From 5a8d2f0fef1fea460fdd3c5f4bb2ffd5196f7ee5 Mon Sep 17 00:00:00 2001
From: Vladimir Alemasov <homewsn.com@gmail.com>
Date: Fri, 23 Feb 2024 12:19:48 +0300
Subject: [PATCH] Update for new firmware versions of sniffer devices

---
 ReadMe.md             | 14 +++++-----
 src/gui/gui_iup.c     |  8 +++---
 src/sniffer_sniffle.c |  2 +-
 src/sniffer_ti2.c     | 63 ++++++++++++++++++++++++++++++++-----------
 src/task.c            |  6 ++---
 5 files changed, 62 insertions(+), 31 deletions(-)

diff --git a/ReadMe.md b/ReadMe.md
index 052a2d6..aa6f513 100644
--- a/ReadMe.md
+++ b/ReadMe.md
@@ -18,11 +18,11 @@ Bsniffhub can be used both for working with the BLE sniffers and for decrypting
 Bsniffhub has both a console version and a graphical user interface version, and it can be built for use on Linux or Windows.
 
 #### Supported BLE sniffers:
-* [Sniffle v1.6](https://github.com/nccgroup/Sniffle) by Sultan Qasim Khan from NCC Group
-* [nRF Sniffer for Bluetooth LE v3.x.0 or 4.0.0](https://www.nordicsemi.com/Products/Development-tools/nrf-sniffer-for-bluetooth-le) by Nordic Semiconductor
-* [SmartRF Packet Sniffer 2 v1.9.0](https://www.ti.com/tool/download/PACKET-SNIFFER-2) by Texas Instruments
+* [Sniffle v1.6/v1.7](https://github.com/nccgroup/Sniffle) by Sultan Qasim Khan from NCC Group
+* [nRF Sniffer for Bluetooth LE v3.x.0 or 4.x.x](https://www.nordicsemi.com/Products/Development-tools/nrf-sniffer-for-bluetooth-le) by Nordic Semiconductor
+* [SmartRF Packet Sniffer 2 v1.9.0/v1.10.0](https://www.ti.com/tool/download/PACKET-SNIFFER-2) by Texas Instruments
 
-| Supported features | Sniffle v1.6 | nRF Sniffer v3.x.0 | nRF Sniffer v4.0.0 | SmartRF Packet Sniffer 2 v1.9.0 |
+| Supported features | Sniffle v1.6/v1.7 | nRF Sniffer v3.x.0 | nRF Sniffer v4.x.x | SmartRF Packet Sniffer 2 v1.9/v1.10 |
 | ------ | :------: | :------: | :------: | :------: |
 | PHY 1 Mbps | + | + | + | + |
 | PHY 2 Mbps | + | + | + | - |
@@ -76,9 +76,9 @@ Usage:
 Mandatory arguments for sniffer device input:
   -s <sniffer>       Sniffer device:
                      'N3' - nRF Sniffer v3.x.0
-                     'N4' - nRF Sniffer v4.0.0
-                     'T' - SmartRF Packet Sniffer 2 v1.9.0
-                     'S' - Sniffle v1.6
+                     'N4' - nRF Sniffer v4.x.x
+                     'T' - SmartRF Packet Sniffer 2 v1.9/v1.10
+                     'S' - Sniffle v1.6/v1.7
   -p <serport>       Serial port name
 
 Optional argument for sniffer device input:
diff --git a/src/gui/gui_iup.c b/src/gui/gui_iup.c
index 87a969c..7ee2a8b 100644
--- a/src/gui/gui_iup.c
+++ b/src/gui/gui_iup.c
@@ -87,10 +87,10 @@ static void list_iface_load(void)
 static void list_sniff_load(void)
 {
 	list_lstbox_init(&list_sniff);
-	list_lstbox_add(&list_sniff, "S", "Sniffle v1.6");
-	list_lstbox_add(&list_sniff, "N3", "nRF Sniffer v3.x.x");
-	list_lstbox_add(&list_sniff, "N4", "nRF Sniffer v4.0.0");
-	list_lstbox_add(&list_sniff, "T", "SmartRF Packet Sniffer 2 v1.9.0");
+	list_lstbox_add(&list_sniff, "S", "Sniffle v1.6/v1.7");
+	list_lstbox_add(&list_sniff, "N3", "nRF Sniffer v3.x.0");
+	list_lstbox_add(&list_sniff, "N4", "nRF Sniffer v4.x.x");
+	list_lstbox_add(&list_sniff, "T", "SmartRF Packet Sniffer 2 v1.9/v1.10");
 }
 
 //--------------------------------------------
diff --git a/src/sniffer_sniffle.c b/src/sniffer_sniffle.c
index 5412b50..d079054 100644
--- a/src/sniffer_sniffle.c
+++ b/src/sniffer_sniffle.c
@@ -30,7 +30,7 @@
 // Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware
 // https://github.com/nccgroup/Sniffle
 // Decryption of encrypted packets is not supported.
-// Sniffle v1.6 firmware.
+// Sniffle v1.6/v1.7 firmware.
 //--------------------------------------------
 // Layout of the decoded message:
 //            0            |    1    | 2  | 3  | 4 | 5  |    6    |   7    |     8   |   9    |  10  |     11      | ... | n + 12 |
diff --git a/src/sniffer_ti2.c b/src/sniffer_ti2.c
index 5c38683..ba167a4 100644
--- a/src/sniffer_ti2.c
+++ b/src/sniffer_ti2.c
@@ -29,7 +29,7 @@
 // SmartRF Packet Sniffer 2 is a sniffer for Bluetooth 4.x (LE) using TI CC13xx/CC26xx hardware
 // http://www.ti.com/tool/PACKET-SNIFFER
 // Decryption of encrypted packets is not supported.
-// TI SmartRF Packet Sniffer 2 v1.9.0 firmware.
+// TI SmartRF Packet Sniffer 2 v1.9.0/v1.10.0 firmware.
 //--------------------------------------------
 // Layout of the Command and Command Response messages:
 //  0   |  1   |      2      |   3   |   4   | ...  | n + 4 | n + 5 | n + 6 | n + 7 |
@@ -68,9 +68,12 @@
 #define CC26X2R                         0x21
 #define CC1352R                         0x30
 #define CC1352P                         0x50
-#define CC26X2R_BLE_PHY                 0x01
-#define CC1352R_BLE_PHY                 0x0E
-#define CC1352P_BLE_PHY                 0x12
+#define CC26X2R_BLE_PHY_V1_9            0x01
+#define CC1352R_BLE_PHY_V1_9            0x0E
+#define CC1352P_BLE_PHY_V1_9            0x12
+#define CC26X2R_BLE_PHY_V1_10           0x01
+#define CC1352R_BLE_PHY_V1_10           0x0F
+#define CC1352P_BLE_PHY_V1_10           0x13
 
 //--------------------------------------------
 static const uint8_t cmd_ping[] = CMD_PING;
@@ -125,20 +128,48 @@ static void command_send(uint8_t *buf, size_t len)
 		break;
 	case SENT_CMD_PING:
 		assert(len == 15);
-		switch (buf[9])
+		if (buf[10] == 0x9 && buf[11] == 0x1)
 		{
-		case CC26X2R:
-			ble_phy = CC26X2R_BLE_PHY;
-			break;
-		case CC1352R:
-			ble_phy = CC1352R_BLE_PHY;
-			break;
-		case CC1352P:
-			ble_phy = CC1352P_BLE_PHY;
-			break;
-		default:
+			// Version 1.9
+			switch (buf[9])
+			{
+			case CC26X2R:
+				ble_phy = CC26X2R_BLE_PHY_V1_9;
+				break;
+			case CC1352R:
+				ble_phy = CC1352R_BLE_PHY_V1_9;
+				break;
+			case CC1352P:
+				ble_phy = CC1352P_BLE_PHY_V1_9;
+				break;
+			default:
+				ble_phy = -1;
+				break;
+			}
+		}
+		else if (buf[10] == 0xA && buf[11] == 0x1)
+		{
+			// Version 1.10
+			switch (buf[9])
+			{
+			case CC26X2R:
+				ble_phy = CC26X2R_BLE_PHY_V1_10;
+				break;
+			case CC1352R:
+				ble_phy = CC1352R_BLE_PHY_V1_10;
+				break;
+			case CC1352P:
+				ble_phy = CC1352P_BLE_PHY_V1_10;
+				break;
+			default:
+				ble_phy = -1;
+				break;
+			}
+		}
+		else
+		{
+			// Unknown version
 			ble_phy = -1;
-			break;
 		}
 		if (ble_phy != -1)
 		{
diff --git a/src/task.c b/src/task.c
index 9801d10..e5536ae 100644
--- a/src/task.c
+++ b/src/task.c
@@ -50,9 +50,9 @@ void print_usage(void)
 	printf("Mandatory arguments for sniffer device input:\n");
 	printf("  -s <sniffer>       Sniffer device:\n");
 	printf("                     'N3' - nRF Sniffer v3.x.0\n");
-	printf("                     'N4' - nRF Sniffer v4.0.0\n");
-	printf("                     'T' - SmartRF Packet Sniffer 2 v1.9.0\n");
-	printf("                     'S' - Sniffle v1.6\n");
+	printf("                     'N4' - nRF Sniffer v4.x.x\n");
+	printf("                     'T' - SmartRF Packet Sniffer 2 v1.9/v1.10\n");
+	printf("                     'S' - Sniffle v1.6/v1.7\n");
 	printf("  -p <serport>       Serial port name\n\n");
 	printf("Optional argument for sniffer device input:\n");
 	printf("  -b <baudrate>      Serial port baudrate (def: from sniffer guide)\n\n");