[hmcfgusb] / flash-ota.c

/* flasher for HomeMatic-devices supporting OTA updates
 *
 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include <strings.h>
#include <poll.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/time.h>
#include <libusb-1.0/libusb.h>

#include "hexdump.h"
#include "firmware.h"
#include "hm.h"
#include "version.h"
#include "hmcfgusb.h"

uint32_t hmid = 0;
uint32_t my_hmid = 0;

enum message_type {
	MESSAGE_TYPE_E,
	MESSAGE_TYPE_R,
};

struct recv_data {
	uint8_t message[64];
	enum message_type message_type;
	uint16_t status;
	int speed;
	uint16_t hmcfgusb_version;
};

static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
{
	struct recv_data *rdata = data;

	if (buf_len < 1)
		return 1;

	switch (buf[0]) {
		case 'E':
			if ((!hmid) ||
			    ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
			    (buf[0x12] == ((hmid >> 8) & 0xff)) &&
			    (buf[0x13] == (hmid & 0xff)))) {
				memset(rdata->message, 0, sizeof(rdata->message));
				memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
				rdata->message_type = MESSAGE_TYPE_E;
			}
			break;
		case 'R':
			memset(rdata->message, 0, sizeof(rdata->message));
			memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
			rdata->status = (buf[5] << 8) | buf[6];
			rdata->message_type = MESSAGE_TYPE_R;
			break;
		case 'G':
			rdata->speed = buf[1];
			break;
		case 'H':
			rdata->hmcfgusb_version = (buf[11] << 8) | buf[12];
			my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
			break;
		default:
			break;
	}

	if (buf_len != 1)
		return 1;

	return 1;
}

int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg)
{
	static uint32_t id = 1;
	struct timeval tv;
	uint8_t out[0x40];
	int pfd;

	if (gettimeofday(&tv, NULL) == -1) {
		perror("gettimeofay");
			return 0;
	}

	memset(out, 0, sizeof(out));

	out[0] = 'S';
	out[1] = (id >> 24) & 0xff;
	out[2] = (id >> 16) & 0xff;
	out[3] = (id >> 8) & 0xff;
	out[4] = id & 0xff;
	out[10] = 0x01;
	out[11] = (tv.tv_usec >> 24) & 0xff;
	out[12] = (tv.tv_usec >> 16) & 0xff;
	out[13] = (tv.tv_usec >> 8) & 0xff;
	out[14] = tv.tv_usec & 0xff;
	

	memcpy(&out[0x0f], msg, msg[0] + 1);

	memset(rdata, 0, sizeof(struct recv_data));
	hmcfgusb_send(dev, out, sizeof(out), 1);

	while (1) {
		if (rdata->message_type == MESSAGE_TYPE_R) {
			if (((rdata->status & 0xff) == 0x01) ||
			    ((rdata->status & 0xff) == 0x02)) {
			    	break;
			} else {
				fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
				return 0;
			}
		}
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
	}

	id++;
	return 1;
}

static int switch_speed(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t speed)
{
	uint8_t out[0x40];
	int pfd;

	printf("Entering %uk-mode\n", speed);

	memset(out, 0, sizeof(out));
	out[0] = 'G';
	out[1] = speed;

	hmcfgusb_send(dev, out, sizeof(out), 1);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata->speed == speed)
			break;
	}

	return 1;
}

int main(int argc, char **argv)
{
	const char twiddlie[] = { '-', '\\', '|', '/' };
	const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
	struct hmcfgusb_dev *dev;
	struct recv_data rdata;
	uint8_t out[0x40];
	uint8_t *pos;
	uint8_t msgid = 0x1;
	uint16_t len;
	struct firmware *fw;
	int block;
	int pfd;
	int debug = 0;
	int cnt;
	int switchcnt = 0;
	int msgnum = 0;
	int switched = 0;

	printf("HomeMatic OTA flasher version " VERSION "\n\n");

	if (argc != 3) {
		if (argc == 1)
			fprintf(stderr, "Missing firmware filename!\n\n");

		if (argc == 2)
			fprintf(stderr, "Missing serial!\n\n");

		fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
		exit(EXIT_FAILURE);
	}

	fw = firmware_read_firmware(argv[1], debug);
	if (!fw)
		exit(EXIT_FAILURE);

	hmcfgusb_set_debug(debug);

	memset(&rdata, 0, sizeof(rdata));

	dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
	if (!dev) {
		fprintf(stderr, "Can't initialize HM-CFG-USB\n");
		exit(EXIT_FAILURE);
	}

	if (dev->bootloader) {
		fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
		exit(EXIT_FAILURE);
	}

	printf("\nHM-CFG-USB opened\n\n");

	memset(out, 0, sizeof(out));
	out[0] = 'K';
	hmcfgusb_send(dev, out, sizeof(out), 1);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata.hmcfgusb_version)
			break;
	}

	if (rdata.hmcfgusb_version < 0x3c7) {
		fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
		exit(EXIT_FAILURE);
	}

	printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);

	if (!switch_speed(dev, &rdata, 10)) {
		fprintf(stderr, "Can't switch speed!\n");
		exit(EXIT_FAILURE);
	}

	printf("Waiting for device with serial %s\n", argv[2]);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}

		if ((rdata.message[LEN] == 0x14) && /* Length */
		    (rdata.message[MSGID] == 0x00) && /* Message ID */
		    (rdata.message[CTL] == 0x00) && /* Control Byte */
		    (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
		    (DST(rdata.message) == 0x000000) && /* Broadcast */
		    (rdata.message[PAYLOAD] == 0x00) && /* FUP? */
		    (rdata.message[PAYLOAD+2] == 'E') &&
		    (rdata.message[PAYLOAD+3] == 'Q')) {
			if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
				hmid = SRC(rdata.message);
				break;
			}
		}
	}

	printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);

	printf("Adding HMID\n");

	memset(out, 0, sizeof(out));
	out[0] = '+';
	out[1] = (hmid >> 16) & 0xff;
	out[2] = (hmid >> 8) & 0xff;
	out[3] = hmid & 0xff;

	hmcfgusb_send(dev, out, sizeof(out), 1);

	switchcnt = 3;
	do {
		printf("Initiating remote switch to 100k\n");

		memset(out, 0, sizeof(out));

		out[MSGID] = msgid++;
		out[CTL] = 0x00;
		out[TYPE] = 0xCB;
		SET_SRC(out, my_hmid);
		SET_DST(out, hmid);

		memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
		SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));

		if (!send_hm_message(dev, &rdata, out)) {
			exit(EXIT_FAILURE);
		}

		if (!switch_speed(dev, &rdata, 100)) {
			fprintf(stderr, "Can't switch speed!\n");
			exit(EXIT_FAILURE);
		}

		printf("Has the device switched?\n");

		memset(out, 0, sizeof(out));

		out[MSGID] = msgid++;
		out[CTL] = 0x20;
		out[TYPE] = 0xCB;
		SET_SRC(out, my_hmid);
		SET_DST(out, hmid);

		memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
		SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));

		cnt = 3;
		do {
			if (send_hm_message(dev, &rdata, out)) {
				/* A0A02000221B9AD00000000 */
				switched = 1;
				break;
				
			}
		} while (cnt--);

		if (!switched) {
			printf("No!\n");

			if (!switch_speed(dev, &rdata, 10)) {
				fprintf(stderr, "Can't switch speed!\n");
				exit(EXIT_FAILURE);
			}
		}
	} while ((!switched) && (switchcnt--));

	if (!switched) {
		fprintf(stderr, "Too many errors, giving up!\n");
		exit(EXIT_FAILURE);
	}

	printf("Yes!\n");

	printf("Flashing %d blocks", fw->fw_blocks);
	if (debug) {
		printf("\n");
	} else {
		printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
		fflush(stdout);
	}

	for (block = 0; block < fw->fw_blocks; block++) {
		int first;

		len = fw->fw[block][2] << 8;
		len |= fw->fw[block][3];

		pos = &(fw->fw[block][2]);

		len += 2; /* length */

		if (debug)
			hexdump(pos, len, "F> ");

		first = 1;
		cnt = 0;
		do {
			int payloadlen = 35;
			int ack = 0;

			if (first) {
				payloadlen = 37;
				first = 0;
			}

			if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
				payloadlen = (len - (pos - &(fw->fw[block][2])));

			if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
				ack = 1;

			memset(&rdata, 0, sizeof(rdata));

			memset(out, 0, sizeof(out));

			out[MSGID] = msgid;
			if (ack)
				out[CTL] = 0x20;
			out[TYPE] = 0xCA;
			SET_SRC(out, my_hmid);
			SET_DST(out, hmid);

			memcpy(&out[PAYLOAD], pos, payloadlen);
			SET_LEN_FROM_PAYLOADLEN(out, payloadlen);

			if (send_hm_message(dev, &rdata, out)) {
				pos += payloadlen;
			} else {
				pos = &(fw->fw[block][2]);
				cnt++;
				if (cnt == 3) {
					fprintf(stderr, "\nToo many errors, giving up!\n");
					exit(EXIT_FAILURE);
				} else {
					printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
				}
			}

			msgnum++;

			if (!debug) {
				printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
					block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
				fflush(stdout);
			}
		} while((pos - &(fw->fw[block][2])) < len);
		msgid++;
	}

	firmware_free(fw);

	printf("\n");

	if (!switch_speed(dev, &rdata, 10)) {
		fprintf(stderr, "Can't switch speed!\n");
		exit(EXIT_FAILURE);
	}

	printf("Waiting for device to reboot\n");

	cnt = 10;
	do {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata.message_type == MESSAGE_TYPE_E) {
			break;
		}
	} while(cnt--);

	if (rdata.message_type == MESSAGE_TYPE_E) {
		printf("Device rebooted\n");
	}

	hmcfgusb_close(dev);

	return EXIT_SUCCESS;
}
Commit	Line	Data
25870f58 MG	1	/* flasher for HomeMatic-devices supporting OTA updates
	2	*
	3	* Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
	4	*
	5	* Permission is hereby granted, free of charge, to any person obtaining a copy
	6	* of this software and associated documentation files (the "Software"), to
	7	* deal in the Software without restriction, including without limitation the
	8	* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
	9	* sell copies of the Software, and to permit persons to whom the Software is
	10	* furnished to do so, subject to the following conditions:
	11	*
	12	* The above copyright notice and this permission notice shall be included in
	13	* all copies or substantial portions of the Software.
	14	*
	15	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	16	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	18	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	19	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	20	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
	21	* IN THE SOFTWARE.
	22	*/
	23
	24	#include <stdio.h>
	25	#include <stdlib.h>
	26	#include <unistd.h>
	27	#include <stdint.h>
	28	#include <string.h>
	29	#include <strings.h>
	30	#include <poll.h>
	31	#include <errno.h>
	32	#include <sys/types.h>
	33	#include <sys/stat.h>
	34	#include <fcntl.h>
	35	#include <sys/time.h>
	36	#include <libusb-1.0/libusb.h>
	37
	38	#include "hexdump.h"
	39	#include "firmware.h"
	40	#include "hm.h"
	41	#include "version.h"
	42	#include "hmcfgusb.h"
	43
	44	uint32_t hmid = 0;
558a94bb	45	uint32_t my_hmid = 0;
25870f58 MG	46
	47	enum message_type {
	48	MESSAGE_TYPE_E,
	49	MESSAGE_TYPE_R,
	50	};
	51
	52	struct recv_data {
	53	uint8_t message[64];
	54	enum message_type message_type;
	55	uint16_t status;
	56	int speed;
865d5b4c	57	uint16_t hmcfgusb_version;
25870f58 MG	58	};
	59
	60	static int parse_hmcfgusb(uint8_t buf, int buf_len, void data)
	61	{
	62	struct recv_data *rdata = data;
	63
	64	if (buf_len < 1)
	65	return 1;
	66
	67	switch (buf[0]) {
	68	case 'E':
	69	if ((!hmid) \|\|
	70	((buf[0x11] == ((hmid >> 16) & 0xff)) &&
	71	(buf[0x12] == ((hmid >> 8) & 0xff)) &&
	72	(buf[0x13] == (hmid & 0xff)))) {
	73	memset(rdata->message, 0, sizeof(rdata->message));
	74	memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
	75	rdata->message_type = MESSAGE_TYPE_E;
	76	}
	77	break;
	78	case 'R':
	79	memset(rdata->message, 0, sizeof(rdata->message));
	80	memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
	81	rdata->status = (buf[5] << 8) \| buf[6];
	82	rdata->message_type = MESSAGE_TYPE_R;
	83	break;
	84	case 'G':
	85	rdata->speed = buf[1];
	86	break;
865d5b4c MG	87	case 'H':
865d5b4c MG	88	rdata->hmcfgusb_version = (buf[11] << 8) \| buf[12];
558a94bb	89	my_hmid = (buf[0x1b] << 16) \| (buf[0x1c] << 8) \| buf[0x1d];
865d5b4c	90	break;
25870f58 MG	91	default:
	92	break;
	93	}
	94
	95	if (buf_len != 1)
	96	return 1;
	97
	98	return 1;
	99	}
	100
	101	int send_hm_message(struct hmcfgusb_dev dev, struct recv_data rdata, uint8_t *msg)
	102	{
	103	static uint32_t id = 1;
	104	struct timeval tv;
	105	uint8_t out[0x40];
	106	int pfd;
	107
	108	if (gettimeofday(&tv, NULL) == -1) {
	109	perror("gettimeofay");
	110	return 0;
	111	}
	112
	113	memset(out, 0, sizeof(out));
	114
	115	out[0] = 'S';
	116	out[1] = (id >> 24) & 0xff;
	117	out[2] = (id >> 16) & 0xff;
	118	out[3] = (id >> 8) & 0xff;
	119	out[4] = id & 0xff;
	120	out[10] = 0x01;
	121	out[11] = (tv.tv_usec >> 24) & 0xff;
	122	out[12] = (tv.tv_usec >> 16) & 0xff;
	123	out[13] = (tv.tv_usec >> 8) & 0xff;
	124	out[14] = tv.tv_usec & 0xff;
	125
	126
	127	memcpy(&out[0x0f], msg, msg[0] + 1);
	128
	129	memset(rdata, 0, sizeof(struct recv_data));
268d2cc6	130	hmcfgusb_send(dev, out, sizeof(out), 1);
25870f58 MG	131
	132	while (1) {
	133	if (rdata->message_type == MESSAGE_TYPE_R) {
	134	if (((rdata->status & 0xff) == 0x01) \|\|
	135	((rdata->status & 0xff) == 0x02)) {
	136	break;
	137	} else {
268d2cc6	138	fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
25870f58 MG	139	return 0;
	140	}
	141	}
	142	errno = 0;
	143	pfd = hmcfgusb_poll(dev, 1);
	144	if ((pfd < 0) && errno) {
	145	if (errno != ETIMEDOUT) {
	146	perror("\n\nhmcfgusb_poll");
	147	exit(EXIT_FAILURE);
	148	}
	149	}
	150	}
	151
	152	id++;
	153	return 1;
	154	}
	155
da4ab971 MG	156	static int switch_speed(struct hmcfgusb_dev dev, struct recv_data rdata, uint8_t speed)
	157	{
	158	uint8_t out[0x40];
	159	int pfd;
	160
	161	printf("Entering %uk-mode\n", speed);
	162
	163	memset(out, 0, sizeof(out));
	164	out[0] = 'G';
	165	out[1] = speed;
	166
268d2cc6	167	hmcfgusb_send(dev, out, sizeof(out), 1);
da4ab971 MG	168
	169	while (1) {
	170	errno = 0;
	171	pfd = hmcfgusb_poll(dev, 1);
	172	if ((pfd < 0) && errno) {
	173	if (errno != ETIMEDOUT) {
	174	perror("\n\nhmcfgusb_poll");
	175	exit(EXIT_FAILURE);
	176	}
	177	}
	178	if (rdata->speed == speed)
	179	break;
	180	}
	181
	182	return 1;
	183	}
	184
25870f58 MG	185	int main(int argc, char **argv)
	186	{
	187	const char twiddlie[] = { '-', '\\', '\|', '/' };
	188	const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
	189	struct hmcfgusb_dev *dev;
	190	struct recv_data rdata;
	191	uint8_t out[0x40];
	192	uint8_t *pos;
	193	uint8_t msgid = 0x1;
	194	uint16_t len;
	195	struct firmware *fw;
	196	int block;
	197	int pfd;
	198	int debug = 0;
	199	int cnt;
da4ab971	200	int switchcnt = 0;
25870f58 MG	201	int msgnum = 0;
	202	int switched = 0;
	203
	204	printf("HomeMatic OTA flasher version " VERSION "\n\n");
	205
	206	if (argc != 3) {
	207	if (argc == 1)
	208	fprintf(stderr, "Missing firmware filename!\n\n");
	209
	210	if (argc == 2)
	211	fprintf(stderr, "Missing serial!\n\n");
	212
	213	fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
	214	exit(EXIT_FAILURE);
	215	}
	216
	217	fw = firmware_read_firmware(argv[1], debug);
	218	if (!fw)
	219	exit(EXIT_FAILURE);
	220
	221	hmcfgusb_set_debug(debug);
	222
	223	memset(&rdata, 0, sizeof(rdata));
	224
	225	dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
	226	if (!dev) {
	227	fprintf(stderr, "Can't initialize HM-CFG-USB\n");
	228	exit(EXIT_FAILURE);
	229	}
	230
	231	if (dev->bootloader) {
	232	fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
	233	exit(EXIT_FAILURE);
	234	}
	235
	236	printf("\nHM-CFG-USB opened\n\n");
	237
865d5b4c MG	238	memset(out, 0, sizeof(out));
	239	out[0] = 'K';
	240	hmcfgusb_send(dev, out, sizeof(out), 1);
	241
	242	while (1) {
	243	errno = 0;
	244	pfd = hmcfgusb_poll(dev, 1);
	245	if ((pfd < 0) && errno) {
	246	if (errno != ETIMEDOUT) {
	247	perror("\n\nhmcfgusb_poll");
	248	exit(EXIT_FAILURE);
	249	}
	250	}
	251	if (rdata.hmcfgusb_version)
	252	break;
	253	}
	254
	255	if (rdata.hmcfgusb_version < 0x3c7) {
	256	fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
	257	exit(EXIT_FAILURE);
	258	}
	259
	260	printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);
	261
da4ab971 MG	262	if (!switch_speed(dev, &rdata, 10)) {
	263	fprintf(stderr, "Can't switch speed!\n");
	264	exit(EXIT_FAILURE);
25870f58 MG	265	}
	266
	267	printf("Waiting for device with serial %s\n", argv[2]);
	268
	269	while (1) {
	270	errno = 0;
	271	pfd = hmcfgusb_poll(dev, 1);
	272	if ((pfd < 0) && errno) {
	273	if (errno != ETIMEDOUT) {
	274	perror("\n\nhmcfgusb_poll");
	275	exit(EXIT_FAILURE);
	276	}
	277	}
	278
	279	if ((rdata.message[LEN] == 0x14) && /* Length */
	280	(rdata.message[MSGID] == 0x00) && /* Message ID */
	281	(rdata.message[CTL] == 0x00) && /* Control Byte */
	282	(rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
	283	(DST(rdata.message) == 0x000000) && /* Broadcast */
	284	(rdata.message[PAYLOAD] == 0x00) && /* FUP? */
	285	(rdata.message[PAYLOAD+2] == 'E') &&
	286	(rdata.message[PAYLOAD+3] == 'Q')) {
	287	if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
	288	hmid = SRC(rdata.message);
	289	break;
	290	}
	291	}
	292	}
	293
	294	printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);
	295
	296	printf("Adding HMID\n");
	297
	298	memset(out, 0, sizeof(out));
	299	out[0] = '+';
	300	out[1] = (hmid >> 16) & 0xff;
	301	out[2] = (hmid >> 8) & 0xff;
	302	out[3] = hmid & 0xff;
	303
268d2cc6	304	hmcfgusb_send(dev, out, sizeof(out), 1);
25870f58	305
da4ab971	306	switchcnt = 3;
25870f58 MG	307	do {
	308	printf("Initiating remote switch to 100k\n");
	309
	310	memset(out, 0, sizeof(out));
	311
	312	out[MSGID] = msgid++;
	313	out[CTL] = 0x00;
	314	out[TYPE] = 0xCB;
558a94bb	315	SET_SRC(out, my_hmid);
25870f58 MG	316	SET_DST(out, hmid);
	317
	318	memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
	319	SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
	320
	321	if (!send_hm_message(dev, &rdata, out)) {
	322	exit(EXIT_FAILURE);
	323	}
	324
da4ab971 MG	325	if (!switch_speed(dev, &rdata, 100)) {
	326	fprintf(stderr, "Can't switch speed!\n");
	327	exit(EXIT_FAILURE);
25870f58 MG	328	}
	329
	330	printf("Has the device switched?\n");
	331
	332	memset(out, 0, sizeof(out));
	333
	334	out[MSGID] = msgid++;
	335	out[CTL] = 0x20;
	336	out[TYPE] = 0xCB;
558a94bb	337	SET_SRC(out, my_hmid);
25870f58 MG	338	SET_DST(out, hmid);
	339
	340	memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
	341	SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
	342
	343	cnt = 3;
	344	do {
	345	if (send_hm_message(dev, &rdata, out)) {
	346	/* A0A02000221B9AD00000000 */
	347	switched = 1;
	348	break;
	349
	350	}
	351	} while (cnt--);
	352
	353	if (!switched) {
da4ab971	354	printf("No!\n");
25870f58	355
da4ab971 MG	356	if (!switch_speed(dev, &rdata, 10)) {
	357	fprintf(stderr, "Can't switch speed!\n");
	358	exit(EXIT_FAILURE);
25870f58 MG	359	}
25870f58 MG	360	}
da4ab971	361	} while ((!switched) && (switchcnt--));
25870f58	362
268d2cc6 MG	363	if (!switched) {
	364	fprintf(stderr, "Too many errors, giving up!\n");
	365	exit(EXIT_FAILURE);
	366	}
25870f58	367
da4ab971	368	printf("Yes!\n");
25870f58 MG	369
	370	printf("Flashing %d blocks", fw->fw_blocks);
	371	if (debug) {
	372	printf("\n");
	373	} else {
	374	printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
	375	fflush(stdout);
	376	}
	377
	378	for (block = 0; block < fw->fw_blocks; block++) {
	379	int first;
	380
	381	len = fw->fw[block][2] << 8;
	382	len \|= fw->fw[block][3];
	383
	384	pos = &(fw->fw[block][2]);
	385
	386	len += 2; /* length */
	387
	388	if (debug)
	389	hexdump(pos, len, "F> ");
	390
	391	first = 1;
	392	cnt = 0;
	393	do {
	394	int payloadlen = 35;
	395	int ack = 0;
	396
	397	if (first) {
	398	payloadlen = 37;
	399	first = 0;
	400	}
	401
	402	if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
	403	payloadlen = (len - (pos - &(fw->fw[block][2])));
	404
	405	if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
	406	ack = 1;
	407
	408	memset(&rdata, 0, sizeof(rdata));
	409
	410	memset(out, 0, sizeof(out));
	411
da4ab971	412	out[MSGID] = msgid;
25870f58 MG	413	if (ack)
	414	out[CTL] = 0x20;
	415	out[TYPE] = 0xCA;
558a94bb	416	SET_SRC(out, my_hmid);
25870f58 MG	417	SET_DST(out, hmid);
	418
	419	memcpy(&out[PAYLOAD], pos, payloadlen);
	420	SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
	421
	422	if (send_hm_message(dev, &rdata, out)) {
	423	pos += payloadlen;
	424	} else {
	425	pos = &(fw->fw[block][2]);
	426	cnt++;
	427	if (cnt == 3) {
	428	fprintf(stderr, "\nToo many errors, giving up!\n");
	429	exit(EXIT_FAILURE);
	430	} else {
	431	printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
	432	}
	433	}
	434
	435	msgnum++;
	436
	437	if (!debug) {
	438	printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
	439	block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
	440	fflush(stdout);
	441	}
	442	} while((pos - &(fw->fw[block][2])) < len);
da4ab971	443	msgid++;
25870f58 MG	444	}
	445
	446	firmware_free(fw);
	447
da4ab971	448	printf("\n");
25870f58	449
da4ab971 MG	450	if (!switch_speed(dev, &rdata, 10)) {
	451	fprintf(stderr, "Can't switch speed!\n");
	452	exit(EXIT_FAILURE);
25870f58 MG	453	}
	454
	455	printf("Waiting for device to reboot\n");
	456
	457	cnt = 10;
	458	do {
	459	errno = 0;
	460	pfd = hmcfgusb_poll(dev, 1);
	461	if ((pfd < 0) && errno) {
	462	if (errno != ETIMEDOUT) {
	463	perror("\n\nhmcfgusb_poll");
	464	exit(EXIT_FAILURE);
	465	}
	466	}
	467	if (rdata.message_type == MESSAGE_TYPE_E) {
	468	break;
	469	}
	470	} while(cnt--);
	471
	472	if (rdata.message_type == MESSAGE_TYPE_E) {
	473	printf("Device rebooted\n");
	474	}
	475
	476	hmcfgusb_close(dev);
	477
	478	return EXIT_SUCCESS;
	479	}