]> git.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
projects / hmcfgusb / blob
? search:


55748f9b829882812fd57fb9fd0e328c85ca9202
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014-16 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "hmuartlgw.h"
45 #include "util.h"
46
47 #define MAX_RETRIES 5
48 #define NORMAL_MAX_PAYLOAD 37
49 #define LOWER_MAX_PAYLOAD 17
50
51 extern char *optarg;
52
53 uint32_t hmid = 0;
54 uint32_t my_hmid = 0;
55 uint8_t key[16] = {0};
56 int32_t kNo = -1;
57
58 /* Maximum payloadlen supported by IO */
59 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
60
61 enum message_type {
62 MESSAGE_TYPE_E = 1,
63 MESSAGE_TYPE_R = 2,
64 };
65
66 enum hmuartlgw_state {
67 HMUARTLGW_STATE_GET_HMID,
68 HMUARTLGW_STATE_GET_FIRMWARE,
69 HMUARTLGW_STATE_GET_CREDITS,
70 HMUARTLGW_STATE_DONE,
71 HMUARTLGW_STATE_WAIT_APP,
72 HMUARTLGW_STATE_ACK_APP,
73 };
74
75 struct recv_data {
76 uint8_t message[64];
77 enum message_type message_type;
78 uint16_t status;
79 int speed;
80 uint16_t version;
81 uint8_t credits;
82 enum hmuartlgw_state uartlgw_state;
83 uint8_t uartlgw_version[3];
84 };
85
86 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
87 {
88 struct recv_data *rdata = data;
89
90 if (buf_len < 1)
91 return 1;
92
93 switch (buf[0]) {
94 case 'E':
95 if ((!hmid) ||
96 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
97 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
98 (buf[0x13] == (hmid & 0xff)))) {
99 memset(rdata->message, 0, sizeof(rdata->message));
100 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
101 rdata->message_type = MESSAGE_TYPE_E;
102 }
103 break;
104 case 'R':
105 memset(rdata->message, 0, sizeof(rdata->message));
106 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
107 rdata->status = (buf[5] << 8) | buf[6];
108 rdata->message_type = MESSAGE_TYPE_R;
109 break;
110 case 'G':
111 rdata->speed = buf[1];
112 break;
113 case 'H':
114 rdata->version = (buf[11] << 8) | buf[12];
115 rdata->credits = buf[36];
116 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
117 break;
118 default:
119 break;
120 }
121
122 if (buf_len != 1)
123 return 1;
124
125 return 1;
126 }
127
128 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
129 {
130 struct recv_data *rdata = data;
131 int pos = 0;
132
133 memset(rdata, 0, sizeof(struct recv_data));
134
135 if (buf_len <= 3)
136 return 0;
137
138 switch(buf[0]) {
139 case 'A':
140 if (buf[1] == 's')
141 return 0;
142
143 while(validate_nibble(buf[(pos * 2) + 1]) &&
144 validate_nibble(buf[(pos * 2) + 2]) &&
145 (pos + 1 < buf_len)) {
146 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
147 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
148 pos++;
149 }
150
151 if (hmid && (SRC(rdata->message) != hmid))
152 return 0;
153
154 rdata->message_type = MESSAGE_TYPE_E;
155 break;
156 case 'V':
157 {
158 uint8_t v;
159 char *s;
160 char *e;
161
162 s = ((char*)buf) + 2;
163 e = strchr(s, '.');
164 if (!e) {
165 fprintf(stderr, "Unknown response from CUL: %s", buf);
166 return 0;
167 }
168 *e = '\0';
169 v = atoi(s);
170 rdata->version = v << 8;
171
172 s = e + 1;
173 e = strchr(s, ' ');
174 if (!e) {
175 fprintf(stderr, "Unknown response from CUL: %s", buf);
176 return 0;
177 }
178 *e = '\0';
179 v = atoi(s);
180 rdata->version |= v;
181
182 s = e + 1;
183 e = strchr(s, ' ');
184 if (!e) {
185 break;
186 }
187 *e = '\0';
188 if (!strcmp(s, "a-culfw")) {
189 rdata->version = 0xffff;
190 }
191 }
192 break;
193 case 'E':
194 {
195 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
196 fprintf(stderr, "CCA didn't complete, too much traffic\n");
197 }
198 break;
199 }
200 default:
201 fprintf(stderr, "Unknown response from CUL: %s", buf);
202 return 0;
203 break;
204 }
205
206 return 1;
207 }
208
209 static int parse_hmuartlgw(enum hmuartlgw_dst dst, uint8_t *buf, int buf_len, void *data)
210 {
211 struct recv_data *rdata = data;
212
213 if (dst == HMUARTLGW_OS) {
214 switch (rdata->uartlgw_state) {
215 case HMUARTLGW_STATE_GET_FIRMWARE:
216 if (buf[0] == HMUARTLGW_OS_ACK) {
217 rdata->uartlgw_version[0] = buf[5];
218 rdata->uartlgw_version[1] = buf[6];
219 rdata->uartlgw_version[2] = buf[7];
220 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
221 }
222 break;
223 case HMUARTLGW_STATE_GET_CREDITS:
224 if (buf[0] == HMUARTLGW_OS_ACK) {
225 rdata->credits = buf[2] / 2;
226 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
227 }
228 break;
229 default:
230 break;
231 }
232 return 0;
233 }
234
235 switch(buf[0]) {
236 case HMUARTLGW_APP_ACK:
237 if (rdata->uartlgw_state == HMUARTLGW_STATE_GET_HMID) {
238 my_hmid = (buf[4] << 16) | (buf[5] << 8) | buf[6];
239 }
240
241 rdata->status = buf[1];
242 rdata->message_type = MESSAGE_TYPE_R;
243 rdata->uartlgw_state = HMUARTLGW_STATE_ACK_APP;
244 #if 0
245 hexdump(buf, buf_len, "ACK Status: ");
246 #endif
247
248 break;
249 case HMUARTLGW_APP_RECV:
250 if ((!hmid) ||
251 ((buf[7] == ((hmid >> 16) & 0xff)) &&
252 (buf[8] == ((hmid >> 8) & 0xff)) &&
253 (buf[9] == (hmid & 0xff)))) {
254 memset(rdata->message, 0, sizeof(rdata->message));
255 memcpy(rdata->message + 1, buf + 4, buf_len - 4);
256 rdata->message[LEN] = buf_len - 4;
257 rdata->message_type = MESSAGE_TYPE_E;
258 }
259 break;
260 default:
261 break;
262 }
263
264 return 1;
265 }
266
267 int send_wait_hmuartlgw(struct hm_dev *dev, struct recv_data *rdata, uint8_t *data, int data_len,
268 enum hmuartlgw_dst dst, enum hmuartlgw_state srcstate,
269 enum hmuartlgw_state dststate)
270 {
271 int cnt = 5;
272
273 do {
274 rdata->uartlgw_state = srcstate;
275 hmuartlgw_send(dev->hmuartlgw, data, data_len, dst);
276 do { hmuartlgw_poll(dev->hmuartlgw, 500); } while (rdata->uartlgw_state != dststate);
277 if (rdata->status != HMUARTLGW_ACK_EINPROGRESS)
278 break;
279 usleep(200*1000);
280 } while (cnt--);
281 if (rdata->status == HMUARTLGW_ACK_EINPROGRESS) {
282 fprintf(stderr, "IO thinks it is busy, you might have to reset it!\n");
283 return 0;
284 }
285
286 return 1;
287 }
288
289 int send_hm_message(struct hm_dev *dev, struct recv_data *rdata, uint8_t *msg)
290 {
291 static uint32_t id = 1;
292 struct timeval tv;
293 uint8_t out[0x40];
294 int pfd;
295
296 switch(dev->type) {
297 case DEVICE_TYPE_HMCFGUSB:
298 if (gettimeofday(&tv, NULL) == -1) {
299 perror("gettimeofay");
300 return 0;
301 }
302
303 memset(out, 0, sizeof(out));
304
305 out[0] = 'S';
306 out[1] = (id >> 24) & 0xff;
307 out[2] = (id >> 16) & 0xff;
308 out[3] = (id >> 8) & 0xff;
309 out[4] = id & 0xff;
310 out[10] = 0x01;
311 out[11] = (tv.tv_usec >> 24) & 0xff;
312 out[12] = (tv.tv_usec >> 16) & 0xff;
313 out[13] = (tv.tv_usec >> 8) & 0xff;
314 out[14] = tv.tv_usec & 0xff;
315
316 memcpy(&out[0x0f], msg, msg[0] + 1);
317
318 memset(rdata, 0, sizeof(struct recv_data));
319 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
320
321 while (1) {
322 if (rdata->message_type == MESSAGE_TYPE_R) {
323 if (((rdata->status & 0xdf) == 0x01) ||
324 ((rdata->status & 0xdf) == 0x02)) {
325 break;
326 } else {
327 if ((rdata->status & 0xff00) == 0x0400) {
328 fprintf(stderr, "\nOut of credits!\n");
329 } else if ((rdata->status & 0xff) == 0x08) {
330 fprintf(stderr, "\nMissing ACK!\n");
331 } else if ((rdata->status & 0xff) == 0x30) {
332 fprintf(stderr, "\nUnknown AES-key requested!\n");
333 } else {
334 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
335 }
336 return 0;
337 }
338 }
339 errno = 0;
340 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
341 if ((pfd < 0) && errno) {
342 if (errno != ETIMEDOUT) {
343 perror("\n\nhmcfgusb_poll");
344 exit(EXIT_FAILURE);
345 }
346 }
347 }
348 break;
349 case DEVICE_TYPE_CULFW:
350 {
351 char buf[256];
352 int i;
353
354 memset(buf, 0, sizeof(buf));
355 buf[0] = 'A';
356 buf[1] = 's';
357 for (i = 0; i < msg[0] + 1; i++) {
358 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
359 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
360 }
361 buf[2 + (i * 2) ] = '\r';
362 buf[2 + (i * 2) + 1] = '\n';
363
364 memset(rdata, 0, sizeof(struct recv_data));
365 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
366 fprintf(stderr, "culfw_send failed!\n");
367 exit(EXIT_FAILURE);
368 }
369
370 if (msg[CTL] & 0x20) {
371 int cnt = 5;
372 int pfd;
373 do {
374 errno = 0;
375 pfd = culfw_poll(dev->culfw, 200);
376 if ((pfd < 0) && errno) {
377 if (errno != ETIMEDOUT) {
378 perror("\n\nculfw_poll");
379 exit(EXIT_FAILURE);
380 }
381 }
382 if (rdata->message_type == MESSAGE_TYPE_E) {
383 if (rdata->message[TYPE] == 0x02) {
384 if (rdata->message[PAYLOAD] == 0x04) {
385 int32_t req_kNo;
386 uint8_t challenge[6];
387 uint8_t respbuf[16];
388 uint8_t *resp;
389
390 req_kNo = rdata->message[rdata->message[LEN]] / 2;
391 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
392
393 if (req_kNo != kNo) {
394 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
395 } else {
396 resp = hm_sign(key, challenge, msg, NULL, respbuf);
397 if (resp) {
398 uint8_t rbuf[64];
399
400 memset(rbuf, 0, sizeof(rbuf));
401 rbuf[MSGID] = rdata->message[MSGID];
402 rbuf[CTL] = rdata->message[CTL];
403 rbuf[TYPE] = 0x03;
404 SET_SRC(rbuf, DST(rdata->message));
405 SET_DST(rbuf, SRC(rdata->message));
406 memcpy(&(rbuf[PAYLOAD]), resp, 16);
407 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
408
409 usleep(110000); /* Determined by a fair dice roll */
410 return send_hm_message(dev, rdata, rbuf);
411 }
412 }
413 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
414 fprintf(stderr, "NACK\n");
415 } else { /* ACK or ACKinfo */
416 break;
417 }
418 } else {
419 fprintf(stderr, "Unexpected message received: ");
420 for (i = 0; i < rdata->message[LEN]; i++) {
421 fprintf(stderr, "%02x", rdata->message[i+1]);
422 }
423 fprintf(stderr, "\n");
424 }
425 }
426 } while(cnt--);
427
428 if (cnt == -1) {
429 fprintf(stderr, "\nMissing ACK!\n");
430 return 0;
431 }
432 }
433 }
434 break;
435 case DEVICE_TYPE_HMUARTLGW:
436 memset(out, 0, sizeof(out));
437
438 out[0] = HMUARTLGW_APP_SEND;
439 out[1] = 0x00;
440 out[2] = 0x00;
441 out[3] = (msg[CTL] & 0x10) ? 0x01 : 0x00; /* Burst?! */
442 memcpy(&out[4], &msg[1], msg[0]);
443
444 memset(rdata, 0, sizeof(struct recv_data));
445 hmuartlgw_send(dev->hmuartlgw, out, msg[0] + 4, HMUARTLGW_APP);
446
447 while (1) {
448 if (rdata->message_type == MESSAGE_TYPE_R) {
449 if ((rdata->status == 0x02) ||
450 (rdata->status == 0x03) ||
451 (rdata->status == 0x0c)) {
452 break;
453 } else {
454 if (rdata->status == 0x0d) {
455 fprintf(stderr, "\nAES handshake failed!\n");
456 } else if (rdata->status == 0x04 || rdata->status == 0x06) {
457 fprintf(stderr, "\nMissing ACK!\n");
458 } else {
459 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
460 }
461 return 0;
462 }
463 }
464 errno = 0;
465 pfd = hmuartlgw_poll(dev->hmuartlgw, 1000);
466 if ((pfd < 0) && errno) {
467 if (errno != ETIMEDOUT) {
468 perror("\n\nhmcfgusb_poll");
469 exit(EXIT_FAILURE);
470 }
471 }
472 }
473 break;
474 }
475
476 id++;
477 return 1;
478 }
479
480 static int switch_speed(struct hm_dev *dev, struct recv_data *rdata, uint8_t speed)
481 {
482 uint8_t out[0x40];
483 int pfd;
484
485 printf("Entering %uk-mode\n", speed);
486
487 switch(dev->type) {
488 case DEVICE_TYPE_HMCFGUSB:
489 memset(out, 0, sizeof(out));
490 out[0] = 'G';
491 out[1] = speed;
492
493 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
494
495 while (1) {
496 errno = 0;
497 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
498 if ((pfd < 0) && errno) {
499 if (errno != ETIMEDOUT) {
500 perror("\n\nhmcfgusb_poll");
501 exit(EXIT_FAILURE);
502 }
503 }
504 if (rdata->speed == speed)
505 break;
506 }
507 break;
508 case DEVICE_TYPE_CULFW:
509 if (speed == 100) {
510 return culfw_send(dev->culfw, "AR\r\n", 4);
511 } else {
512 return culfw_send(dev->culfw, "Ar\r\n", 4);
513 }
514 break;
515 case DEVICE_TYPE_HMUARTLGW:
516 if (speed == 100) {
517 out[0] = HMUARTLGW_OS_UPDATE_MODE;
518 out[1] = 0xe9;
519 out[2] = 0xca;
520 hmuartlgw_send(dev->hmuartlgw, out, 3, HMUARTLGW_OS);
521 } else {
522 out[0] = HMUARTLGW_OS_NORMAL_MODE;
523 hmuartlgw_send(dev->hmuartlgw, out, 1, HMUARTLGW_OS);
524 }
525 break;
526 }
527
528 return 1;
529 }
530
531 void flash_ota_syntax(char *prog)
532 {
533 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
534 fprintf(stderr, "Mandatory parameters:\n");
535 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
536 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
537 fprintf(stderr, "\nOptional parameters:\n");
538 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
539 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
540 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
541 fprintf(stderr, "\t-S serial\tuse HM-CFG-USB with given serial\n");
542 fprintf(stderr, "\t-U device\tuse HM-MOD-UART on given device\n");
543 fprintf(stderr, "\t-h\t\tthis help\n");
544 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
545 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
546 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
547 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
548 }
549
550 int main(int argc, char **argv)
551 {
552 const char twiddlie[] = { '-', '\\', '|', '/' };
553 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
554 char *fw_file = NULL;
555 char *serial = NULL;
556 char *culfw_dev = NULL;
557 char *endptr = NULL;
558 unsigned int bps = DEFAULT_CUL_BPS;
559 struct hm_dev dev;
560 struct recv_data rdata;
561 uint8_t out[0x40];
562 uint8_t *pos;
563 uint8_t msgid = 0x1;
564 uint16_t len;
565 struct firmware *fw;
566 char *hmcfgusb_serial = NULL;
567 char *uart = NULL;
568 int block;
569 int pfd;
570 int debug = 0;
571 int cnt;
572 int switchcnt = 0;
573 int msgnum = 0;
574 int switched = 0;
575 int opt;
576
577 printf("HomeMatic OTA flasher version " VERSION "\n\n");
578
579 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:S:U:")) != -1) {
580 switch (opt) {
581 case 'b':
582 bps = atoi(optarg);
583 break;
584 case 'c':
585 culfw_dev = optarg;
586 break;
587 case 'f':
588 fw_file = optarg;
589 break;
590 case 'l':
591 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
592 max_payloadlen = LOWER_MAX_PAYLOAD;
593 break;
594 case 's':
595 serial = optarg;
596 break;
597 case 'C':
598 my_hmid = strtoul(optarg, &endptr, 16);
599 if (*endptr != '\0') {
600 fprintf(stderr, "Invalid central HMID!\n\n");
601 flash_ota_syntax(argv[0]);
602 exit(EXIT_FAILURE);
603 }
604 break;
605 case 'D':
606 hmid = strtoul(optarg, &endptr, 16);
607 if (*endptr != '\0') {
608 fprintf(stderr, "Invalid device HMID!\n\n");
609 flash_ota_syntax(argv[0]);
610 exit(EXIT_FAILURE);
611 }
612 break;
613 case 'K':
614 kNo = strtoul(optarg, &endptr, 10);
615 if (*endptr != ':') {
616 fprintf(stderr, "Invalid key number!\n\n");
617 flash_ota_syntax(argv[0]);
618 exit(EXIT_FAILURE);
619 }
620 endptr++;
621 for (cnt = 0; cnt < 16; cnt++) {
622 if (*endptr == '\0' || *(endptr+1) == '\0' ||
623 !validate_nibble(*endptr) ||
624 !validate_nibble(*(endptr+1))) {
625 fprintf(stderr, "Invalid key!\n\n");
626 flash_ota_syntax(argv[0]);
627 exit(EXIT_FAILURE);
628 }
629 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
630 endptr += 2;
631 }
632 break;
633 case 'S':
634 hmcfgusb_serial = optarg;
635 break;
636 case 'U':
637 uart = optarg;
638 break;
639 case 'h':
640 case ':':
641 case '?':
642 default:
643 flash_ota_syntax(argv[0]);
644 exit(EXIT_FAILURE);
645 break;
646
647 }
648 }
649
650 if (!fw_file || (!serial && !hmid)) {
651 flash_ota_syntax(argv[0]);
652 exit(EXIT_FAILURE);
653 }
654
655 fw = firmware_read_firmware(fw_file, debug);
656 if (!fw)
657 exit(EXIT_FAILURE);
658
659 memset(&rdata, 0, sizeof(rdata));
660 memset(&dev, 0, sizeof(struct hm_dev));
661
662 if (culfw_dev) {
663 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
664 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
665 if (!dev.culfw) {
666 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
667 exit(EXIT_FAILURE);
668 }
669 dev.type = DEVICE_TYPE_CULFW;
670
671 printf("Requesting firmware version\n");
672 culfw_send(dev.culfw, "\r\n", 2);
673 culfw_flush(dev.culfw);
674
675 while (1) {
676 culfw_send(dev.culfw, "V\r\n", 3);
677
678 errno = 0;
679 pfd = culfw_poll(dev.culfw, 1000);
680 if ((pfd < 0) && errno) {
681 if (errno != ETIMEDOUT) {
682 perror("\n\nhmcfgusb_poll");
683 exit(EXIT_FAILURE);
684 }
685 }
686 if (rdata.version)
687 break;
688 }
689
690 printf("culfw-device firmware version: ");
691 if (rdata.version != 0xffff) {
692 printf("%u.%02u\n",
693 (rdata.version >> 8) & 0xff,
694 rdata.version & 0xff);
695 } else {
696 printf("a-culfw\n");
697 }
698
699 if (rdata.version < 0x013a) {
700 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
701 exit(EXIT_FAILURE);
702 }
703 } else if (uart) {
704 uint32_t new_hmid = my_hmid;
705
706 hmuartlgw_set_debug(debug);
707 hmuartlgw_set_debug(1);
708
709 dev.hmuartlgw = hmuart_init(uart, parse_hmuartlgw, &rdata);
710 if (!dev.hmuartlgw) {
711 fprintf(stderr, "Can't initialize HM-MOD-UART\n");
712 exit(EXIT_FAILURE);
713 }
714 dev.type = DEVICE_TYPE_HMUARTLGW;
715
716 out[0] = HMUARTLGW_APP_GET_HMID;
717 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_APP, HMUARTLGW_STATE_GET_HMID, HMUARTLGW_STATE_ACK_APP);
718
719 out[0] = HMUARTLGW_OS_GET_FIRMWARE;
720 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_OS, HMUARTLGW_STATE_GET_FIRMWARE, HMUARTLGW_STATE_DONE);
721
722 out[0] = HMUARTLGW_OS_GET_CREDITS;
723 send_wait_hmuartlgw(&dev, &rdata, out, 1, HMUARTLGW_OS, HMUARTLGW_STATE_GET_CREDITS, HMUARTLGW_STATE_DONE);
724
725 printf("HM-MOD-UART firmware version: %u.%u.%u, used credits: %u%%\n",
726 rdata.uartlgw_version[0],
727 rdata.uartlgw_version[1],
728 rdata.uartlgw_version[2],
729 rdata.credits);
730
731 if (rdata.credits >= 40) {
732 printf("\nRebooting HM-MOD-UART to avoid running out of credits\n");
733
734 hmuartlgw_enter_bootloader(dev.hmuartlgw);
735 hmuartlgw_enter_app(dev.hmuartlgw);
736 }
737
738 printf("\nHM-MOD-UART opened\n\n");
739
740 if (new_hmid && (my_hmid != new_hmid)) {
741 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
742
743 out[0] = HMUARTLGW_APP_SET_HMID;
744 out[1] = (new_hmid >> 16) & 0xff;
745 out[2] = (new_hmid >> 8) & 0xff;
746 out[3] = new_hmid & 0xff;
747 send_wait_hmuartlgw(&dev, &rdata, out, 4, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
748
749 my_hmid = new_hmid;
750 }
751
752 if (kNo > 0) {
753 printf("Setting AES-key\n");
754
755 memset(out, 0, sizeof(out));
756 out[0] = HMUARTLGW_APP_SET_CURRENT_KEY;
757 memcpy(&(out[1]), key, 16);
758 out[17] = kNo;
759 send_wait_hmuartlgw(&dev, &rdata, out, 18, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
760
761 memset(out, 0, sizeof(out));
762 out[0] = HMUARTLGW_APP_SET_OLD_KEY;
763 memcpy(&(out[1]), key, 16);
764 out[17] = kNo;
765 send_wait_hmuartlgw(&dev, &rdata, out, 18, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
766 }
767 } else {
768 uint32_t new_hmid = my_hmid;
769
770 hmcfgusb_set_debug(debug);
771
772 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial);
773 if (!dev.hmcfgusb) {
774 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
775 exit(EXIT_FAILURE);
776 }
777 dev.type = DEVICE_TYPE_HMCFGUSB;
778
779 memset(out, 0, sizeof(out));
780 out[0] = 'K';
781 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
782
783 while (1) {
784 errno = 0;
785 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
786 if ((pfd < 0) && errno) {
787 if (errno != ETIMEDOUT) {
788 perror("\n\nhmcfgusb_poll");
789 exit(EXIT_FAILURE);
790 }
791 }
792 if (rdata.version)
793 break;
794 }
795
796 if (rdata.version < 0x3c7) {
797 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
798 exit(EXIT_FAILURE);
799 }
800
801 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
802
803 if (rdata.credits >= 40) {
804 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
805
806 if (!dev.hmcfgusb->bootloader) {
807 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
808 printf("Waiting for device to reappear...\n");
809
810 do {
811 if (dev.hmcfgusb) {
812 if (!dev.hmcfgusb->bootloader)
813 hmcfgusb_enter_bootloader(dev.hmcfgusb);
814 hmcfgusb_close(dev.hmcfgusb);
815 }
816 sleep(1);
817 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (!dev.hmcfgusb->bootloader));
818 }
819
820 if (dev.hmcfgusb->bootloader) {
821 printf("HM-CFG-USB in bootloader mode, rebooting\n");
822
823 do {
824 if (dev.hmcfgusb) {
825 if (dev.hmcfgusb->bootloader)
826 hmcfgusb_leave_bootloader(dev.hmcfgusb);
827 hmcfgusb_close(dev.hmcfgusb);
828 }
829 sleep(1);
830 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (dev.hmcfgusb->bootloader));
831 }
832 }
833
834 printf("\n\nHM-CFG-USB opened\n\n");
835
836 if (new_hmid && (my_hmid != new_hmid)) {
837 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
838
839 memset(out, 0, sizeof(out));
840 out[0] = 'A';
841 out[1] = (new_hmid >> 16) & 0xff;
842 out[2] = (new_hmid >> 8) & 0xff;
843 out[3] = new_hmid & 0xff;
844
845 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
846
847 my_hmid = new_hmid;
848 }
849
850 if (kNo > 0) {
851 printf("Setting AES-key\n");
852
853 memset(out, 0, sizeof(out));
854 out[0] = 'Y';
855 out[1] = 0x01;
856 out[2] = kNo;
857 out[3] = sizeof(key);
858 memcpy(&(out[4]), key, sizeof(key));
859 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
860
861 memset(out, 0, sizeof(out));
862 out[0] = 'Y';
863 out[1] = 0x02;
864 out[2] = 0x00;
865 out[3] = 0x00;
866 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
867
868 memset(out, 0, sizeof(out));
869 out[0] = 'Y';
870 out[1] = 0x03;
871 out[2] = 0x00;
872 out[3] = 0x00;
873 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
874 }
875 }
876
877 if (!switch_speed(&dev, &rdata, 10)) {
878 fprintf(stderr, "Can't switch speed!\n");
879 exit(EXIT_FAILURE);
880 }
881
882 if (hmid && my_hmid) {
883 switch (dev.type) {
884 case DEVICE_TYPE_HMCFGUSB:
885 printf("Adding HMID\n");
886
887 memset(out, 0, sizeof(out));
888 out[0] = '+';
889 out[1] = (hmid >> 16) & 0xff;
890 out[2] = (hmid >> 8) & 0xff;
891 out[3] = hmid & 0xff;
892
893 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
894 break;
895 case DEVICE_TYPE_HMUARTLGW:
896 printf("Adding HMID\n");
897
898 memset(out, 0, sizeof(out));
899 out[0] = HMUARTLGW_APP_ADD_PEER;
900 out[1] = (hmid >> 16) & 0xff;
901 out[2] = (hmid >> 8) & 0xff;
902 out[3] = hmid & 0xff;
903 out[4] = (kNo > 0) ? kNo : 0x00; /* KeyIndex */
904 out[5] = 0x00; /* WakeUp? */
905 out[6] = 0x00; /* WakeUp? */
906
907 send_wait_hmuartlgw(&dev, &rdata, out, 7, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
908
909 break;
910 }
911 printf("Sending device with hmid %06x to bootloader\n", hmid);
912 out[CTL] = 0x30;
913 out[TYPE] = 0x11;
914 SET_SRC(out, my_hmid);
915 SET_DST(out, hmid);
916 out[PAYLOAD] = 0xCA;
917 SET_LEN_FROM_PAYLOADLEN(out, 1);
918
919 cnt = 3;
920 do {
921 out[MSGID] = msgid++;
922 if (send_hm_message(&dev, &rdata, out)) {
923 break;
924 }
925 } while (cnt--);
926 if (cnt == -1) {
927 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
928 }
929 }
930
931 if (serial) {
932 printf("Waiting for device with serial %s\n", serial);
933 } else {
934 printf("Waiting for device with HMID %06x\n", hmid);
935 }
936
937 while (1) {
938 errno = 0;
939 switch (dev.type) {
940 case DEVICE_TYPE_CULFW:
941 pfd = culfw_poll(dev.culfw, 1000);
942 break;
943 case DEVICE_TYPE_HMCFGUSB:
944 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
945 break;
946 case DEVICE_TYPE_HMUARTLGW:
947 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
948 break;
949 default:
950 pfd = -1;
951 break;
952 }
953
954 if ((pfd < 0) && errno) {
955 if (errno != ETIMEDOUT) {
956 perror("\n\npoll");
957 exit(EXIT_FAILURE);
958 }
959 }
960
961 if ((rdata.message[LEN] == 0x14) && /* Length */
962 (rdata.message[MSGID] == 0x00) && /* Message ID */
963 (rdata.message[CTL] == 0x00) && /* Control Byte */
964 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
965 (DST(rdata.message) == 0x000000) && /* Broadcast */
966 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
967 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
968 hmid = SRC(rdata.message);
969 break;
970 } else if (!serial && SRC(rdata.message) == hmid) {
971 serial = (char*)&(rdata.message[0x0b]);
972 break;
973 }
974 }
975 }
976
977 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
978
979 switch (dev.type) {
980 case DEVICE_TYPE_HMCFGUSB:
981 printf("Adding HMID\n");
982
983 memset(out, 0, sizeof(out));
984 out[0] = '+';
985 out[1] = (hmid >> 16) & 0xff;
986 out[2] = (hmid >> 8) & 0xff;
987 out[3] = hmid & 0xff;
988
989 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
990 break;
991 case DEVICE_TYPE_HMUARTLGW:
992 printf("Adding HMID\n");
993
994 memset(out, 0, sizeof(out));
995 out[0] = HMUARTLGW_APP_ADD_PEER;
996 out[1] = (hmid >> 16) & 0xff;
997 out[2] = (hmid >> 8) & 0xff;
998 out[3] = hmid & 0xff;
999 out[4] = 0x00; /* KeyIndex */
1000 out[5] = 0x00; /* WakeUp? */
1001 out[6] = 0x00; /* WakeUp? */
1002
1003 send_wait_hmuartlgw(&dev, &rdata, out, 7, HMUARTLGW_APP, HMUARTLGW_STATE_WAIT_APP, HMUARTLGW_STATE_ACK_APP);
1004
1005 break;
1006 }
1007
1008 switchcnt = 3;
1009 do {
1010 printf("Initiating remote switch to 100k\n");
1011
1012 memset(out, 0, sizeof(out));
1013
1014 out[MSGID] = msgid++;
1015 out[CTL] = 0x00;
1016 out[TYPE] = 0xCB;
1017 SET_SRC(out, my_hmid);
1018 SET_DST(out, hmid);
1019
1020 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1021 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
1022
1023 if (!send_hm_message(&dev, &rdata, out)) {
1024 exit(EXIT_FAILURE);
1025 }
1026
1027 if (!switch_speed(&dev, &rdata, 100)) {
1028 fprintf(stderr, "Can't switch speed!\n");
1029 exit(EXIT_FAILURE);
1030 }
1031
1032 printf("Has the device switched?\n");
1033
1034 memset(out, 0, sizeof(out));
1035
1036 out[MSGID] = msgid++;
1037 out[CTL] = 0x20;
1038 out[TYPE] = 0xCB;
1039 SET_SRC(out, my_hmid);
1040 SET_DST(out, hmid);
1041
1042 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1043 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
1044
1045 cnt = 3;
1046 do {
1047 if (send_hm_message(&dev, &rdata, out)) {
1048 /* A0A02000221B9AD00000000 */
1049 switched = 1;
1050 break;
1051 }
1052 } while (cnt--);
1053
1054 if (!switched) {
1055 printf("No!\n");
1056
1057 if (!switch_speed(&dev, &rdata, 10)) {
1058 fprintf(stderr, "Can't switch speed!\n");
1059 exit(EXIT_FAILURE);
1060 }
1061 }
1062 } while ((!switched) && (switchcnt--));
1063
1064 if (!switched) {
1065 fprintf(stderr, "Too many errors, giving up!\n");
1066 exit(EXIT_FAILURE);
1067 }
1068
1069 printf("Yes!\n");
1070
1071 printf("Flashing %d blocks", fw->fw_blocks);
1072 if (debug) {
1073 printf("\n");
1074 } else {
1075 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
1076 fflush(stdout);
1077 }
1078
1079 for (block = 0; block < fw->fw_blocks; block++) {
1080 int first;
1081
1082 len = fw->fw[block][2] << 8;
1083 len |= fw->fw[block][3];
1084
1085 pos = &(fw->fw[block][2]);
1086
1087 len += 2; /* length */
1088
1089 if (debug)
1090 hexdump(pos, len, "F> ");
1091
1092 first = 1;
1093 cnt = 0;
1094 do {
1095 int payloadlen = max_payloadlen - 2;
1096 int ack = 0;
1097
1098 if (first) {
1099 payloadlen = max_payloadlen;
1100 first = 0;
1101 }
1102
1103 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
1104 payloadlen = (len - (pos - &(fw->fw[block][2])));
1105
1106 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
1107 ack = 1;
1108
1109 memset(&rdata, 0, sizeof(rdata));
1110
1111 memset(out, 0, sizeof(out));
1112
1113 out[MSGID] = msgid;
1114 if (ack)
1115 out[CTL] = 0x20;
1116 out[TYPE] = 0xCA;
1117 SET_SRC(out, my_hmid);
1118 SET_DST(out, hmid);
1119
1120 memcpy(&out[PAYLOAD], pos, payloadlen);
1121 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
1122
1123 if (send_hm_message(&dev, &rdata, out)) {
1124 pos += payloadlen;
1125 } else {
1126 pos = &(fw->fw[block][2]);
1127 cnt++;
1128 if (cnt == MAX_RETRIES) {
1129 fprintf(stderr, "\nToo many errors, giving up!\n");
1130 exit(EXIT_FAILURE);
1131 } else {
1132 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1133 }
1134 }
1135
1136 msgnum++;
1137
1138 if (!debug) {
1139 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
1140 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1141 fflush(stdout);
1142 }
1143 } while((pos - &(fw->fw[block][2])) < len);
1144 msgid++;
1145 }
1146
1147 firmware_free(fw);
1148
1149 printf("\n");
1150
1151 if (!switch_speed(&dev, &rdata, 10)) {
1152 fprintf(stderr, "Can't switch speed!\n");
1153 exit(EXIT_FAILURE);
1154 }
1155
1156 printf("Waiting for device to reboot\n");
1157 rdata.message_type = MESSAGE_TYPE_R;
1158
1159 cnt = 10;
1160 if (dev.type == DEVICE_TYPE_HMUARTLGW)
1161 cnt = 200; /* FIXME */
1162 do {
1163 errno = 0;
1164 switch(dev.type) {
1165 case DEVICE_TYPE_CULFW:
1166 pfd = culfw_poll(dev.culfw, 1000);
1167 break;
1168 case DEVICE_TYPE_HMCFGUSB:
1169 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
1170 break;
1171 case DEVICE_TYPE_HMUARTLGW:
1172 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
1173 break;
1174 default:
1175 pfd = -1;
1176 break;
1177 }
1178 if ((pfd < 0) && errno) {
1179 if (errno != ETIMEDOUT) {
1180 perror("\n\npoll");
1181 exit(EXIT_FAILURE);
1182 }
1183 }
1184 if (rdata.message_type == MESSAGE_TYPE_E) {
1185 break;
1186 }
1187 } while(cnt--);
1188
1189 if (rdata.message_type == MESSAGE_TYPE_E) {
1190 printf("Device rebooted\n");
1191 }
1192
1193 switch(dev.type) {
1194 case DEVICE_TYPE_HMCFGUSB:
1195 hmcfgusb_close(dev.hmcfgusb);
1196 hmcfgusb_exit();
1197 break;
1198 case DEVICE_TYPE_CULFW:
1199 culfw_close(dev.culfw);
1200 break;
1201 }
1202
1203 return EXIT_SUCCESS;
1204 }
HM-CFG-USB{,2} linux utilities
Impressum, Datenschutz