Re: [ath9k-devel] Spectral Scan in ath9k
On 05/08/2013 07:50 PM, Oleksij Rempel wrote: Am 08.05.2013 18:15, schrieb Claudio: Hi all, first of all thank you for the code you have developed. Indeed, it opens the door to many interesting possibilities! Thanks a lot Simon and Mathias for letting the genie out of the bottle, and Adrian, Felix, Zefir for helping its way out :P I finally got to play with Simon's code and it works better than i expected http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/ echo chanscan /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl iw dev wlan0 scan cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 /tmp/fft_resusts ./fft_eval /tmp/fft_results On average I get 200-400 samples but sometimes I got even 7k samples, which is very good. In my case i get a fairly constant 112 samples per iw wlan0 scan, but as always, YMMV. maybe something is triggering periodic scans on your hardware? (i.e. a STA wifi-iface in OpenWrt does this every 2 or 3 seconds until it associates to an AP). In that case, just idling between cat spectral_scans will increase the number of samples. Try running iw event in parallel to see what's happening. Cheers and have spectral fun!! Gui ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
Alex Hacker hacker at epn.ru writes: On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote: Argh, there's more to it.. For AR9160 and later, you can enable the FFT bit in one of the radar registers and you'll get some FFT reports for longer radar pulses. It's enabled by default in the code that we've committed to ath9k and FreeBSD HAL. Spectral scan mode is related but different (and not in AR9160.) So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. That's why he mentioned code = 5 or code = 38. Adrian Hi Adrian. Yes, I'm thinking same way. You right, some additional information required. But for guys who have an interest and time to do some reverse engineering we give a starting point. :) Just another more clear hint for them. Look into published DFS code (it's low level part) and HW radar filter parameters in AR_PHY_RADAR_* registers. Best regards to you, Alex. Hi all, first of all thank you for the code you have developed. I have tried to use it but at each time outputs a different number of FFT samples. I am using FFT_eval (https://github.com/simonwunderlich/FFT_eval) and the following commands: echo chanscan /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl iw dev wlan0 scan cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 /tmp/fft_resusts ./fft_eval /tmp/fft_results On average I get 200-400 samples but sometimes I got even 7k samples, which is very good. I was wondering what causes such variability on how (if possible) perform the spectral scan obtaining a high and constant sample set. I am not touching the other parameters and I am using compat-drivers-3.9- rc4-2-s Thank you Claudio ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
Am 08.05.2013 18:15, schrieb Claudio: Alex Hacker hacker at epn.ru writes: On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote: Argh, there's more to it.. For AR9160 and later, you can enable the FFT bit in one of the radar registers and you'll get some FFT reports for longer radar pulses. It's enabled by default in the code that we've committed to ath9k and FreeBSD HAL. Spectral scan mode is related but different (and not in AR9160.) So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. That's why he mentioned code = 5 or code = 38. Adrian Hi Adrian. Yes, I'm thinking same way. You right, some additional information required. But for guys who have an interest and time to do some reverse engineering we give a starting point. :) Just another more clear hint for them. Look into published DFS code (it's low level part) and HW radar filter parameters in AR_PHY_RADAR_* registers. Best regards to you, Alex. Hi all, first of all thank you for the code you have developed. I have tried to use it but at each time outputs a different number of FFT samples. I am using FFT_eval (https://github.com/simonwunderlich/FFT_eval) and the following commands: echo chanscan /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl iw dev wlan0 scan cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 /tmp/fft_resusts ./fft_eval /tmp/fft_results On average I get 200-400 samples but sometimes I got even 7k samples, which is very good. I was wondering what causes such variability on how (if possible) perform the spectral scan obtaining a high and constant sample set. I am not touching the other parameters and I am using compat-drivers-3.9- rc4-2-s each time driver do scheduled or unscheduled channel scan, it collect samples for spectral scan. make a lopp with iw dev wlan0 scan and you will got mach more samples :) -- Regards, Oleksij ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote: Argh, there's more to it.. :-) For AR9160 and later, you can enable the FFT bit in one of the radar registers and you'll get some FFT reports for longer radar pulses. It's enabled by default in the code that we've committed to ath9k and FreeBSD HAL. Spectral scan mode is related but different (and not in AR9160.) So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. That's why he mentioned code = 5 or code = 38. Adrian Hi Adrian. Yes, I'm thinking same way. You right, some additional information required. But for guys who have an interest and time to do some reverse engineering we give a starting point. :) Just another more clear hint for them. Look into published DFS code (it's low level part) and HW radar filter parameters in AR_PHY_RADAR_* registers. Best regards to you, Alex. ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
If you have an AR9160 or later, the radar detection FFT enable bit is set, so for long chirp looking pulses that match the radar detect thresholds, you should see larger PHY error frames - those have radar FFT data. It's kind of, but not quite, spectral scan - which is a feature starting with the AR9280. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
Alex, I'm really new in the ath9k code. May you give at least soure-code-related key words about that? What should I look for in the code to get raw FFT? Then, what may you point a reference about what procedure should be performed in mathlab to decoded it? thanks On 30 May 2012 07:25, Alex Hacker hac...@epn.ru wrote: Hi, It's easy to get raw FFT data from the card, but then some cryptoanalytic work should be done in MathLab. Actualy I'm busy (lazy) man... will wait for open information which Adrian promised. :) I beleave the open source community can implement these features better than MicroTik did it. Best regards, Alex. On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote: On 24 March 2012 08:50, Saulo Queiroz ssaulojo...@gmail.com wrote: Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. Hi, People keep asking about spectral scan, bah. :-) There are some plans afoot to try and get this stuff opened and documented. Like anything, it's more complicated than just provide register details, as it's not as easy as just flipping on some bits and getting FFT samples. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- Saulo Jorge bq - In theory, there is no difference between practice and theory, in practice there is -- Someone ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
On Thu, May 31, 2012 at 07:58:11AM -0300, Saulo Queiroz wrote: Alex, I'm really new in the ath9k code. May you give at least soure-code-related key words about that? What should I look for in the code to get raw FFT? Then, what may you point a reference about what procedure should be performed in mathlab to decoded it? thanks Hi Saulo, It's too long to describe all required code in detail but in short you need to do the following. 1. Enable receiving of radar pulses in AR_RX_FILTER register. 2. Set some values in AR_PHY_SPECTRAL_SCAN. Do not miss both AR_PHY_SPECTRAL_SCAN_ENABLE and AR_PHY_SPECTRAL_SCAN_ACTIVE bits. 3. Catch the rx descriptors with phy error 5 (on ar92xx) or 38 (on ar93xx). You get several packets around 1500 bytes long with FFT data. About MatLab it is joke of course, but it can be helpful in data analysis. :) For my eye it looks like series of radar pulses. Best wishes to you, let me know if you found something. Alex. On 30 May 2012 07:25, Alex Hacker hac...@epn.ru wrote: Hi, It's easy to get raw FFT data from the card, but then some cryptoanalytic work should be done in MathLab. Actualy I'm busy (lazy) man... will wait for open information which Adrian promised. :) I beleave the open source community can implement these features better than MicroTik did it. Best regards, Alex. On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote: On 24 March 2012 08:50, Saulo Queiroz ssaulojo...@gmail.com wrote: Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. Hi, People keep asking about spectral scan, bah. :-) There are some plans afoot to try and get this stuff opened and documented. Like anything, it's more complicated than just provide register details, as it's not as easy as just flipping on some bits and getting FFT samples. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- Saulo Jorge bq - In theory, there is no difference between practice and theory, in practice there is -- Someone References Visible links . mailto:hac...@epn.ru . mailto:ssaulojo...@gmail.com . mailto:ath9k-devel@lists.ath9k.org . https://lists.ath9k.org/mailman/listinfo/ath9k-devel . mailto:ath9k-devel@lists.ath9k.org . https://lists.ath9k.org/mailman/listinfo/ath9k-devel ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
hey, How do you know what is the meaning of PHY_ERR 5 or 38 .. is there a documentation about finding out what causes phyerr 5 to occur ? On Wed, May 30, 2012 at 6:25 AM, Alex Hacker hac...@epn.ru wrote: Hi, It's easy to get raw FFT data from the card, but then some cryptoanalytic work should be done in MathLab. Actualy I'm busy (lazy) man... will wait for open information which Adrian promised. :) I beleave the open source community can implement these features better than MicroTik did it. Best regards, Alex. On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote: On 24 March 2012 08:50, Saulo Queiroz ssaulojo...@gmail.com wrote: Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. Hi, People keep asking about spectral scan, bah. :-) There are some plans afoot to try and get this stuff opened and documented. Like anything, it's more complicated than just provide register details, as it's not as easy as just flipping on some bits and getting FFT samples. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
Argh, there's more to it.. :-) For AR9160 and later, you can enable the FFT bit in one of the radar registers and you'll get some FFT reports for longer radar pulses. It's enabled by default in the code that we've committed to ath9k and FreeBSD HAL. Spectral scan mode is related but different (and not in AR9160.) So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. That's why he mentioned code = 5 or code = 38. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
On 01/06/12 05:19, Adrian Chadd wrote: Argh, there's more to it.. :-) For AR9160 and later, you can enable the FFT bit in one of the radar registers and you'll get some FFT reports for longer radar pulses. It's enabled by default in the code that we've committed to ath9k and FreeBSD HAL. Spectral scan mode is related but different (and not in AR9160.) So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. That's why he mentioned code = 5 or code = 38. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel Hi Adrian, To summarize what you saying if I have later chipset than AR9160 (e.g., AR9280/AR9285), then the FFT bit is enabled by default. So for longer pulses, you'll get RADAR payload (phyerr code = 5) which may just have the pri/ext pulse duration and some config info, or it may have a series of FFT reports first. That's just for radar stuff though, it's not spectral scan. Could you please explain what you mean by the radar stuff? So what is the spectral scan report? does anyone know? Is there anyone ready to start a documentation on this feature? -- Regards; Peizhao ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
Hi, It's easy to get raw FFT data from the card, but then some cryptoanalytic work should be done in MathLab. Actualy I'm busy (lazy) man... will wait for open information which Adrian promised. :) I beleave the open source community can implement these features better than MicroTik did it. Best regards, Alex. On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote: On 24 March 2012 08:50, Saulo Queiroz ssaulojo...@gmail.com wrote: Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. Hi, People keep asking about spectral scan, bah. :-) There are some plans afoot to try and get this stuff opened and documented. Like anything, it's more complicated than just provide register details, as it's not as easy as just flipping on some bits and getting FFT samples. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel -- ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
[ath9k-devel] Spectral Scan in ath9k
Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. thanks -- Saulo Jorge bq - In theory, there is no difference between practice and theory, in practice there is -- Someone ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Re: [ath9k-devel] Spectral Scan in ath9k
On 24 March 2012 08:50, Saulo Queiroz ssaulojo...@gmail.com wrote: Hello, I intend to use ath9k to perform some tests on demodulated FFT samples. I found out the definition #define AR_PHY_SPECTRAL_SCAN 0x9910 /* AR9280 spectral scan configuration register but since I am a beginner in the ath9k, I have no idea about using it to achieve my goal. I really would be very grateful if some can provide me with informations that help me to access such data in the code. Hi, People keep asking about spectral scan, bah. :-) There are some plans afoot to try and get this stuff opened and documented. Like anything, it's more complicated than just provide register details, as it's not as easy as just flipping on some bits and getting FFT samples. Adrian ___ ath9k-devel mailing list ath9k-devel@lists.ath9k.org https://lists.ath9k.org/mailman/listinfo/ath9k-devel
