Piseth

From UNamur InfoSec
Jump to navigation Jump to search

Objectives of the internship

Implement WSN(Wireless Sensor Network) with different use cases and security mechanism/protocol. Analyze and Evaluate.

Passwords.png

alt Test Alt

Hardware

SmartRF06 EB (Evaluation Board)

SmartRF06 EB is used to debug, flash, or it could act as power supply for other micro controllers like CC2538 EM or CC2650 sensortag.
SmartRF06 EB can be powered by several sources:

  • Two 1.5v AAA batteries
  1. Switch to BAT on SOURCE switch [todo: image]
  2. Put batteries [todo: image]
  • USB (1.5v via PC usb port or external usb source) [todo: image]
  1. Switch to USB on SOURCE switch [todo: image]
  2. Connect usb power source
  • A 3-volt cell battery (CR2032) [not yet tested]
  1. Switch to BAT on SOURCE switch
  2. Insert the 3v battery [todo: image]
  • External regulated source (3.6v) [not yet tested]
pin used for external source (3.6v) [todo: image of the pin switch]


Reset Button:
When connect to a microcontroller, SmartRF06EB, to some extents, is able to:

  • Reset(restart) the microcontroller firmware by clicking reset button [todo: image]
  • Boot to bootloader(in case of CC2538) by holding select button while clicking reset button [todo: image]

Note: Have to have bootloader bit enable (link to cc2538 for more detail)

  • Connect to other controller
  1. CC2538 [todo: Link to cc2538]
  2. Sensortag [todo: link to sensortag]

Note: SmartRF06 has a jumper that allow debugging and flashing on some microcontroller possible. (XDS100v3). [todo: add image , write more detail]

CC2538 EM

CC2538 Evaluation Module (EM) board is used to measure/evaluate RF performance. It operates on 2.4GHz frequency. In addition, CC2538 EM has pre-installed firmware that could be used to test send/receive packet. The hardware is not limited to the factory software, it's possible to flash other firmware to fit other purposes.

CC2538 could be powered by:
  • SmartRF06 EB
  1. Connect to correct PIN on CC2538 [todo: image]
  2. Connect CC2538 EM to SmartRF06 [todo: image]
  3. Power the SmartRF06
  • USB port 3.3v [not tested]
  1. Connect to correct PIN on CC2538 [todo: image]
  2. Connect to external source via usb

Compile Firmware

  • First of all, Toolchain[dict] is required in order to compile firmware for specific platform. Instruction and the toolchain could be get from here.
  • After Toolchain has been installed and properly configured, in source code folder, make sure there is Makefile that at least point to Makefile.include resided in contiki root folder.

Example: source code reside in $CONTIKI_HOME/examples/hello-world/ , content of Makefile should look similar to this:

CONTIKI_PROJECT = hello-world
all: $(CONTIKI_PROJECT)
CONTIKI = ../..
include $(CONTIKI)/Makefile.include

Contiki is compiled with make command and it usually follows this format:

make TARGET=platform File-to-compile


Platforms to which source code could be compiled to, are stored as folders in $CONTIKI_HOME/platforms (Refer to contiki folder structure section for more detail)
File-to-compile could be omitted if Makefile is pointing to the file(s). Example: all: hello-world

  • To compile firmware for CC2538, go to folder source code, type:
make TARGET=cc2538dk

Example: From $CONTIKI_HOME/examples/cc2538dk/ , type make TARGET=cc2538dk

Note: TARGET=cc2538dk could also be excluded if Makefile.target file is pointing to cc2538dk platform. The file could be generated using command make TARGET=cc2538dk savetarget.

Flash Firmware

By CCS Uniflash (Linux, Window)
  1. Download and install uniflash from TI Here
  2. Launch the app, select New Target Configuration, then select these configuration:
    1. Connection: Texas Instruments XD100v3 USB Debug Probe
    2. Board or Device: CM2538SF53
  3. Select Program, then choose one of these two options:
    • Load Program -> Click Browse -> Choose .hex file -> OK
    • Load Binary -> Click Browser -> Choose .bin file -> Start Address: 0x00200000 -> OK

Note: (Refer to compile firmware section to get .bin or .hex file)

By CC2538-bsl (Linux, Mac OS)
  1. Download cc2538-bsl:
    • If contiki is cloned from github: In contiki folder, run git submodule update --init
    • Or download cc2538-bsl from github, then put it in $CONTIKI_HOME/tools/
  2. Make device to go to bootloader mode, by press and hold on select button while press on Reset button. [todo: might need more clarification]
  3. In contiki compile source code folder, type:
make TARGET=cc2538dk [compiled-file].upload

[compiled-file] is the file that will be flash to the device

By SmartRf Flash Programmer (Window)

[Pending....]

Restore Factory Firmware

  1. Download firmware from here
  2. Flash firmware using CCS uniflash or SmartRF Flash Programmer (Refer to above section for detail)

CC2650 Sensortag

CC2650 Sensortag is compact with dozen sensors (IR Temperature, Humidity, Movement,..). Moreover, it has pre-installed firmware in which it could pair with smartphone via Bluetooth to read sensor information. It's also possible to flash custom firmware to the sensortag to fit other requirement.

  • Power Supply (Through Sensortag DevPack (note: some usb cable doesn't work), Battery, CC2538)

CC2650 sensortag could be powered by:

  1. Insert battery to Sensortag (Optional for REV.: 1.3.0) [more detail for sensortag version 1.2]


  1. Connect unpowered DevPack to Sensortag as per image (Note: There is only one way to connect it) [todo: image]
  2. Power DevPack by external source (usb 5v)
  • Default function of buttons (Disconnect, Reset to factory)

Compile Firmware

  • Make command (Could point to contiki project structure section)

ex: make TARGET=srf06-cc26xx BOARD=sensortag/cc2650 cc26xx-web-demo.bin

Flash Firmware

  • Flash via OAD
  • Flash Default Factory Firmware
  • Uniflash (Linux)**
  • SmartRF Flash Programmer**
//**Note: Could be moved to Tools sections

CC2531 Dongle

  • What it can be used. (Sniffer, Mote, Slip-radio)

Compile Firmware

Flash Firmware

Software and Platform

Contiki OS

Features

Processes

File Structure and Compilation

Software (Tools)

Uniflash

  • Note: install for all user vs for root only

cc2538-bsl

Sensniff

  • cc2538 (project conf) : #define CC2538_RF_CONF_SNIFFER 1
                         #define CC2538_RF_CONF_CHANNEL 26

SmartRF Protocol Packet Sniffer

nvm tool

Components for Designed network

Motes

  • What is motes
  • What is it consist of and its functions
  • What hardware can be used.

Network (WSN)

6lowpan

  • Idea/why 6lowpan
  • Basic function

Border Router

Function

Installation

Configurations

Security

  • Protocol implementation
  • Right/Trusted Motes?
  • Probe message attack (make mote wake up all the time)
  • Relay Message?
  • Exchange data
  • What use cases/scenario

Issues faced

Sometimes, when the output filetype is not specified (Ex: make TARGET=srf06-cc26xx BOARD=sensortag/cc2650), the compilation returns error with:

Error compilation miss srec cat.png
  • Solution:

The problem could be solved by specify the output file. For example make TARGET=srf06-cc26xx BOARD=sensortag/cc2650 udp-client.bin


[make space]

Pending to be Documented

Glossary

  • RDC:
  • ContikiMac:
  • NullRDC:
  • slip-radio:
  • PANID: