]> cvs.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
projects / hmcfgusb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
a few cleanups
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43
44 uint32_t hmid = 0;
45
46 enum message_type {
47 MESSAGE_TYPE_E,
48 MESSAGE_TYPE_R,
49 };
50
51 struct recv_data {
52 uint8_t message[64];
53 enum message_type message_type;
54 uint16_t status;
55 int speed;
56 };
57
58 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
59 {
60 struct recv_data *rdata = data;
61
62 if (buf_len < 1)
63 return 1;
64
65 switch (buf[0]) {
66 case 'E':
67 if ((!hmid) ||
68 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
69 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
70 (buf[0x13] == (hmid & 0xff)))) {
71 memset(rdata->message, 0, sizeof(rdata->message));
72 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
73 rdata->message_type = MESSAGE_TYPE_E;
74 }
75 break;
76 case 'R':
77 memset(rdata->message, 0, sizeof(rdata->message));
78 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
79 rdata->status = (buf[5] << 8) | buf[6];
80 rdata->message_type = MESSAGE_TYPE_R;
81 break;
82 case 'G':
83 rdata->speed = buf[1];
84 break;
85 default:
86 break;
87 }
88
89 if (buf_len != 1)
90 return 1;
91
92 return 1;
93 }
94
95 int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg)
96 {
97 static uint32_t id = 1;
98 struct timeval tv;
99 uint8_t out[0x40];
100 int pfd;
101
102 if (gettimeofday(&tv, NULL) == -1) {
103 perror("gettimeofay");
104 return 0;
105 }
106
107 memset(out, 0, sizeof(out));
108
109 out[0] = 'S';
110 out[1] = (id >> 24) & 0xff;
111 out[2] = (id >> 16) & 0xff;
112 out[3] = (id >> 8) & 0xff;
113 out[4] = id & 0xff;
114 out[10] = 0x01;
115 out[11] = (tv.tv_usec >> 24) & 0xff;
116 out[12] = (tv.tv_usec >> 16) & 0xff;
117 out[13] = (tv.tv_usec >> 8) & 0xff;
118 out[14] = tv.tv_usec & 0xff;
119
120
121 memcpy(&out[0x0f], msg, msg[0] + 1);
122
123 memset(rdata, 0, sizeof(struct recv_data));
124 hmcfgusb_send(dev, out, sizeof(out), 2);
125
126 while (1) {
127 if (rdata->message_type == MESSAGE_TYPE_R) {
128 if (((rdata->status & 0xff) == 0x01) ||
129 ((rdata->status & 0xff) == 0x02)) {
130 break;
131 } else {
132 fprintf(stderr, "\n\nInvalid status: %04x\n\n", rdata->status);
133 return 0;
134 }
135 }
136 errno = 0;
137 pfd = hmcfgusb_poll(dev, 1);
138 if ((pfd < 0) && errno) {
139 if (errno != ETIMEDOUT) {
140 perror("\n\nhmcfgusb_poll");
141 exit(EXIT_FAILURE);
142 }
143 }
144 }
145
146 id++;
147 return 1;
148 }
149
150 static int switch_speed(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t speed)
151 {
152 uint8_t out[0x40];
153 int pfd;
154
155 printf("Entering %uk-mode\n", speed);
156
157 memset(out, 0, sizeof(out));
158 out[0] = 'G';
159 out[1] = speed;
160
161 hmcfgusb_send(dev, out, sizeof(out), 2);
162
163 while (1) {
164 errno = 0;
165 pfd = hmcfgusb_poll(dev, 1);
166 if ((pfd < 0) && errno) {
167 if (errno != ETIMEDOUT) {
168 perror("\n\nhmcfgusb_poll");
169 exit(EXIT_FAILURE);
170 }
171 }
172 if (rdata->speed == speed)
173 break;
174 }
175
176 return 1;
177 }
178
179 int main(int argc, char **argv)
180 {
181 const char twiddlie[] = { '-', '\\', '|', '/' };
182 const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
183 struct hmcfgusb_dev *dev;
184 struct recv_data rdata;
185 uint8_t out[0x40];
186 uint8_t *pos;
187 uint8_t msgid = 0x1;
188 uint16_t len;
189 struct firmware *fw;
190 int block;
191 int pfd;
192 int debug = 0;
193 int cnt;
194 int switchcnt = 0;
195 int msgnum = 0;
196 int switched = 0;
197
198 printf("HomeMatic OTA flasher version " VERSION "\n\n");
199
200 if (argc != 3) {
201 if (argc == 1)
202 fprintf(stderr, "Missing firmware filename!\n\n");
203
204 if (argc == 2)
205 fprintf(stderr, "Missing serial!\n\n");
206
207 fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
208 exit(EXIT_FAILURE);
209 }
210
211 fw = firmware_read_firmware(argv[1], debug);
212 if (!fw)
213 exit(EXIT_FAILURE);
214
215 hmcfgusb_set_debug(debug);
216
217 memset(&rdata, 0, sizeof(rdata));
218
219 dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
220 if (!dev) {
221 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
222 exit(EXIT_FAILURE);
223 }
224
225 if (dev->bootloader) {
226 fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
227 exit(EXIT_FAILURE);
228 }
229
230 printf("\nHM-CFG-USB opened\n\n");
231
232 if (!switch_speed(dev, &rdata, 10)) {
233 fprintf(stderr, "Can't switch speed!\n");
234 exit(EXIT_FAILURE);
235 }
236
237 printf("Waiting for device with serial %s\n", argv[2]);
238
239 while (1) {
240 errno = 0;
241 pfd = hmcfgusb_poll(dev, 1);
242 if ((pfd < 0) && errno) {
243 if (errno != ETIMEDOUT) {
244 perror("\n\nhmcfgusb_poll");
245 exit(EXIT_FAILURE);
246 }
247 }
248
249 if ((rdata.message[LEN] == 0x14) && /* Length */
250 (rdata.message[MSGID] == 0x00) && /* Message ID */
251 (rdata.message[CTL] == 0x00) && /* Control Byte */
252 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
253 (DST(rdata.message) == 0x000000) && /* Broadcast */
254 (rdata.message[PAYLOAD] == 0x00) && /* FUP? */
255 (rdata.message[PAYLOAD+2] == 'E') &&
256 (rdata.message[PAYLOAD+3] == 'Q')) {
257 if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
258 hmid = SRC(rdata.message);
259 break;
260 }
261 }
262 }
263
264 printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);
265
266 printf("Adding HMID\n");
267
268 memset(out, 0, sizeof(out));
269 out[0] = '+';
270 out[1] = (hmid >> 16) & 0xff;
271 out[2] = (hmid >> 8) & 0xff;
272 out[3] = hmid & 0xff;
273
274 hmcfgusb_send(dev, out, sizeof(out), 2);
275
276 switchcnt = 3;
277 do {
278 printf("Initiating remote switch to 100k\n");
279
280 memset(out, 0, sizeof(out));
281
282 out[MSGID] = msgid++;
283 out[CTL] = 0x00;
284 out[TYPE] = 0xCB;
285 SET_SRC(out, 0x000000);
286 SET_DST(out, hmid);
287
288 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
289 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
290
291 if (!send_hm_message(dev, &rdata, out)) {
292 exit(EXIT_FAILURE);
293 }
294
295 if (!switch_speed(dev, &rdata, 100)) {
296 fprintf(stderr, "Can't switch speed!\n");
297 exit(EXIT_FAILURE);
298 }
299
300 printf("Has the device switched?\n");
301
302 memset(out, 0, sizeof(out));
303
304 out[MSGID] = msgid++;
305 out[CTL] = 0x20;
306 out[TYPE] = 0xCB;
307 SET_SRC(out, 0x000000);
308 SET_DST(out, hmid);
309
310 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
311 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
312
313 cnt = 3;
314 do {
315 if (send_hm_message(dev, &rdata, out)) {
316 /* A0A02000221B9AD00000000 */
317 switched = 1;
318 break;
319
320 }
321 } while (cnt--);
322
323 if (!switched) {
324 printf("No!\n");
325
326 if (!switch_speed(dev, &rdata, 10)) {
327 fprintf(stderr, "Can't switch speed!\n");
328 exit(EXIT_FAILURE);
329 }
330 }
331 } while ((!switched) && (switchcnt--));
332
333
334 printf("Yes!\n");
335
336 printf("Flashing %d blocks", fw->fw_blocks);
337 if (debug) {
338 printf("\n");
339 } else {
340 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
341 fflush(stdout);
342 }
343
344 for (block = 0; block < fw->fw_blocks; block++) {
345 int first;
346
347 len = fw->fw[block][2] << 8;
348 len |= fw->fw[block][3];
349
350 pos = &(fw->fw[block][2]);
351
352 len += 2; /* length */
353
354 if (debug)
355 hexdump(pos, len, "F> ");
356
357 first = 1;
358 cnt = 0;
359 do {
360 int payloadlen = 35;
361 int ack = 0;
362
363 if (first) {
364 payloadlen = 37;
365 first = 0;
366 }
367
368 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
369 payloadlen = (len - (pos - &(fw->fw[block][2])));
370
371 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
372 ack = 1;
373
374 memset(&rdata, 0, sizeof(rdata));
375
376 memset(out, 0, sizeof(out));
377
378 out[MSGID] = msgid;
379 if (ack)
380 out[CTL] = 0x20;
381 out[TYPE] = 0xCA;
382 SET_SRC(out, 0x000000);
383 SET_DST(out, hmid);
384
385 memcpy(&out[PAYLOAD], pos, payloadlen);
386 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
387
388 if (send_hm_message(dev, &rdata, out)) {
389 pos += payloadlen;
390 } else {
391 pos = &(fw->fw[block][2]);
392 cnt++;
393 if (cnt == 3) {
394 fprintf(stderr, "\nToo many errors, giving up!\n");
395 exit(EXIT_FAILURE);
396 } else {
397 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
398 }
399 }
400
401 msgnum++;
402
403 if (!debug) {
404 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
405 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
406 fflush(stdout);
407 }
408 } while((pos - &(fw->fw[block][2])) < len);
409 msgid++;
410 }
411
412 firmware_free(fw);
413
414 printf("\n");
415
416 if (!switch_speed(dev, &rdata, 10)) {
417 fprintf(stderr, "Can't switch speed!\n");
418 exit(EXIT_FAILURE);
419 }
420
421 printf("Waiting for device to reboot\n");
422
423 cnt = 10;
424 do {
425 errno = 0;
426 pfd = hmcfgusb_poll(dev, 1);
427 if ((pfd < 0) && errno) {
428 if (errno != ETIMEDOUT) {
429 perror("\n\nhmcfgusb_poll");
430 exit(EXIT_FAILURE);
431 }
432 }
433 if (rdata.message_type == MESSAGE_TYPE_E) {
434 break;
435 }
436 } while(cnt--);
437
438 if (rdata.message_type == MESSAGE_TYPE_E) {
439 printf("Device rebooted\n");
440 }
441
442 hmcfgusb_close(dev);
443
444 return EXIT_SUCCESS;
445 }
HM-CFG-USB{,2} linux utilities
Impressum, Datenschutz