]> cvs.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
projects / hmcfgusb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
all: update year in copyright
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014-16 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47 #define NORMAL_MAX_PAYLOAD 37
48 #define LOWER_MAX_PAYLOAD 17
49
50 extern char *optarg;
51
52 uint32_t hmid = 0;
53 uint32_t my_hmid = 0;
54 uint8_t key[16] = {0};
55 int32_t kNo = -1;
56
57 /* Maximum payloadlen supported by IO */
58 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
59
60 enum device_type {
61 DEVICE_TYPE_HMCFGUSB,
62 DEVICE_TYPE_CULFW,
63 };
64
65 struct ota_dev {
66 int type;
67 struct hmcfgusb_dev *hmcfgusb;
68 struct culfw_dev *culfw;
69 };
70
71 enum message_type {
72 MESSAGE_TYPE_E = 1,
73 MESSAGE_TYPE_R = 2,
74 };
75
76 struct recv_data {
77 uint8_t message[64];
78 enum message_type message_type;
79 uint16_t status;
80 int speed;
81 uint16_t version;
82 uint8_t credits;
83 };
84
85 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
86 {
87 struct recv_data *rdata = data;
88
89 if (buf_len < 1)
90 return 1;
91
92 switch (buf[0]) {
93 case 'E':
94 if ((!hmid) ||
95 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
96 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
97 (buf[0x13] == (hmid & 0xff)))) {
98 memset(rdata->message, 0, sizeof(rdata->message));
99 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
100 rdata->message_type = MESSAGE_TYPE_E;
101 }
102 break;
103 case 'R':
104 memset(rdata->message, 0, sizeof(rdata->message));
105 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
106 rdata->status = (buf[5] << 8) | buf[6];
107 rdata->message_type = MESSAGE_TYPE_R;
108 break;
109 case 'G':
110 rdata->speed = buf[1];
111 break;
112 case 'H':
113 rdata->version = (buf[11] << 8) | buf[12];
114 rdata->credits = buf[36];
115 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
116 break;
117 default:
118 break;
119 }
120
121 if (buf_len != 1)
122 return 1;
123
124 return 1;
125 }
126
127 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
128 {
129 struct recv_data *rdata = data;
130 int pos = 0;
131
132 memset(rdata, 0, sizeof(struct recv_data));
133
134 if (buf_len <= 3)
135 return 0;
136
137 switch(buf[0]) {
138 case 'A':
139 if (buf[1] == 's')
140 return 0;
141
142 while(validate_nibble(buf[(pos * 2) + 1]) &&
143 validate_nibble(buf[(pos * 2) + 2]) &&
144 (pos + 1 < buf_len)) {
145 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
146 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
147 pos++;
148 }
149
150 if (hmid && (SRC(rdata->message) != hmid))
151 return 0;
152
153 rdata->message_type = MESSAGE_TYPE_E;
154 break;
155 case 'V':
156 {
157 uint8_t v;
158 char *s;
159 char *e;
160
161 s = ((char*)buf) + 2;
162 e = strchr(s, '.');
163 if (!e) {
164 fprintf(stderr, "Unknown response from CUL: %s", buf);
165 return 0;
166 }
167 *e = '\0';
168 v = atoi(s);
169 rdata->version = v << 8;
170
171 s = e + 1;
172 e = strchr(s, ' ');
173 if (!e) {
174 fprintf(stderr, "Unknown response from CUL: %s", buf);
175 return 0;
176 }
177 *e = '\0';
178 v = atoi(s);
179 rdata->version |= v;
180
181 s = e + 1;
182 e = strchr(s, ' ');
183 if (!e) {
184 break;
185 }
186 *e = '\0';
187 if (!strcmp(s, "a-culfw")) {
188 rdata->version = 0xffff;
189 }
190 }
191 break;
192 case 'E':
193 {
194 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
195 fprintf(stderr, "CCA didn't complete, too much traffic\n");
196 }
197 break;
198 }
199 default:
200 fprintf(stderr, "Unknown response from CUL: %s", buf);
201 return 0;
202 break;
203 }
204
205 return 1;
206 }
207
208 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
209 {
210 static uint32_t id = 1;
211 struct timeval tv;
212 uint8_t out[0x40];
213 int pfd;
214
215 switch(dev->type) {
216 case DEVICE_TYPE_HMCFGUSB:
217 if (gettimeofday(&tv, NULL) == -1) {
218 perror("gettimeofay");
219 return 0;
220 }
221
222 memset(out, 0, sizeof(out));
223
224 out[0] = 'S';
225 out[1] = (id >> 24) & 0xff;
226 out[2] = (id >> 16) & 0xff;
227 out[3] = (id >> 8) & 0xff;
228 out[4] = id & 0xff;
229 out[10] = 0x01;
230 out[11] = (tv.tv_usec >> 24) & 0xff;
231 out[12] = (tv.tv_usec >> 16) & 0xff;
232 out[13] = (tv.tv_usec >> 8) & 0xff;
233 out[14] = tv.tv_usec & 0xff;
234
235 memcpy(&out[0x0f], msg, msg[0] + 1);
236
237 memset(rdata, 0, sizeof(struct recv_data));
238 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
239
240 while (1) {
241 if (rdata->message_type == MESSAGE_TYPE_R) {
242 if (((rdata->status & 0xdf) == 0x01) ||
243 ((rdata->status & 0xdf) == 0x02)) {
244 break;
245 } else {
246 if ((rdata->status & 0xff00) == 0x0400) {
247 fprintf(stderr, "\nOut of credits!\n");
248 } else if ((rdata->status & 0xff) == 0x08) {
249 fprintf(stderr, "\nMissing ACK!\n");
250 } else if ((rdata->status & 0xff) == 0x30) {
251 fprintf(stderr, "\nUnknown AES-key requested!\n");
252 } else {
253 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
254 }
255 return 0;
256 }
257 }
258 errno = 0;
259 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
260 if ((pfd < 0) && errno) {
261 if (errno != ETIMEDOUT) {
262 perror("\n\nhmcfgusb_poll");
263 exit(EXIT_FAILURE);
264 }
265 }
266 }
267 break;
268 case DEVICE_TYPE_CULFW:
269 {
270 char buf[256];
271 int i;
272
273 memset(buf, 0, sizeof(buf));
274 buf[0] = 'A';
275 buf[1] = 's';
276 for (i = 0; i < msg[0] + 1; i++) {
277 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
278 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
279 }
280 buf[2 + (i * 2) ] = '\r';
281 buf[2 + (i * 2) + 1] = '\n';
282
283 memset(rdata, 0, sizeof(struct recv_data));
284 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
285 fprintf(stderr, "culfw_send failed!\n");
286 exit(EXIT_FAILURE);
287 }
288
289 if (msg[CTL] & 0x20) {
290 int cnt = 5;
291 int pfd;
292 do {
293 errno = 0;
294 pfd = culfw_poll(dev->culfw, 200);
295 if ((pfd < 0) && errno) {
296 if (errno != ETIMEDOUT) {
297 perror("\n\nculfw_poll");
298 exit(EXIT_FAILURE);
299 }
300 }
301 if (rdata->message_type == MESSAGE_TYPE_E) {
302 if (rdata->message[TYPE] == 0x02) {
303 if (rdata->message[PAYLOAD] == 0x04) {
304 int32_t req_kNo;
305 uint8_t challenge[6];
306 uint8_t respbuf[16];
307 uint8_t *resp;
308
309 req_kNo = rdata->message[rdata->message[LEN]] / 2;
310 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
311
312 if (req_kNo != kNo) {
313 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
314 } else {
315 resp = hm_sign(key, challenge, msg, NULL, respbuf);
316 if (resp) {
317 uint8_t rbuf[64];
318
319 memset(rbuf, 0, sizeof(rbuf));
320 rbuf[MSGID] = rdata->message[MSGID];
321 rbuf[CTL] = rdata->message[CTL];
322 rbuf[TYPE] = 0x03;
323 SET_SRC(rbuf, DST(rdata->message));
324 SET_DST(rbuf, SRC(rdata->message));
325 memcpy(&(rbuf[PAYLOAD]), resp, 16);
326 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
327
328 usleep(110000); /* Determined by a fair dice roll */
329 return send_hm_message(dev, rdata, rbuf);
330 }
331 }
332 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
333 fprintf(stderr, "NACK\n");
334 } else { /* ACK or ACKinfo */
335 break;
336 }
337 } else {
338 fprintf(stderr, "Unexpected message received: ");
339 for (i = 0; i < rdata->message[LEN]; i++) {
340 fprintf(stderr, "%02x", rdata->message[i+1]);
341 }
342 fprintf(stderr, "\n");
343 }
344 }
345 } while(cnt--);
346
347 if (cnt == -1) {
348 fprintf(stderr, "\nMissing ACK!\n");
349 return 0;
350 }
351 }
352 }
353 break;
354 }
355
356 id++;
357 return 1;
358 }
359
360 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
361 {
362 uint8_t out[0x40];
363 int pfd;
364
365 printf("Entering %uk-mode\n", speed);
366
367 switch(dev->type) {
368 case DEVICE_TYPE_HMCFGUSB:
369 memset(out, 0, sizeof(out));
370 out[0] = 'G';
371 out[1] = speed;
372
373 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
374
375 while (1) {
376 errno = 0;
377 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
378 if ((pfd < 0) && errno) {
379 if (errno != ETIMEDOUT) {
380 perror("\n\nhmcfgusb_poll");
381 exit(EXIT_FAILURE);
382 }
383 }
384 if (rdata->speed == speed)
385 break;
386 }
387 break;
388 case DEVICE_TYPE_CULFW:
389 if (speed == 100) {
390 return culfw_send(dev->culfw, "AR\r\n", 4);
391 } else {
392 return culfw_send(dev->culfw, "Ar\r\n", 4);
393 }
394 break;
395 }
396
397 return 1;
398 }
399
400 void flash_ota_syntax(char *prog)
401 {
402 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
403 fprintf(stderr, "Mandatory parameters:\n");
404 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
405 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
406 fprintf(stderr, "\nOptional parameters:\n");
407 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
408 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
409 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
410 fprintf(stderr, "\t-S serial\tuse HM-CFG-USB with given serial\n");
411 fprintf(stderr, "\t-h\t\tthis help\n");
412 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
413 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
414 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
415 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
416 }
417
418 int main(int argc, char **argv)
419 {
420 const char twiddlie[] = { '-', '\\', '|', '/' };
421 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
422 char *fw_file = NULL;
423 char *serial = NULL;
424 char *culfw_dev = NULL;
425 char *endptr = NULL;
426 unsigned int bps = DEFAULT_CUL_BPS;
427 struct ota_dev dev;
428 struct recv_data rdata;
429 uint8_t out[0x40];
430 uint8_t *pos;
431 uint8_t msgid = 0x1;
432 uint16_t len;
433 struct firmware *fw;
434 char *hmcfgusb_serial = NULL;
435 int block;
436 int pfd;
437 int debug = 0;
438 int cnt;
439 int switchcnt = 0;
440 int msgnum = 0;
441 int switched = 0;
442 int opt;
443
444 printf("HomeMatic OTA flasher version " VERSION "\n\n");
445
446 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:S:")) != -1) {
447 switch (opt) {
448 case 'b':
449 bps = atoi(optarg);
450 break;
451 case 'c':
452 culfw_dev = optarg;
453 break;
454 case 'f':
455 fw_file = optarg;
456 break;
457 case 'l':
458 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
459 max_payloadlen = LOWER_MAX_PAYLOAD;
460 break;
461 case 's':
462 serial = optarg;
463 break;
464 case 'C':
465 my_hmid = strtoul(optarg, &endptr, 16);
466 if (*endptr != '\0') {
467 fprintf(stderr, "Invalid central HMID!\n\n");
468 flash_ota_syntax(argv[0]);
469 exit(EXIT_FAILURE);
470 }
471 break;
472 case 'D':
473 hmid = strtoul(optarg, &endptr, 16);
474 if (*endptr != '\0') {
475 fprintf(stderr, "Invalid device HMID!\n\n");
476 flash_ota_syntax(argv[0]);
477 exit(EXIT_FAILURE);
478 }
479 break;
480 case 'K':
481 kNo = strtoul(optarg, &endptr, 10);
482 if (*endptr != ':') {
483 fprintf(stderr, "Invalid key number!\n\n");
484 flash_ota_syntax(argv[0]);
485 exit(EXIT_FAILURE);
486 }
487 endptr++;
488 for (cnt = 0; cnt < 16; cnt++) {
489 if (*endptr == '\0' || *(endptr+1) == '\0' ||
490 !validate_nibble(*endptr) ||
491 !validate_nibble(*(endptr+1))) {
492 fprintf(stderr, "Invalid key!\n\n");
493 flash_ota_syntax(argv[0]);
494 exit(EXIT_FAILURE);
495 }
496 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
497 endptr += 2;
498 }
499 break;
500 case 'S':
501 hmcfgusb_serial = optarg;
502 break;
503 case 'h':
504 case ':':
505 case '?':
506 default:
507 flash_ota_syntax(argv[0]);
508 exit(EXIT_FAILURE);
509 break;
510
511 }
512 }
513
514 if (!fw_file || (!serial && !hmid)) {
515 flash_ota_syntax(argv[0]);
516 exit(EXIT_FAILURE);
517 }
518
519 fw = firmware_read_firmware(fw_file, debug);
520 if (!fw)
521 exit(EXIT_FAILURE);
522
523 memset(&rdata, 0, sizeof(rdata));
524 memset(&dev, 0, sizeof(struct ota_dev));
525
526 if (culfw_dev) {
527 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
528 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
529 if (!dev.culfw) {
530 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
531 exit(EXIT_FAILURE);
532 }
533 dev.type = DEVICE_TYPE_CULFW;
534
535 printf("Requesting firmware version\n");
536 culfw_send(dev.culfw, "\r\n", 2);
537 culfw_flush(dev.culfw);
538
539 while (1) {
540 culfw_send(dev.culfw, "V\r\n", 3);
541
542 errno = 0;
543 pfd = culfw_poll(dev.culfw, 1000);
544 if ((pfd < 0) && errno) {
545 if (errno != ETIMEDOUT) {
546 perror("\n\nhmcfgusb_poll");
547 exit(EXIT_FAILURE);
548 }
549 }
550 if (rdata.version)
551 break;
552 }
553
554 printf("culfw-device firmware version: ");
555 if (rdata.version != 0xffff) {
556 printf("%u.%02u\n",
557 (rdata.version >> 8) & 0xff,
558 rdata.version & 0xff);
559 } else {
560 printf("a-culfw\n");
561 }
562
563 if (rdata.version < 0x013a) {
564 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
565 exit(EXIT_FAILURE);
566 }
567 } else {
568 uint32_t new_hmid = my_hmid;
569
570 hmcfgusb_set_debug(debug);
571
572 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial);
573 if (!dev.hmcfgusb) {
574 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
575 exit(EXIT_FAILURE);
576 }
577 dev.type = DEVICE_TYPE_HMCFGUSB;
578
579 memset(out, 0, sizeof(out));
580 out[0] = 'K';
581 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
582
583 while (1) {
584 errno = 0;
585 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
586 if ((pfd < 0) && errno) {
587 if (errno != ETIMEDOUT) {
588 perror("\n\nhmcfgusb_poll");
589 exit(EXIT_FAILURE);
590 }
591 }
592 if (rdata.version)
593 break;
594 }
595
596 if (rdata.version < 0x3c7) {
597 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
598 exit(EXIT_FAILURE);
599 }
600
601 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
602
603 if (rdata.credits >= 40) {
604 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
605
606 if (!dev.hmcfgusb->bootloader) {
607 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
608 printf("Waiting for device to reappear...\n");
609
610 do {
611 if (dev.hmcfgusb) {
612 if (!dev.hmcfgusb->bootloader)
613 hmcfgusb_enter_bootloader(dev.hmcfgusb);
614 hmcfgusb_close(dev.hmcfgusb);
615 }
616 sleep(1);
617 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (!dev.hmcfgusb->bootloader));
618 }
619
620 if (dev.hmcfgusb->bootloader) {
621 printf("HM-CFG-USB in bootloader mode, rebooting\n");
622
623 do {
624 if (dev.hmcfgusb) {
625 if (dev.hmcfgusb->bootloader)
626 hmcfgusb_leave_bootloader(dev.hmcfgusb);
627 hmcfgusb_close(dev.hmcfgusb);
628 }
629 sleep(1);
630 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (dev.hmcfgusb->bootloader));
631 }
632 }
633
634 printf("\n\nHM-CFG-USB opened\n\n");
635
636 if (new_hmid && (my_hmid != new_hmid)) {
637 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
638
639 memset(out, 0, sizeof(out));
640 out[0] = 'A';
641 out[1] = (new_hmid >> 16) & 0xff;
642 out[2] = (new_hmid >> 8) & 0xff;
643 out[3] = new_hmid & 0xff;
644
645 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
646
647 my_hmid = new_hmid;
648 }
649
650 if (kNo > 0) {
651 printf("Setting AES-key\n");
652
653 memset(out, 0, sizeof(out));
654 out[0] = 'Y';
655 out[1] = 0x01;
656 out[2] = kNo;
657 out[3] = sizeof(key);
658 memcpy(&(out[4]), key, sizeof(key));
659 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
660
661 memset(out, 0, sizeof(out));
662 out[0] = 'Y';
663 out[1] = 0x02;
664 out[2] = 0x00;
665 out[3] = 0x00;
666 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
667
668 memset(out, 0, sizeof(out));
669 out[0] = 'Y';
670 out[1] = 0x03;
671 out[2] = 0x00;
672 out[3] = 0x00;
673 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
674 }
675 }
676
677 if (!switch_speed(&dev, &rdata, 10)) {
678 fprintf(stderr, "Can't switch speed!\n");
679 exit(EXIT_FAILURE);
680 }
681
682 if (hmid && my_hmid) {
683 printf("Sending device with hmid %06x to bootloader\n", hmid);
684 out[CTL] = 0x30;
685 out[TYPE] = 0x11;
686 SET_SRC(out, my_hmid);
687 SET_DST(out, hmid);
688 out[PAYLOAD] = 0xCA;
689 SET_LEN_FROM_PAYLOADLEN(out, 1);
690
691 cnt = 3;
692 do {
693 out[MSGID] = msgid++;
694 if (send_hm_message(&dev, &rdata, out)) {
695 break;
696 }
697 } while (cnt--);
698 if (cnt == -1) {
699 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
700 }
701 }
702
703 if (serial) {
704 printf("Waiting for device with serial %s\n", serial);
705 } else {
706 printf("Waiting for device with HMID %06x\n", hmid);
707 }
708
709 while (1) {
710 errno = 0;
711 switch (dev.type) {
712 case DEVICE_TYPE_CULFW:
713 pfd = culfw_poll(dev.culfw, 1000);
714 break;
715 case DEVICE_TYPE_HMCFGUSB:
716 default:
717 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
718 break;
719 }
720
721 if ((pfd < 0) && errno) {
722 if (errno != ETIMEDOUT) {
723 perror("\n\npoll");
724 exit(EXIT_FAILURE);
725 }
726 }
727
728 if ((rdata.message[LEN] == 0x14) && /* Length */
729 (rdata.message[MSGID] == 0x00) && /* Message ID */
730 (rdata.message[CTL] == 0x00) && /* Control Byte */
731 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
732 (DST(rdata.message) == 0x000000) && /* Broadcast */
733 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
734 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
735 hmid = SRC(rdata.message);
736 break;
737 } else if (!serial && SRC(rdata.message) == hmid) {
738 serial = (char*)&(rdata.message[0x0b]);
739 break;
740 }
741 }
742 }
743
744 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
745
746 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
747 printf("Adding HMID\n");
748
749 memset(out, 0, sizeof(out));
750 out[0] = '+';
751 out[1] = (hmid >> 16) & 0xff;
752 out[2] = (hmid >> 8) & 0xff;
753 out[3] = hmid & 0xff;
754
755 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
756 }
757
758 switchcnt = 3;
759 do {
760 printf("Initiating remote switch to 100k\n");
761
762 memset(out, 0, sizeof(out));
763
764 out[MSGID] = msgid++;
765 out[CTL] = 0x00;
766 out[TYPE] = 0xCB;
767 SET_SRC(out, my_hmid);
768 SET_DST(out, hmid);
769
770 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
771 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
772
773 if (!send_hm_message(&dev, &rdata, out)) {
774 exit(EXIT_FAILURE);
775 }
776
777 if (!switch_speed(&dev, &rdata, 100)) {
778 fprintf(stderr, "Can't switch speed!\n");
779 exit(EXIT_FAILURE);
780 }
781
782 printf("Has the device switched?\n");
783
784 memset(out, 0, sizeof(out));
785
786 out[MSGID] = msgid++;
787 out[CTL] = 0x20;
788 out[TYPE] = 0xCB;
789 SET_SRC(out, my_hmid);
790 SET_DST(out, hmid);
791
792 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
793 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
794
795 cnt = 3;
796 do {
797 if (send_hm_message(&dev, &rdata, out)) {
798 /* A0A02000221B9AD00000000 */
799 switched = 1;
800 break;
801 }
802 } while (cnt--);
803
804 if (!switched) {
805 printf("No!\n");
806
807 if (!switch_speed(&dev, &rdata, 10)) {
808 fprintf(stderr, "Can't switch speed!\n");
809 exit(EXIT_FAILURE);
810 }
811 }
812 } while ((!switched) && (switchcnt--));
813
814 if (!switched) {
815 fprintf(stderr, "Too many errors, giving up!\n");
816 exit(EXIT_FAILURE);
817 }
818
819 printf("Yes!\n");
820
821 printf("Flashing %d blocks", fw->fw_blocks);
822 if (debug) {
823 printf("\n");
824 } else {
825 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
826 fflush(stdout);
827 }
828
829 for (block = 0; block < fw->fw_blocks; block++) {
830 int first;
831
832 len = fw->fw[block][2] << 8;
833 len |= fw->fw[block][3];
834
835 pos = &(fw->fw[block][2]);
836
837 len += 2; /* length */
838
839 if (debug)
840 hexdump(pos, len, "F> ");
841
842 first = 1;
843 cnt = 0;
844 do {
845 int payloadlen = max_payloadlen - 2;
846 int ack = 0;
847
848 if (first) {
849 payloadlen = max_payloadlen;
850 first = 0;
851 }
852
853 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
854 payloadlen = (len - (pos - &(fw->fw[block][2])));
855
856 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
857 ack = 1;
858
859 memset(&rdata, 0, sizeof(rdata));
860
861 memset(out, 0, sizeof(out));
862
863 out[MSGID] = msgid;
864 if (ack)
865 out[CTL] = 0x20;
866 out[TYPE] = 0xCA;
867 SET_SRC(out, my_hmid);
868 SET_DST(out, hmid);
869
870 memcpy(&out[PAYLOAD], pos, payloadlen);
871 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
872
873 if (send_hm_message(&dev, &rdata, out)) {
874 pos += payloadlen;
875 } else {
876 pos = &(fw->fw[block][2]);
877 cnt++;
878 if (cnt == MAX_RETRIES) {
879 fprintf(stderr, "\nToo many errors, giving up!\n");
880 exit(EXIT_FAILURE);
881 } else {
882 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
883 }
884 }
885
886 msgnum++;
887
888 if (!debug) {
889 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
890 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
891 fflush(stdout);
892 }
893 } while((pos - &(fw->fw[block][2])) < len);
894 msgid++;
895 }
896
897 firmware_free(fw);
898
899 printf("\n");
900
901 if (!switch_speed(&dev, &rdata, 10)) {
902 fprintf(stderr, "Can't switch speed!\n");
903 exit(EXIT_FAILURE);
904 }
905
906 printf("Waiting for device to reboot\n");
907
908 cnt = 10;
909 do {
910 errno = 0;
911 switch(dev.type) {
912 case DEVICE_TYPE_CULFW:
913 pfd = culfw_poll(dev.culfw, 1000);
914 break;
915 case DEVICE_TYPE_HMCFGUSB:
916 default:
917 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
918 break;
919 }
920 if ((pfd < 0) && errno) {
921 if (errno != ETIMEDOUT) {
922 perror("\n\npoll");
923 exit(EXIT_FAILURE);
924 }
925 }
926 if (rdata.message_type == MESSAGE_TYPE_E) {
927 break;
928 }
929 } while(cnt--);
930
931 if (rdata.message_type == MESSAGE_TYPE_E) {
932 printf("Device rebooted\n");
933 }
934
935 switch(dev.type) {
936 case DEVICE_TYPE_HMCFGUSB:
937 hmcfgusb_close(dev.hmcfgusb);
938 hmcfgusb_exit();
939 break;
940 case DEVICE_TYPE_CULFW:
941 culfw_close(dev.culfw);
942 break;
943 }
944
945 return EXIT_SUCCESS;
946 }
HM-CFG-USB{,2} linux utilities
Impressum, Datenschutz