flash-ota: fix subtype for AES
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47 #define NORMAL_MAX_PAYLOAD 37
48 #define LOWER_MAX_PAYLOAD 17
49
50 extern char *optarg;
51
52 uint32_t hmid = 0;
53 uint32_t my_hmid = 0;
54 char key[16] = {0};
55 int32_t kNo = -1;
56
57 /* Maximum payloadlen supported by IO */
58 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
59
60 enum device_type {
61 DEVICE_TYPE_HMCFGUSB,
62 DEVICE_TYPE_CULFW,
63 };
64
65 struct ota_dev {
66 int type;
67 struct hmcfgusb_dev *hmcfgusb;
68 struct culfw_dev *culfw;
69 };
70
71 enum message_type {
72 MESSAGE_TYPE_E = 1,
73 MESSAGE_TYPE_R = 2,
74 };
75
76 struct recv_data {
77 uint8_t message[64];
78 enum message_type message_type;
79 uint16_t status;
80 int speed;
81 uint16_t version;
82 uint8_t credits;
83 };
84
85 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
86 {
87 struct recv_data *rdata = data;
88
89 if (buf_len < 1)
90 return 1;
91
92 switch (buf[0]) {
93 case 'E':
94 if ((!hmid) ||
95 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
96 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
97 (buf[0x13] == (hmid & 0xff)))) {
98 memset(rdata->message, 0, sizeof(rdata->message));
99 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
100 rdata->message_type = MESSAGE_TYPE_E;
101 }
102 break;
103 case 'R':
104 memset(rdata->message, 0, sizeof(rdata->message));
105 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
106 rdata->status = (buf[5] << 8) | buf[6];
107 rdata->message_type = MESSAGE_TYPE_R;
108 break;
109 case 'G':
110 rdata->speed = buf[1];
111 break;
112 case 'H':
113 rdata->version = (buf[11] << 8) | buf[12];
114 rdata->credits = buf[36];
115 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
116 break;
117 default:
118 break;
119 }
120
121 if (buf_len != 1)
122 return 1;
123
124 return 1;
125 }
126
127 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
128 {
129 struct recv_data *rdata = data;
130 int pos = 0;
131
132 memset(rdata, 0, sizeof(struct recv_data));
133
134 if (buf_len <= 3)
135 return 0;
136
137 switch(buf[0]) {
138 case 'A':
139 if (buf[1] == 's')
140 return 0;
141
142 while(validate_nibble(buf[(pos * 2) + 1]) &&
143 validate_nibble(buf[(pos * 2) + 2]) &&
144 (pos + 1 < buf_len)) {
145 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
146 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
147 pos++;
148 }
149
150 if (hmid && (SRC(rdata->message) != hmid))
151 return 0;
152
153 rdata->message_type = MESSAGE_TYPE_E;
154 break;
155 case 'V':
156 {
157 uint8_t v;
158 char *s;
159 char *e;
160
161 s = ((char*)buf) + 2;
162 e = strchr(s, '.');
163 if (!e) {
164 fprintf(stderr, "Unknown response from CUL: %s", buf);
165 return 0;
166 }
167 *e = '\0';
168 v = atoi(s);
169 rdata->version = v << 8;
170
171 s = e + 1;
172 e = strchr(s, ' ');
173 if (!e) {
174 fprintf(stderr, "Unknown response from CUL: %s", buf);
175 return 0;
176 }
177 *e = '\0';
178 v = atoi(s);
179 rdata->version |= v;
180 }
181 break;
182 default:
183 fprintf(stderr, "Unknown response from CUL: %s", buf);
184 return 0;
185 break;
186 }
187
188 return 1;
189 }
190
191 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
192 {
193 static uint32_t id = 1;
194 struct timeval tv;
195 uint8_t out[0x40];
196 int pfd;
197
198 switch(dev->type) {
199 case DEVICE_TYPE_HMCFGUSB:
200 if (gettimeofday(&tv, NULL) == -1) {
201 perror("gettimeofay");
202 return 0;
203 }
204
205 memset(out, 0, sizeof(out));
206
207 out[0] = 'S';
208 out[1] = (id >> 24) & 0xff;
209 out[2] = (id >> 16) & 0xff;
210 out[3] = (id >> 8) & 0xff;
211 out[4] = id & 0xff;
212 out[10] = 0x01;
213 out[11] = (tv.tv_usec >> 24) & 0xff;
214 out[12] = (tv.tv_usec >> 16) & 0xff;
215 out[13] = (tv.tv_usec >> 8) & 0xff;
216 out[14] = tv.tv_usec & 0xff;
217
218 memcpy(&out[0x0f], msg, msg[0] + 1);
219
220 memset(rdata, 0, sizeof(struct recv_data));
221 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
222
223 while (1) {
224 if (rdata->message_type == MESSAGE_TYPE_R) {
225 if (((rdata->status & 0xdf) == 0x01) ||
226 ((rdata->status & 0xdf) == 0x02)) {
227 break;
228 } else {
229 if ((rdata->status & 0xff00) == 0x0400) {
230 fprintf(stderr, "\nOut of credits!\n");
231 } else if ((rdata->status & 0xff) == 0x08) {
232 fprintf(stderr, "\nMissing ACK!\n");
233 } else if ((rdata->status & 0xff) == 0x30) {
234 fprintf(stderr, "\nUnknown AES-key requested!\n");
235 } else {
236 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
237 }
238 return 0;
239 }
240 }
241 errno = 0;
242 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
243 if ((pfd < 0) && errno) {
244 if (errno != ETIMEDOUT) {
245 perror("\n\nhmcfgusb_poll");
246 exit(EXIT_FAILURE);
247 }
248 }
249 }
250 break;
251 case DEVICE_TYPE_CULFW:
252 {
253 char buf[256];
254 int i;
255
256 memset(buf, 0, sizeof(buf));
257 buf[0] = 'A';
258 buf[1] = 's';
259 for (i = 0; i < msg[0] + 1; i++) {
260 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
261 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
262 }
263 buf[2 + (i * 2) ] = '\r';
264 buf[2 + (i * 2) + 1] = '\n';
265
266 memset(rdata, 0, sizeof(struct recv_data));
267 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
268 fprintf(stderr, "culfw_send failed!\n");
269 exit(EXIT_FAILURE);
270 }
271
272 if (msg[CTL] & 0x20) {
273 int cnt = 3;
274 int pfd;
275 do {
276 errno = 0;
277 pfd = culfw_poll(dev->culfw, 200);
278 if ((pfd < 0) && errno) {
279 if (errno != ETIMEDOUT) {
280 perror("\n\nculfw_poll");
281 exit(EXIT_FAILURE);
282 }
283 }
284 if (rdata->message_type == MESSAGE_TYPE_E) {
285 if (rdata->message[TYPE] == 0x02) {
286 if (rdata->message[PAYLOAD] == 0x04) {
287 printf("AES request received but not implemented for culfw!\n");
288 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
289 printf("NACK\n");
290 } else { /* ACK or ACKinfo */
291 break;
292 }
293 } else {
294 printf("Unexpected message received: ");
295 for (i = 0; i < rdata->message[LEN]; i++) {
296 printf("%02x", rdata->message[i+1]);
297 }
298 printf("\n");
299 }
300 }
301 } while(cnt--);
302
303 if (cnt == -1) {
304 fprintf(stderr, "\nMissing ACK!\n");
305 return 0;
306 }
307 }
308 }
309 break;
310 }
311
312 id++;
313 return 1;
314 }
315
316 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
317 {
318 uint8_t out[0x40];
319 int pfd;
320
321 printf("Entering %uk-mode\n", speed);
322
323 switch(dev->type) {
324 case DEVICE_TYPE_HMCFGUSB:
325 memset(out, 0, sizeof(out));
326 out[0] = 'G';
327 out[1] = speed;
328
329 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
330
331 while (1) {
332 errno = 0;
333 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
334 if ((pfd < 0) && errno) {
335 if (errno != ETIMEDOUT) {
336 perror("\n\nhmcfgusb_poll");
337 exit(EXIT_FAILURE);
338 }
339 }
340 if (rdata->speed == speed)
341 break;
342 }
343 break;
344 case DEVICE_TYPE_CULFW:
345 if (speed == 100) {
346 return culfw_send(dev->culfw, "AR\r\n", 4);
347 } else {
348 return culfw_send(dev->culfw, "Ar\r\n", 4);
349 }
350 break;
351 }
352
353 return 1;
354 }
355
356 void flash_ota_syntax(char *prog)
357 {
358 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
359 fprintf(stderr, "Mandatory parameters:\n");
360 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
361 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
362 fprintf(stderr, "\nOptional parameters:\n");
363 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
364 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
365 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
366 fprintf(stderr, "\t-h\t\tthis help\n");
367 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
368 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
369 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
370 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
371 fprintf(stderr, "\t\t\tAES is currently not supported when using a culfw-device!\n");
372 }
373
374 int main(int argc, char **argv)
375 {
376 const char twiddlie[] = { '-', '\\', '|', '/' };
377 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
378 char *fw_file = NULL;
379 char *serial = NULL;
380 char *culfw_dev = NULL;
381 char *endptr = NULL;
382 unsigned int bps = DEFAULT_CUL_BPS;
383 struct ota_dev dev;
384 struct recv_data rdata;
385 uint8_t out[0x40];
386 uint8_t *pos;
387 uint8_t msgid = 0x1;
388 uint16_t len;
389 struct firmware *fw;
390 int block;
391 int pfd;
392 int debug = 0;
393 int cnt;
394 int switchcnt = 0;
395 int msgnum = 0;
396 int switched = 0;
397 int opt;
398
399 printf("HomeMatic OTA flasher version " VERSION "\n\n");
400
401 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:")) != -1) {
402 switch (opt) {
403 case 'b':
404 bps = atoi(optarg);
405 break;
406 case 'c':
407 culfw_dev = optarg;
408 break;
409 case 'f':
410 fw_file = optarg;
411 break;
412 case 'l':
413 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
414 max_payloadlen = LOWER_MAX_PAYLOAD;
415 break;
416 case 's':
417 serial = optarg;
418 break;
419 case 'C':
420 my_hmid = strtoul(optarg, &endptr, 16);
421 if (*endptr != '\0') {
422 fprintf(stderr, "Invalid central HMID!\n\n");
423 flash_ota_syntax(argv[0]);
424 exit(EXIT_FAILURE);
425 }
426 break;
427 case 'D':
428 hmid = strtoul(optarg, &endptr, 16);
429 if (*endptr != '\0') {
430 fprintf(stderr, "Invalid device HMID!\n\n");
431 flash_ota_syntax(argv[0]);
432 exit(EXIT_FAILURE);
433 }
434 break;
435 case 'K':
436 kNo = strtoul(optarg, &endptr, 10);
437 if (*endptr != ':') {
438 fprintf(stderr, "Invalid key number!\n\n");
439 flash_ota_syntax(argv[0]);
440 exit(EXIT_FAILURE);
441 }
442 endptr++;
443 for (cnt = 0; cnt < 16; cnt++) {
444 if (*endptr == '\0' || *(endptr+1) == '\0' ||
445 !validate_nibble(*endptr) ||
446 !validate_nibble(*(endptr+1))) {
447 fprintf(stderr, "Invalid key!\n\n");
448 flash_ota_syntax(argv[0]);
449 exit(EXIT_FAILURE);
450 }
451 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
452 endptr += 2;
453 }
454 break;
455 case 'h':
456 case ':':
457 case '?':
458 default:
459 flash_ota_syntax(argv[0]);
460 exit(EXIT_FAILURE);
461 break;
462
463 }
464 }
465
466 if (!fw_file || (!serial && !hmid)) {
467 flash_ota_syntax(argv[0]);
468 exit(EXIT_FAILURE);
469 }
470
471 fw = firmware_read_firmware(fw_file, debug);
472 if (!fw)
473 exit(EXIT_FAILURE);
474
475 memset(&rdata, 0, sizeof(rdata));
476 memset(&dev, 0, sizeof(struct ota_dev));
477
478 if (culfw_dev) {
479 if (kNo != -1) {
480 fprintf(stderr, "\nAES currently not supported with culfw-device!\n");
481 flash_ota_syntax(argv[0]);
482 exit(EXIT_FAILURE);
483 }
484
485 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
486 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
487 if (!dev.culfw) {
488 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
489 exit(EXIT_FAILURE);
490 }
491 dev.type = DEVICE_TYPE_CULFW;
492
493 printf("Requesting firmware version\n");
494 culfw_send(dev.culfw, "\r\n", 2);
495 culfw_flush(dev.culfw);
496
497 while (1) {
498 culfw_send(dev.culfw, "V\r\n", 3);
499
500 errno = 0;
501 pfd = culfw_poll(dev.culfw, 1000);
502 if ((pfd < 0) && errno) {
503 if (errno != ETIMEDOUT) {
504 perror("\n\nhmcfgusb_poll");
505 exit(EXIT_FAILURE);
506 }
507 }
508 if (rdata.version)
509 break;
510 }
511
512 printf("culfw-device firmware version: %u.%02u\n",
513 (rdata.version >> 8) & 0xff,
514 rdata.version & 0xff);
515
516 if (rdata.version < 0x013a) {
517 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
518 exit(EXIT_FAILURE);
519 }
520 } else {
521 uint32_t new_hmid = my_hmid;
522
523 hmcfgusb_set_debug(debug);
524
525 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata);
526 if (!dev.hmcfgusb) {
527 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
528 exit(EXIT_FAILURE);
529 }
530 dev.type = DEVICE_TYPE_HMCFGUSB;
531
532 memset(out, 0, sizeof(out));
533 out[0] = 'K';
534 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
535
536 while (1) {
537 errno = 0;
538 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
539 if ((pfd < 0) && errno) {
540 if (errno != ETIMEDOUT) {
541 perror("\n\nhmcfgusb_poll");
542 exit(EXIT_FAILURE);
543 }
544 }
545 if (rdata.version)
546 break;
547 }
548
549 if (rdata.version < 0x3c7) {
550 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
551 exit(EXIT_FAILURE);
552 }
553
554 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
555
556 if (rdata.credits >= 40) {
557 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
558
559 if (!dev.hmcfgusb->bootloader) {
560 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
561 printf("Waiting for device to reappear...\n");
562
563 do {
564 if (dev.hmcfgusb) {
565 if (!dev.hmcfgusb->bootloader)
566 hmcfgusb_enter_bootloader(dev.hmcfgusb);
567 hmcfgusb_close(dev.hmcfgusb);
568 }
569 sleep(1);
570 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
571 }
572
573 if (dev.hmcfgusb->bootloader) {
574 printf("HM-CFG-USB in bootloader mode, rebooting\n");
575
576 do {
577 if (dev.hmcfgusb) {
578 if (dev.hmcfgusb->bootloader)
579 hmcfgusb_leave_bootloader(dev.hmcfgusb);
580 hmcfgusb_close(dev.hmcfgusb);
581 }
582 sleep(1);
583 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
584 }
585 }
586
587 printf("\n\nHM-CFG-USB opened\n\n");
588
589 if (new_hmid && (my_hmid != new_hmid)) {
590 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
591
592 memset(out, 0, sizeof(out));
593 out[0] = 'A';
594 out[1] = (new_hmid >> 16) & 0xff;
595 out[2] = (new_hmid >> 8) & 0xff;
596 out[3] = new_hmid & 0xff;
597
598 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
599
600 my_hmid = new_hmid;
601 }
602
603 if (kNo > 0) {
604 printf("Setting AES-key\n");
605
606 memset(out, 0, sizeof(out));
607 out[0] = 'Y';
608 out[1] = 0x01;
609 out[2] = kNo;
610 out[3] = sizeof(key);
611 memcpy(&(out[4]), key, sizeof(key));
612 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
613
614 memset(out, 0, sizeof(out));
615 out[0] = 'Y';
616 out[1] = 0x02;
617 out[2] = 0x00;
618 out[3] = 0x00;
619 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
620
621 memset(out, 0, sizeof(out));
622 out[0] = 'Y';
623 out[1] = 0x03;
624 out[2] = 0x00;
625 out[3] = 0x00;
626 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
627 }
628 }
629
630 if (!switch_speed(&dev, &rdata, 10)) {
631 fprintf(stderr, "Can't switch speed!\n");
632 exit(EXIT_FAILURE);
633 }
634
635 if (hmid && my_hmid) {
636 printf("Sending device with hmid %06x to bootloader\n", hmid);
637 out[MSGID] = msgid++;
638 out[CTL] = 0x30;
639 out[TYPE] = 0x11;
640 SET_SRC(out, my_hmid);
641 SET_DST(out, hmid);
642 out[PAYLOAD] = 0xCA;
643 SET_LEN_FROM_PAYLOADLEN(out, 1);
644
645 cnt = 3;
646 do {
647 if (send_hm_message(&dev, &rdata, out)) {
648 break;
649 }
650 } while (cnt--);
651 if (cnt == -1) {
652 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
653 }
654 }
655
656 if (serial) {
657 printf("Waiting for device with serial %s\n", serial);
658 } else {
659 printf("Waiting for device with HMID %06x\n", hmid);
660 }
661
662 while (1) {
663 errno = 0;
664 switch (dev.type) {
665 case DEVICE_TYPE_CULFW:
666 pfd = culfw_poll(dev.culfw, 1000);
667 break;
668 case DEVICE_TYPE_HMCFGUSB:
669 default:
670 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
671 break;
672 }
673
674 if ((pfd < 0) && errno) {
675 if (errno != ETIMEDOUT) {
676 perror("\n\npoll");
677 exit(EXIT_FAILURE);
678 }
679 }
680
681 if ((rdata.message[LEN] == 0x14) && /* Length */
682 (rdata.message[MSGID] == 0x00) && /* Message ID */
683 (rdata.message[CTL] == 0x00) && /* Control Byte */
684 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
685 (DST(rdata.message) == 0x000000) && /* Broadcast */
686 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
687 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
688 hmid = SRC(rdata.message);
689 break;
690 } else if (!serial && SRC(rdata.message) == hmid) {
691 serial = (char*)&(rdata.message[0x0b]);
692 break;
693 }
694 }
695 }
696
697 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
698
699 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
700 printf("Adding HMID\n");
701
702 memset(out, 0, sizeof(out));
703 out[0] = '+';
704 out[1] = (hmid >> 16) & 0xff;
705 out[2] = (hmid >> 8) & 0xff;
706 out[3] = hmid & 0xff;
707
708 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
709 }
710
711 switchcnt = 3;
712 do {
713 printf("Initiating remote switch to 100k\n");
714
715 memset(out, 0, sizeof(out));
716
717 out[MSGID] = msgid++;
718 out[CTL] = 0x00;
719 out[TYPE] = 0xCB;
720 SET_SRC(out, my_hmid);
721 SET_DST(out, hmid);
722
723 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
724 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
725
726 if (!send_hm_message(&dev, &rdata, out)) {
727 exit(EXIT_FAILURE);
728 }
729
730 if (!switch_speed(&dev, &rdata, 100)) {
731 fprintf(stderr, "Can't switch speed!\n");
732 exit(EXIT_FAILURE);
733 }
734
735 printf("Has the device switched?\n");
736
737 memset(out, 0, sizeof(out));
738
739 out[MSGID] = msgid++;
740 out[CTL] = 0x20;
741 out[TYPE] = 0xCB;
742 SET_SRC(out, my_hmid);
743 SET_DST(out, hmid);
744
745 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
746 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
747
748 cnt = 3;
749 do {
750 if (send_hm_message(&dev, &rdata, out)) {
751 /* A0A02000221B9AD00000000 */
752 switched = 1;
753 break;
754 }
755 } while (cnt--);
756
757 if (!switched) {
758 printf("No!\n");
759
760 if (!switch_speed(&dev, &rdata, 10)) {
761 fprintf(stderr, "Can't switch speed!\n");
762 exit(EXIT_FAILURE);
763 }
764 }
765 } while ((!switched) && (switchcnt--));
766
767 if (!switched) {
768 fprintf(stderr, "Too many errors, giving up!\n");
769 exit(EXIT_FAILURE);
770 }
771
772 printf("Yes!\n");
773
774 printf("Flashing %d blocks", fw->fw_blocks);
775 if (debug) {
776 printf("\n");
777 } else {
778 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
779 fflush(stdout);
780 }
781
782 for (block = 0; block < fw->fw_blocks; block++) {
783 int first;
784
785 len = fw->fw[block][2] << 8;
786 len |= fw->fw[block][3];
787
788 pos = &(fw->fw[block][2]);
789
790 len += 2; /* length */
791
792 if (debug)
793 hexdump(pos, len, "F> ");
794
795 first = 1;
796 cnt = 0;
797 do {
798 int payloadlen = max_payloadlen - 2;
799 int ack = 0;
800
801 if (first) {
802 payloadlen = max_payloadlen;
803 first = 0;
804 }
805
806 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
807 payloadlen = (len - (pos - &(fw->fw[block][2])));
808
809 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
810 ack = 1;
811
812 memset(&rdata, 0, sizeof(rdata));
813
814 memset(out, 0, sizeof(out));
815
816 out[MSGID] = msgid;
817 if (ack)
818 out[CTL] = 0x20;
819 out[TYPE] = 0xCA;
820 SET_SRC(out, my_hmid);
821 SET_DST(out, hmid);
822
823 memcpy(&out[PAYLOAD], pos, payloadlen);
824 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
825
826 if (send_hm_message(&dev, &rdata, out)) {
827 pos += payloadlen;
828 } else {
829 pos = &(fw->fw[block][2]);
830 cnt++;
831 if (cnt == MAX_RETRIES) {
832 fprintf(stderr, "\nToo many errors, giving up!\n");
833 exit(EXIT_FAILURE);
834 } else {
835 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
836 }
837 }
838
839 msgnum++;
840
841 if (!debug) {
842 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
843 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
844 fflush(stdout);
845 }
846 } while((pos - &(fw->fw[block][2])) < len);
847 msgid++;
848 }
849
850 firmware_free(fw);
851
852 printf("\n");
853
854 if (!switch_speed(&dev, &rdata, 10)) {
855 fprintf(stderr, "Can't switch speed!\n");
856 exit(EXIT_FAILURE);
857 }
858
859 printf("Waiting for device to reboot\n");
860
861 cnt = 10;
862 do {
863 errno = 0;
864 switch(dev.type) {
865 case DEVICE_TYPE_CULFW:
866 pfd = culfw_poll(dev.culfw, 1000);
867 break;
868 case DEVICE_TYPE_HMCFGUSB:
869 default:
870 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
871 break;
872 }
873 if ((pfd < 0) && errno) {
874 if (errno != ETIMEDOUT) {
875 perror("\n\npoll");
876 exit(EXIT_FAILURE);
877 }
878 }
879 if (rdata.message_type == MESSAGE_TYPE_E) {
880 break;
881 }
882 } while(cnt--);
883
884 if (rdata.message_type == MESSAGE_TYPE_E) {
885 printf("Device rebooted\n");
886 }
887
888 switch(dev.type) {
889 case DEVICE_TYPE_HMCFGUSB:
890 hmcfgusb_close(dev.hmcfgusb);
891 hmcfgusb_exit();
892 break;
893 case DEVICE_TYPE_CULFW:
894 culfw_close(dev.culfw);
895 break;
896 }
897
898 return EXIT_SUCCESS;
899 }
Impressum, Datenschutz