add OTA support for culfw-based devices
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47
48 extern char *optarg;
49
50 uint32_t hmid = 0;
51 uint32_t my_hmid = 0;
52
53 enum device_type {
54 DEVICE_TYPE_HMCFGUSB,
55 DEVICE_TYPE_CULFW,
56 };
57
58 struct ota_dev {
59 int type;
60 struct hmcfgusb_dev *hmcfgusb;
61 struct culfw_dev *culfw;
62 };
63
64 enum message_type {
65 MESSAGE_TYPE_E = 1,
66 MESSAGE_TYPE_R = 2,
67 };
68
69 struct recv_data {
70 uint8_t message[64];
71 enum message_type message_type;
72 uint16_t status;
73 int speed;
74 uint16_t hmcfgusb_version;
75 };
76
77 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
78 {
79 struct recv_data *rdata = data;
80
81 if (buf_len < 1)
82 return 1;
83
84 switch (buf[0]) {
85 case 'E':
86 if ((!hmid) ||
87 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
88 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
89 (buf[0x13] == (hmid & 0xff)))) {
90 memset(rdata->message, 0, sizeof(rdata->message));
91 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
92 rdata->message_type = MESSAGE_TYPE_E;
93 }
94 break;
95 case 'R':
96 memset(rdata->message, 0, sizeof(rdata->message));
97 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
98 rdata->status = (buf[5] << 8) | buf[6];
99 rdata->message_type = MESSAGE_TYPE_R;
100 break;
101 case 'G':
102 rdata->speed = buf[1];
103 break;
104 case 'H':
105 rdata->hmcfgusb_version = (buf[11] << 8) | buf[12];
106 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
107 break;
108 default:
109 break;
110 }
111
112 if (buf_len != 1)
113 return 1;
114
115 return 1;
116 }
117
118 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
119 {
120 struct recv_data *rdata = data;
121 int pos = 0;
122
123 memset(rdata, 0, sizeof(struct recv_data));
124
125 if (buf_len <= 3)
126 return 0;
127
128 if (buf[0] != 'A')
129 return 0;
130
131 if (buf[1] == 's')
132 return 0;
133
134 while(validate_nibble(buf[(pos * 2) + 1]) &&
135 validate_nibble(buf[(pos * 2) + 2]) &&
136 (pos + 1 < buf_len)) {
137 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
138 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
139 pos++;
140 }
141
142 if (hmid && (SRC(rdata->message) != hmid))
143 return 0;
144
145 rdata->message_type = MESSAGE_TYPE_E;
146
147 return 1;
148 }
149
150 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
151 {
152 static uint32_t id = 1;
153 struct timeval tv;
154 uint8_t out[0x40];
155 int pfd;
156
157 switch(dev->type) {
158 case DEVICE_TYPE_HMCFGUSB:
159 if (gettimeofday(&tv, NULL) == -1) {
160 perror("gettimeofay");
161 return 0;
162 }
163
164 memset(out, 0, sizeof(out));
165
166 out[0] = 'S';
167 out[1] = (id >> 24) & 0xff;
168 out[2] = (id >> 16) & 0xff;
169 out[3] = (id >> 8) & 0xff;
170 out[4] = id & 0xff;
171 out[10] = 0x01;
172 out[11] = (tv.tv_usec >> 24) & 0xff;
173 out[12] = (tv.tv_usec >> 16) & 0xff;
174 out[13] = (tv.tv_usec >> 8) & 0xff;
175 out[14] = tv.tv_usec & 0xff;
176
177 memcpy(&out[0x0f], msg, msg[0] + 1);
178
179 memset(rdata, 0, sizeof(struct recv_data));
180 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
181
182 while (1) {
183 if (rdata->message_type == MESSAGE_TYPE_R) {
184 if (((rdata->status & 0xff) == 0x01) ||
185 ((rdata->status & 0xff) == 0x02)) {
186 break;
187 } else {
188 if ((rdata->status & 0xff00) == 0x0400) {
189 fprintf(stderr, "\nOut of credits!\n");
190 } else if ((rdata->status & 0xff) == 0x08) {
191 fprintf(stderr, "\nMissing ACK!\n");
192 } else {
193 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
194 }
195 return 0;
196 }
197 }
198 errno = 0;
199 pfd = hmcfgusb_poll(dev->hmcfgusb, 1);
200 if ((pfd < 0) && errno) {
201 if (errno != ETIMEDOUT) {
202 perror("\n\nhmcfgusb_poll");
203 exit(EXIT_FAILURE);
204 }
205 }
206 }
207 break;
208 case DEVICE_TYPE_CULFW:
209 {
210 char buf[128];
211 int i;
212
213 memset(buf, 0, sizeof(buf));
214 buf[0] = 'A';
215 buf[1] = 's';
216 for (i = 0; i < msg[0] + 1; i++) {
217 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
218 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
219 }
220 buf[2 + (i * 2) ] = '\r';
221 buf[2 + (i * 2) + 1] = '\n';
222
223 memset(rdata, 0, sizeof(struct recv_data));
224 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
225 fprintf(stderr, "culfw_send failed!\n");
226 exit(EXIT_FAILURE);
227 }
228
229 if (msg[CTL] & 0x20) {
230 int cnt = 10;
231 int pfd;
232 do {
233 errno = 0;
234 pfd = culfw_poll(dev->culfw, 1);
235 if ((pfd < 0) && errno) {
236 if (errno != ETIMEDOUT) {
237 perror("\n\nhmcfgusb_poll");
238 exit(EXIT_FAILURE);
239 }
240 }
241 if (rdata->message_type == MESSAGE_TYPE_E) {
242 break;
243 }
244 } while(cnt--);
245 }
246 }
247 break;
248 }
249
250 id++;
251 return 1;
252 }
253
254 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
255 {
256 uint8_t out[0x40];
257 int pfd;
258
259 printf("Entering %uk-mode\n", speed);
260
261 switch(dev->type) {
262 case DEVICE_TYPE_HMCFGUSB:
263 memset(out, 0, sizeof(out));
264 out[0] = 'G';
265 out[1] = speed;
266
267 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
268
269 while (1) {
270 errno = 0;
271 pfd = hmcfgusb_poll(dev->hmcfgusb, 1);
272 if ((pfd < 0) && errno) {
273 if (errno != ETIMEDOUT) {
274 perror("\n\nhmcfgusb_poll");
275 exit(EXIT_FAILURE);
276 }
277 }
278 if (rdata->speed == speed)
279 break;
280 }
281 break;
282 case DEVICE_TYPE_CULFW:
283 if (speed == 100) {
284 return culfw_send(dev->culfw, "AR\r\n", 4);
285 } else {
286 return culfw_send(dev->culfw, "Ar\r\n", 4);
287 }
288 break;
289 }
290
291 return 1;
292 }
293
294 void flash_ota_syntax(char *prog)
295 {
296 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
297 fprintf(stderr, "Mandatory parameters:\n");
298 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
299 fprintf(stderr, "\t-s SERIAL\tserial of device to flash\n");
300 fprintf(stderr, "\nPossible options:\n");
301 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
302 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
303 fprintf(stderr, "\t-h\t\tthis help\n");
304 }
305
306 int main(int argc, char **argv)
307 {
308 const char twiddlie[] = { '-', '\\', '|', '/' };
309 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
310 char *fw_file = NULL;
311 char *serial = NULL;
312 char *culfw_dev = NULL;
313 unsigned int bps = DEFAULT_CUL_BPS;
314 struct ota_dev dev;
315 struct recv_data rdata;
316 uint8_t out[0x40];
317 uint8_t *pos;
318 uint8_t msgid = 0x1;
319 uint16_t len;
320 struct firmware *fw;
321 int block;
322 int pfd;
323 int debug = 0;
324 int cnt;
325 int switchcnt = 0;
326 int msgnum = 0;
327 int switched = 0;
328 int opt;
329
330 printf("HomeMatic OTA flasher version " VERSION "\n\n");
331
332 while((opt = getopt(argc, argv, "f:s:c:s:h")) != -1) {
333 switch (opt) {
334 case 'b':
335 bps = atoi(optarg);
336 break;
337 case 'c':
338 culfw_dev = optarg;
339 break;
340 case 'f':
341 fw_file = optarg;
342 break;
343 case 's':
344 serial = optarg;
345 break;
346 case 'h':
347 case ':':
348 case '?':
349 default:
350 flash_ota_syntax(argv[0]);
351 exit(EXIT_FAILURE);
352 break;
353
354 }
355 }
356
357 if (!fw_file || !serial) {
358 flash_ota_syntax(argv[0]);
359 exit(EXIT_FAILURE);
360 }
361
362 fw = firmware_read_firmware(fw_file, debug);
363 if (!fw)
364 exit(EXIT_FAILURE);
365
366 memset(&rdata, 0, sizeof(rdata));
367 memset(&dev, 0, sizeof(struct ota_dev));
368
369 if (culfw_dev) {
370 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
371 if (!dev.culfw) {
372 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
373 exit(EXIT_FAILURE);
374 }
375 dev.type = DEVICE_TYPE_CULFW;
376 } else {
377 hmcfgusb_set_debug(debug);
378
379 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata);
380 if (!dev.hmcfgusb) {
381 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
382 exit(EXIT_FAILURE);
383 }
384 dev.type = DEVICE_TYPE_HMCFGUSB;
385
386 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
387
388 if (!dev.hmcfgusb->bootloader) {
389 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
390 hmcfgusb_enter_bootloader(dev.hmcfgusb);
391 printf("Waiting for device to reappear...\n");
392
393 do {
394 if (dev.hmcfgusb) {
395 hmcfgusb_close(dev.hmcfgusb);
396 }
397 sleep(1);
398 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
399 }
400
401 if (dev.hmcfgusb->bootloader) {
402 printf("HM-CFG-USB in bootloader mode, rebooting\n");
403 hmcfgusb_leave_bootloader(dev.hmcfgusb);
404
405 do {
406 if (dev.hmcfgusb) {
407 hmcfgusb_close(dev.hmcfgusb);
408 }
409 sleep(1);
410 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
411 }
412
413 printf("\n\nHM-CFG-USB opened\n\n");
414
415 memset(out, 0, sizeof(out));
416 out[0] = 'K';
417 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
418
419 while (1) {
420 errno = 0;
421 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
422 if ((pfd < 0) && errno) {
423 if (errno != ETIMEDOUT) {
424 perror("\n\nhmcfgusb_poll");
425 exit(EXIT_FAILURE);
426 }
427 }
428 if (rdata.hmcfgusb_version)
429 break;
430 }
431
432 if (rdata.hmcfgusb_version < 0x3c7) {
433 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
434 exit(EXIT_FAILURE);
435 }
436
437 printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);
438 }
439
440 if (!switch_speed(&dev, &rdata, 10)) {
441 fprintf(stderr, "Can't switch speed!\n");
442 exit(EXIT_FAILURE);
443 }
444
445 printf("Waiting for device with serial %s\n", serial);
446
447 while (1) {
448 switch (dev.type) {
449 errno = 0;
450 case DEVICE_TYPE_CULFW:
451 pfd = culfw_poll(dev.culfw, 1);
452 break;
453 case DEVICE_TYPE_HMCFGUSB:
454 default:
455 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
456 break;
457 }
458
459 if ((pfd < 0) && errno) {
460 if (errno != ETIMEDOUT) {
461 perror("\n\npoll");
462 exit(EXIT_FAILURE);
463 }
464 }
465
466 if ((rdata.message[LEN] == 0x14) && /* Length */
467 (rdata.message[MSGID] == 0x00) && /* Message ID */
468 (rdata.message[CTL] == 0x00) && /* Control Byte */
469 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
470 (DST(rdata.message) == 0x000000) && /* Broadcast */
471 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
472 if (!strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
473 hmid = SRC(rdata.message);
474 break;
475 }
476 }
477 }
478
479 printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", serial, hmid);
480
481 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
482 printf("Adding HMID\n");
483
484 memset(out, 0, sizeof(out));
485 out[0] = '+';
486 out[1] = (hmid >> 16) & 0xff;
487 out[2] = (hmid >> 8) & 0xff;
488 out[3] = hmid & 0xff;
489
490 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
491 }
492
493 switchcnt = 3;
494 do {
495 printf("Initiating remote switch to 100k\n");
496
497 memset(out, 0, sizeof(out));
498
499 out[MSGID] = msgid++;
500 out[CTL] = 0x00;
501 out[TYPE] = 0xCB;
502 SET_SRC(out, my_hmid);
503 SET_DST(out, hmid);
504
505 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
506 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
507
508 if (!send_hm_message(&dev, &rdata, out)) {
509 exit(EXIT_FAILURE);
510 }
511
512 if (!switch_speed(&dev, &rdata, 100)) {
513 fprintf(stderr, "Can't switch speed!\n");
514 exit(EXIT_FAILURE);
515 }
516
517 printf("Has the device switched?\n");
518
519 memset(out, 0, sizeof(out));
520
521 out[MSGID] = msgid++;
522 out[CTL] = 0x20;
523 out[TYPE] = 0xCB;
524 SET_SRC(out, my_hmid);
525 SET_DST(out, hmid);
526
527 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
528 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
529
530 cnt = 3;
531 do {
532 if (send_hm_message(&dev, &rdata, out)) {
533 /* A0A02000221B9AD00000000 */
534 switched = 1;
535 break;
536 }
537 } while (cnt--);
538
539 if (!switched) {
540 printf("No!\n");
541
542 if (!switch_speed(&dev, &rdata, 10)) {
543 fprintf(stderr, "Can't switch speed!\n");
544 exit(EXIT_FAILURE);
545 }
546 }
547 } while ((!switched) && (switchcnt--));
548
549 if (!switched) {
550 fprintf(stderr, "Too many errors, giving up!\n");
551 exit(EXIT_FAILURE);
552 }
553
554 printf("Yes!\n");
555
556 printf("Flashing %d blocks", fw->fw_blocks);
557 if (debug) {
558 printf("\n");
559 } else {
560 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
561 fflush(stdout);
562 }
563
564 for (block = 0; block < fw->fw_blocks; block++) {
565 int first;
566
567 len = fw->fw[block][2] << 8;
568 len |= fw->fw[block][3];
569
570 pos = &(fw->fw[block][2]);
571
572 len += 2; /* length */
573
574 if (debug)
575 hexdump(pos, len, "F> ");
576
577 first = 1;
578 cnt = 0;
579 do {
580 int payloadlen = 35;
581 int ack = 0;
582
583 if (first) {
584 payloadlen = 37;
585 first = 0;
586 }
587
588 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
589 payloadlen = (len - (pos - &(fw->fw[block][2])));
590
591 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
592 ack = 1;
593
594 memset(&rdata, 0, sizeof(rdata));
595
596 memset(out, 0, sizeof(out));
597
598 out[MSGID] = msgid;
599 if (ack)
600 out[CTL] = 0x20;
601 out[TYPE] = 0xCA;
602 SET_SRC(out, my_hmid);
603 SET_DST(out, hmid);
604
605 memcpy(&out[PAYLOAD], pos, payloadlen);
606 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
607
608 if (send_hm_message(&dev, &rdata, out)) {
609 pos += payloadlen;
610 } else {
611 pos = &(fw->fw[block][2]);
612 cnt++;
613 if (cnt == MAX_RETRIES) {
614 fprintf(stderr, "\nToo many errors, giving up!\n");
615 exit(EXIT_FAILURE);
616 } else {
617 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
618 }
619 }
620
621 msgnum++;
622
623 if (!debug) {
624 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
625 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
626 fflush(stdout);
627 }
628 } while((pos - &(fw->fw[block][2])) < len);
629 msgid++;
630 }
631
632 firmware_free(fw);
633
634 printf("\n");
635
636 if (!switch_speed(&dev, &rdata, 10)) {
637 fprintf(stderr, "Can't switch speed!\n");
638 exit(EXIT_FAILURE);
639 }
640
641 printf("Waiting for device to reboot\n");
642
643 cnt = 10;
644 do {
645 errno = 0;
646 switch(dev.type) {
647 case DEVICE_TYPE_CULFW:
648 pfd = culfw_poll(dev.culfw, 1);
649 break;
650 case DEVICE_TYPE_HMCFGUSB:
651 default:
652 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
653 break;
654 }
655 if ((pfd < 0) && errno) {
656 if (errno != ETIMEDOUT) {
657 perror("\n\nhmcfgusb_poll");
658 exit(EXIT_FAILURE);
659 }
660 }
661 if (rdata.message_type == MESSAGE_TYPE_E) {
662 break;
663 }
664 } while(cnt--);
665
666 if (rdata.message_type == MESSAGE_TYPE_E) {
667 printf("Device rebooted\n");
668 }
669
670 switch(dev.type) {
671 case DEVICE_TYPE_HMCFGUSB:
672 hmcfgusb_close(dev.hmcfgusb);
673 break;
674 case DEVICE_TYPE_CULFW:
675 culfw_close(dev.culfw);
676 break;
677 }
678
679 return EXIT_SUCCESS;
680 }
Impressum, Datenschutz