I met Travis at Troopers2013 and he was very kind of giving me one Facedancer11 PCB.
I soldered the elements by reflow with solder paste in a kitchen pan, on a cooking paper and with good ventilation.


sudo apt-get install python-sqlite python-serial gcc-msp430
svn co https://goodfet.svn.sourceforge.net/svnroot/goodfet
cd goodfet/trunk/client/
sudo make link
cd goodfet/trunk/firmware/
goodfet.bsl --dumpinfo |tee info.txt


MSP430 Bootstrap Loader Version: 1.39-goodfet-8
Transmit default password ...
My uC was a msp430f2619 so:

cp lib/msp430f2617.c lib/msp430f2619.c
board=facedancer11 mcu=msp430f2619 make clean reinstall installinfo


goodfet.monitor listapps

GoodFET with f26f MCU
Clocked at 0x8f82
Build Date: 2013-03-28 23:38
Firmware apps:

goodfet.monitor testleds

Flashing LEDs
Flashed 1 LED.

goodfet.maxusb info

First connect target USB

Connected to MAX342x Rev. 4



On target:

cat /dev/ttyUSB0

Or, as sometimes previous command sends only one char at a time:

screen /dev/ttyUSB0
GoodFET emulates FTDI properly, if you can read this!


dd if=/dev/zero of=test.img bs=512 count=10000
/sbin/mkfs.vfat test.img 
mkdir test
sudo mount -o loop test.img test
echo hello |sudo tee test/hello.txt
sudo umount test

goodfet.maxusbmass test.img


On target, chars are typed in an OS-dependent way:

Python does USB HID on Linux!


Emulating Ubertooth device to capture firmware:

goodfet.maxusbdfu FFFF 0004

On target:

./ubertooth-dfu --write bluetooth_rxtx.dfu
Checking firmware signature
Write complete

Scapy support



Merging Facedancer & Raspberry Pi


Facedancer11 is a one-purpose version of the flexible GoodFET board.
It was well designed to move all the intelligence into the host controller, not in the embedded uC.
Facedancer11 hardware can be seen as:

 USBconn -- FT232RL -- MSP430F2618TPM -- MAX3420E -- USBconn

where the first two chips are only converting busses:

 USBconn -- FT232RL -- MSP430F2618TPM -- MAX3420E -- USBconn
         USB   <>   UART     <>       SPI   ...   (USB)

BoM view (excluding taxes, Farnell prices):

 USBconn -- FT232RL -- MSP430F2618TPM -- MAX3420E -- USBconn
 USBconn +  5.45€   +  13.03€         +  8.27€    +  USBconn

So 18.48€ to talk SPI over UART over USB while the Raspberry-Pi has natively SPI, hmmm.
Bus speed view: yes there is a kind of bottleneck there...

 USBconn -- FT232RL -- MSP430F2618TPM -- MAX3420E -- USBconn
        12MB/s      115200bauds       26MHz

Let's try to make a RPi extension board with only the MAX3420E.
And to save a few cents and construction pain let's replace the USB connector by a USB cable from a cannibalized mouse.

                        RPI-MODA-256M -- MAX3420E -- USBcable

From a BoM point of view this becomes (depending on what you add to the RPi, nice casing etc):

                        RPI-MODA-256M -- MAX3420E -- USBcable
                        27.66€        +  8.27€

Bus speed view:

                        RPI-MODA-256M -- MAX3420E -- USBcable

And we get a fully autonomous facedancer which can be even powered over USB and controlled remotely


MAX Signal RPi Signal
P3  Vcc    P17 3v3   \  0.1uF -- GND
P4  Vcc    P17 3v3   /
P5  GND    P25 GND
P6  GND    P25 GND
P10 -RES   P15 GPIO22
P12 -SS    P24 CE0
P17 INT    currently not connected, could be e.g. P13=GPIO27
P18 GND    P25 GND
P19 GND    P25 GND ---------- USB conn GND
P20 D-     ----------- R33 -- USB conn D-
P21 D+     ----------- R33 -- USB conn D+
P22 Vcc    P17 3v3  \  1uF -- GND
P23 Vcc    P17 3v3  /
P24 VBCOMP ------------------ USB conn Vcc -- 1uF -- GND
P26 XI     ------------Xtal1- 18pF -- GND
P27 XO     ------------Xtal2- 18pF -- GND

First proto


Travis did an amazing job at building a Python library and examples for the MAX3420E, let's reuse them!
You'll need to get GPIO Python support and SPI Python support for your Raspberry Pi.
From the original facedancer code, you'll need GoodFETMAXUSB.py and the goodfet.maxusb* scripts
Then instead of the original GoodFET.py library, use [{{#file: GoodFET.py}} this GoodFET.py version]:

#!/usr/bin/env python
# (C) 2013 Philippe Teuwen <phil at teuwen.org>

import spi
import RPi.GPIO as GPIO

class GoodFET:
    def __init__(self, *args, **kargs):
        # pin15=GPIO22 is linked to MAX3420E -Reset
        GPIO.setup(15, GPIO.OUT, initial=GPIO.LOW)
    def __del__(self):
    def writecmd(self, app, verb, count=0, data=[]):
        if verb: # ignore all but R/W cmd
        if isinstance(data,str):
            data = [ord(x) for x in data]
        data = tuple(data)
        data = spi.transfer(data)
        self.data = "".join([chr(x) for x in data])
    def serInit(self):

There are probably better ways to integrate it into the GoodFET software stack but with this small code snippet, you can take the latest great GoodFETMAXUSB.py and goodfet.maxusb* python scripts and just drop them along this GoodFET.py, without need for re-applying any patch.