]> git.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
22f98ce7ac89ec1fb29c51dd6b810f37ee14343c
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47 #define NORMAL_MAX_PAYLOAD 37
48 #define LOWER_MAX_PAYLOAD 17
49
50 extern char *optarg;
51
52 uint32_t hmid = 0;
53 uint32_t my_hmid = 0;
54 uint8_t key[16] = {0};
55 int32_t kNo = -1;
56
57 /* Maximum payloadlen supported by IO */
58 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
59
60 enum device_type {
61 DEVICE_TYPE_HMCFGUSB,
62 DEVICE_TYPE_CULFW,
63 };
64
65 struct ota_dev {
66 int type;
67 struct hmcfgusb_dev *hmcfgusb;
68 struct culfw_dev *culfw;
69 };
70
71 enum message_type {
72 MESSAGE_TYPE_E = 1,
73 MESSAGE_TYPE_R = 2,
74 };
75
76 struct recv_data {
77 uint8_t message[64];
78 enum message_type message_type;
79 uint16_t status;
80 int speed;
81 uint16_t version;
82 uint8_t credits;
83 };
84
85 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
86 {
87 struct recv_data *rdata = data;
88
89 if (buf_len < 1)
90 return 1;
91
92 switch (buf[0]) {
93 case 'E':
94 if ((!hmid) ||
95 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
96 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
97 (buf[0x13] == (hmid & 0xff)))) {
98 memset(rdata->message, 0, sizeof(rdata->message));
99 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
100 rdata->message_type = MESSAGE_TYPE_E;
101 }
102 break;
103 case 'R':
104 memset(rdata->message, 0, sizeof(rdata->message));
105 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
106 rdata->status = (buf[5] << 8) | buf[6];
107 rdata->message_type = MESSAGE_TYPE_R;
108 break;
109 case 'G':
110 rdata->speed = buf[1];
111 break;
112 case 'H':
113 rdata->version = (buf[11] << 8) | buf[12];
114 rdata->credits = buf[36];
115 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
116 break;
117 default:
118 break;
119 }
120
121 if (buf_len != 1)
122 return 1;
123
124 return 1;
125 }
126
127 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
128 {
129 struct recv_data *rdata = data;
130 int pos = 0;
131
132 memset(rdata, 0, sizeof(struct recv_data));
133
134 if (buf_len <= 3)
135 return 0;
136
137 switch(buf[0]) {
138 case 'A':
139 if (buf[1] == 's')
140 return 0;
141
142 while(validate_nibble(buf[(pos * 2) + 1]) &&
143 validate_nibble(buf[(pos * 2) + 2]) &&
144 (pos + 1 < buf_len)) {
145 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
146 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
147 pos++;
148 }
149
150 if (hmid && (SRC(rdata->message) != hmid))
151 return 0;
152
153 rdata->message_type = MESSAGE_TYPE_E;
154 break;
155 case 'V':
156 {
157 uint8_t v;
158 char *s;
159 char *e;
160
161 s = ((char*)buf) + 2;
162 e = strchr(s, '.');
163 if (!e) {
164 fprintf(stderr, "Unknown response from CUL: %s", buf);
165 return 0;
166 }
167 *e = '\0';
168 v = atoi(s);
169 rdata->version = v << 8;
170
171 s = e + 1;
172 e = strchr(s, ' ');
173 if (!e) {
174 fprintf(stderr, "Unknown response from CUL: %s", buf);
175 return 0;
176 }
177 *e = '\0';
178 v = atoi(s);
179 rdata->version |= v;
180
181 s = e + 1;
182 e = strchr(s, ' ');
183 if (!e) {
184 break;
185 }
186 *e = '\0';
187 if (!strcmp(s, "a-culfw")) {
188 rdata->version = 0xffff;
189 }
190 }
191 break;
192 case 'E':
193 {
194 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
195 fprintf(stderr, "CCA didn't complete, too much traffic\n");
196 }
197 break;
198 }
199 default:
200 fprintf(stderr, "Unknown response from CUL: %s", buf);
201 return 0;
202 break;
203 }
204
205 return 1;
206 }
207
208 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
209 {
210 static uint32_t id = 1;
211 struct timeval tv;
212 uint8_t out[0x40];
213 int pfd;
214
215 switch(dev->type) {
216 case DEVICE_TYPE_HMCFGUSB:
217 if (gettimeofday(&tv, NULL) == -1) {
218 perror("gettimeofay");
219 return 0;
220 }
221
222 memset(out, 0, sizeof(out));
223
224 out[0] = 'S';
225 out[1] = (id >> 24) & 0xff;
226 out[2] = (id >> 16) & 0xff;
227 out[3] = (id >> 8) & 0xff;
228 out[4] = id & 0xff;
229 out[10] = 0x01;
230 out[11] = (tv.tv_usec >> 24) & 0xff;
231 out[12] = (tv.tv_usec >> 16) & 0xff;
232 out[13] = (tv.tv_usec >> 8) & 0xff;
233 out[14] = tv.tv_usec & 0xff;
234
235 memcpy(&out[0x0f], msg, msg[0] + 1);
236
237 memset(rdata, 0, sizeof(struct recv_data));
238 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
239
240 while (1) {
241 if (rdata->message_type == MESSAGE_TYPE_R) {
242 if (((rdata->status & 0xdf) == 0x01) ||
243 ((rdata->status & 0xdf) == 0x02)) {
244 break;
245 } else {
246 if ((rdata->status & 0xff00) == 0x0400) {
247 fprintf(stderr, "\nOut of credits!\n");
248 } else if ((rdata->status & 0xff) == 0x08) {
249 fprintf(stderr, "\nMissing ACK!\n");
250 } else if ((rdata->status & 0xff) == 0x30) {
251 fprintf(stderr, "\nUnknown AES-key requested!\n");
252 } else {
253 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
254 }
255 return 0;
256 }
257 }
258 errno = 0;
259 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
260 if ((pfd < 0) && errno) {
261 if (errno != ETIMEDOUT) {
262 perror("\n\nhmcfgusb_poll");
263 exit(EXIT_FAILURE);
264 }
265 }
266 }
267 break;
268 case DEVICE_TYPE_CULFW:
269 {
270 char buf[256];
271 int i;
272
273 memset(buf, 0, sizeof(buf));
274 buf[0] = 'A';
275 buf[1] = 's';
276 for (i = 0; i < msg[0] + 1; i++) {
277 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
278 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
279 }
280 buf[2 + (i * 2) ] = '\r';
281 buf[2 + (i * 2) + 1] = '\n';
282
283 memset(rdata, 0, sizeof(struct recv_data));
284 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
285 fprintf(stderr, "culfw_send failed!\n");
286 exit(EXIT_FAILURE);
287 }
288
289 if (msg[CTL] & 0x20) {
290 int cnt = 5;
291 int pfd;
292 do {
293 errno = 0;
294 pfd = culfw_poll(dev->culfw, 200);
295 if ((pfd < 0) && errno) {
296 if (errno != ETIMEDOUT) {
297 perror("\n\nculfw_poll");
298 exit(EXIT_FAILURE);
299 }
300 }
301 if (rdata->message_type == MESSAGE_TYPE_E) {
302 if (rdata->message[TYPE] == 0x02) {
303 if (rdata->message[PAYLOAD] == 0x04) {
304 int32_t req_kNo;
305 uint8_t challenge[6];
306 uint8_t respbuf[16];
307 uint8_t *resp;
308
309 req_kNo = rdata->message[rdata->message[LEN]] / 2;
310 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
311
312 if (req_kNo != kNo) {
313 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
314 } else {
315 resp = hm_sign(key, challenge, msg, NULL, respbuf);
316 if (resp) {
317 uint8_t rbuf[64];
318
319 memset(rbuf, 0, sizeof(rbuf));
320 rbuf[MSGID] = rdata->message[MSGID];
321 rbuf[CTL] = rdata->message[CTL];
322 rbuf[TYPE] = 0x03;
323 SET_SRC(rbuf, DST(rdata->message));
324 SET_DST(rbuf, SRC(rdata->message));
325 memcpy(&(rbuf[PAYLOAD]), resp, 16);
326 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
327
328 return send_hm_message(dev, rdata, rbuf);
329 }
330 }
331 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
332 fprintf(stderr, "NACK\n");
333 } else { /* ACK or ACKinfo */
334 break;
335 }
336 } else {
337 fprintf(stderr, "Unexpected message received: ");
338 for (i = 0; i < rdata->message[LEN]; i++) {
339 fprintf(stderr, "%02x", rdata->message[i+1]);
340 }
341 fprintf(stderr, "\n");
342 }
343 }
344 } while(cnt--);
345
346 if (cnt == -1) {
347 fprintf(stderr, "\nMissing ACK!\n");
348 return 0;
349 }
350 }
351 }
352 break;
353 }
354
355 id++;
356 return 1;
357 }
358
359 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
360 {
361 uint8_t out[0x40];
362 int pfd;
363
364 printf("Entering %uk-mode\n", speed);
365
366 switch(dev->type) {
367 case DEVICE_TYPE_HMCFGUSB:
368 memset(out, 0, sizeof(out));
369 out[0] = 'G';
370 out[1] = speed;
371
372 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
373
374 while (1) {
375 errno = 0;
376 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
377 if ((pfd < 0) && errno) {
378 if (errno != ETIMEDOUT) {
379 perror("\n\nhmcfgusb_poll");
380 exit(EXIT_FAILURE);
381 }
382 }
383 if (rdata->speed == speed)
384 break;
385 }
386 break;
387 case DEVICE_TYPE_CULFW:
388 if (speed == 100) {
389 return culfw_send(dev->culfw, "AR\r\n", 4);
390 } else {
391 return culfw_send(dev->culfw, "Ar\r\n", 4);
392 }
393 break;
394 }
395
396 return 1;
397 }
398
399 void flash_ota_syntax(char *prog)
400 {
401 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
402 fprintf(stderr, "Mandatory parameters:\n");
403 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
404 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
405 fprintf(stderr, "\nOptional parameters:\n");
406 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
407 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
408 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
409 fprintf(stderr, "\t-S serial\tuse HM-CFG-USB with given serial\n");
410 fprintf(stderr, "\t-h\t\tthis help\n");
411 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
412 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
413 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
414 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
415 }
416
417 int main(int argc, char **argv)
418 {
419 const char twiddlie[] = { '-', '\\', '|', '/' };
420 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
421 char *fw_file = NULL;
422 char *serial = NULL;
423 char *culfw_dev = NULL;
424 char *endptr = NULL;
425 unsigned int bps = DEFAULT_CUL_BPS;
426 struct ota_dev dev;
427 struct recv_data rdata;
428 uint8_t out[0x40];
429 uint8_t *pos;
430 uint8_t msgid = 0x1;
431 uint16_t len;
432 struct firmware *fw;
433 char *hmcfgusb_serial = NULL;
434 int block;
435 int pfd;
436 int debug = 0;
437 int cnt;
438 int switchcnt = 0;
439 int msgnum = 0;
440 int switched = 0;
441 int opt;
442
443 printf("HomeMatic OTA flasher version " VERSION "\n\n");
444
445 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:S:")) != -1) {
446 switch (opt) {
447 case 'b':
448 bps = atoi(optarg);
449 break;
450 case 'c':
451 culfw_dev = optarg;
452 break;
453 case 'f':
454 fw_file = optarg;
455 break;
456 case 'l':
457 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
458 max_payloadlen = LOWER_MAX_PAYLOAD;
459 break;
460 case 's':
461 serial = optarg;
462 break;
463 case 'C':
464 my_hmid = strtoul(optarg, &endptr, 16);
465 if (*endptr != '\0') {
466 fprintf(stderr, "Invalid central HMID!\n\n");
467 flash_ota_syntax(argv[0]);
468 exit(EXIT_FAILURE);
469 }
470 break;
471 case 'D':
472 hmid = strtoul(optarg, &endptr, 16);
473 if (*endptr != '\0') {
474 fprintf(stderr, "Invalid device HMID!\n\n");
475 flash_ota_syntax(argv[0]);
476 exit(EXIT_FAILURE);
477 }
478 break;
479 case 'K':
480 kNo = strtoul(optarg, &endptr, 10);
481 if (*endptr != ':') {
482 fprintf(stderr, "Invalid key number!\n\n");
483 flash_ota_syntax(argv[0]);
484 exit(EXIT_FAILURE);
485 }
486 endptr++;
487 for (cnt = 0; cnt < 16; cnt++) {
488 if (*endptr == '\0' || *(endptr+1) == '\0' ||
489 !validate_nibble(*endptr) ||
490 !validate_nibble(*(endptr+1))) {
491 fprintf(stderr, "Invalid key!\n\n");
492 flash_ota_syntax(argv[0]);
493 exit(EXIT_FAILURE);
494 }
495 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
496 endptr += 2;
497 }
498 break;
499 case 'S':
500 hmcfgusb_serial = optarg;
501 break;
502 case 'h':
503 case ':':
504 case '?':
505 default:
506 flash_ota_syntax(argv[0]);
507 exit(EXIT_FAILURE);
508 break;
509
510 }
511 }
512
513 if (!fw_file || (!serial && !hmid)) {
514 flash_ota_syntax(argv[0]);
515 exit(EXIT_FAILURE);
516 }
517
518 fw = firmware_read_firmware(fw_file, debug);
519 if (!fw)
520 exit(EXIT_FAILURE);
521
522 memset(&rdata, 0, sizeof(rdata));
523 memset(&dev, 0, sizeof(struct ota_dev));
524
525 if (culfw_dev) {
526 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
527 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
528 if (!dev.culfw) {
529 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
530 exit(EXIT_FAILURE);
531 }
532 dev.type = DEVICE_TYPE_CULFW;
533
534 printf("Requesting firmware version\n");
535 culfw_send(dev.culfw, "\r\n", 2);
536 culfw_flush(dev.culfw);
537
538 while (1) {
539 culfw_send(dev.culfw, "V\r\n", 3);
540
541 errno = 0;
542 pfd = culfw_poll(dev.culfw, 1000);
543 if ((pfd < 0) && errno) {
544 if (errno != ETIMEDOUT) {
545 perror("\n\nhmcfgusb_poll");
546 exit(EXIT_FAILURE);
547 }
548 }
549 if (rdata.version)
550 break;
551 }
552
553 printf("culfw-device firmware version: ");
554 if (rdata.version != 0xffff) {
555 printf("%u.%02u\n",
556 (rdata.version >> 8) & 0xff,
557 rdata.version & 0xff);
558 } else {
559 printf("a-culfw\n");
560 }
561
562 if (rdata.version < 0x013a) {
563 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
564 exit(EXIT_FAILURE);
565 }
566 } else {
567 uint32_t new_hmid = my_hmid;
568
569 hmcfgusb_set_debug(debug);
570
571 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial);
572 if (!dev.hmcfgusb) {
573 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
574 exit(EXIT_FAILURE);
575 }
576 dev.type = DEVICE_TYPE_HMCFGUSB;
577
578 memset(out, 0, sizeof(out));
579 out[0] = 'K';
580 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
581
582 while (1) {
583 errno = 0;
584 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
585 if ((pfd < 0) && errno) {
586 if (errno != ETIMEDOUT) {
587 perror("\n\nhmcfgusb_poll");
588 exit(EXIT_FAILURE);
589 }
590 }
591 if (rdata.version)
592 break;
593 }
594
595 if (rdata.version < 0x3c7) {
596 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
597 exit(EXIT_FAILURE);
598 }
599
600 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
601
602 if (rdata.credits >= 40) {
603 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
604
605 if (!dev.hmcfgusb->bootloader) {
606 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
607 printf("Waiting for device to reappear...\n");
608
609 do {
610 if (dev.hmcfgusb) {
611 if (!dev.hmcfgusb->bootloader)
612 hmcfgusb_enter_bootloader(dev.hmcfgusb);
613 hmcfgusb_close(dev.hmcfgusb);
614 }
615 sleep(1);
616 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (!dev.hmcfgusb->bootloader));
617 }
618
619 if (dev.hmcfgusb->bootloader) {
620 printf("HM-CFG-USB in bootloader mode, rebooting\n");
621
622 do {
623 if (dev.hmcfgusb) {
624 if (dev.hmcfgusb->bootloader)
625 hmcfgusb_leave_bootloader(dev.hmcfgusb);
626 hmcfgusb_close(dev.hmcfgusb);
627 }
628 sleep(1);
629 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (dev.hmcfgusb->bootloader));
630 }
631 }
632
633 printf("\n\nHM-CFG-USB opened\n\n");
634
635 if (new_hmid && (my_hmid != new_hmid)) {
636 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
637
638 memset(out, 0, sizeof(out));
639 out[0] = 'A';
640 out[1] = (new_hmid >> 16) & 0xff;
641 out[2] = (new_hmid >> 8) & 0xff;
642 out[3] = new_hmid & 0xff;
643
644 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
645
646 my_hmid = new_hmid;
647 }
648
649 if (kNo > 0) {
650 printf("Setting AES-key\n");
651
652 memset(out, 0, sizeof(out));
653 out[0] = 'Y';
654 out[1] = 0x01;
655 out[2] = kNo;
656 out[3] = sizeof(key);
657 memcpy(&(out[4]), key, sizeof(key));
658 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
659
660 memset(out, 0, sizeof(out));
661 out[0] = 'Y';
662 out[1] = 0x02;
663 out[2] = 0x00;
664 out[3] = 0x00;
665 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
666
667 memset(out, 0, sizeof(out));
668 out[0] = 'Y';
669 out[1] = 0x03;
670 out[2] = 0x00;
671 out[3] = 0x00;
672 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
673 }
674 }
675
676 if (!switch_speed(&dev, &rdata, 10)) {
677 fprintf(stderr, "Can't switch speed!\n");
678 exit(EXIT_FAILURE);
679 }
680
681 if (hmid && my_hmid) {
682 printf("Sending device with hmid %06x to bootloader\n", hmid);
683 out[CTL] = 0x30;
684 out[TYPE] = 0x11;
685 SET_SRC(out, my_hmid);
686 SET_DST(out, hmid);
687 out[PAYLOAD] = 0xCA;
688 SET_LEN_FROM_PAYLOADLEN(out, 1);
689
690 cnt = 3;
691 do {
692 out[MSGID] = msgid++;
693 if (send_hm_message(&dev, &rdata, out)) {
694 break;
695 }
696 } while (cnt--);
697 if (cnt == -1) {
698 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
699 }
700 }
701
702 if (serial) {
703 printf("Waiting for device with serial %s\n", serial);
704 } else {
705 printf("Waiting for device with HMID %06x\n", hmid);
706 }
707
708 while (1) {
709 errno = 0;
710 switch (dev.type) {
711 case DEVICE_TYPE_CULFW:
712 pfd = culfw_poll(dev.culfw, 1000);
713 break;
714 case DEVICE_TYPE_HMCFGUSB:
715 default:
716 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
717 break;
718 }
719
720 if ((pfd < 0) && errno) {
721 if (errno != ETIMEDOUT) {
722 perror("\n\npoll");
723 exit(EXIT_FAILURE);
724 }
725 }
726
727 if ((rdata.message[LEN] == 0x14) && /* Length */
728 (rdata.message[MSGID] == 0x00) && /* Message ID */
729 (rdata.message[CTL] == 0x00) && /* Control Byte */
730 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
731 (DST(rdata.message) == 0x000000) && /* Broadcast */
732 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
733 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
734 hmid = SRC(rdata.message);
735 break;
736 } else if (!serial && SRC(rdata.message) == hmid) {
737 serial = (char*)&(rdata.message[0x0b]);
738 break;
739 }
740 }
741 }
742
743 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
744
745 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
746 printf("Adding HMID\n");
747
748 memset(out, 0, sizeof(out));
749 out[0] = '+';
750 out[1] = (hmid >> 16) & 0xff;
751 out[2] = (hmid >> 8) & 0xff;
752 out[3] = hmid & 0xff;
753
754 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
755 }
756
757 switchcnt = 3;
758 do {
759 printf("Initiating remote switch to 100k\n");
760
761 memset(out, 0, sizeof(out));
762
763 out[MSGID] = msgid++;
764 out[CTL] = 0x00;
765 out[TYPE] = 0xCB;
766 SET_SRC(out, my_hmid);
767 SET_DST(out, hmid);
768
769 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
770 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
771
772 if (!send_hm_message(&dev, &rdata, out)) {
773 exit(EXIT_FAILURE);
774 }
775
776 if (!switch_speed(&dev, &rdata, 100)) {
777 fprintf(stderr, "Can't switch speed!\n");
778 exit(EXIT_FAILURE);
779 }
780
781 printf("Has the device switched?\n");
782
783 memset(out, 0, sizeof(out));
784
785 out[MSGID] = msgid++;
786 out[CTL] = 0x20;
787 out[TYPE] = 0xCB;
788 SET_SRC(out, my_hmid);
789 SET_DST(out, hmid);
790
791 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
792 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
793
794 cnt = 3;
795 do {
796 if (send_hm_message(&dev, &rdata, out)) {
797 /* A0A02000221B9AD00000000 */
798 switched = 1;
799 break;
800 }
801 } while (cnt--);
802
803 if (!switched) {
804 printf("No!\n");
805
806 if (!switch_speed(&dev, &rdata, 10)) {
807 fprintf(stderr, "Can't switch speed!\n");
808 exit(EXIT_FAILURE);
809 }
810 }
811 } while ((!switched) && (switchcnt--));
812
813 if (!switched) {
814 fprintf(stderr, "Too many errors, giving up!\n");
815 exit(EXIT_FAILURE);
816 }
817
818 printf("Yes!\n");
819
820 printf("Flashing %d blocks", fw->fw_blocks);
821 if (debug) {
822 printf("\n");
823 } else {
824 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
825 fflush(stdout);
826 }
827
828 for (block = 0; block < fw->fw_blocks; block++) {
829 int first;
830
831 len = fw->fw[block][2] << 8;
832 len |= fw->fw[block][3];
833
834 pos = &(fw->fw[block][2]);
835
836 len += 2; /* length */
837
838 if (debug)
839 hexdump(pos, len, "F> ");
840
841 first = 1;
842 cnt = 0;
843 do {
844 int payloadlen = max_payloadlen - 2;
845 int ack = 0;
846
847 if (first) {
848 payloadlen = max_payloadlen;
849 first = 0;
850 }
851
852 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
853 payloadlen = (len - (pos - &(fw->fw[block][2])));
854
855 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
856 ack = 1;
857
858 memset(&rdata, 0, sizeof(rdata));
859
860 memset(out, 0, sizeof(out));
861
862 out[MSGID] = msgid;
863 if (ack)
864 out[CTL] = 0x20;
865 out[TYPE] = 0xCA;
866 SET_SRC(out, my_hmid);
867 SET_DST(out, hmid);
868
869 memcpy(&out[PAYLOAD], pos, payloadlen);
870 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
871
872 if (send_hm_message(&dev, &rdata, out)) {
873 pos += payloadlen;
874 } else {
875 pos = &(fw->fw[block][2]);
876 cnt++;
877 if (cnt == MAX_RETRIES) {
878 fprintf(stderr, "\nToo many errors, giving up!\n");
879 exit(EXIT_FAILURE);
880 } else {
881 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
882 }
883 }
884
885 msgnum++;
886
887 if (!debug) {
888 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
889 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
890 fflush(stdout);
891 }
892 } while((pos - &(fw->fw[block][2])) < len);
893 msgid++;
894 }
895
896 firmware_free(fw);
897
898 printf("\n");
899
900 if (!switch_speed(&dev, &rdata, 10)) {
901 fprintf(stderr, "Can't switch speed!\n");
902 exit(EXIT_FAILURE);
903 }
904
905 printf("Waiting for device to reboot\n");
906
907 cnt = 10;
908 do {
909 errno = 0;
910 switch(dev.type) {
911 case DEVICE_TYPE_CULFW:
912 pfd = culfw_poll(dev.culfw, 1000);
913 break;
914 case DEVICE_TYPE_HMCFGUSB:
915 default:
916 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
917 break;
918 }
919 if ((pfd < 0) && errno) {
920 if (errno != ETIMEDOUT) {
921 perror("\n\npoll");
922 exit(EXIT_FAILURE);
923 }
924 }
925 if (rdata.message_type == MESSAGE_TYPE_E) {
926 break;
927 }
928 } while(cnt--);
929
930 if (rdata.message_type == MESSAGE_TYPE_E) {
931 printf("Device rebooted\n");
932 }
933
934 switch(dev.type) {
935 case DEVICE_TYPE_HMCFGUSB:
936 hmcfgusb_close(dev.hmcfgusb);
937 hmcfgusb_exit();
938 break;
939 case DEVICE_TYPE_CULFW:
940 culfw_close(dev.culfw);
941 break;
942 }
943
944 return EXIT_SUCCESS;
945 }
Impressum, Datenschutz