]> cvs.zerfleddert.de Git - hmcfgusb/blame - flash-ota.c
flash-ota: add support for directly flashing AsksinPP .hex-files
[hmcfgusb] / flash-ota.c
CommitLineData
25870f58
MG
1/* flasher for HomeMatic-devices supporting OTA updates
2 *
4bb67041 3 * Copyright (c) 2014-20 Michael Gernoth <michael@gernoth.net>
cb56b255 4 * Copyright (c) 2017 noansi (TSCULFW-support)
25870f58
MG
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <unistd.h>
28#include <stdint.h>
29#include <string.h>
30#include <strings.h>
31#include <poll.h>
32#include <errno.h>
33#include <sys/types.h>
34#include <sys/stat.h>
35#include <fcntl.h>
36#include <sys/time.h>
37#include <libusb-1.0/libusb.h>
38
39#include "hexdump.h"
40#include "firmware.h"
41#include "hm.h"
42#include "version.h"
43#include "hmcfgusb.h"
47ea478b 44#include "culfw.h"
3e34d2ce 45#include "hmuartlgw.h"
47ea478b 46#include "util.h"
25870f58 47
dfe2e5e2
MG
48#define MAX_RETRIES 5
49#define NORMAL_MAX_PAYLOAD 37
469ea397 50#define LOWER_MAX_PAYLOAD 17
2d1f08ac 51
47ea478b
MG
52extern char *optarg;
53
25870f58 54uint32_t hmid = 0;
558a94bb 55uint32_t my_hmid = 0;
103d40f7 56uint8_t key[16] = {0};
df40d139 57int32_t kNo = -1;
25870f58 58
dfe2e5e2
MG
59/* Maximum payloadlen supported by IO */
60uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
61
25870f58 62enum message_type {
47ea478b
MG
63 MESSAGE_TYPE_E = 1,
64 MESSAGE_TYPE_R = 2,
cb56b255 65 MESSAGE_TYPE_B = 3,
25870f58
MG
66};
67
3e34d2ce
MG
68enum hmuartlgw_state {
69 HMUARTLGW_STATE_GET_HMID,
70 HMUARTLGW_STATE_GET_FIRMWARE,
71 HMUARTLGW_STATE_GET_CREDITS,
72 HMUARTLGW_STATE_DONE,
73 HMUARTLGW_STATE_WAIT_APP,
74 HMUARTLGW_STATE_ACK_APP,
75};
76
25870f58
MG
77struct recv_data {
78 uint8_t message[64];
79 enum message_type message_type;
80 uint16_t status;
81 int speed;
a65c08fc 82 uint16_t version;
07decdba 83 uint8_t credits;
3e34d2ce
MG
84 enum hmuartlgw_state uartlgw_state;
85 uint8_t uartlgw_version[3];
cb56b255 86 uint8_t is_TSCUL; // tsculfw
25870f58
MG
87};
88
89static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
90{
91 struct recv_data *rdata = data;
92
93 if (buf_len < 1)
94 return 1;
95
96 switch (buf[0]) {
97 case 'E':
98 if ((!hmid) ||
99 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
100 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
101 (buf[0x13] == (hmid & 0xff)))) {
102 memset(rdata->message, 0, sizeof(rdata->message));
103 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
104 rdata->message_type = MESSAGE_TYPE_E;
105 }
106 break;
107 case 'R':
108 memset(rdata->message, 0, sizeof(rdata->message));
109 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
110 rdata->status = (buf[5] << 8) | buf[6];
111 rdata->message_type = MESSAGE_TYPE_R;
112 break;
113 case 'G':
114 rdata->speed = buf[1];
115 break;
865d5b4c 116 case 'H':
a65c08fc 117 rdata->version = (buf[11] << 8) | buf[12];
07decdba 118 rdata->credits = buf[36];
558a94bb 119 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
865d5b4c 120 break;
25870f58
MG
121 default:
122 break;
123 }
124
125 if (buf_len != 1)
126 return 1;
127
128 return 1;
129}
130
47ea478b
MG
131static int parse_culfw(uint8_t *buf, int buf_len, void *data)
132{
133 struct recv_data *rdata = data;
134 int pos = 0;
cb56b255 135 int rpos = 0; // read index
47ea478b 136
cb56b255
MG
137 memset(rdata->message, 0, sizeof(rdata->message));
138 rdata->message_type = 0;
47ea478b
MG
139
140 if (buf_len <= 3)
141 return 0;
142
a65c08fc
MG
143 switch(buf[0]) {
144 case 'A':
145 if (buf[1] == 's')
146 return 0;
147
cb56b255
MG
148 if ((buf[1] == 'p') || (buf[1] == 't')) // tsculfw: ping or set timestamp command echoed?
149 return 0;
150
151 if (buf[1] == '?') {// tsculfw: unknown command
152 fprintf(stderr, "unknown ASKSIN command sent\n");
153 return 0;
154 }
155
156 if (buf[1] == 'F') { // tsculfw: timestamp message?
157 rdata->is_TSCUL = 1;
158 if (buf_len <= (3+14)) // tsculfw: reasonable len?
159 return 0;
160 if (!validate_nibble(buf[3]) || !validate_nibble(buf[4])) // tsculfw: hex?
161 return 0;
162
163 rdata->credits = ascii_to_nibble(buf[3]); // tsculfw: coarse credits info, 0 = full credits (1800 x10ms) available
164
165 //AFF1B000053A1010F0520CB1122334BD57110
166 switch(ascii_to_nibble(buf[4]) & 0x7) { // tsculfw: message type?
167 case 0: // tsculfw: send fail message repeat fail or AES Auth error
168 fprintf(stderr, "send didn't complete, repeat fail or AES Auth error\n");
169 return 0;
170 case 1: // tsculfw: received message
171 rpos += 7; // tsculfw: ignore timestamp data for now
172 break;
173 case 2: // tsculfw: ping answer
174 return 0;
175 case 3: // tsculfw: send success
176 rdata->message_type = MESSAGE_TYPE_B;
177 return 0;
178 case 4: // tsculfw: send fail channel busy message
179 fprintf(stderr, "CCA didn't complete, too much traffic\n");
180 return 0;
181 case 5: // tsculfw: send fail credits message
182 fprintf(stderr, "send didn't complete, not enough credits left\n");
183 return 0;
184 case 6: // tsculfw: send timestamp fail message no buffer or send message length error
185 fprintf(stderr, "send didn't complete, not enough credits left -> wait 30 minutes with TSCUL powered and not reset\n");
186 return 0;
187 case 7: // tsculfw: send fail due to cc1101 TX-FIFO underflow error message
188 fprintf(stderr, "send didn't complete, cc1101 TX-FIFO underflow\n");
189 return 0;
190 default:
191 break;
192 }
193 }
194
195 while(validate_nibble(buf[(rpos * 2) + 1]) &&
196 validate_nibble(buf[(rpos * 2) + 2]) &&
197 (rpos + 1 < buf_len)) {
198 rdata->message[pos] = ascii_to_nibble(buf[(rpos * 2) + 1]) << 4;
199 rdata->message[pos] |= ascii_to_nibble(buf[(rpos * 2) + 2]);
a65c08fc 200 pos++;
cb56b255 201 rpos++;
a65c08fc 202 }
47ea478b 203
515b169a 204 if (hmid && (SRC(rdata->message) != (int)hmid))
a65c08fc 205 return 0;
47ea478b 206
a65c08fc
MG
207 rdata->message_type = MESSAGE_TYPE_E;
208 break;
209 case 'V':
210 {
211 uint8_t v;
212 char *s;
213 char *e;
214
cb56b255
MG
215 if (!strncmp((char*)buf, "VTS", 3)) { // tsculfw: "VTS x.xx NNNNNN"
216 rdata->is_TSCUL = 1;
217 rdata->version = 0xffff;
218 break;
219 }
220
a65c08fc
MG
221 s = ((char*)buf) + 2;
222 e = strchr(s, '.');
223 if (!e) {
224 fprintf(stderr, "Unknown response from CUL: %s", buf);
225 return 0;
226 }
227 *e = '\0';
228 v = atoi(s);
229 rdata->version = v << 8;
230
231 s = e + 1;
232 e = strchr(s, ' ');
233 if (!e) {
234 fprintf(stderr, "Unknown response from CUL: %s", buf);
235 return 0;
236 }
237 *e = '\0';
238 v = atoi(s);
239 rdata->version |= v;
bcc42868
MG
240
241 s = e + 1;
242 e = strchr(s, ' ');
243 if (!e) {
244 break;
245 }
246 *e = '\0';
247 if (!strcmp(s, "a-culfw")) {
248 rdata->version = 0xffff;
249 }
a65c08fc
MG
250 }
251 break;
103d40f7
MG
252 case 'E':
253 {
254 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
255 fprintf(stderr, "CCA didn't complete, too much traffic\n");
256 }
257 break;
258 }
a65c08fc
MG
259 default:
260 fprintf(stderr, "Unknown response from CUL: %s", buf);
261 return 0;
262 break;
47ea478b
MG
263 }
264
47ea478b
MG
265 return 1;
266}
267
3e34d2ce
MG
268static int parse_hmuartlgw(enum hmuartlgw_dst dst, uint8_t *buf, int buf_len, void *data)
269{
270 struct recv_data *rdata = data;
271
272 if (dst == HMUARTLGW_OS) {
273 switch (rdata->uartlgw_state) {
274 case HMUARTLGW_STATE_GET_FIRMWARE:
275 if (buf[0] == HMUARTLGW_OS_ACK) {
276 rdata->uartlgw_version[0] = buf[5];
277 rdata->uartlgw_version[1] = buf[6];
278 rdata->uartlgw_version[2] = buf[7];
279 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
280 }
281 break;
282 case HMUARTLGW_STATE_GET_CREDITS:
283 if (buf[0] == HMUARTLGW_OS_ACK) {
284 rdata->credits = buf[2] / 2;
285 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
286 }
287 break;
288 default:
289 break;
290 }
291 return 0;
292 }
293
294 switch(buf[0]) {
295 case HMUARTLGW_APP_ACK:
296 if (rdata->uartlgw_state == HMUARTLGW_STATE_GET_HMID) {
297 my_hmid = (buf[4] << 16) | (buf[5] << 8) | buf[6];
298 }
299
300 rdata->status = buf[1];
301 rdata->message_type = MESSAGE_TYPE_R;
302 rdata->uartlgw_state = HMUARTLGW_STATE_ACK_APP;
303#if 0
304 hexdump(buf, buf_len, "ACK Status: ");
305#endif
306
307 break;
308 case HMUARTLGW_APP_RECV:
309 if ((!hmid) ||
310 ((buf[7] == ((hmid >> 16) & 0xff)) &&
311 (buf[8] == ((hmid >> 8) & 0xff)) &&
312 (buf[9] == (hmid & 0xff)))) {
313 memset(rdata->message, 0, sizeof(rdata->message));
314 memcpy(rdata->message + 1, buf + 4, buf_len - 4);
315 rdata->message[LEN] = buf_len - 4;
316 rdata->message_type = MESSAGE_TYPE_E;
317 }
318 break;
319 default:
320 break;
321 }
322
323 return 1;
324}
325
aee09247
MG
326int send_wait_hmuartlgw(struct hm_dev *dev, struct recv_data *rdata, uint8_t *data, int data_len,
327 enum hmuartlgw_dst dst, enum hmuartlgw_state srcstate,
328 enum hmuartlgw_state dststate)
329{
330 int cnt = 5;
331
332 do {
333 rdata->uartlgw_state = srcstate;
334 hmuartlgw_send(dev->hmuartlgw, data, data_len, dst);
335 do { hmuartlgw_poll(dev->hmuartlgw, 500); } while (rdata->uartlgw_state != dststate);
336 if (rdata->status != HMUARTLGW_ACK_EINPROGRESS)
337 break;
338 usleep(200*1000);
339 } while (cnt--);
340 if (rdata->status == HMUARTLGW_ACK_EINPROGRESS) {
341 fprintf(stderr, "IO thinks it is busy, you might have to reset it!\n");
342 return 0;
343 }
344
345 return 1;
346}
347
3e34d2ce 348int send_hm_message(struct hm_dev *dev, struct recv_data *rdata, uint8_t *msg)
25870f58
MG
349{
350 static uint32_t id = 1;
351 struct timeval tv;
352 uint8_t out[0x40];
353 int pfd;
354
47ea478b
MG
355 switch(dev->type) {
356 case DEVICE_TYPE_HMCFGUSB:
357 if (gettimeofday(&tv, NULL) == -1) {
358 perror("gettimeofay");
359 return 0;
360 }
25870f58 361
47ea478b 362 memset(out, 0, sizeof(out));
25870f58 363
47ea478b
MG
364 out[0] = 'S';
365 out[1] = (id >> 24) & 0xff;
366 out[2] = (id >> 16) & 0xff;
367 out[3] = (id >> 8) & 0xff;
368 out[4] = id & 0xff;
369 out[10] = 0x01;
370 out[11] = (tv.tv_usec >> 24) & 0xff;
371 out[12] = (tv.tv_usec >> 16) & 0xff;
372 out[13] = (tv.tv_usec >> 8) & 0xff;
373 out[14] = tv.tv_usec & 0xff;
374
375 memcpy(&out[0x0f], msg, msg[0] + 1);
376
cb56b255
MG
377 memset(rdata->message, 0, sizeof(rdata->message));
378 rdata->message_type = 0;
47ea478b
MG
379 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
380
381 while (1) {
382 if (rdata->message_type == MESSAGE_TYPE_R) {
07decdba
MG
383 if (((rdata->status & 0xdf) == 0x01) ||
384 ((rdata->status & 0xdf) == 0x02)) {
47ea478b
MG
385 break;
386 } else {
387 if ((rdata->status & 0xff00) == 0x0400) {
388 fprintf(stderr, "\nOut of credits!\n");
389 } else if ((rdata->status & 0xff) == 0x08) {
390 fprintf(stderr, "\nMissing ACK!\n");
07decdba
MG
391 } else if ((rdata->status & 0xff) == 0x30) {
392 fprintf(stderr, "\nUnknown AES-key requested!\n");
47ea478b
MG
393 } else {
394 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
395 }
396 return 0;
397 }
398 }
399 errno = 0;
3b35a8c1 400 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
47ea478b
MG
401 if ((pfd < 0) && errno) {
402 if (errno != ETIMEDOUT) {
403 perror("\n\nhmcfgusb_poll");
404 exit(EXIT_FAILURE);
405 }
406 }
407 }
408 break;
409 case DEVICE_TYPE_CULFW:
410 {
cda22024 411 char buf[256];
47ea478b
MG
412 int i;
413
414 memset(buf, 0, sizeof(buf));
415 buf[0] = 'A';
416 buf[1] = 's';
417 for (i = 0; i < msg[0] + 1; i++) {
418 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
419 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
420 }
421 buf[2 + (i * 2) ] = '\r';
422 buf[2 + (i * 2) + 1] = '\n';
25870f58 423
cb56b255
MG
424 memset(rdata->message, 0, sizeof(rdata->message));
425 rdata->message_type = 0;
47ea478b
MG
426 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
427 fprintf(stderr, "culfw_send failed!\n");
428 exit(EXIT_FAILURE);
429 }
25870f58 430
cb56b255
MG
431 /* Wait for TSCUL to ACK send */
432 if (rdata->is_TSCUL) {
433 do {
434 errno = 0;
435 pfd = culfw_poll(dev->culfw, 200);
436 if ((pfd < 0) && errno) {
437 if (errno != ETIMEDOUT) {
438 perror("\n\nculfw_poll");
439 exit(EXIT_FAILURE);
440 }
441 }
442 } while (rdata->message_type != MESSAGE_TYPE_B);
443 }
444
47ea478b 445 if (msg[CTL] & 0x20) {
103d40f7 446 int cnt = 5;
47ea478b
MG
447 int pfd;
448 do {
449 errno = 0;
3b35a8c1 450 pfd = culfw_poll(dev->culfw, 200);
47ea478b
MG
451 if ((pfd < 0) && errno) {
452 if (errno != ETIMEDOUT) {
9dcbf605 453 perror("\n\nculfw_poll");
47ea478b
MG
454 exit(EXIT_FAILURE);
455 }
456 }
457 if (rdata->message_type == MESSAGE_TYPE_E) {
df40d139 458 if (rdata->message[TYPE] == 0x02) {
075ed11f 459 if (rdata->message[PAYLOAD] == 0x04) {
103d40f7
MG
460 int32_t req_kNo;
461 uint8_t challenge[6];
462 uint8_t respbuf[16];
463 uint8_t *resp;
464
cb56b255
MG
465 if (rdata->is_TSCUL) {
466 printf("AES handled by TSCUL\n");
467 break;
468 }
469
103d40f7
MG
470 req_kNo = rdata->message[rdata->message[LEN]] / 2;
471 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
472
473 if (req_kNo != kNo) {
474 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
475 } else {
476 resp = hm_sign(key, challenge, msg, NULL, respbuf);
477 if (resp) {
478 uint8_t rbuf[64];
479
480 memset(rbuf, 0, sizeof(rbuf));
481 rbuf[MSGID] = rdata->message[MSGID];
482 rbuf[CTL] = rdata->message[CTL];
483 rbuf[TYPE] = 0x03;
484 SET_SRC(rbuf, DST(rdata->message));
485 SET_DST(rbuf, SRC(rdata->message));
486 memcpy(&(rbuf[PAYLOAD]), resp, 16);
487 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
488
f40990db 489 usleep(110000); /* Determined by a fair dice roll */
103d40f7
MG
490 return send_hm_message(dev, rdata, rbuf);
491 }
492 }
df40d139 493 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
103d40f7 494 fprintf(stderr, "NACK\n");
df40d139
MG
495 } else { /* ACK or ACKinfo */
496 break;
497 }
498 } else {
103d40f7 499 fprintf(stderr, "Unexpected message received: ");
df40d139 500 for (i = 0; i < rdata->message[LEN]; i++) {
103d40f7 501 fprintf(stderr, "%02x", rdata->message[i+1]);
df40d139 502 }
103d40f7 503 fprintf(stderr, "\n");
df40d139 504 }
47ea478b
MG
505 }
506 } while(cnt--);
9718f9fa
MG
507
508 if (cnt == -1) {
509 fprintf(stderr, "\nMissing ACK!\n");
510 return 0;
511 }
2d1f08ac 512 }
cb56b255
MG
513
514 /* Delay for non-TSCUL */
515 if (!rdata->is_TSCUL) {
516 usleep(50*1000);
517 }
25870f58 518 }
47ea478b 519 break;
3e34d2ce
MG
520 case DEVICE_TYPE_HMUARTLGW:
521 memset(out, 0, sizeof(out));
522
523 out[0] = HMUARTLGW_APP_SEND;
524 out[1] = 0x00;
525 out[2] = 0x00;
526 out[3] = (msg[CTL] & 0x10) ? 0x01 : 0x00; /* Burst?! */
527 memcpy(&out[4], &msg[1], msg[0]);
528
cb56b255
MG
529 memset(rdata->message, 0, sizeof(rdata->message));
530 rdata->message_type = 0;
3e34d2ce
MG
531 hmuartlgw_send(dev->hmuartlgw, out, msg[0] + 4, HMUARTLGW_APP);
532
533 while (1) {
534 if (rdata->message_type == MESSAGE_TYPE_R) {
535 if ((rdata->status == 0x02) ||
536 (rdata->status == 0x03) ||
537 (rdata->status == 0x0c)) {
538 break;
539 } else {
540 if (rdata->status == 0x0d) {
541 fprintf(stderr, "\nAES handshake failed!\n");
542 } else if (rdata->status == 0x04 || rdata->status == 0x06) {
543 fprintf(stderr, "\nMissing ACK!\n");
544 } else {
545 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
546 }
547 return 0;
548 }
549 }
550 errno = 0;
551 pfd = hmuartlgw_poll(dev->hmuartlgw, 1000);
552 if ((pfd < 0) && errno) {
553 if (errno != ETIMEDOUT) {
554 perror("\n\nhmcfgusb_poll");
555 exit(EXIT_FAILURE);
556 }
557 }
558 }
559 break;
25870f58
MG
560 }
561
562 id++;
563 return 1;
564}
565
3e34d2ce 566static int switch_speed(struct hm_dev *dev, struct recv_data *rdata, uint8_t speed)
da4ab971
MG
567{
568 uint8_t out[0x40];
569 int pfd;
570
571 printf("Entering %uk-mode\n", speed);
572
47ea478b
MG
573 switch(dev->type) {
574 case DEVICE_TYPE_HMCFGUSB:
575 memset(out, 0, sizeof(out));
576 out[0] = 'G';
577 out[1] = speed;
578
579 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
580
581 while (1) {
582 errno = 0;
3b35a8c1 583 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
47ea478b
MG
584 if ((pfd < 0) && errno) {
585 if (errno != ETIMEDOUT) {
586 perror("\n\nhmcfgusb_poll");
587 exit(EXIT_FAILURE);
588 }
589 }
590 if (rdata->speed == speed)
591 break;
592 }
593 break;
594 case DEVICE_TYPE_CULFW:
595 if (speed == 100) {
596 return culfw_send(dev->culfw, "AR\r\n", 4);
597 } else {
598 return culfw_send(dev->culfw, "Ar\r\n", 4);
da4ab971 599 }
da4ab971 600 break;
3e34d2ce
MG
601 case DEVICE_TYPE_HMUARTLGW:
602 if (speed == 100) {
603 out[0] = HMUARTLGW_OS_UPDATE_MODE;
604 out[1] = 0xe9;
605 out[2] = 0xca;
606 hmuartlgw_send(dev->hmuartlgw, out, 3, HMUARTLGW_OS);
607 } else {
608 out[0] = HMUARTLGW_OS_NORMAL_MODE;
609 hmuartlgw_send(dev->hmuartlgw, out, 1, HMUARTLGW_OS);
610 }
611 break;
da4ab971
MG
612 }
613
614 return 1;
615}
616
47ea478b
MG
617void flash_ota_syntax(char *prog)
618{
619 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
620 fprintf(stderr, "Mandatory parameters:\n");
4bb67041
MG
621 fprintf(stderr, "\t-f firmware.eq3\teq3 firmware file to flash\n");
622 fprintf(stderr, "or\t-f firmware.hex\thex firmware file to flash (AsksinPP), needs -3 or -6\n");
df40d139 623 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
07decdba 624 fprintf(stderr, "\nOptional parameters:\n");
47ea478b
MG
625 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
626 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
dfe2e5e2 627 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
f51714be 628 fprintf(stderr, "\t-S serial\tuse HM-CFG-USB with given serial\n");
3e34d2ce 629 fprintf(stderr, "\t-U device\tuse HM-MOD-UART on given device\n");
4bb67041
MG
630 fprintf(stderr, "\t-3\t\tuse Atmega328P configuration when directly flashing AsksinPP hex\n");
631 fprintf(stderr, "\t-6\t\tuse Atmega644P configuration when directly flashing AsksinPP hex\n");
47ea478b 632 fprintf(stderr, "\t-h\t\tthis help\n");
07decdba
MG
633 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
634 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
635 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
636 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
47ea478b
MG
637}
638
25870f58
MG
639int main(int argc, char **argv)
640{
641 const char twiddlie[] = { '-', '\\', '|', '/' };
f0ed61cc 642 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
47ea478b
MG
643 char *fw_file = NULL;
644 char *serial = NULL;
645 char *culfw_dev = NULL;
07decdba 646 char *endptr = NULL;
47ea478b 647 unsigned int bps = DEFAULT_CUL_BPS;
3e34d2ce 648 struct hm_dev dev;
25870f58
MG
649 struct recv_data rdata;
650 uint8_t out[0x40];
651 uint8_t *pos;
652 uint8_t msgid = 0x1;
653 uint16_t len;
654 struct firmware *fw;
f51714be 655 char *hmcfgusb_serial = NULL;
3e34d2ce 656 char *uart = NULL;
4bb67041 657 int atmega = ATMEGA_UNKNOWN;
25870f58
MG
658 int block;
659 int pfd;
660 int debug = 0;
661 int cnt;
da4ab971 662 int switchcnt = 0;
25870f58
MG
663 int msgnum = 0;
664 int switched = 0;
47ea478b 665 int opt;
25870f58
MG
666
667 printf("HomeMatic OTA flasher version " VERSION "\n\n");
668
4bb67041 669 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:S:U:36")) != -1) {
47ea478b
MG
670 switch (opt) {
671 case 'b':
672 bps = atoi(optarg);
673 break;
674 case 'c':
675 culfw_dev = optarg;
676 break;
677 case 'f':
678 fw_file = optarg;
679 break;
dfe2e5e2 680 case 'l':
469ea397
MG
681 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
682 max_payloadlen = LOWER_MAX_PAYLOAD;
dfe2e5e2 683 break;
47ea478b
MG
684 case 's':
685 serial = optarg;
686 break;
07decdba
MG
687 case 'C':
688 my_hmid = strtoul(optarg, &endptr, 16);
689 if (*endptr != '\0') {
690 fprintf(stderr, "Invalid central HMID!\n\n");
691 flash_ota_syntax(argv[0]);
692 exit(EXIT_FAILURE);
693 }
694 break;
695 case 'D':
696 hmid = strtoul(optarg, &endptr, 16);
697 if (*endptr != '\0') {
698 fprintf(stderr, "Invalid device HMID!\n\n");
699 flash_ota_syntax(argv[0]);
700 exit(EXIT_FAILURE);
701 }
702 break;
703 case 'K':
704 kNo = strtoul(optarg, &endptr, 10);
705 if (*endptr != ':') {
706 fprintf(stderr, "Invalid key number!\n\n");
707 flash_ota_syntax(argv[0]);
708 exit(EXIT_FAILURE);
709 }
710 endptr++;
711 for (cnt = 0; cnt < 16; cnt++) {
712 if (*endptr == '\0' || *(endptr+1) == '\0' ||
713 !validate_nibble(*endptr) ||
714 !validate_nibble(*(endptr+1))) {
715 fprintf(stderr, "Invalid key!\n\n");
716 flash_ota_syntax(argv[0]);
717 exit(EXIT_FAILURE);
718 }
719 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
720 endptr += 2;
721 }
722 break;
f51714be
MG
723 case 'S':
724 hmcfgusb_serial = optarg;
725 break;
3e34d2ce
MG
726 case 'U':
727 uart = optarg;
728 break;
4bb67041
MG
729 case '3':
730 atmega = ATMEGA_328P;
731 break;
732 case '6':
733 atmega = ATMEGA_644P;
734 break;
47ea478b
MG
735 case 'h':
736 case ':':
737 case '?':
738 default:
739 flash_ota_syntax(argv[0]);
740 exit(EXIT_FAILURE);
741 break;
25870f58 742
47ea478b
MG
743 }
744 }
25870f58 745
df40d139 746 if (!fw_file || (!serial && !hmid)) {
47ea478b 747 flash_ota_syntax(argv[0]);
25870f58
MG
748 exit(EXIT_FAILURE);
749 }
750
4bb67041 751 fw = firmware_read_firmware(fw_file, atmega, debug);
25870f58
MG
752 if (!fw)
753 exit(EXIT_FAILURE);
754
25870f58 755 memset(&rdata, 0, sizeof(rdata));
3e34d2ce 756 memset(&dev, 0, sizeof(struct hm_dev));
25870f58 757
47ea478b 758 if (culfw_dev) {
a65c08fc 759 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
47ea478b
MG
760 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
761 if (!dev.culfw) {
762 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
763 exit(EXIT_FAILURE);
764 }
765 dev.type = DEVICE_TYPE_CULFW;
a65c08fc 766
dfe2e5e2 767 printf("Requesting firmware version\n");
a65c08fc
MG
768 culfw_send(dev.culfw, "\r\n", 2);
769 culfw_flush(dev.culfw);
770
771 while (1) {
772 culfw_send(dev.culfw, "V\r\n", 3);
773
774 errno = 0;
3b35a8c1 775 pfd = culfw_poll(dev.culfw, 1000);
a65c08fc
MG
776 if ((pfd < 0) && errno) {
777 if (errno != ETIMEDOUT) {
778 perror("\n\nhmcfgusb_poll");
779 exit(EXIT_FAILURE);
780 }
781 }
782 if (rdata.version)
783 break;
784 }
785
bcc42868
MG
786 printf("culfw-device firmware version: ");
787 if (rdata.version != 0xffff) {
788 printf("%u.%02u\n",
789 (rdata.version >> 8) & 0xff,
790 rdata.version & 0xff);
791 } else {
cb56b255
MG
792 if (rdata.is_TSCUL) {
793 culfw_send(dev.culfw, "At1\r\n", 5); // tsculfw: try switch on timestamp protocol
794 printf("tsculfw\n");
795 culfw_flush(dev.culfw);
796 culfw_send(dev.culfw, "ApTiMeStAmP\r\n", 13); // tsculfw: send ping to get credits info
797 pfd = culfw_poll(dev.culfw, 1000);
798 if ((pfd < 0) && errno) {
799 if (errno != ETIMEDOUT) {
800 perror("\n\nhmcfgusb_poll");
801 exit(EXIT_FAILURE);
802 }
803 }
804 if (rdata.credits) { // tsculfw: maximum credits available?
805 fprintf(stderr, "\n\ntsculfw does not report full credits, try again later\n");
806 exit(EXIT_FAILURE);
807 }
808
809 if (kNo > 0) {
810 char keybuf[64] = { 0 };
811 int i;
812
813 printf("Setting AES-key\n");
814 snprintf(keybuf, sizeof(keybuf) - 1, "Ak%02x", kNo - 1);
815
816 for (i = 0; i < 16; i++) {
817 keybuf[4 + (i * 2)] = nibble_to_ascii((key[i] >> 4) & 0xf);
818 keybuf[4 + (i * 2) + 1] = nibble_to_ascii(key[i] & 0xf);
819 }
820 keybuf[4 + (i * 2) ] = '\r';
821 keybuf[4 + (i * 2) + 1] = '\n';
822 culfw_send(dev.culfw, keybuf, strlen(keybuf)); // tsculfw: send ping to get credits info
823 pfd = culfw_poll(dev.culfw, 1000);
824 if ((pfd < 0) && errno) {
825 if (errno != ETIMEDOUT) {
826 perror("\n\nhmcfgusb_poll");
827 exit(EXIT_FAILURE);
828 }
829 }
830 }
831 }
832 else {
833 printf("a-culfw\n");
834 }
bcc42868 835 }
a65c08fc 836
57b387ce
MG
837 if (rdata.version < 0x013a) {
838 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
a65c08fc 839 exit(EXIT_FAILURE);
a65c08fc 840 }
3e34d2ce
MG
841 } else if (uart) {
842 uint32_t new_hmid = my_hmid;
843
844 hmuartlgw_set_debug(debug);
845
853cbce9 846 dev.hmuartlgw = hmuart_init(uart, parse_hmuartlgw, &rdata, 1);
3e34d2ce
MG
847 if (!dev.hmuartlgw) {
848 fprintf(stderr, "Can't initialize HM-MOD-UART\n");
849 exit(EXIT_FAILURE);
850 }
851 dev.type = DEVICE_TYPE_HMUARTLGW;
852
853 out[0] = HMUARTLGW_APP_GET_HMID;
aee09247 854 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_APP, HMUARTLGW_STATE_GET_HMID, HMUARTLGW_STATE_ACK_APP);
3e34d2ce
MG
855
856 out[0] = HMUARTLGW_OS_GET_FIRMWARE;
aee09247 857 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_OS, HMUARTLGW_STATE_GET_FIRMWARE, HMUARTLGW_STATE_DONE);
3e34d2ce
MG
858
859 out[0] = HMUARTLGW_OS_GET_CREDITS;
aee09247 860 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_OS, HMUARTLGW_STATE_GET_CREDITS, HMUARTLGW_STATE_DONE);
3e34d2ce
MG
861
862 printf("HM-MOD-UART firmware version: %u.%u.%u, used credits: %u%%\n",
863 rdata.uartlgw_version[0],
864 rdata.uartlgw_version[1],
865 rdata.uartlgw_version[2],
866 rdata.credits);
867
868 if (rdata.credits >= 40) {
869 printf("\nRebooting HM-MOD-UART to avoid running out of credits\n");
870
871 hmuartlgw_enter_bootloader(dev.hmuartlgw);
872 hmuartlgw_enter_app(dev.hmuartlgw);
873 }
874
875 printf("\nHM-MOD-UART opened\n\n");
876
877 if (new_hmid && (my_hmid != new_hmid)) {
878 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
879
880 out[0] = HMUARTLGW_APP_SET_HMID;
881 out[1] = (new_hmid >> 16) & 0xff;
882 out[2] = (new_hmid >> 8) & 0xff;
883 out[3] = new_hmid & 0xff;
aee09247 884 send_wait_hmuartlgw(&dev, &rdata, out, 4, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
3e34d2ce
MG
885
886 my_hmid = new_hmid;
887 }
888
889 if (kNo > 0) {
890 printf("Setting AES-key\n");
891
892 memset(out, 0, sizeof(out));
893 out[0] = HMUARTLGW_APP_SET_CURRENT_KEY;
894 memcpy(&(out[1]), key, 16);
895 out[17] = kNo;
aee09247 896 send_wait_hmuartlgw(&dev, &rdata, out, 18, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
3e34d2ce
MG
897
898 memset(out, 0, sizeof(out));
899 out[0] = HMUARTLGW_APP_SET_OLD_KEY;
900 memcpy(&(out[1]), key, 16);
901 out[17] = kNo;
aee09247 902 send_wait_hmuartlgw(&dev, &rdata, out, 18, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
3e34d2ce 903 }
47ea478b 904 } else {
07decdba
MG
905 uint32_t new_hmid = my_hmid;
906
47ea478b 907 hmcfgusb_set_debug(debug);
25870f58 908
f51714be 909 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial);
47ea478b
MG
910 if (!dev.hmcfgusb) {
911 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
912 exit(EXIT_FAILURE);
913 }
914 dev.type = DEVICE_TYPE_HMCFGUSB;
2d1f08ac 915
47ea478b
MG
916 memset(out, 0, sizeof(out));
917 out[0] = 'K';
918 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
919
920 while (1) {
921 errno = 0;
3b35a8c1 922 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
47ea478b
MG
923 if ((pfd < 0) && errno) {
924 if (errno != ETIMEDOUT) {
925 perror("\n\nhmcfgusb_poll");
926 exit(EXIT_FAILURE);
927 }
865d5b4c 928 }
a65c08fc 929 if (rdata.version)
47ea478b 930 break;
865d5b4c 931 }
865d5b4c 932
a65c08fc
MG
933 if (rdata.version < 0x3c7) {
934 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
47ea478b
MG
935 exit(EXIT_FAILURE);
936 }
865d5b4c 937
07decdba
MG
938 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
939
940 if (rdata.credits >= 40) {
941 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
942
943 if (!dev.hmcfgusb->bootloader) {
944 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
945 printf("Waiting for device to reappear...\n");
946
947 do {
948 if (dev.hmcfgusb) {
949 if (!dev.hmcfgusb->bootloader)
950 hmcfgusb_enter_bootloader(dev.hmcfgusb);
951 hmcfgusb_close(dev.hmcfgusb);
952 }
953 sleep(1);
f51714be 954 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (!dev.hmcfgusb->bootloader));
07decdba
MG
955 }
956
957 if (dev.hmcfgusb->bootloader) {
958 printf("HM-CFG-USB in bootloader mode, rebooting\n");
959
960 do {
961 if (dev.hmcfgusb) {
962 if (dev.hmcfgusb->bootloader)
963 hmcfgusb_leave_bootloader(dev.hmcfgusb);
964 hmcfgusb_close(dev.hmcfgusb);
965 }
966 sleep(1);
f51714be 967 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (dev.hmcfgusb->bootloader));
07decdba
MG
968 }
969 }
970
971 printf("\n\nHM-CFG-USB opened\n\n");
972
973 if (new_hmid && (my_hmid != new_hmid)) {
974 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
975
976 memset(out, 0, sizeof(out));
977 out[0] = 'A';
978 out[1] = (new_hmid >> 16) & 0xff;
979 out[2] = (new_hmid >> 8) & 0xff;
980 out[3] = new_hmid & 0xff;
981
982 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
983
984 my_hmid = new_hmid;
985 }
986
df40d139 987 if (kNo > 0) {
07decdba
MG
988 printf("Setting AES-key\n");
989
990 memset(out, 0, sizeof(out));
991 out[0] = 'Y';
992 out[1] = 0x01;
993 out[2] = kNo;
994 out[3] = sizeof(key);
995 memcpy(&(out[4]), key, sizeof(key));
996 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
997
998 memset(out, 0, sizeof(out));
999 out[0] = 'Y';
1000 out[1] = 0x02;
1001 out[2] = 0x00;
1002 out[3] = 0x00;
1003 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
1004
1005 memset(out, 0, sizeof(out));
1006 out[0] = 'Y';
1007 out[1] = 0x03;
1008 out[2] = 0x00;
1009 out[3] = 0x00;
1010 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
1011 }
47ea478b 1012 }
865d5b4c 1013
47ea478b 1014 if (!switch_speed(&dev, &rdata, 10)) {
da4ab971
MG
1015 fprintf(stderr, "Can't switch speed!\n");
1016 exit(EXIT_FAILURE);
25870f58
MG
1017 }
1018
07decdba 1019 if (hmid && my_hmid) {
3e34d2ce
MG
1020 switch (dev.type) {
1021 case DEVICE_TYPE_HMCFGUSB:
1022 printf("Adding HMID\n");
1023
1024 memset(out, 0, sizeof(out));
1025 out[0] = '+';
1026 out[1] = (hmid >> 16) & 0xff;
1027 out[2] = (hmid >> 8) & 0xff;
1028 out[3] = hmid & 0xff;
1029
1030 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
1031 break;
1032 case DEVICE_TYPE_HMUARTLGW:
1033 printf("Adding HMID\n");
1034
1035 memset(out, 0, sizeof(out));
1036 out[0] = HMUARTLGW_APP_ADD_PEER;
1037 out[1] = (hmid >> 16) & 0xff;
1038 out[2] = (hmid >> 8) & 0xff;
1039 out[3] = hmid & 0xff;
1040 out[4] = (kNo > 0) ? kNo : 0x00; /* KeyIndex */
1041 out[5] = 0x00; /* WakeUp? */
1042 out[6] = 0x00; /* WakeUp? */
1043
aee09247 1044 send_wait_hmuartlgw(&dev, &rdata, out, 7, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
3e34d2ce
MG
1045
1046 break;
1047 }
07decdba 1048 printf("Sending device with hmid %06x to bootloader\n", hmid);
07decdba
MG
1049 out[CTL] = 0x30;
1050 out[TYPE] = 0x11;
1051 SET_SRC(out, my_hmid);
1052 SET_DST(out, hmid);
1053 out[PAYLOAD] = 0xCA;
1054 SET_LEN_FROM_PAYLOADLEN(out, 1);
1055
1056 cnt = 3;
1057 do {
ac077fdd 1058 out[MSGID] = msgid++;
07decdba
MG
1059 if (send_hm_message(&dev, &rdata, out)) {
1060 break;
1061 }
1062 } while (cnt--);
1063 if (cnt == -1) {
1064 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
1065 }
1066 }
1067
df40d139
MG
1068 if (serial) {
1069 printf("Waiting for device with serial %s\n", serial);
1070 } else {
1071 printf("Waiting for device with HMID %06x\n", hmid);
1072 }
25870f58
MG
1073
1074 while (1) {
0edcd7f2 1075 errno = 0;
47ea478b 1076 switch (dev.type) {
47ea478b 1077 case DEVICE_TYPE_CULFW:
3b35a8c1 1078 pfd = culfw_poll(dev.culfw, 1000);
47ea478b
MG
1079 break;
1080 case DEVICE_TYPE_HMCFGUSB:
3b35a8c1 1081 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
47ea478b 1082 break;
3e34d2ce
MG
1083 case DEVICE_TYPE_HMUARTLGW:
1084 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
1085 break;
1086 default:
1087 pfd = -1;
1088 break;
47ea478b
MG
1089 }
1090
25870f58
MG
1091 if ((pfd < 0) && errno) {
1092 if (errno != ETIMEDOUT) {
47ea478b 1093 perror("\n\npoll");
25870f58
MG
1094 exit(EXIT_FAILURE);
1095 }
1096 }
1097
1098 if ((rdata.message[LEN] == 0x14) && /* Length */
1099 (rdata.message[MSGID] == 0x00) && /* Message ID */
1100 (rdata.message[CTL] == 0x00) && /* Control Byte */
1101 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
1102 (DST(rdata.message) == 0x000000) && /* Broadcast */
47ea478b 1103 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
df40d139 1104 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
25870f58
MG
1105 hmid = SRC(rdata.message);
1106 break;
515b169a 1107 } else if (!serial && SRC(rdata.message) == (int)hmid) {
df40d139
MG
1108 serial = (char*)&(rdata.message[0x0b]);
1109 break;
25870f58
MG
1110 }
1111 }
1112 }
1113
df40d139 1114 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
25870f58 1115
3e34d2ce
MG
1116 switch (dev.type) {
1117 case DEVICE_TYPE_HMCFGUSB:
1118 printf("Adding HMID\n");
25870f58 1119
3e34d2ce
MG
1120 memset(out, 0, sizeof(out));
1121 out[0] = '+';
1122 out[1] = (hmid >> 16) & 0xff;
1123 out[2] = (hmid >> 8) & 0xff;
1124 out[3] = hmid & 0xff;
25870f58 1125
3e34d2ce
MG
1126 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
1127 break;
1128 case DEVICE_TYPE_HMUARTLGW:
1129 printf("Adding HMID\n");
1130
1131 memset(out, 0, sizeof(out));
1132 out[0] = HMUARTLGW_APP_ADD_PEER;
1133 out[1] = (hmid >> 16) & 0xff;
1134 out[2] = (hmid >> 8) & 0xff;
1135 out[3] = hmid & 0xff;
1136 out[4] = 0x00; /* KeyIndex */
1137 out[5] = 0x00; /* WakeUp? */
1138 out[6] = 0x00; /* WakeUp? */
1139
aee09247 1140 send_wait_hmuartlgw(&dev, &rdata, out, 7, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
3e34d2ce
MG
1141
1142 break;
47ea478b 1143 }
25870f58 1144
da4ab971 1145 switchcnt = 3;
25870f58
MG
1146 do {
1147 printf("Initiating remote switch to 100k\n");
1148
1149 memset(out, 0, sizeof(out));
1150
1151 out[MSGID] = msgid++;
1152 out[CTL] = 0x00;
1153 out[TYPE] = 0xCB;
558a94bb 1154 SET_SRC(out, my_hmid);
25870f58
MG
1155 SET_DST(out, hmid);
1156
f0ed61cc
MG
1157 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1158 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
25870f58 1159
47ea478b 1160 if (!send_hm_message(&dev, &rdata, out)) {
25870f58
MG
1161 exit(EXIT_FAILURE);
1162 }
1163
47ea478b 1164 if (!switch_speed(&dev, &rdata, 100)) {
da4ab971
MG
1165 fprintf(stderr, "Can't switch speed!\n");
1166 exit(EXIT_FAILURE);
25870f58
MG
1167 }
1168
1169 printf("Has the device switched?\n");
1170
1171 memset(out, 0, sizeof(out));
1172
1173 out[MSGID] = msgid++;
1174 out[CTL] = 0x20;
1175 out[TYPE] = 0xCB;
558a94bb 1176 SET_SRC(out, my_hmid);
25870f58
MG
1177 SET_DST(out, hmid);
1178
f0ed61cc
MG
1179 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1180 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
25870f58
MG
1181
1182 cnt = 3;
1183 do {
47ea478b 1184 if (send_hm_message(&dev, &rdata, out)) {
25870f58
MG
1185 /* A0A02000221B9AD00000000 */
1186 switched = 1;
1187 break;
25870f58
MG
1188 }
1189 } while (cnt--);
1190
1191 if (!switched) {
da4ab971 1192 printf("No!\n");
25870f58 1193
47ea478b 1194 if (!switch_speed(&dev, &rdata, 10)) {
da4ab971
MG
1195 fprintf(stderr, "Can't switch speed!\n");
1196 exit(EXIT_FAILURE);
25870f58
MG
1197 }
1198 }
da4ab971 1199 } while ((!switched) && (switchcnt--));
25870f58 1200
268d2cc6
MG
1201 if (!switched) {
1202 fprintf(stderr, "Too many errors, giving up!\n");
1203 exit(EXIT_FAILURE);
1204 }
25870f58 1205
da4ab971 1206 printf("Yes!\n");
25870f58
MG
1207
1208 printf("Flashing %d blocks", fw->fw_blocks);
1209 if (debug) {
1210 printf("\n");
1211 } else {
1212 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
1213 fflush(stdout);
1214 }
1215
1216 for (block = 0; block < fw->fw_blocks; block++) {
1217 int first;
1218
1219 len = fw->fw[block][2] << 8;
1220 len |= fw->fw[block][3];
1221
1222 pos = &(fw->fw[block][2]);
1223
1224 len += 2; /* length */
1225
1226 if (debug)
1227 hexdump(pos, len, "F> ");
1228
1229 first = 1;
1230 cnt = 0;
1231 do {
dfe2e5e2 1232 int payloadlen = max_payloadlen - 2;
25870f58
MG
1233 int ack = 0;
1234
1235 if (first) {
dfe2e5e2 1236 payloadlen = max_payloadlen;
25870f58
MG
1237 first = 0;
1238 }
1239
1240 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
1241 payloadlen = (len - (pos - &(fw->fw[block][2])));
1242
1243 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
1244 ack = 1;
1245
cb56b255
MG
1246 memset(rdata.message, 0, sizeof(rdata.message));
1247 rdata.message_type = 0;
25870f58
MG
1248
1249 memset(out, 0, sizeof(out));
1250
da4ab971 1251 out[MSGID] = msgid;
25870f58
MG
1252 if (ack)
1253 out[CTL] = 0x20;
1254 out[TYPE] = 0xCA;
558a94bb 1255 SET_SRC(out, my_hmid);
25870f58
MG
1256 SET_DST(out, hmid);
1257
1258 memcpy(&out[PAYLOAD], pos, payloadlen);
1259 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
1260
47ea478b 1261 if (send_hm_message(&dev, &rdata, out)) {
25870f58
MG
1262 pos += payloadlen;
1263 } else {
1264 pos = &(fw->fw[block][2]);
1265 cnt++;
2d1f08ac 1266 if (cnt == MAX_RETRIES) {
25870f58
MG
1267 fprintf(stderr, "\nToo many errors, giving up!\n");
1268 exit(EXIT_FAILURE);
1269 } else {
1270 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1271 }
1272 }
1273
1274 msgnum++;
1275
1276 if (!debug) {
1277 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
1278 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1279 fflush(stdout);
1280 }
1281 } while((pos - &(fw->fw[block][2])) < len);
da4ab971 1282 msgid++;
25870f58
MG
1283 }
1284
1285 firmware_free(fw);
1286
da4ab971 1287 printf("\n");
25870f58 1288
47ea478b 1289 if (!switch_speed(&dev, &rdata, 10)) {
da4ab971
MG
1290 fprintf(stderr, "Can't switch speed!\n");
1291 exit(EXIT_FAILURE);
25870f58
MG
1292 }
1293
1294 printf("Waiting for device to reboot\n");
3e34d2ce 1295 rdata.message_type = MESSAGE_TYPE_R;
25870f58
MG
1296
1297 cnt = 10;
3e34d2ce
MG
1298 if (dev.type == DEVICE_TYPE_HMUARTLGW)
1299 cnt = 200; /* FIXME */
25870f58
MG
1300 do {
1301 errno = 0;
47ea478b
MG
1302 switch(dev.type) {
1303 case DEVICE_TYPE_CULFW:
3b35a8c1 1304 pfd = culfw_poll(dev.culfw, 1000);
47ea478b
MG
1305 break;
1306 case DEVICE_TYPE_HMCFGUSB:
3b35a8c1 1307 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
47ea478b 1308 break;
3e34d2ce
MG
1309 case DEVICE_TYPE_HMUARTLGW:
1310 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
1311 break;
1312 default:
1313 pfd = -1;
1314 break;
47ea478b 1315 }
25870f58
MG
1316 if ((pfd < 0) && errno) {
1317 if (errno != ETIMEDOUT) {
9dcbf605 1318 perror("\n\npoll");
25870f58
MG
1319 exit(EXIT_FAILURE);
1320 }
1321 }
1322 if (rdata.message_type == MESSAGE_TYPE_E) {
1323 break;
1324 }
1325 } while(cnt--);
1326
1327 if (rdata.message_type == MESSAGE_TYPE_E) {
1328 printf("Device rebooted\n");
1329 }
1330
47ea478b
MG
1331 switch(dev.type) {
1332 case DEVICE_TYPE_HMCFGUSB:
1333 hmcfgusb_close(dev.hmcfgusb);
018f85fa 1334 hmcfgusb_exit();
47ea478b
MG
1335 break;
1336 case DEVICE_TYPE_CULFW:
1337 culfw_close(dev.culfw);
1338 break;
1339 }
25870f58
MG
1340
1341 return EXIT_SUCCESS;
1342}
Impressum, Datenschutz