]> cvs.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
projects / hmcfgusb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
set the source hmid, else OTA will fail
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43
44 uint32_t hmid = 0;
45 uint32_t my_hmid = 0;
46
47 enum message_type {
48 MESSAGE_TYPE_E,
49 MESSAGE_TYPE_R,
50 };
51
52 struct recv_data {
53 uint8_t message[64];
54 enum message_type message_type;
55 uint16_t status;
56 int speed;
57 uint16_t hmcfgusb_version;
58 };
59
60 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
61 {
62 struct recv_data *rdata = data;
63
64 if (buf_len < 1)
65 return 1;
66
67 switch (buf[0]) {
68 case 'E':
69 if ((!hmid) ||
70 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
71 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
72 (buf[0x13] == (hmid & 0xff)))) {
73 memset(rdata->message, 0, sizeof(rdata->message));
74 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
75 rdata->message_type = MESSAGE_TYPE_E;
76 }
77 break;
78 case 'R':
79 memset(rdata->message, 0, sizeof(rdata->message));
80 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
81 rdata->status = (buf[5] << 8) | buf[6];
82 rdata->message_type = MESSAGE_TYPE_R;
83 break;
84 case 'G':
85 rdata->speed = buf[1];
86 break;
87 case 'H':
88 rdata->hmcfgusb_version = (buf[11] << 8) | buf[12];
89 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
90 break;
91 default:
92 break;
93 }
94
95 if (buf_len != 1)
96 return 1;
97
98 return 1;
99 }
100
101 int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg)
102 {
103 static uint32_t id = 1;
104 struct timeval tv;
105 uint8_t out[0x40];
106 int pfd;
107
108 if (gettimeofday(&tv, NULL) == -1) {
109 perror("gettimeofay");
110 return 0;
111 }
112
113 memset(out, 0, sizeof(out));
114
115 out[0] = 'S';
116 out[1] = (id >> 24) & 0xff;
117 out[2] = (id >> 16) & 0xff;
118 out[3] = (id >> 8) & 0xff;
119 out[4] = id & 0xff;
120 out[10] = 0x01;
121 out[11] = (tv.tv_usec >> 24) & 0xff;
122 out[12] = (tv.tv_usec >> 16) & 0xff;
123 out[13] = (tv.tv_usec >> 8) & 0xff;
124 out[14] = tv.tv_usec & 0xff;
125
126
127 memcpy(&out[0x0f], msg, msg[0] + 1);
128
129 memset(rdata, 0, sizeof(struct recv_data));
130 hmcfgusb_send(dev, out, sizeof(out), 1);
131
132 while (1) {
133 if (rdata->message_type == MESSAGE_TYPE_R) {
134 if (((rdata->status & 0xff) == 0x01) ||
135 ((rdata->status & 0xff) == 0x02)) {
136 break;
137 } else {
138 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
139 return 0;
140 }
141 }
142 errno = 0;
143 pfd = hmcfgusb_poll(dev, 1);
144 if ((pfd < 0) && errno) {
145 if (errno != ETIMEDOUT) {
146 perror("\n\nhmcfgusb_poll");
147 exit(EXIT_FAILURE);
148 }
149 }
150 }
151
152 id++;
153 return 1;
154 }
155
156 static int switch_speed(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t speed)
157 {
158 uint8_t out[0x40];
159 int pfd;
160
161 printf("Entering %uk-mode\n", speed);
162
163 memset(out, 0, sizeof(out));
164 out[0] = 'G';
165 out[1] = speed;
166
167 hmcfgusb_send(dev, out, sizeof(out), 1);
168
169 while (1) {
170 errno = 0;
171 pfd = hmcfgusb_poll(dev, 1);
172 if ((pfd < 0) && errno) {
173 if (errno != ETIMEDOUT) {
174 perror("\n\nhmcfgusb_poll");
175 exit(EXIT_FAILURE);
176 }
177 }
178 if (rdata->speed == speed)
179 break;
180 }
181
182 return 1;
183 }
184
185 int main(int argc, char **argv)
186 {
187 const char twiddlie[] = { '-', '\\', '|', '/' };
188 const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
189 struct hmcfgusb_dev *dev;
190 struct recv_data rdata;
191 uint8_t out[0x40];
192 uint8_t *pos;
193 uint8_t msgid = 0x1;
194 uint16_t len;
195 struct firmware *fw;
196 int block;
197 int pfd;
198 int debug = 0;
199 int cnt;
200 int switchcnt = 0;
201 int msgnum = 0;
202 int switched = 0;
203
204 printf("HomeMatic OTA flasher version " VERSION "\n\n");
205
206 if (argc != 3) {
207 if (argc == 1)
208 fprintf(stderr, "Missing firmware filename!\n\n");
209
210 if (argc == 2)
211 fprintf(stderr, "Missing serial!\n\n");
212
213 fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
214 exit(EXIT_FAILURE);
215 }
216
217 fw = firmware_read_firmware(argv[1], debug);
218 if (!fw)
219 exit(EXIT_FAILURE);
220
221 hmcfgusb_set_debug(debug);
222
223 memset(&rdata, 0, sizeof(rdata));
224
225 dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
226 if (!dev) {
227 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
228 exit(EXIT_FAILURE);
229 }
230
231 if (dev->bootloader) {
232 fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
233 exit(EXIT_FAILURE);
234 }
235
236 printf("\nHM-CFG-USB opened\n\n");
237
238 memset(out, 0, sizeof(out));
239 out[0] = 'K';
240 hmcfgusb_send(dev, out, sizeof(out), 1);
241
242 while (1) {
243 errno = 0;
244 pfd = hmcfgusb_poll(dev, 1);
245 if ((pfd < 0) && errno) {
246 if (errno != ETIMEDOUT) {
247 perror("\n\nhmcfgusb_poll");
248 exit(EXIT_FAILURE);
249 }
250 }
251 if (rdata.hmcfgusb_version)
252 break;
253 }
254
255 if (rdata.hmcfgusb_version < 0x3c7) {
256 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
257 exit(EXIT_FAILURE);
258 }
259
260 printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);
261
262 if (!switch_speed(dev, &rdata, 10)) {
263 fprintf(stderr, "Can't switch speed!\n");
264 exit(EXIT_FAILURE);
265 }
266
267 printf("Waiting for device with serial %s\n", argv[2]);
268
269 while (1) {
270 errno = 0;
271 pfd = hmcfgusb_poll(dev, 1);
272 if ((pfd < 0) && errno) {
273 if (errno != ETIMEDOUT) {
274 perror("\n\nhmcfgusb_poll");
275 exit(EXIT_FAILURE);
276 }
277 }
278
279 if ((rdata.message[LEN] == 0x14) && /* Length */
280 (rdata.message[MSGID] == 0x00) && /* Message ID */
281 (rdata.message[CTL] == 0x00) && /* Control Byte */
282 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
283 (DST(rdata.message) == 0x000000) && /* Broadcast */
284 (rdata.message[PAYLOAD] == 0x00) && /* FUP? */
285 (rdata.message[PAYLOAD+2] == 'E') &&
286 (rdata.message[PAYLOAD+3] == 'Q')) {
287 if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
288 hmid = SRC(rdata.message);
289 break;
290 }
291 }
292 }
293
294 printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);
295
296 printf("Adding HMID\n");
297
298 memset(out, 0, sizeof(out));
299 out[0] = '+';
300 out[1] = (hmid >> 16) & 0xff;
301 out[2] = (hmid >> 8) & 0xff;
302 out[3] = hmid & 0xff;
303
304 hmcfgusb_send(dev, out, sizeof(out), 1);
305
306 switchcnt = 3;
307 do {
308 printf("Initiating remote switch to 100k\n");
309
310 memset(out, 0, sizeof(out));
311
312 out[MSGID] = msgid++;
313 out[CTL] = 0x00;
314 out[TYPE] = 0xCB;
315 SET_SRC(out, my_hmid);
316 SET_DST(out, hmid);
317
318 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
319 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
320
321 if (!send_hm_message(dev, &rdata, out)) {
322 exit(EXIT_FAILURE);
323 }
324
325 if (!switch_speed(dev, &rdata, 100)) {
326 fprintf(stderr, "Can't switch speed!\n");
327 exit(EXIT_FAILURE);
328 }
329
330 printf("Has the device switched?\n");
331
332 memset(out, 0, sizeof(out));
333
334 out[MSGID] = msgid++;
335 out[CTL] = 0x20;
336 out[TYPE] = 0xCB;
337 SET_SRC(out, my_hmid);
338 SET_DST(out, hmid);
339
340 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
341 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
342
343 cnt = 3;
344 do {
345 if (send_hm_message(dev, &rdata, out)) {
346 /* A0A02000221B9AD00000000 */
347 switched = 1;
348 break;
349
350 }
351 } while (cnt--);
352
353 if (!switched) {
354 printf("No!\n");
355
356 if (!switch_speed(dev, &rdata, 10)) {
357 fprintf(stderr, "Can't switch speed!\n");
358 exit(EXIT_FAILURE);
359 }
360 }
361 } while ((!switched) && (switchcnt--));
362
363 if (!switched) {
364 fprintf(stderr, "Too many errors, giving up!\n");
365 exit(EXIT_FAILURE);
366 }
367
368 printf("Yes!\n");
369
370 printf("Flashing %d blocks", fw->fw_blocks);
371 if (debug) {
372 printf("\n");
373 } else {
374 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
375 fflush(stdout);
376 }
377
378 for (block = 0; block < fw->fw_blocks; block++) {
379 int first;
380
381 len = fw->fw[block][2] << 8;
382 len |= fw->fw[block][3];
383
384 pos = &(fw->fw[block][2]);
385
386 len += 2; /* length */
387
388 if (debug)
389 hexdump(pos, len, "F> ");
390
391 first = 1;
392 cnt = 0;
393 do {
394 int payloadlen = 35;
395 int ack = 0;
396
397 if (first) {
398 payloadlen = 37;
399 first = 0;
400 }
401
402 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
403 payloadlen = (len - (pos - &(fw->fw[block][2])));
404
405 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
406 ack = 1;
407
408 memset(&rdata, 0, sizeof(rdata));
409
410 memset(out, 0, sizeof(out));
411
412 out[MSGID] = msgid;
413 if (ack)
414 out[CTL] = 0x20;
415 out[TYPE] = 0xCA;
416 SET_SRC(out, my_hmid);
417 SET_DST(out, hmid);
418
419 memcpy(&out[PAYLOAD], pos, payloadlen);
420 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
421
422 if (send_hm_message(dev, &rdata, out)) {
423 pos += payloadlen;
424 } else {
425 pos = &(fw->fw[block][2]);
426 cnt++;
427 if (cnt == 3) {
428 fprintf(stderr, "\nToo many errors, giving up!\n");
429 exit(EXIT_FAILURE);
430 } else {
431 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
432 }
433 }
434
435 msgnum++;
436
437 if (!debug) {
438 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
439 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
440 fflush(stdout);
441 }
442 } while((pos - &(fw->fw[block][2])) < len);
443 msgid++;
444 }
445
446 firmware_free(fw);
447
448 printf("\n");
449
450 if (!switch_speed(dev, &rdata, 10)) {
451 fprintf(stderr, "Can't switch speed!\n");
452 exit(EXIT_FAILURE);
453 }
454
455 printf("Waiting for device to reboot\n");
456
457 cnt = 10;
458 do {
459 errno = 0;
460 pfd = hmcfgusb_poll(dev, 1);
461 if ((pfd < 0) && errno) {
462 if (errno != ETIMEDOUT) {
463 perror("\n\nhmcfgusb_poll");
464 exit(EXIT_FAILURE);
465 }
466 }
467 if (rdata.message_type == MESSAGE_TYPE_E) {
468 break;
469 }
470 } while(cnt--);
471
472 if (rdata.message_type == MESSAGE_TYPE_E) {
473 printf("Device rebooted\n");
474 }
475
476 hmcfgusb_close(dev);
477
478 return EXIT_SUCCESS;
479 }
HM-CFG-USB{,2} linux utilities
Impressum, Datenschutz