[hmcfgusb] / flash-ota.c

/* flasher for HomeMatic-devices supporting OTA updates
 *
 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include <strings.h>
#include <poll.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/time.h>
#include <libusb-1.0/libusb.h>

#include "hexdump.h"
#include "firmware.h"
#include "hm.h"
#include "version.h"
#include "hmcfgusb.h"

uint32_t hmid = 0;

enum message_type {
	MESSAGE_TYPE_E,
	MESSAGE_TYPE_R,
};

struct recv_data {
	uint8_t message[64];
	enum message_type message_type;
	uint16_t status;
	int speed;
};

static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
{
	struct recv_data *rdata = data;

	if (buf_len < 1)
		return 1;

	switch (buf[0]) {
		case 'E':
			if ((!hmid) ||
			    ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
			    (buf[0x12] == ((hmid >> 8) & 0xff)) &&
			    (buf[0x13] == (hmid & 0xff)))) {
				memset(rdata->message, 0, sizeof(rdata->message));
				memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
				rdata->message_type = MESSAGE_TYPE_E;
			}
			break;
		case 'R':
			memset(rdata->message, 0, sizeof(rdata->message));
			memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
			rdata->status = (buf[5] << 8) | buf[6];
			rdata->message_type = MESSAGE_TYPE_R;
			break;
		case 'G':
			rdata->speed = buf[1];
			break;
		default:
			break;
	}

	if (buf_len != 1)
		return 1;

	return 1;
}

int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg)
{
	static uint32_t id = 1;
	struct timeval tv;
	uint8_t out[0x40];
	int pfd;

	if (gettimeofday(&tv, NULL) == -1) {
		perror("gettimeofay");
			return 0;
	}

	memset(out, 0, sizeof(out));

	out[0] = 'S';
	out[1] = (id >> 24) & 0xff;
	out[2] = (id >> 16) & 0xff;
	out[3] = (id >> 8) & 0xff;
	out[4] = id & 0xff;
	out[10] = 0x01;
	out[11] = (tv.tv_usec >> 24) & 0xff;
	out[12] = (tv.tv_usec >> 16) & 0xff;
	out[13] = (tv.tv_usec >> 8) & 0xff;
	out[14] = tv.tv_usec & 0xff;
	

	memcpy(&out[0x0f], msg, msg[0] + 1);

	memset(rdata, 0, sizeof(struct recv_data));
	hmcfgusb_send(dev, out, sizeof(out), 2);

	while (1) {
		if (rdata->message_type == MESSAGE_TYPE_R) {
			if (((rdata->status & 0xff) == 0x01) ||
			    ((rdata->status & 0xff) == 0x02)) {
			    	break;
			} else {
				fprintf(stderr, "\n\nInvalid status: %04x\n\n", rdata->status);
				return 0;
			}
		}
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
	}

	id++;
	return 1;
}

int main(int argc, char **argv)
{
	const char twiddlie[] = { '-', '\\', '|', '/' };
	const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
	struct hmcfgusb_dev *dev;
	struct recv_data rdata;
	uint8_t out[0x40];
	uint8_t *pos;
	uint8_t msgid = 0x1;
	uint16_t len;
	struct firmware *fw;
	int block;
	int pfd;
	int debug = 0;
	int cnt;
	int msgnum = 0;
	int switched = 0;

	printf("HomeMatic OTA flasher version " VERSION "\n\n");

	if (argc != 3) {
		if (argc == 1)
			fprintf(stderr, "Missing firmware filename!\n\n");

		if (argc == 2)
			fprintf(stderr, "Missing serial!\n\n");

		fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
		exit(EXIT_FAILURE);
	}

	fw = firmware_read_firmware(argv[1], debug);
	if (!fw)
		exit(EXIT_FAILURE);

	hmcfgusb_set_debug(debug);

	memset(&rdata, 0, sizeof(rdata));

	dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
	if (!dev) {
		fprintf(stderr, "Can't initialize HM-CFG-USB\n");
		exit(EXIT_FAILURE);
	}

	if (dev->bootloader) {
		fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
		exit(EXIT_FAILURE);
	}

	printf("\nHM-CFG-USB opened\n\n");

	printf("Entering 10k-mode\n");

	memset(out, 0, sizeof(out));
	out[0] = 'G';
	out[1] = 10;
	hmcfgusb_send(dev, out, sizeof(out), 1);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata.speed == 10)
			break;
	}

	printf("Waiting for device with serial %s\n", argv[2]);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}

		if ((rdata.message[LEN] == 0x14) && /* Length */
		    (rdata.message[MSGID] == 0x00) && /* Message ID */
		    (rdata.message[CTL] == 0x00) && /* Control Byte */
		    (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
		    (DST(rdata.message) == 0x000000) && /* Broadcast */
		    (rdata.message[PAYLOAD] == 0x00) && /* FUP? */
		    (rdata.message[PAYLOAD+2] == 'E') &&
		    (rdata.message[PAYLOAD+3] == 'Q')) {
			if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
				hmid = SRC(rdata.message);
				break;
			}
		}
	}

	printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);

	printf("Adding HMID\n");

	memset(out, 0, sizeof(out));
	out[0] = '+';
	out[1] = (hmid >> 16) & 0xff;
	out[2] = (hmid >> 8) & 0xff;
	out[3] = hmid & 0xff;

	hmcfgusb_send(dev, out, sizeof(out), 2);

	do {
		printf("Initiating remote switch to 100k\n");

		memset(out, 0, sizeof(out));

		out[MSGID] = msgid++;
		out[CTL] = 0x00;
		out[TYPE] = 0xCB;
		SET_SRC(out, 0x000000);
		SET_DST(out, hmid);

		memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
		SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));

		if (!send_hm_message(dev, &rdata, out)) {
			exit(EXIT_FAILURE);
		}

		printf("Entering 100k-mode\n");

		memset(out, 0, sizeof(out));
		out[0] = 'G';
		out[1] = 100;

		hmcfgusb_send(dev, out, sizeof(out), 2);

		while (1) {
			errno = 0;
			pfd = hmcfgusb_poll(dev, 1);
			if ((pfd < 0) && errno) {
				if (errno != ETIMEDOUT) {
					perror("\n\nhmcfgusb_poll");
					exit(EXIT_FAILURE);
				}
			}
			if (rdata.speed == 100)
				break;
		}

		printf("Has the device switched?\n");

		memset(out, 0, sizeof(out));

		out[MSGID] = msgid++;
		out[CTL] = 0x20;
		out[TYPE] = 0xCB;
		SET_SRC(out, 0x000000);
		SET_DST(out, hmid);

		memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
		SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));

		cnt = 3;
		do {
			if (send_hm_message(dev, &rdata, out)) {
				/* A0A02000221B9AD00000000 */
				switched = 1;
				break;
				
			}
		} while (cnt--);

		if (!switched) {
			printf("Entering 10k-mode\n");

			memset(out, 0, sizeof(out));
			out[0] = 'G';
			out[1] = 10;
			hmcfgusb_send(dev, out, sizeof(out), 1);

			while (1) {
				errno = 0;
				pfd = hmcfgusb_poll(dev, 1);
				if ((pfd < 0) && errno) {
					if (errno != ETIMEDOUT) {
						perror("\n\nhmcfgusb_poll");
						exit(EXIT_FAILURE);
					}
				}
				if (rdata.speed == 10)
					break;
			}
		}
	} while (!switched);


	printf("Initiating firmware upload!\n");

	printf("Flashing %d blocks", fw->fw_blocks);
	if (debug) {
		printf("\n");
	} else {
		printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
		fflush(stdout);
	}

	for (block = 0; block < fw->fw_blocks; block++) {
		int first;

		len = fw->fw[block][2] << 8;
		len |= fw->fw[block][3];

		pos = &(fw->fw[block][2]);

		len += 2; /* length */

		if (debug)
			hexdump(pos, len, "F> ");

		first = 1;
		cnt = 0;
		do {
			int payloadlen = 35;
			int ack = 0;

			if (first) {
				payloadlen = 37;
				first = 0;
			}

			if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
				payloadlen = (len - (pos - &(fw->fw[block][2])));

			if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
				ack = 1;

			memset(&rdata, 0, sizeof(rdata));

			memset(out, 0, sizeof(out));

			out[MSGID] = msgid++;
			if (ack)
				out[CTL] = 0x20;
			out[TYPE] = 0xCA;
			SET_SRC(out, 0x000000);
			SET_DST(out, hmid);

			memcpy(&out[PAYLOAD], pos, payloadlen);
			SET_LEN_FROM_PAYLOADLEN(out, payloadlen);

			if (send_hm_message(dev, &rdata, out)) {
				pos += payloadlen;
			} else {
				pos = &(fw->fw[block][2]);
				cnt++;
				if (cnt == 3) {
					fprintf(stderr, "\nToo many errors, giving up!\n");
					exit(EXIT_FAILURE);
				} else {
					printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
				}
			}

			msgnum++;

			if (!debug) {
				printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
					block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
				fflush(stdout);
			}
		} while((pos - &(fw->fw[block][2])) < len);
	}

	firmware_free(fw);

	printf("Entering 10k-mode\n");

	memset(out, 0, sizeof(out));
	out[0] = 'G';
	out[1] = 10;
	hmcfgusb_send(dev, out, sizeof(out), 1);

	while (1) {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata.speed == 10)
			break;
	}

	printf("Waiting for device to reboot\n");

	cnt = 10;
	do {
		errno = 0;
		pfd = hmcfgusb_poll(dev, 1);
		if ((pfd < 0) && errno) {
			if (errno != ETIMEDOUT) {
				perror("\n\nhmcfgusb_poll");
				exit(EXIT_FAILURE);
			}
		}
		if (rdata.message_type == MESSAGE_TYPE_E) {
			break;
		}
	} while(cnt--);

	if (rdata.message_type == MESSAGE_TYPE_E) {
		printf("Device rebooted\n");
	}

	hmcfgusb_close(dev);

	return EXIT_SUCCESS;
}
Commit	Line	Data
25870f58 MG	1	/* flasher for HomeMatic-devices supporting OTA updates
	2	*
	3	* Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
	4	*
	5	* Permission is hereby granted, free of charge, to any person obtaining a copy
	6	* of this software and associated documentation files (the "Software"), to
	7	* deal in the Software without restriction, including without limitation the
	8	* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
	9	* sell copies of the Software, and to permit persons to whom the Software is
	10	* furnished to do so, subject to the following conditions:
	11	*
	12	* The above copyright notice and this permission notice shall be included in
	13	* all copies or substantial portions of the Software.
	14	*
	15	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	16	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	18	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	19	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	20	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
	21	* IN THE SOFTWARE.
	22	*/
	23
	24	#include <stdio.h>
	25	#include <stdlib.h>
	26	#include <unistd.h>
	27	#include <stdint.h>
	28	#include <string.h>
	29	#include <strings.h>
	30	#include <poll.h>
	31	#include <errno.h>
	32	#include <sys/types.h>
	33	#include <sys/stat.h>
	34	#include <fcntl.h>
	35	#include <sys/time.h>
	36	#include <libusb-1.0/libusb.h>
	37
	38	#include "hexdump.h"
	39	#include "firmware.h"
	40	#include "hm.h"
	41	#include "version.h"
	42	#include "hmcfgusb.h"
	43
	44	uint32_t hmid = 0;
	45
	46	enum message_type {
	47	MESSAGE_TYPE_E,
	48	MESSAGE_TYPE_R,
	49	};
	50
	51	struct recv_data {
	52	uint8_t message[64];
	53	enum message_type message_type;
	54	uint16_t status;
	55	int speed;
	56	};
	57
	58	static int parse_hmcfgusb(uint8_t buf, int buf_len, void data)
	59	{
	60	struct recv_data *rdata = data;
	61
	62	if (buf_len < 1)
	63	return 1;
	64
65	switch (buf[0]) {
66	case 'E':
67	if ((!hmid) \|\|
68	((buf[0x11] == ((hmid >> 16) & 0xff)) &&
69	(buf[0x12] == ((hmid >> 8) & 0xff)) &&
70	(buf[0x13] == (hmid & 0xff)))) {
71	memset(rdata->message, 0, sizeof(rdata->message));
72	memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
73	rdata->message_type = MESSAGE_TYPE_E;
74	}
75	break;
76	case 'R':
77	memset(rdata->message, 0, sizeof(rdata->message));
78	memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
79	rdata->status = (buf[5] << 8) \| buf[6];
80	rdata->message_type = MESSAGE_TYPE_R;
81	break;
82	case 'G':
83	rdata->speed = buf[1];
84	break;
85	default:
86	break;
87	}
88
89	if (buf_len != 1)
90	return 1;
91
92	return 1;
93	}
94
95	int send_hm_message(struct hmcfgusb_dev dev, struct recv_data rdata, uint8_t *msg)
96	{
97	static uint32_t id = 1;
98	struct timeval tv;
99	uint8_t out[0x40];
100	int pfd;
101
102	if (gettimeofday(&tv, NULL) == -1) {
103	perror("gettimeofay");
104	return 0;
105	}
106
107	memset(out, 0, sizeof(out));
108
109	out[0] = 'S';
110	out[1] = (id >> 24) & 0xff;
111	out[2] = (id >> 16) & 0xff;
112	out[3] = (id >> 8) & 0xff;
113	out[4] = id & 0xff;
114	out[10] = 0x01;
115	out[11] = (tv.tv_usec >> 24) & 0xff;
116	out[12] = (tv.tv_usec >> 16) & 0xff;
117	out[13] = (tv.tv_usec >> 8) & 0xff;
118	out[14] = tv.tv_usec & 0xff;
119
120
121	memcpy(&out[0x0f], msg, msg[0] + 1);
122
123	memset(rdata, 0, sizeof(struct recv_data));
124	hmcfgusb_send(dev, out, sizeof(out), 2);
125
126	while (1) {
127	if (rdata->message_type == MESSAGE_TYPE_R) {
128	if (((rdata->status & 0xff) == 0x01) \|\|
129	((rdata->status & 0xff) == 0x02)) {
130	break;
131	} else {
132	fprintf(stderr, "\n\nInvalid status: %04x\n\n", rdata->status);
133	return 0;
134	}
135	}
136	errno = 0;
137	pfd = hmcfgusb_poll(dev, 1);
138	if ((pfd < 0) && errno) {
139	if (errno != ETIMEDOUT) {
140	perror("\n\nhmcfgusb_poll");
141	exit(EXIT_FAILURE);
142	}
143	}
144	}
145
146	id++;
147	return 1;
148	}
149
150	int main(int argc, char **argv)
151	{
152	const char twiddlie[] = { '-', '\\', '\|', '/' };
153	const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
154	struct hmcfgusb_dev *dev;
155	struct recv_data rdata;
156	uint8_t out[0x40];
157	uint8_t *pos;
158	uint8_t msgid = 0x1;
159	uint16_t len;
160	struct firmware *fw;
161	int block;
162	int pfd;
163	int debug = 0;
164	int cnt;
165	int msgnum = 0;
166	int switched = 0;
167
168	printf("HomeMatic OTA flasher version " VERSION "\n\n");
169
170	if (argc != 3) {
171	if (argc == 1)
172	fprintf(stderr, "Missing firmware filename!\n\n");
173
174	if (argc == 2)
175	fprintf(stderr, "Missing serial!\n\n");
176
177	fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
178	exit(EXIT_FAILURE);
179	}
180
181	fw = firmware_read_firmware(argv[1], debug);
182	if (!fw)
183	exit(EXIT_FAILURE);
184
185	hmcfgusb_set_debug(debug);
186
187	memset(&rdata, 0, sizeof(rdata));
188
189	dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
190	if (!dev) {
191	fprintf(stderr, "Can't initialize HM-CFG-USB\n");
192	exit(EXIT_FAILURE);
193	}
194
195	if (dev->bootloader) {
196	fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
197	exit(EXIT_FAILURE);
198	}
199
200	printf("\nHM-CFG-USB opened\n\n");
201
202	printf("Entering 10k-mode\n");
203
204	memset(out, 0, sizeof(out));
205	out[0] = 'G';
206	out[1] = 10;
207	hmcfgusb_send(dev, out, sizeof(out), 1);
208
209	while (1) {
210	errno = 0;
211	pfd = hmcfgusb_poll(dev, 1);
212	if ((pfd < 0) && errno) {
213	if (errno != ETIMEDOUT) {
214	perror("\n\nhmcfgusb_poll");
215	exit(EXIT_FAILURE);
216	}
217	}
218	if (rdata.speed == 10)
219	break;
220	}
221
222	printf("Waiting for device with serial %s\n", argv[2]);
223
224	while (1) {
225	errno = 0;
226	pfd = hmcfgusb_poll(dev, 1);
227	if ((pfd < 0) && errno) {
228	if (errno != ETIMEDOUT) {
229	perror("\n\nhmcfgusb_poll");
230	exit(EXIT_FAILURE);
231	}
232	}
233
234	if ((rdata.message[LEN] == 0x14) && /* Length */
235	(rdata.message[MSGID] == 0x00) && /* Message ID */
236	(rdata.message[CTL] == 0x00) && /* Control Byte */
237	(rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
238	(DST(rdata.message) == 0x000000) && /* Broadcast */
239	(rdata.message[PAYLOAD] == 0x00) && /* FUP? */
240	(rdata.message[PAYLOAD+2] == 'E') &&
241	(rdata.message[PAYLOAD+3] == 'Q')) {
242	if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
243	hmid = SRC(rdata.message);
244	break;
245	}
246	}
247	}
248
249	printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);
250
251	printf("Adding HMID\n");
252
253	memset(out, 0, sizeof(out));
254	out[0] = '+';
255	out[1] = (hmid >> 16) & 0xff;
256	out[2] = (hmid >> 8) & 0xff;
257	out[3] = hmid & 0xff;
258
259	hmcfgusb_send(dev, out, sizeof(out), 2);
260
261	do {
262	printf("Initiating remote switch to 100k\n");
263
264	memset(out, 0, sizeof(out));
265
266	out[MSGID] = msgid++;
267	out[CTL] = 0x00;
268	out[TYPE] = 0xCB;
269	SET_SRC(out, 0x000000);
270	SET_DST(out, hmid);
271
272	memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
273	SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
274
275	if (!send_hm_message(dev, &rdata, out)) {
276	exit(EXIT_FAILURE);
277	}
278
279	printf("Entering 100k-mode\n");
280
281	memset(out, 0, sizeof(out));
282	out[0] = 'G';
283	out[1] = 100;
284
285	hmcfgusb_send(dev, out, sizeof(out), 2);
286
287	while (1) {
288	errno = 0;
289	pfd = hmcfgusb_poll(dev, 1);
290	if ((pfd < 0) && errno) {
291	if (errno != ETIMEDOUT) {
292	perror("\n\nhmcfgusb_poll");
293	exit(EXIT_FAILURE);
294	}
295	}
296	if (rdata.speed == 100)
297	break;
298	}
299
300	printf("Has the device switched?\n");
301
302	memset(out, 0, sizeof(out));
303
304	out[MSGID] = msgid++;
305	out[CTL] = 0x20;
306	out[TYPE] = 0xCB;
307	SET_SRC(out, 0x000000);
308	SET_DST(out, hmid);
309
310	memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
311	SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
312
313	cnt = 3;
314	do {
315	if (send_hm_message(dev, &rdata, out)) {
316	/* A0A02000221B9AD00000000 */
317	switched = 1;
318	break;
319
320	}
321	} while (cnt--);
322
323	if (!switched) {
324	printf("Entering 10k-mode\n");
325
326	memset(out, 0, sizeof(out));
327	out[0] = 'G';
328	out[1] = 10;
329	hmcfgusb_send(dev, out, sizeof(out), 1);
330
331	while (1) {
332	errno = 0;
333	pfd = hmcfgusb_poll(dev, 1);
334	if ((pfd < 0) && errno) {
335	if (errno != ETIMEDOUT) {
336	perror("\n\nhmcfgusb_poll");
337	exit(EXIT_FAILURE);
338	}
339	}
340	if (rdata.speed == 10)
341	break;
342	}
343	}
344	} while (!switched);
345
346
347	printf("Initiating firmware upload!\n");
348
349	printf("Flashing %d blocks", fw->fw_blocks);
350	if (debug) {
351	printf("\n");
352	} else {
353	printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
354	fflush(stdout);
355	}
356
357	for (block = 0; block < fw->fw_blocks; block++) {
358	int first;
359
360	len = fw->fw[block][2] << 8;
361	len \|= fw->fw[block][3];
362
363	pos = &(fw->fw[block][2]);
364
365	len += 2; /* length */
366
367	if (debug)
368	hexdump(pos, len, "F> ");
369
370	first = 1;
371	cnt = 0;
372	do {
373	int payloadlen = 35;
374	int ack = 0;
375
376	if (first) {
377	payloadlen = 37;
378	first = 0;
379	}
380
381	if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
382	payloadlen = (len - (pos - &(fw->fw[block][2])));
383
384	if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
385	ack = 1;
386
387	memset(&rdata, 0, sizeof(rdata));
388
389	memset(out, 0, sizeof(out));
390
391	out[MSGID] = msgid++;
392	if (ack)
393	out[CTL] = 0x20;
394	out[TYPE] = 0xCA;
395	SET_SRC(out, 0x000000);
396	SET_DST(out, hmid);
397
398	memcpy(&out[PAYLOAD], pos, payloadlen);
399	SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
400
401	if (send_hm_message(dev, &rdata, out)) {
402	pos += payloadlen;
403	} else {
404	pos = &(fw->fw[block][2]);
405	cnt++;
406	if (cnt == 3) {
407	fprintf(stderr, "\nToo many errors, giving up!\n");
408	exit(EXIT_FAILURE);
409	} else {
410	printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
411	}
412	}
413
414	msgnum++;
415
416	if (!debug) {
417	printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
418	block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
419	fflush(stdout);
420	}
421	} while((pos - &(fw->fw[block][2])) < len);
422	}
423
424	firmware_free(fw);
425
426	printf("Entering 10k-mode\n");
427
428	memset(out, 0, sizeof(out));
429	out[0] = 'G';
430	out[1] = 10;
431	hmcfgusb_send(dev, out, sizeof(out), 1);
432
433	while (1) {
434	errno = 0;
435	pfd = hmcfgusb_poll(dev, 1);
436	if ((pfd < 0) && errno) {
437	if (errno != ETIMEDOUT) {
438	perror("\n\nhmcfgusb_poll");
439	exit(EXIT_FAILURE);
440	}
441	}
442	if (rdata.speed == 10)
443	break;
444	}
445
446	printf("Waiting for device to reboot\n");
447
448	cnt = 10;
449	do {
450	errno = 0;
451	pfd = hmcfgusb_poll(dev, 1);
452	if ((pfd < 0) && errno) {
453	if (errno != ETIMEDOUT) {
454	perror("\n\nhmcfgusb_poll");
455	exit(EXIT_FAILURE);
456	}
457	}
458	if (rdata.message_type == MESSAGE_TYPE_E) {
459	break;
460	}
461	} while(cnt--);
462
463	if (rdata.message_type == MESSAGE_TYPE_E) {
464	printf("Device rebooted\n");
465	}
466
467	hmcfgusb_close(dev);
468
469	return EXIT_SUCCESS;
470	}