This is the modified firmware to support RX and TX Z-Wave operations
for the Z-Force project (https://code.google.com/p/z-force/).

The Z-Force project is the first publicly available sniffer for Z-Wave
networks.  Unfortunately, the firmware files distributed with the
project only support European 868.4 MHz, and lack support for the
North American 908.4 MHz band.

The authors of Z-Force cannot distribute the source to their firmware,
so I modified the binary firmware files to include support for the
Z-Wave frequency used in the US (details below).  Note that this is
the Z-Wave R2 configuration -- Z-Force does not support R1, R3, or the
newest "Z-Wave Plus" configurations.

In my testing, I used the two CC1110DK cards with the "FTDI Friend" USB
to UART interface from adafruit.com for sniffing and transmit.  Refer
to the documentation on the Z-Force site for wiring instructions (an
additional illustation for wiring is included with this bundle).  Note
that the Z-Force option to select EU or North American frequency does
not do anything -- the frequency is fixed in the firmware file and
cannot be changed by the UI.


Many thanks to Matt Carpenter and Steve Sims for their assistance.
Also many thanks to Behrang Fouladi and Sahand Ghanoun for their
ground-breaking work on Z-Wave research.

Questions, comments, concerns? jwright@willhackforsushi.com

Joshua Wright
2014-09-03



; I NOP'd out the previous FREQ0, FREQ1, and FREQ2 register
; set operations, replacing the code with the following lcall:

; RX Firmware
0297:   lcall X0060		;  12 00 60

; RX Firmware
0235:	lcall X0060		;  12 00 60


; This is the code I added to use North American frequencies
0060:	mov	dptr,#Xdf0b	;  90 df 0b
	mov	a,#3fh		;  74 3f   
	movx	@dptr,a		;  f0      
	mov	dptr,#Xdf0a	;  90 df 0a
	mov	a,#F0h		;  74 f0   
	movx	@dptr,a		;  f0      
	mov	dptr,#Xdf09	;  90 df 09
	mov	a,#22h		;  74 22   
	movx	@dptr,a		;  f0      
	ret			;  22
