]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/flash.c
0756b2fa59387c5071bf1c82851ef31c7d608f61
[proxmark3-svn] / client / flash.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2010 Hector Martin "marcan" <marcan@marcansoft.com>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // ELF file flasher
9 //-----------------------------------------------------------------------------
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include "sleep.h"
15 #include "proxusb.h"
16 #include "flash.h"
17 #include "elf.h"
18 #include "proxendian.h"
19
20 //static uint32_t ExpectedAddr;
21 //static uint8_t QueuedToSend[256];
22
23 // TODO: what the fuckity fuck
24 unsigned int current_command = CMD_UNKNOWN;
25
26 #define FLASH_START 0x100000
27 #define FLASH_SIZE (256*1024)
28 #define FLASH_END (FLASH_START + FLASH_SIZE)
29 #define BOOTLOADER_SIZE 0x2000
30 #define BOOTLOADER_END (FLASH_START + BOOTLOADER_SIZE)
31
32 #define BLOCK_SIZE 0x100
33
34 static const uint8_t elf_ident[] = {
35 0x7f, 'E', 'L', 'F',
36 ELFCLASS32,
37 ELFDATA2LSB,
38 EV_CURRENT
39 };
40
41 // Turn PHDRs into flasher segments, checking for PHDR sanity and merging adjacent
42 // unaligned segments if needed
43 static int build_segs_from_phdrs(flash_file_t *ctx, FILE *fd, Elf32_Phdr *phdrs, int num_phdrs)
44 {
45 Elf32_Phdr *phdr = phdrs;
46 flash_seg_t *seg;
47 uint32_t last_end = 0;
48
49 ctx->segments = malloc(sizeof(flash_seg_t) * num_phdrs);
50 if (!ctx->segments) {
51 fprintf(stderr, "Out of memory\n");
52 return -1;
53 }
54 ctx->num_segs = 0;
55 seg = ctx->segments;
56
57 fprintf(stderr, "Loading usable ELF segments:\n");
58 for (int i = 0; i < num_phdrs; i++) {
59 if (le32(phdr->p_type) != PT_LOAD) {
60 phdr++;
61 continue;
62 }
63 uint32_t vaddr = le32(phdr->p_vaddr);
64 uint32_t paddr = le32(phdr->p_paddr);
65 uint32_t filesz = le32(phdr->p_filesz);
66 uint32_t memsz = le32(phdr->p_memsz);
67 uint32_t offset = le32(phdr->p_offset);
68 uint32_t flags = le32(phdr->p_flags);
69 if (!filesz) {
70 phdr++;
71 continue;
72 }
73 fprintf(stderr, "%d: V 0x%08x P 0x%08x (0x%08x->0x%08x) [%c%c%c] @0x%x\n",
74 i, vaddr, paddr, filesz, memsz,
75 flags & PF_R ? 'R' : ' ',
76 flags & PF_W ? 'W' : ' ',
77 flags & PF_X ? 'X' : ' ',
78 offset);
79 if (filesz != memsz) {
80 fprintf(stderr, "Error: PHDR file size does not equal memory size\n"
81 "(DATA+BSS PHDRs do not make sense on ROM platforms!)\n");
82 return -1;
83 }
84 if (paddr < last_end) {
85 fprintf(stderr, "Error: PHDRs not sorted or overlap\n");
86 return -1;
87 }
88 if (paddr < FLASH_START || (paddr+filesz) > FLASH_END) {
89 fprintf(stderr, "Error: PHDR is not contained in Flash\n");
90 return -1;
91 }
92 if (vaddr >= FLASH_START && vaddr < FLASH_END && (flags & PF_W)) {
93 fprintf(stderr, "Error: Flash VMA segment is writable\n");
94 return -1;
95 }
96
97 uint8_t *data;
98 // make extra space if we need to move the data forward
99 data = malloc(filesz + BLOCK_SIZE);
100 if (!data) {
101 fprintf(stderr, "Out of memory\n");
102 return -1;
103 }
104 if (fseek(fd, offset, SEEK_SET) < 0 || fread(data, 1, filesz, fd) != filesz) {
105 fprintf(stderr, "Error while reading PHDR payload\n");
106 free(data);
107 return -1;
108 }
109
110 uint32_t block_offset = paddr & (BLOCK_SIZE-1);
111 if (block_offset) {
112 if (ctx->num_segs) {
113 flash_seg_t *prev_seg = seg - 1;
114 uint32_t this_end = paddr + filesz;
115 uint32_t this_firstblock = paddr & ~(BLOCK_SIZE-1);
116 uint32_t prev_lastblock = (last_end - 1) & ~(BLOCK_SIZE-1);
117
118 if (this_firstblock == prev_lastblock) {
119 uint32_t new_length = this_end - prev_seg->start;
120 uint32_t this_offset = paddr - prev_seg->start;
121 uint32_t hole = this_offset - prev_seg->length;
122 uint8_t *new_data = malloc(new_length);
123 if (!new_data) {
124 fprintf(stderr, "Out of memory\n");
125 free(data);
126 return -1;
127 }
128 memset(new_data, 0xff, new_length);
129 memcpy(new_data, prev_seg->data, prev_seg->length);
130 memcpy(new_data + this_offset, data, filesz);
131 fprintf(stderr, "Note: Extending previous segment from 0x%x to 0x%x bytes\n",
132 prev_seg->length, new_length);
133 if (hole)
134 fprintf(stderr, "Note: 0x%x-byte hole created\n", hole);
135 free(data);
136 free(prev_seg->data);
137 prev_seg->data = new_data;
138 prev_seg->length = new_length;
139 last_end = this_end;
140 phdr++;
141 continue;
142 }
143 }
144 fprintf(stderr, "Warning: segment does not begin on a block boundary, will pad\n");
145 memmove(data + block_offset, data, filesz);
146 memset(data, 0xFF, block_offset);
147 filesz += block_offset;
148 paddr -= block_offset;
149 }
150
151 seg->data = data;
152 seg->start = paddr;
153 seg->length = filesz;
154 seg++;
155 ctx->num_segs++;
156
157 last_end = paddr + filesz;
158 phdr++;
159 }
160 return 0;
161 }
162
163 // Sanity check segments and check for bootloader writes
164 static int check_segs(flash_file_t *ctx, int can_write_bl) {
165 for (int i = 0; i < ctx->num_segs; i++) {
166 flash_seg_t *seg = &ctx->segments[i];
167
168 if (seg->start & (BLOCK_SIZE-1)) {
169 fprintf(stderr, "Error: Segment is not aligned\n");
170 return -1;
171 }
172 if (seg->start < FLASH_START) {
173 fprintf(stderr, "Error: Segment is outside of flash bounds\n");
174 return -1;
175 }
176 if (seg->start + seg->length > FLASH_END) {
177 fprintf(stderr, "Error: Segment is outside of flash bounds\n");
178 return -1;
179 }
180 if (!can_write_bl && seg->start < BOOTLOADER_END) {
181 fprintf(stderr, "Attempted to write bootloader but bootloader writes are not enabled\n");
182 return -1;
183 }
184 }
185 return 0;
186 }
187
188 // Load an ELF file and prepare it for flashing
189 int flash_load(flash_file_t *ctx, const char *name, int can_write_bl)
190 {
191 FILE *fd = NULL;
192 Elf32_Ehdr ehdr;
193 Elf32_Phdr *phdrs = NULL;
194 int num_phdrs;
195 int res;
196
197 fd = fopen(name, "rb");
198 if (!fd) {
199 fprintf(stderr, "Could not open file '%s': ", name);
200 perror(NULL);
201 goto fail;
202 }
203
204 fprintf(stderr, "Loading ELF file '%s'...\n", name);
205
206 if (fread(&ehdr, sizeof(ehdr), 1, fd) != 1) {
207 fprintf(stderr, "Error while reading ELF file header\n");
208 goto fail;
209 }
210 if (memcmp(ehdr.e_ident, elf_ident, sizeof(elf_ident))
211 || le32(ehdr.e_version) != 1)
212 {
213 fprintf(stderr, "Not an ELF file or wrong ELF type\n");
214 goto fail;
215 }
216 if (le16(ehdr.e_type) != ET_EXEC) {
217 fprintf(stderr, "ELF is not executable\n");
218 goto fail;
219 }
220 if (le16(ehdr.e_machine) != EM_ARM) {
221 fprintf(stderr, "Wrong ELF architecture\n");
222 goto fail;
223 }
224 if (!ehdr.e_phnum || !ehdr.e_phoff) {
225 fprintf(stderr, "ELF has no PHDRs\n");
226 goto fail;
227 }
228 if (le16(ehdr.e_phentsize) != sizeof(Elf32_Phdr)) {
229 // could be a structure padding issue...
230 fprintf(stderr, "Either the ELF file or this code is made of fail\n");
231 goto fail;
232 }
233 num_phdrs = le16(ehdr.e_phnum);
234
235 phdrs = malloc(le16(ehdr.e_phnum) * sizeof(Elf32_Phdr));
236 if (!phdrs) {
237 fprintf(stderr, "Out of memory\n");
238 goto fail;
239 }
240 if (fseek(fd, le32(ehdr.e_phoff), SEEK_SET) < 0) {
241 fprintf(stderr, "Error while reading ELF PHDRs\n");
242 goto fail;
243 }
244 if (fread(phdrs, sizeof(Elf32_Phdr), num_phdrs, fd) != num_phdrs) {
245 fprintf(stderr, "Error while reading ELF PHDRs\n");
246 goto fail;
247 }
248
249 res = build_segs_from_phdrs(ctx, fd, phdrs, num_phdrs);
250 if (res < 0)
251 goto fail;
252 res = check_segs(ctx, can_write_bl);
253 if (res < 0)
254 goto fail;
255
256 fclose(fd);
257 ctx->filename = name;
258 return 0;
259
260 fail:
261 if (phdrs)
262 free(phdrs);
263 if (fd)
264 fclose(fd);
265 flash_free(ctx);
266 return -1;
267 }
268
269 // Get the state of the proxmark, backwards compatible
270 static int get_proxmark_state(uint32_t *state)
271 {
272 UsbCommand c;
273 c.cmd = CMD_DEVICE_INFO;
274 SendCommand(&c);
275
276 UsbCommand resp;
277 ReceiveCommand(&resp);
278
279 // Three outcomes:
280 // 1. The old bootrom code will ignore CMD_DEVICE_INFO, but respond with an ACK
281 // 2. The old os code will respond with CMD_DEBUG_PRINT_STRING and "unknown command"
282 // 3. The new bootrom and os codes will respond with CMD_DEVICE_INFO and flags
283
284 switch (resp.cmd) {
285 case CMD_ACK:
286 *state = DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM;
287 break;
288 case CMD_DEBUG_PRINT_STRING:
289 *state = DEVICE_INFO_FLAG_CURRENT_MODE_OS;
290 break;
291 case CMD_DEVICE_INFO:
292 *state = resp.arg[0];
293 break;
294 default:
295 fprintf(stderr, "Error: Couldn't get proxmark state, bad response type: 0x%04x\n", resp.cmd);
296 return -1;
297 break;
298 }
299
300 return 0;
301 }
302
303 // Enter the bootloader to be able to start flashing
304 static int enter_bootloader(void)
305 {
306 uint32_t state;
307
308 if (get_proxmark_state(&state) < 0)
309 return -1;
310
311 if (state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) {
312 /* Already in flash state, we're done. */
313 return 0;
314 }
315
316 if (state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) {
317 fprintf(stderr,"Entering bootloader...\n");
318 UsbCommand c;
319 memset(&c, 0, sizeof (c));
320
321 if ((state & DEVICE_INFO_FLAG_BOOTROM_PRESENT)
322 && (state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT))
323 {
324 // New style handover: Send CMD_START_FLASH, which will reset the board
325 // and enter the bootrom on the next boot.
326 c.cmd = CMD_START_FLASH;
327 SendCommand(&c);
328 fprintf(stderr,"(Press and release the button only to abort)\n");
329 } else {
330 // Old style handover: Ask the user to press the button, then reset the board
331 c.cmd = CMD_HARDWARE_RESET;
332 SendCommand(&c);
333 fprintf(stderr,"Press and hold down button NOW if your bootloader requires it.\n");
334 }
335 fprintf(stderr,"Waiting for Proxmark to reappear on USB...");
336
337 CloseProxmark();
338 sleep(1);
339 while (!OpenProxmark(0)) {
340 sleep(1);
341 fprintf(stderr, ".");
342 }
343 fprintf(stderr," Found.\n");
344
345 return 0;
346 }
347
348 fprintf(stderr, "Error: Unknown Proxmark mode\n");
349 return -1;
350 }
351
352 static int wait_for_ack(void)
353 {
354 UsbCommand ack;
355 ReceiveCommand(&ack);
356 if (ack.cmd != CMD_ACK) {
357 printf("Error: Unexpected reply 0x%04x (expected ACK)\n", ack.cmd);
358 return -1;
359 }
360 return 0;
361 }
362
363 // Go into flashing mode
364 int flash_start_flashing(int enable_bl_writes)
365 {
366 uint32_t state;
367
368 if (enter_bootloader() < 0)
369 return -1;
370
371 if (get_proxmark_state(&state) < 0)
372 return -1;
373
374 if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) {
375 // This command is stupid. Why the heck does it care which area we're
376 // flashing, as long as it's not the bootloader area? The mind boggles.
377 UsbCommand c = {CMD_START_FLASH};
378
379 if (enable_bl_writes) {
380 c.arg[0] = FLASH_START;
381 c.arg[1] = FLASH_END;
382 c.arg[2] = START_FLASH_MAGIC;
383 } else {
384 c.arg[0] = BOOTLOADER_END;
385 c.arg[1] = FLASH_END;
386 c.arg[2] = 0;
387 }
388 SendCommand(&c);
389 return wait_for_ack();
390 } else {
391 fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
392 fprintf(stderr, " It is recommended that you update your bootloader\n\n");
393 }
394
395 return 0;
396 }
397
398 static int write_block(uint32_t address, uint8_t *data, uint32_t length)
399 {
400 uint8_t block_buf[BLOCK_SIZE];
401
402 memset(block_buf, 0xFF, BLOCK_SIZE);
403 memcpy(block_buf, data, length);
404
405 UsbCommand c = {CMD_SETUP_WRITE};
406 for (int i = 0; i < 240; i += 48) {
407 memcpy(c.d.asBytes, block_buf + i, 48);
408 c.arg[0] = i / 4;
409 SendCommand(&c);
410 if (wait_for_ack() < 0)
411 return -1;
412 }
413
414 c.cmd = CMD_FINISH_WRITE;
415 c.arg[0] = address;
416 memcpy(c.d.asBytes, block_buf+240, 16);
417 SendCommand(&c);
418 return wait_for_ack();
419 }
420
421 // Write a file's segments to Flash
422 int flash_write(flash_file_t *ctx)
423 {
424 fprintf(stderr, "Writing segments for file: %s\n", ctx->filename);
425 for (int i = 0; i < ctx->num_segs; i++) {
426 flash_seg_t *seg = &ctx->segments[i];
427
428 uint32_t length = seg->length;
429 uint32_t blocks = (length + BLOCK_SIZE - 1) / BLOCK_SIZE;
430 uint32_t end = seg->start + length;
431
432 fprintf(stderr, " 0x%08x..0x%08x [0x%x / %d blocks]",
433 seg->start, end - 1, length, blocks);
434
435 int block = 0;
436 uint8_t *data = seg->data;
437 uint32_t baddr = seg->start;
438
439 while (length) {
440 uint32_t block_size = length;
441 if (block_size > BLOCK_SIZE)
442 block_size = BLOCK_SIZE;
443
444 if (write_block(baddr, data, block_size) < 0) {
445 fprintf(stderr, " ERROR\n");
446 fprintf(stderr, "Error writing block %d of %d\n", block, blocks);
447 return -1;
448 }
449
450 data += block_size;
451 baddr += block_size;
452 length -= block_size;
453 block++;
454 fprintf(stderr, ".");
455 }
456 fprintf(stderr, " OK\n");
457 }
458 return 0;
459 }
460
461 // free a file context
462 void flash_free(flash_file_t *ctx)
463 {
464 if (!ctx)
465 return;
466 if (ctx->segments) {
467 for (int i = 0; i < ctx->num_segs; i++)
468 free(ctx->segments[i].data);
469 free(ctx->segments);
470 ctx->segments = NULL;
471 ctx->num_segs = 0;
472 }
473 }
474
475 // just reset the unit
476 int flash_stop_flashing(void) {
477 UsbCommand c = {CMD_HARDWARE_RESET};
478 SendCommand(&c);
479 return 0;
480 }
Impressum, Datenschutz