Kisbee is a project to create a small, battery powered, open source hardware
device for capturing 802.15.4 (aka Zigbee).
Kisbee gets approximately 20 hours runtime on a 1000MAh battery, in receive mode.
- Sep 14, 2012 - Kisbee featured on Hak5!. Also working on assembling more!
- Jul 07, 2012 - Took down ordering info for now until I catch up and count supplies, expect more news soon!
- Jun 29, 2012 - Put ordering info up!
- Jun 26, 2012 - Kisbee app now available from Google Play!
- Jun 17, 2012 - Assembly of first run going well; bringing units to Sharkfest then will start being able to ship
- May 22, 2012 - Android code functionality 90% complete, Kisbee firmware functionality 90% complete, first production run started. Sign up for announcements on the Google Groups announcement list here!
Kisbee units are available! Total cost is $120US, including shipping. International shipping is not a problem, it will just take longer (it's easy to ship internationally at reasonable prices, and unreasonable priced shipping rarely gets there any faster once customs is involved).
Orders are currently closed, sorry! I need to make sure I've got enough supplies and see how many boards I have left. If you're interested and didn't get in on the orders, don't worry! There's been enough interest that hopefully there will be a good announcement soon! For those who have ordered, I'll contact you when a board is ready with a purchase link.
I'm working on assembling more - don't worry, the project isn't dead! As mentioned in the Hak5 interview, I'm working on doing a factory-assembleable design to take my assembly delays out of the loop.
When devices are assembled, you'll get an email with payment details. If you're still interested, one is built and ready, if you're not, just let me know. Units are being assembled and shipped in the order that request emails come in.
Assembled Kisbee kits will include all components, however, they will not include an integrated rechargeable battery. This was originally part of the design, but after review of the charging circuit and consideration of the dangers of Li/Po charging, I've decided to omit these components for safety. For untethered use, any USB phone charger which provides mini-usb may be used, and there are many small form factor chargers which fit the bill. There is no risk from using a USB charger, the battery concerns apply only to the original design goal of an integrated li/po cell.
I like:
Duracell USB charger, Amazon, which is nearly exactly the same size as a Kisbee and fits together very nicely, even comes with a short Mini USB cable.
and
DigiPower USB charger, Amazon, larger than a Kisbee, but flexible,
The Duracell charger is especially convenient as it features a hard-power switch which can force it to remain always-on (many chargers turn off if they think a device is no longer connected).
Sign up for announcements on the Google Groups announcements list here or follow the Kismet twitter feed.
|
|
Powering up: Kisbee will display 4 LEDs during boot-up:
- CPU initialized - CPU has booted, crystal is running, user code is starting to execute
- USB subsystem complete - USB subsystem initialized, or no USB detected (detatched/bluetooth operation)
- 802.15.4 radio OK - The MRF radio chip is working (at least, well enough to return known values)
- Bluetooth OK - The Bluetooth module accepted the setup commands
Using with Android:
- Install the Kisbee app from the Google Play marketplace.
- Enable Bluetooth in your devices Settings panel
- Scan for devices from the Bluetooth settings panel
- Pair with the device. The Bluetooth pairing code is 1234
- Launch the Kisbee app
- Select 'Connect to Device' and select the Kisbee device
Under Android, packets are logged to a CSV file (if enabled in Preferences) in /mnt/sdcard/kisbee (or whatever the primary external storage directory is for your device). Packet locations are displayed on the map. Channel control is reached via the Preferences panel.
Using with a PC:
- Get the Kisbee directory from Git:
git clone https://www.kismetwireless.net/kisbee.git
- Testing scripts are in the
util/ directory. serialdev-debug.py will activate the device and print packets.
- More to come soon, including updated Kismet plugin! The PC host code is under active development and will show up in the
util/ directory in git and in the Kismet repository as a Kismet plugin. Swing by #kismet on irc.freenode.net for updates.
Kisbee V2 is designed around the Microchip MRF24J40MC-I radio module, which is a
self-contained SMT module which houses a radio, crystal, LNA, and PA, connected via SPI
to the microcontroller.
Switching to the self-contained module feels like cheating but offers a lot of advantages.
Hopefully using this module gives equivalent performance to previous design goals, while
collapsing the PCB design to 2 layers (significantly easier cheaper to fab) and drastically
simplifying the assembly (making hand-soldering pretty simple for anyone with SMT experience).
Kisbee V2R0 is the first production run hardware.
No special hardware is needed for flashing. By bridging the appropriate pins (exposed in the design as half-pitch headers) the LPC processor can be placed into a USB firmware update mode, where it emulates a USB mass storage device. Uploading new firmware to the Kisbee is trivial.
The battery charging circuit is unpopulated, after consideration of the dangers around li/po battery handling. The parts required are in the BOM and may be safely populated, if and only if the li/po cell used has an automatic low voltage cut-off. There is no low-voltage detection in the Kisbee circuit.
Battery concerns are only applicable to directly attached batteries. These are not a problem using an external USB charger, which is the recommended method.
Kisbee firmware is based on the microBuilder.eu library, which makes things exceptionally easy.
The firmware currently supports:
- The Linux-Serialdev 802.15.4 serial protocol; This is the protocol supported by
Kismet, as well as the Linux serialdev kernel module.
- USB serial via CDC-ACM
- Bluetooth RFCOMM via UART
- Monitor/Promisc mode
- Fixed channel monitoring
- Firmware-controlled channel hopping using an extension of the Serialdev protocol, minimizing host-kisbee communications
- Signal level reporting
- Intelligent firmware channel hopping with automatic delays on channels showing traffic
- Fox-hunt mode periodic transmit
Future firmware plans include:
- Transmit mode for packet injection/bidirectional communication using serialdev protocol
- Full 802.15.4 stack for TX interaction beyond serialdev/single packet injection
Kisbee will be fully supported by Kismet under the Phy-Neutral architecture, which unifies sniffing multiple wireless phy layers into a single report and UI. This support is ongoing and will be in the Kismet development code and all future releases.
The Kisbee Android app communicates over bluetooth rfcomm. While still requiring polish, nearly all functionality is complete and working.
Current Android support includes:
- CSV logging to sdcard, with GPS and packet data
- Channel control (locking, selective hopping, etc)
- Automatic connection & reconnection to Kisbee device
- Realtime map display
Future Android plans include:
- XML logging
- Database logging
- General polish and stability updates
The android application is available in the Git repository, and is also available in the Google Play market here
Currently all Kisbee code is stored in the Kisbee Git repository, available via:
git clone https://www.kismetwireless.net/kisbee.git
PCB design files can be found in the Kisbee Git hardware directory
Android code can be also be found in the Kisbee Git repository
Kisbee V2R0, external antenna, size comparison with battery. |
Kisbee V2R0 design |
Android app map display
|
Android app device selector
|
Android app prefs
|
Android app channel picker
|
|
