CRC16 Calculation

CRC16 Calculation

#define POLY 0xa001
unsigned short ModBusCRC(unsigned char *buf,unsigned int lenth)
  int i,j;
  unsigned short crc;
  for(i=0,crc=0xffff;i< lenth;i++)
    crc ^= buf[i];
      if(crc & 0x01)
        crc = (crc >> 1) ^ POLY;
        crc >>= 1;
  return crc;

OpenWrt quick overview

Команды операционной системы OpenWRT

Конфигурационные Файлы

OpenWrt OS upgrade procedure (LuCI or sysupgrade)

Mini How-to OpenWrt ar71xx

ps: invalid option — A | procps-ps

Init scripts configure the daemons of the Linux system

echo ‘1’ > /sys/devices/platform/leds-gpio/leds/ubnt:orange:link2/brightness

# To query the state of all init scripts
for F in /etc/init.d/* ; do $F enabled && echo $F on || echo $F **disabled**; done

Free RAM

# delete the opkg packages file:
rm -r /tmp/opkg-lists/
# drop caches:
sync && echo 3 > /proc/sys/vm/drop_caches
cat /etc/config/network
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
 option ifname 'lo'
 option proto 'static'
 option ipaddr ''
 option netmask ''

config globals 'globals'
 option ula_prefix 'fc5a:c5d4:9531::/48'

config interface 'lan'
 option type 'static' # 'bridge'
 option ifname 'eth0'
 option proto 'static'
 option ipaddr ''
 option netmask ''
 option ip6assign '60'

config interface 'wifi'
 option type 'manual'
 option ifname 'wlan0'
 option proto 'static'
 option ipaddr ''
 option netmask ''
 option ip6assign '60'

#config interface wlan0
# option proto 'dhcp'
# option auto 1

/etc/init.d/network reload


Настройка wifi клиента в openWrt

Для работы с wifi в openWrt существует скрипт /sbin/wifi. Файл /etc/config/wireless отвечает за конфигурацию wifi.

Создать конфигурационный файл по умолчанию можно, выполнив:

wifi detect > /etc/config/wireless

Он примерно будет иметь следующий вид:

config wifi-device radio0
 option type mac80211
 option channel 'auto'
 option hwmode 11g
 option path 'pci0000:00/0000:00:00.0'
 option htmode HT20
 option disabled 0

config wifi-iface
 option device 'radio0'
 option network 'wlan0'
 option mode 'sta'
 option ssid 'AP'
 option encryption 'psk2'
 option key '12345679'

Файл /etc/config/wireless для открытой сети:

config wifi-device  radio0 
	option type     mac80211 
	option channel  'auto' 
	option hwmode	11g 
	option path	'pci0000:00/0000:00:1c.2/0000:05:00.0' 
	option disabled 0 

config wifi-iface 
	option device   radio0 
	option network  wwan 
	option mode     sta 
	option ssid     testwifi
	option encryption none

Файл /etc/config/wireless для шифрованой сети:

config wifi-device 'radio0' 
        option type 'mac80211' 
        option channel '6' 
        option hwmode '11ng' 
        option path 'pci0000:00/0000:00:1c.2/0000:05:00.0' 
        option disabled '0' 

config wifi-iface
        option device 'radio0' 
        option network 'wwan' 
        option mode 'sta' 
        option ssid 'testwifi' 
        option encryption 'psk2' 
        option key '1234567890'

sta — режим клиента;
ap — режим точки доступа

Для автоматического получения адреса по dhcp
в файле /etc/config/network необходимо создать интерфейс:

config interface wwan 
	option proto 'dhcp'

Выполнить для применения новых настроек:

/etc/init.d/network restart

На этапе конфигурации openWrt нужно отметить wpa-supplicant, иначе wifi не будет подниматься скриптом openWrt /sbin/wifi:

	<*> wpa-supplicant

Выполнение «wifi down» приводит к отключению wifi и пропаданию интерфейса wlan0.

Выполнение «wifi up» поднимает интерфейс wlan0, и происходит подключение к сети.

При успешном выполнении операции на экране будет примерно следующий лог:

wifi up 
Successfully initialized wpa_supplicant
[   10.975345] iwl3945 0000:05:00.0: loaded firmware version 
[   14.670591] wlan0: authenticate with bc:ae:c5:c3:ab:d5 
[   14.673644] wlan0: send auth to bc:ae:c5:c3:ab:d5 (try 1/3) 
[   14.675760] wlan0: authenticated 
[   14.676031] iwl3945 0000:05:00.0: wlan0: disabling HT as WMM/QoS is not supported by the AP 
[   14.676335] iwl3945 0000:05:00.0: wlan0: disabling VHT as WMM/QoS is not supported by the AP 
[   14.680246] wlan0: associate with bc:ae:c5:c3:ab:d5 (try 1/3) 
[   14.682727] wlan0: RX AssocResp from bc:ae:c5:c3:ab:d5 (capab=0x401 status=0 aid=1) 
[   14.684368] wlan0: associated 

Возможно появление ошибки (при отсутствии wpa-supplicant) :

wifi up 
command failed: Device or resource busy (-16) 

Подключиться в ручном режиме к сети можно с помощью команды:

iw dev wlan0 connect -w testwifi


Образ прошивки



I was able to un-brick a Bullet M2 today. I wrote this quick instruction document on how to do it. I want to write a more detailed explanation later, but for now these instructions should be adequate for anyone trying to un-brick an AirMAX device.

If a device that is loaded with U-Boot (Jun 10 2015 — 10:54:50), which is
installed by default any time AirOS v5.6.2 or v5.6.3, has OpenWRT or Gargoyle firmware loaded
on top of it, the device will not work correctly.

The configurations made to Gargoyle or OpenWRT will not survive a reboot, and everything will be back to default.
If you then try to re-upload a version of AirOS the device would get stuck in an endless reboot
loop. Previously it was thought that the device was un-recoverable.

However, there is an option when using the urescue command that overwrites the bootloader.
When using urescue without this option the bootloader would not be overwritten.

1 USB-TTL Cable
2 Ethernet Cables
1 POE Converter
1 Bricked Device
1 TFTP Server Application (Example: Solar Winds)
1 AirOS v5.5.10 Firmware File
Tera-term or another Serial Port program

The following is the Procedure to unbrick the device:

1. Open up the device and locate the serial jumper, labeled J1.

2. Connect the USB-TTL Cable to the jumper, which has the following pinout:
—1. 3.3V+ (Red: Do not connect)
—2. S-in (GREEN)
—3. S-out (White)
—4. GND(Black)

3. Open up a terminal program, such as tera-term, and configure it to the following settings:
—Bits per second: 115200
—Data Bits : 8
—Stop Bits : 1
—Parity : None
—Flow control : None

4. Plug the POE adapter into the wall.

5. Plug the LAN side of the device into your PC.

6. Configure your PC IP settings to the following:
—IP Address:
—Netmask :

7. Connect the POE side of the POE adapter into the Bullet M2 (or any other AirMax device).

8. Continually press any key while the tera-term window is selected. Doing this will interrupt
the boot sequence and allow you to enter terminals while the device is in the bootloader.

9. Once the boot has been stopped, enter the following into the terminal: urescue -f -e
—It is vital that the -f and -e are there. This allows the bootloader to be over written.

10. Now start the TFTP application on your PC.

11. Open a command prompt on your PC and use the cd command to navigate to the location of your
AirOS v5.5.10 firmware file.

12. Type the following command in the command prompt:
tftp -i put XM.v5.5.10.24241.141001.1649.bin

13. You should now see text being written in the terminal screen.

14. Keep watching the text until it says the device is resetting. When it does reset,
continually press any key to interrupt the boot.

15. When the boot has been interrupted, type the following in the serial console, pressing enter after each line:

mtdparts default

16. The device will now boot. Wait about 2 minutes, and then access the webpage of AirOS by
typing in the web address bar.

17. Login to the page and navigate to the system tab. Upload the same firmware version, AirOS
v5.5.10, that you used in the urescue command.

18. Once the device reboots you will have a non-bricked, perfectly functional, wireless device.


Aircrack-ng (with airdrop-ng) on RaspberryPi

Установка Aircrack-ng и airdrop-ng на RaspberryPi

Download and install lastest raspbian lite.

(This was written using RASPBIAN JESSIE LITE Version:November 2016 Release date:2016-11-25 Kernel version:4.4)

 sudo apt-get -y install git libssl-dev libnl-dev libpcap-dev libpcre3-dev libsqlite3-dev python-dev iw ethtool
 cd ~
 git clone
 cd aircrack-ng
 make sqlite=true experimental=true ext_scripts=true pcre=true
 make strip
 sudo make install
 sudo airodump-ng-oui-update #Updates OUI Database

Getting airdrop to work:

 git clone
 cd lorcon && ./configure &&make && sudo make install
 cd pylorcon2 && python build && sudo python install
 sudo ln -s /usr/local/lib/ /usr/lib
 cd ~/aircrack-ng/scripts/airdrop-ng/
 sudo python install

Подключаем беспроводной радио модуль 2.4 GHz к avr голыми руками.


Multiprotocol TX ModuleПроводить все опыты будем на лоу кост «отладочной доске» 4in1 RF, так как в ней присутствуют модули 4 разных производителей. А именно:


Texas Instruments
Programmable data rate from 1.2 to 500 kBaud
Frequency range: 2400 — 2483.5 MHz
OOK, 2-FSK, GFSK, and MSK supported
Suitable for frequency hopping and multichannel systems due to a fast settling frequency synthesizer with 90 us settling time


A7105 info is under construction


Вообще потом


Некоторые модули могут быть знакомыми. Например, тот же NRF24L часто мелькал на хабре и где только не использовался. Под него есть отличные библиотеки, позволяющие устроить беспроводной канал парой строк кода.

СС2500 используется для создания канала связи в хоббийных аппаратурах Futaba, FrSky, а его предок CC2400 в Ubertooth.

Что рассмотрим:

  1. Как организуется канал связи
    1. Физическое кодирование
    2. Строение пакета
    3. DSSS
  2. Работа с модулями
    1. Об интерфейсе SPI
    2. Регистры настройки
    3. Запуск модуля
  3. Hello world!

To be continued.

Raspberry Pi KickStar

# Minimal start

#устанавливаем минимальный беспроводной комплект
#Настройка необходимых пакетов
apt-get install aircrack-ng reaver git
git clone git://
cd mdk3
make install

# Запуск интерфейса в монитор режиме

Если сначала перевести интерфейс в режим монитора через iw, то можно избавиться от ошибки «fixed channel : -1″;
При использовании wash для поиска WPS-уязвимых точек доступа можно использовать параметр

-C, --ignore-fcs  Ignore frame checksum errors

либо установить флаг в настройках интерфейса

iw dev wlan1 set monitor none

ifconfig wlan1 down
iw dev wlan1 set monitor fcsfail
iw reg set BO
iwconfig wlan1 txpower 30
ifconfig wlan1 up
airmon-ng start wlan1
airodump-ng mon0

# Nginx, PHP5, SQLite3

# Run as sudo
apt-get install nginx php5-fpm php-apc sqlite3 php5-sqlite

mkdir $location
cd /etc/nginx/sites-available
touch $sitename

echo -e "server {
 listen 80;
 root $location;
 index index.html index.htm;
 location ~ \.php$ {
  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;
}" >> $sitename

cd /etc/nginx/sites-enabled
unlink /etc/nginx/sites-enabled/default
ln -s ../sites-available/$sitename
service start nginx


Маркировка линейки STM32


  • STM32 — эт понятно :)
  • F103 — серия контроллеров на Cortex M3 (есть еще 101,102,105,107)
  • C — число ног (T=36,С=48, R=64, V=100)
  • 8 — размер флеша (8 = 64Kb, B=128Kb)
  • T — тип корпуса (H=BGA, T=LQFP, U=VFQFPN)
  • 6 — температурный диапазон (6 =-40…80, 7=-40…105)

Analog Engineer’s Pocket Reference PDF

Analog Engineer Pocket Reference

System and board-level design formulas at your fingertips.

This pocket reference is intended as a valuable quick guide for often used board- and system-level design formulae. This collection of formulae is based on a combined 50 years of analog board- and system-level expertise. Much of the material herein was referred to over the years via a folder stuffed full of printouts. Those worn pages have been organized and the information is now available via this guide in a bound and hard-to-lose format!

Here is a brief overview of the key areas included:
• Key constants and conversions
• Discrete components
• AC and DC analog equations
• Op amp basic configurations
• OP amp bandwidth and stability
• Overview of sensors
• PCB trace R, L, C
• Wire L, R, C
• Binary, hex and decimal formats
• A/D and D/A conversions

Download PDF


Простые функции для работы с SPI

void SPI_Init()
 DDRD |= (0 << 1) | (1 << 0);
 PORTD |=(0 << 1) | (1 << 0);
 SPCR = (1 << SPE) | (1 << MSTR) | (0 << SPR1) | (0 << SPR0); //0: Fosc/4
 SPSR = (0 << SPI2X); //Double clock rate.

uint8_t SPI_Write(uint8_t data)
 SPDR = data;
 while (!(SPSR & (1 << SPIF)));
 return SPDR;

uint8_t SPI_Read(void)
 SPDR = 0xFF;
 while (!(SPSR & (1 << SPIF)));
 return SPDR;