-
Notifications
You must be signed in to change notification settings - Fork 75
01. CatSniffer
Marcelo Arredondo edited this page Aug 14, 2024
·
18 revisions
CatSniffer (😼) is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and Microchip SAMD21E17 (V1.x and V2.x)/RP2040 (V3.x). This board is a Swiss Army knife for IoT security researchers, developers, and enthusiasts. It's highly versatile and compatible with a wide array of software.
-
- Powerful 48-MHz Arm® Cortex®-M4F processor
- 704KB flash program memory
- 256KB of ROM for protocols and library functions
- 8KB of cache SRAM
- 144KB of ultra-low leakage SRAM with parity for high-reliability operation
- Dual-band Sub-1 GHz and 2.4 GHz operation
- Dynamic multiprotocol manager (DMM) driver
- Programmable radio includes support for 2-(G)FSK, 4-(G)FSK, MSK, OOK, Bluetooth® 5.2 Low Energy, IEEE 802.15.4 PHY and MAC
- Supports over-the-air upgrade (OTA)
-
- Dual ARM Cortex-M0+ @ 133MHz
- 264kB on-chip SRAM in six independent banks
- Support for up to 16MB of off-chip Flash memory via dedicated QSPI bus
- DMA controller
- Fully-connected AHB crossbar
- Interpolator and integer divider peripherals
- On-chip programmable LDO to generate core voltage
- 2 on-chip PLLs to generate USB and core clocks
- 30 GPIO pins, 4 of which can be used as analogue inputs
- 2 UARTs
- 2 SPI controllers
- 2 I2C controllers
- 16 PWM channels
- USB 1.1 controller and PHY, with host and device support
- 8 PIO state machines
-
- LoRa and FSK Modem
- 170dB maximum link budget (SX1262 / 68)
- +22dBm or +15dBm high efficiency PA
- Low RX current of 4.6mA
- Integrated DC-DC converter and LDO
- Programmable bit rate up to 62.5kbps LoRa and 300kbps FSK
- High sensitivity: down to -148dBm
- 88dB blocking immunity at 1MHz offset
- Co-channel rejection of 19dB in LoRa mode
- FSK, GFSK, MSK, GMSK, LoRa and Long Range FHSS modulations
- Built-in bit synchronizer for clock recovery
- Automatic Channel Activity Detection (CAD) with ultra-fast AFC
-
Supported antennas
- 433 MHz up to 13dBm
- 2.4 GHz up to 10 dBm
- Compatible with Windows, Linux, and MAC.
- CatSniffer can operate in 3 different frequencies: LoRa, Sub 1 GHz, and 2.4 GHz.
- "The SimpleLink™ CC1352P7 device is a multiprotocol and multi-band Sub-1 GHz and 2.4-GHz wireless microcontroller (MCU).
- CatSniffer uses RP2040 as a USB-UART bridge to communicate with the CC1352 chip.
- Auto program through the bootloader from TI CC (as long as it's not disabled in the code). There is no need for an external programmer; it can be debugged with cJTAG through the default pin.
- Antenna SMA port for an Antenna of your choice
- LEDs of general-purpose
- Reset button for RP2040 & CC1352, Boot of CC1352, and one more for general purpose.
- Thread
- Zigbee
- Bluetooth 5 Low Energy (BLE)
- IEEE 802.15.4g
- 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
- Sub 1Ghz and patented systems
- LoRa/LoRaWAN
- Wi-SUN
- Amazon Sidewalk
- mioty®
-
- Powerful 48-MHz Arm® Cortex®-M4F processor
- EEMBC CoreMark® score: 148
- 352KB of in-system programmable flash
- 256KB of ROM for protocols and library functions
- 8KB of cache SRAM (alternatively available as general-purpose RAM)
- 80KB of ultra-low leakage SRAM. The SRAM is protected by parity to ensure high reliability of operation.
- 2-pin cJTAG and JTAG debugging
- Supports over-the-air (OTA) update
-
- Powerful 48-MHz Arm® Cortex®-M4F processor
- EEMBC CoreMark® score: 148
- 352KB of in-system programmable flash
- 256KB of ROM for protocols and library functions
- 8KB of cache SRAM (alternatively available as general-purpose RAM)
- 80KB of ultra-low leakage SRAM. The SRAM is protected by parity to ensure high reliability of operation.
- 2-pin cJTAG and JTAG debugging
- Supports over-the-air (OTA) update
-
- 128KB of flash and 16KB of SRAM
- 4K RWW support on MRL D version
- Up to 48MHz operating frequency
- Four serial communication modules (SERCOM) configurable as UART/USART, SPI or I2C, three 16-bit timer/counters, 32-bit Real-Time Clock and calendar, 18 PWM channels, one 14-channel 12-bit ADC, one 10-bit DAC
- Full Speed USB Device and embedded Host
- Support for up to 60 touch channels
- 1.62V to 3.63V power supply
-
- LoRa and FSK Modem
- 170dB maximum link budget (SX1262 / 68)
- +22dBm or +15dBm high efficiency PA
- Low RX current of 4.6mA
- Integrated DC-DC converter and LDO
- Programmable bit rate up to 62.5kbps LoRa and 300kbps FSK
- High sensitivity: down to -148dBm
- 88dB blocking immunity at 1MHz offset
- Co-channel rejection of 19dB in LoRa mode
- FSK, GFSK, MSK, GMSK, LoRa and Long Range FHSS modulations
- Built-in bit synchronizer for clock recovery
- Automatic Channel Activity Detection (CAD) with ultra-fast AFC
-
Supported antennas v1.X & v2.X
- 868/915 MHz up to 14 dBm
- 2.4 GHz up to 20 dBm
- Compatible with Windows, Linux, and MAC.
- CatSniffer can operate in 3 different frequencies: LoRa, Sub 1 GHz, and 2.4 GHz.
- "The SimpleLink™ CC1352P1F3RGZ device is a multiprotocol and multi-band Sub-1 GHz and 2.4-GHz wireless microcontroller (MCU)
- CatSniffer uses SAMD21E17 as a USB-UART bridge to communicate with the CC1352 chip.
- Auto program through the bootloader from TI CC (as long as it's not disabled in the code). There is no need for an external programmer; it can be debugged with cJTAG through the default pin.
- Antenna SMA port for an Antenna of your choice
- LEDs of general-purpose
- Reset button for SAMD21 & CC1352, Boot of CC1352, and one more for general purpose (1.x and 2.x).
- Thread
- Zigbee
- Bluetooth 5 Low Energy (BLE)
- IEEE 802.15.4g
- 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
- Sub 1Ghz and patented systems
- LoRa/LoRaWAN
- v1.x/2.x has SAMD21E17A as a main microcontroller, from Microchip, allowing the communication between CC1352 and the USB serial, as well as the SPI to control the SX1262.
- v3.x has an RP2040 as a main microcontroller, from Raspberry Pi, allowing the communication between CC1352 and the USB serial, as well as the SPI to control the SX1262.
- The SAMD21E17 can be programmed directly via USB with the Electronic Cats SAMD Arduino Core.
- The RP2040 can be programmed directly via USB with the Arduino Mbed RP2040 Core, it is important to acknowledge one bug inside the Arduino Core for the RP2040, and it's mandatory to change one line of code inside the core.
- The CC1352P1 can be programmed via Serial using the cc2538 tool with the specific hex file you want to flash, if you flash the CC1352P1 incorrectly, it may get stuck and it WILL NOT ALLOW YOU TO RE-PROGRAM BY BOOTLOADER, to re-flash the board you will need to erase the CC1352P1 with any cJTAG programmer, to enable the serial bootloader again, you can read more about this in the wiki.
- The CC1352P7 can be programmed via Serial using the cc2538 tool with the specific hex file you want to flash, if you flash incorrectly the CC1352P7, it may get stuck, but in this version we included a JTAG connection to erase all the flash, to enable the serial bootloader again. In this version the RP2040 is connected internally and can be used to erase the CC1352P7 and enable bootloader again.
---
title: v3.x Block Diagram
---
flowchart LR
A[USB] --- B(RP2040)
B-- SPI --- C[SX1262] ---E
B-- Serial ---D[CC1352P7]
B-- JTAG ---D---E
B-- GPIOs ---E[RF Switch]
---
title: v1.x/v2.x Block Diagram
---
flowchart LR
A[USB] --- B(SAMD21E17)
B-- SPI --- C[SX1262] ---E
B-- Serial ---D[CC1352P] ---E
B-- GPIOs ---E[RF Switch]
-
- What is the CatSniffer?
- How can I use CatSniffer?
- What are the features of the CatSniffer?
- What can I do with the CatSniffer?
- What IoT protocols are supported by CatSniffer?
- How can I restore the CC1352 firmware on CatSniffer?
- How can I restore CC1352 firmware with RP2040 for CatSniffer V3?
- ERROR: Timeout waiting for ACK/NACK after Synch (0x55 0x55)
- What if SmartRF Packet Sniffer 2 doesn't detect my board?
- Why I got the error: unistd.h no such file or directory?
- Why CatSniffer can not connect with Zigbee2MQTT?
- What does this button do?