Jump to content

Yardstick One - USB timeouts


Guest Josef K

Recommended Posts

Guest Josef K

For the last two days I'm banging my head over the following problem. Any help or suggestions appreciated!

I have a simple program where I transmit a RF signal with rfcat on the Yardstick One. This goes pretty well, but about half of the times I get a USB timeout. Then I have to re-insert the dongle to fix it.

Any idea where the problem might be? I can reproduce this on different hardware and different distro's (i5 withUbuntu and Raspberry Pi with Raspbian)

#!/usr/bin/env python

import sys
from rflib import *

freq = 433920000
dataRate = 2000
preamble='\x8a\x28\xa2'*18
code='\xaa'*18

data = preamble+code
packetLength = len(data)

try:
d = RfCat()
d.setPower(80)
d.setFreq(freq)
d.setMdmModulation(MOD_2FSK)
d.makePktFLEN(packetLength)
d.setMdmDRate(dataRate)
d.setMdmSyncMode(0)
d.setMdmDeviatn(40000)
d.setMdmDRate(2000)

d.RFxmit(data)

except Exception, e:
sys.exit("Error %s" % str(e))

root@toolbox02:~/rfcat# ./tx_sig.py
root@toolbox02:~/rfcat# ./tx_sig.py
root@toolbox02:~/rfcat# ./tx_sig.py
Error in resetup():USBError('error sending control message: Connection timed out',)
Error in resetup():USBError('error sending control message: Connection timed out',)
Error in resetup():USBError('error sending control message: Connection timed out',)
Error in resetup():USBError('error sending control message: Connection timed out',)
^CTraceback (most recent call last):
File "./tx_sig.py", line 18, in <module>
d = RfCat()
File "/usr/local/lib/python2.7/dist-packages/rflib/chipcon_nic.py", line 298, in __init__
USBDongle.__init__(self, idx, debug, copyDongle, RfMode)
File "/usr/local/lib/python2.7/dist-packages/rflib/chipcon_usb.py", line 176, in __init__
self.resetup(copyDongle=copyDongle)
File "/usr/local/lib/python2.7/dist-packages/rflib/chipcon_usb.py", line 302, in resetup
time.sleep(1)

Link to comment
Share on other sites

Guest Josef K

Hi Cooper,

Sending 1000 packets in a loop runs fine. You pointed me in the right direction.

I added a cleanup() at the end of the script, but that does not have any affect on this problem, so I guess the problem is in the setup or termination.

After removing most of the statements, I am able to reproduce the usb timeout with running below program a few times:

----

#!/usr/bin/env python
from rflib import *

d = RfCat()
d.cleanup()
----

I cannot reproduce the timeouts in the interactive shell (rfcat -r). That's a bit counterintuitive.

Some more info:

rfcat: atlas0fd00m-rfcat-5ae972137e14

Python 2.7.6

python-usb 0.4.3

libusb-0.1-4

libusb-1.0-0

Next thing I want to try is enforce a perticular version of libusb (0.1 or 1.0). Any suggestions how to enforce this in a clean way?

Link to comment
Share on other sites

The cleanest way I can think of is to reference a method that only exists in 1.0 and catch the exception when the 0.1 version complains about not having it, but I'm very much not a Python guy.

Link to comment
Share on other sites

Guest Josef K

This weekend I continued to investigate the usb timeout problem. Some behaviour I’ve observed so far:
1) Timeouts with TX only. RX is fine.
2) Usually the USB timeout occur 10 seconds after last TX.
3) If I end the script with a 'd.setModeTX()’, the USB timeout does not occur. However, after sending my data, the YS1 will still be sending a carrier on either one of the 2FSK frequencies, followed by TX of some arbitrary data. This happens even after a 'd.RESET()’ or ‘d.cleanup’.
4) Timeouts occur with both 0.1 and 1.0 versions of libusb
5) Timeouts with various hardware and Linux distro’s. Raspberry Pi, I5 with Debian, Kali in vm on top of OSX… (The nice thing with this VM is that OSX does a soft USB reset after some time).


I’ve experimented with several commands like d.rf_configure(), d.resetup(), d.setModeRX(). Some of these commands are in the rfcat script, and the RX is referred to in the rfcat FAQ:

"""Q: why do i get this when i start rfcat: Error in resetup():USBError(110, 'Operation timed out')
A: try starting rfcat *before* plugging in the dongle
A: this has been "fixed" in the latest firmware and client. dongles now only enter RX mode when the client first talks to them, and that is only in "research" mode, so individual tools can control this”""


I have mentioned this before, but this usually does not happen with rfcat in the inteactive mode 'rfcat -r’, so I believe it’s my script. Most of the YS1 initialisation is done in the __init__ of rflib. I believe this is called with ‘rfcat -r’ and with 'from rflib import *’, so I don’t understand why the behaviour is different.


I can try to upgrade the firmware of the YS1, but I am a bit hesitant because I don’t have a GoodFET and didn’t find a solid upgrade procedure.
Anyone with a YS1 who can reproduce the timeouts after running this script? I’d like to exclude any hardware or firmware issues. Can you also report your firmware and rflib versions? It’s in the output of 'print d.reprRadioConfig()’

Firmware rev: 0348
rflib rev: 425

Groeten,
Paul.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...