4441; + dsp_api.param->d_hole2_param[2] = 0x5441; + dsp_api.param->d_hole2_param[3] = 0x7631; + dsp_dump_version(); dputs("Finishing download phase\n"); @@ -568,6 +576,12 @@ void dsp_load_tch_param(struct gsm_time *next_time, dsp_api.db_w->d_ctrl_tch = d_ctrl_tch; /* Channel config. */ } +void dsp_load_sniff_fn(struct gsm_time *next_time) +{ + dsp_api.db_w->a_a5fn[0] = (next_time->fn >> 16); + dsp_api.db_w->a_a5fn[1] = (next_time->fn & 0xffff); +} + void dsp_load_ciph_param(int mode, uint8_t *key) { dsp_api.ndb->d_a5mode = mode; diff --git a/src/target/firmware/calypso/dsp_sniffcode.c b/src/target/firmware/calypso/dsp_sniffcode.c index 3a4c2381..1be4bf55 100644 --- a/src/target/firmware/calypso/dsp_sniffcode.c +++ b/src/target/firmware/calypso/dsp_sniffcode.c @@ -5,7 +5,7 @@ static const struct dsp_section dsp_sniffcode[] = { { .addr = 0x015c, - .size = 0x00a1, + .size = 0x00be, .data = _SA_DECL { 0x76f8, 0x3f6b, 0x0160, 0xfc00, 0x76f8, 0x439e, 0x0164, 0xfc00, @@ -17,37 +17,44 @@ static const struct dsp_section dsp_sniffcode[] = { 0x7211, 0x2114, 0xf495, 0xf495, 0x1281, 0xf845, 0x018a, 0xf010, 0x0001, 0x8081, 0xf074, 0xb74c, - 0xf020, 0x01c3, 0xf074, 0xaa9f, + 0xf020, 0x01c1, 0xf074, 0xaa9f, 0xf073, 0x0178, 0xfc00, 0x7681, 0x0010, 0x7581, 0x0806, 0xfc00, 0x7711, 0x2116, 0x7681, 0x0002, 0x7581, 0x0805, 0x7681, 0x004f, 0x7581, 0x0801, 0x7681, 0x0001, - 0x7581, 0x0800, 0xf074, 0x018b, - 0xfc00, 0x7711, 0x2116, 0xf074, - 0x018b, 0x7594, 0x0820, 0x7481, - 0x0806, 0x6181, 0x0010, 0xf820, - 0x01a7, 0xfc00, 0x1282, 0xf074, - 0x01a1, 0xf010, 0x0001, 0xf844, - 0x01af, 0xfc00, 0x7711, 0x2116, - 0x7481, 0x0806, 0x6181, 0x0020, - 0xf820, 0x01b8, 0x7681, 0x0002, - 0x7581, 0x0800, 0xfc00, 0x7714, - 0x0cce, 0xf074, 0x0190, 0x7712, - 0x2117, 0x7782, 0x017c, 0xf074, - 0x01ae, 0xf074, 0x01b6, 0xe834, - 0xf074, 0xa9ea, 0x7213, 0x2115, - 0xf495, 0xf495, 0x7093, 0x3fa4, - 0x7093, 0x3fa5, 0x7093, 0x3fa7, - 0x7093, 0x3fa6, 0x7093, 0x0cce, - 0x7712, 0x0ccf, 0x7711, 0x001c, - 0x47f8, 0x0011, 0xe589, 0x7214, - 0x2115, 0x7313, 0x2115, 0xf074, - 0x0190, 0x7712, 0x2117, 0x7782, - 0x0022, 0xf074, 0x01ae, 0xf074, - 0x01b6, 0x7211, 0x2114, 0xf495, - 0xf495, 0x6be1, 0x0001, 0x0001, - 0xfc00, + 0x7581, 0x0800, 0xfc00, 0x7711, + 0x2116, 0xf074, 0x018b, 0x1d84, + 0x7594, 0x0820, 0x7481, 0x0806, + 0x6181, 0x0010, 0xf820, 0x01a6, + 0xfc00, 0xf074, 0x019f, 0xf010, + 0x0001, 0xf844, 0x01ad, 0xfc00, + 0x7711, 0x2116, 0x7481, 0x0806, + 0x6181, 0x0020, 0xf820, 0x01b6, + 0x7681, 0x0002, 0x7581, 0x0800, + 0xfc00, 0xf074, 0x0190, 0xe900, + 0x7714, 0x0c39, 0xe804, 0xf074, + 0x01ad, 0x7714, 0x0cce, 0xf020, + 0x012e, 0xf074, 0x01ad, 0x7714, + 0x2117, 0x8184, 0xf074, 0x019f, + 0xf074, 0x01b4, 0xe834, 0xf074, + 0xa9ea, 0x7213, 0x2115, 0xf495, + 0xf495, 0x7093, 0x3fa4, 0x7093, + 0x3fa5, 0x7093, 0x3fa7, 0x7093, + 0x3fa6, 0x7093, 0x0cce, 0x7712, + 0x0ccf, 0x7711, 0x001c, 0x47f8, + 0x0011, 0xe589, 0x7214, 0x2115, + 0x7313, 0x2115, 0xf074, 0x0190, + 0xe900, 0xe822, 0xf074, 0x01ad, + 0x7714, 0x2117, 0x7714, 0x080c, + 0x61f8, 0x3fb0, 0x0001, 0xf820, + 0x0203, 0x7714, 0x0820, 0xf074, + 0x019f, 0xf074, 0x019f, 0x6b14, + 0x0002, 0xf074, 0x019f, 0x7714, + 0x2117, 0x8184, 0xf074, 0x019f, + 0xf074, 0x01b4, 0x7211, 0x2114, + 0xf495, 0xf495, 0x6be1, 0x0001, + 0x0001, 0xfc00, }, }, { /* Guard */ diff --git a/src/target/firmware/include/calypso/dsp.h b/src/target/firmware/include/calypso/dsp.h index e4801cbf..3cba2545 100644 --- a/src/target/firmware/include/calypso/dsp.h +++ b/src/target/firmware/include/calypso/dsp.h @@ -32,6 +32,7 @@ void dsp_load_apc_dac(uint16_t apc); void dsp_load_tch_param(struct gsm_time *next_time, uint8_t chan_mode, uint8_t chan_type, uint8_t chan_sub, uint8_t tch_loop, uint8_t sync_tch, uint8_t tn); +void dsp_load_sniff_fn(struct gsm_time *next_time); void dsp_load_ciph_param(int mode, uint8_t *key); void dsp_end_scenario(void); diff --git a/src/target/firmware/layer1/prim_sniff.c b/src/target/firmware/layer1/prim_sniff.c index 37dcd32a..3da2f0ed 100644 --- a/src/target/firmware/layer1/prim_sniff.c +++ b/src/target/firmware/layer1/prim_sniff.c @@ -236,6 +236,10 @@ l1s_sniff_cmd(uint8_t ul, __unused uint8_t burst_id, __unused uint16_t p3) rfch_get_params(&l1s.next_time, &arfcn, &tsc, &tn); + /* Load the frame number (which is dumped via MCSI and used for + * MCSI/serial synchronization */ + dsp_load_sniff_fn(&l1s.next_time); + dsp_load_rx_task(SNIFF_DSP_TASK, 0, tsc); /* enable dummy bursts detection */ |