5e24aa6ddb74216e943b4318d94ad932c882b5b1
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47 #define NORMAL_MAX_PAYLOAD 37
48 #define LOWER_MAX_PAYLOAD 17
49
50 extern char *optarg;
51
52 uint32_t hmid = 0;
53 uint32_t my_hmid = 0;
54 uint8_t key[16] = {0};
55 int32_t kNo = -1;
56
57 /* Maximum payloadlen supported by IO */
58 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
59
60 enum device_type {
61 DEVICE_TYPE_HMCFGUSB,
62 DEVICE_TYPE_CULFW,
63 };
64
65 struct ota_dev {
66 int type;
67 struct hmcfgusb_dev *hmcfgusb;
68 struct culfw_dev *culfw;
69 };
70
71 enum message_type {
72 MESSAGE_TYPE_E = 1,
73 MESSAGE_TYPE_R = 2,
74 };
75
76 struct recv_data {
77 uint8_t message[64];
78 enum message_type message_type;
79 uint16_t status;
80 int speed;
81 uint16_t version;
82 uint8_t credits;
83 };
84
85 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
86 {
87 struct recv_data *rdata = data;
88
89 if (buf_len < 1)
90 return 1;
91
92 switch (buf[0]) {
93 case 'E':
94 if ((!hmid) ||
95 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
96 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
97 (buf[0x13] == (hmid & 0xff)))) {
98 memset(rdata->message, 0, sizeof(rdata->message));
99 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
100 rdata->message_type = MESSAGE_TYPE_E;
101 }
102 break;
103 case 'R':
104 memset(rdata->message, 0, sizeof(rdata->message));
105 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
106 rdata->status = (buf[5] << 8) | buf[6];
107 rdata->message_type = MESSAGE_TYPE_R;
108 break;
109 case 'G':
110 rdata->speed = buf[1];
111 break;
112 case 'H':
113 rdata->version = (buf[11] << 8) | buf[12];
114 rdata->credits = buf[36];
115 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
116 break;
117 default:
118 break;
119 }
120
121 if (buf_len != 1)
122 return 1;
123
124 return 1;
125 }
126
127 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
128 {
129 struct recv_data *rdata = data;
130 int pos = 0;
131
132 memset(rdata, 0, sizeof(struct recv_data));
133
134 if (buf_len <= 3)
135 return 0;
136
137 switch(buf[0]) {
138 case 'A':
139 if (buf[1] == 's')
140 return 0;
141
142 while(validate_nibble(buf[(pos * 2) + 1]) &&
143 validate_nibble(buf[(pos * 2) + 2]) &&
144 (pos + 1 < buf_len)) {
145 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
146 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
147 pos++;
148 }
149
150 if (hmid && (SRC(rdata->message) != hmid))
151 return 0;
152
153 rdata->message_type = MESSAGE_TYPE_E;
154 break;
155 case 'V':
156 {
157 uint8_t v;
158 char *s;
159 char *e;
160
161 s = ((char*)buf) + 2;
162 e = strchr(s, '.');
163 if (!e) {
164 fprintf(stderr, "Unknown response from CUL: %s", buf);
165 return 0;
166 }
167 *e = '\0';
168 v = atoi(s);
169 rdata->version = v << 8;
170
171 s = e + 1;
172 e = strchr(s, ' ');
173 if (!e) {
174 fprintf(stderr, "Unknown response from CUL: %s", buf);
175 return 0;
176 }
177 *e = '\0';
178 v = atoi(s);
179 rdata->version |= v;
180 }
181 break;
182 case 'E':
183 {
184 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
185 fprintf(stderr, "CCA didn't complete, too much traffic\n");
186 }
187 break;
188 }
189 default:
190 fprintf(stderr, "Unknown response from CUL: %s", buf);
191 return 0;
192 break;
193 }
194
195 return 1;
196 }
197
198 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
199 {
200 static uint32_t id = 1;
201 struct timeval tv;
202 uint8_t out[0x40];
203 int pfd;
204
205 switch(dev->type) {
206 case DEVICE_TYPE_HMCFGUSB:
207 if (gettimeofday(&tv, NULL) == -1) {
208 perror("gettimeofay");
209 return 0;
210 }
211
212 memset(out, 0, sizeof(out));
213
214 out[0] = 'S';
215 out[1] = (id >> 24) & 0xff;
216 out[2] = (id >> 16) & 0xff;
217 out[3] = (id >> 8) & 0xff;
218 out[4] = id & 0xff;
219 out[10] = 0x01;
220 out[11] = (tv.tv_usec >> 24) & 0xff;
221 out[12] = (tv.tv_usec >> 16) & 0xff;
222 out[13] = (tv.tv_usec >> 8) & 0xff;
223 out[14] = tv.tv_usec & 0xff;
224
225 memcpy(&out[0x0f], msg, msg[0] + 1);
226
227 memset(rdata, 0, sizeof(struct recv_data));
228 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
229
230 while (1) {
231 if (rdata->message_type == MESSAGE_TYPE_R) {
232 if (((rdata->status & 0xdf) == 0x01) ||
233 ((rdata->status & 0xdf) == 0x02)) {
234 break;
235 } else {
236 if ((rdata->status & 0xff00) == 0x0400) {
237 fprintf(stderr, "\nOut of credits!\n");
238 } else if ((rdata->status & 0xff) == 0x08) {
239 fprintf(stderr, "\nMissing ACK!\n");
240 } else if ((rdata->status & 0xff) == 0x30) {
241 fprintf(stderr, "\nUnknown AES-key requested!\n");
242 } else {
243 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
244 }
245 return 0;
246 }
247 }
248 errno = 0;
249 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
250 if ((pfd < 0) && errno) {
251 if (errno != ETIMEDOUT) {
252 perror("\n\nhmcfgusb_poll");
253 exit(EXIT_FAILURE);
254 }
255 }
256 }
257 break;
258 case DEVICE_TYPE_CULFW:
259 {
260 char buf[256];
261 int i;
262
263 memset(buf, 0, sizeof(buf));
264 buf[0] = 'A';
265 buf[1] = 's';
266 for (i = 0; i < msg[0] + 1; i++) {
267 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
268 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
269 }
270 buf[2 + (i * 2) ] = '\r';
271 buf[2 + (i * 2) + 1] = '\n';
272
273 memset(rdata, 0, sizeof(struct recv_data));
274 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
275 fprintf(stderr, "culfw_send failed!\n");
276 exit(EXIT_FAILURE);
277 }
278
279 if (msg[CTL] & 0x20) {
280 int cnt = 5;
281 int pfd;
282 do {
283 errno = 0;
284 pfd = culfw_poll(dev->culfw, 200);
285 if ((pfd < 0) && errno) {
286 if (errno != ETIMEDOUT) {
287 perror("\n\nculfw_poll");
288 exit(EXIT_FAILURE);
289 }
290 }
291 if (rdata->message_type == MESSAGE_TYPE_E) {
292 if (rdata->message[TYPE] == 0x02) {
293 if (rdata->message[PAYLOAD] == 0x04) {
294 int32_t req_kNo;
295 uint8_t challenge[6];
296 uint8_t respbuf[16];
297 uint8_t *resp;
298
299 req_kNo = rdata->message[rdata->message[LEN]] / 2;
300 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
301
302 if (req_kNo != kNo) {
303 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
304 } else {
305 resp = hm_sign(key, challenge, msg, NULL, respbuf);
306 if (resp) {
307 uint8_t rbuf[64];
308
309 memset(rbuf, 0, sizeof(rbuf));
310 rbuf[MSGID] = rdata->message[MSGID];
311 rbuf[CTL] = rdata->message[CTL];
312 rbuf[TYPE] = 0x03;
313 SET_SRC(rbuf, DST(rdata->message));
314 SET_DST(rbuf, SRC(rdata->message));
315 memcpy(&(rbuf[PAYLOAD]), resp, 16);
316 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
317
318 return send_hm_message(dev, rdata, rbuf);
319 }
320 }
321 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
322 fprintf(stderr, "NACK\n");
323 } else { /* ACK or ACKinfo */
324 break;
325 }
326 } else {
327 fprintf(stderr, "Unexpected message received: ");
328 for (i = 0; i < rdata->message[LEN]; i++) {
329 fprintf(stderr, "%02x", rdata->message[i+1]);
330 }
331 fprintf(stderr, "\n");
332 }
333 }
334 } while(cnt--);
335
336 if (cnt == -1) {
337 fprintf(stderr, "\nMissing ACK!\n");
338 return 0;
339 }
340 }
341 }
342 break;
343 }
344
345 id++;
346 return 1;
347 }
348
349 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
350 {
351 uint8_t out[0x40];
352 int pfd;
353
354 printf("Entering %uk-mode\n", speed);
355
356 switch(dev->type) {
357 case DEVICE_TYPE_HMCFGUSB:
358 memset(out, 0, sizeof(out));
359 out[0] = 'G';
360 out[1] = speed;
361
362 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
363
364 while (1) {
365 errno = 0;
366 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
367 if ((pfd < 0) && errno) {
368 if (errno != ETIMEDOUT) {
369 perror("\n\nhmcfgusb_poll");
370 exit(EXIT_FAILURE);
371 }
372 }
373 if (rdata->speed == speed)
374 break;
375 }
376 break;
377 case DEVICE_TYPE_CULFW:
378 if (speed == 100) {
379 return culfw_send(dev->culfw, "AR\r\n", 4);
380 } else {
381 return culfw_send(dev->culfw, "Ar\r\n", 4);
382 }
383 break;
384 }
385
386 return 1;
387 }
388
389 void flash_ota_syntax(char *prog)
390 {
391 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
392 fprintf(stderr, "Mandatory parameters:\n");
393 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
394 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
395 fprintf(stderr, "\nOptional parameters:\n");
396 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
397 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
398 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
399 fprintf(stderr, "\t-h\t\tthis help\n");
400 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
401 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
402 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
403 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
404 }
405
406 int main(int argc, char **argv)
407 {
408 const char twiddlie[] = { '-', '\\', '|', '/' };
409 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
410 char *fw_file = NULL;
411 char *serial = NULL;
412 char *culfw_dev = NULL;
413 char *endptr = NULL;
414 unsigned int bps = DEFAULT_CUL_BPS;
415 struct ota_dev dev;
416 struct recv_data rdata;
417 uint8_t out[0x40];
418 uint8_t *pos;
419 uint8_t msgid = 0x1;
420 uint16_t len;
421 struct firmware *fw;
422 int block;
423 int pfd;
424 int debug = 0;
425 int cnt;
426 int switchcnt = 0;
427 int msgnum = 0;
428 int switched = 0;
429 int opt;
430
431 printf("HomeMatic OTA flasher version " VERSION "\n\n");
432
433 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:")) != -1) {
434 switch (opt) {
435 case 'b':
436 bps = atoi(optarg);
437 break;
438 case 'c':
439 culfw_dev = optarg;
440 break;
441 case 'f':
442 fw_file = optarg;
443 break;
444 case 'l':
445 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
446 max_payloadlen = LOWER_MAX_PAYLOAD;
447 break;
448 case 's':
449 serial = optarg;
450 break;
451 case 'C':
452 my_hmid = strtoul(optarg, &endptr, 16);
453 if (*endptr != '\0') {
454 fprintf(stderr, "Invalid central HMID!\n\n");
455 flash_ota_syntax(argv[0]);
456 exit(EXIT_FAILURE);
457 }
458 break;
459 case 'D':
460 hmid = strtoul(optarg, &endptr, 16);
461 if (*endptr != '\0') {
462 fprintf(stderr, "Invalid device HMID!\n\n");
463 flash_ota_syntax(argv[0]);
464 exit(EXIT_FAILURE);
465 }
466 break;
467 case 'K':
468 kNo = strtoul(optarg, &endptr, 10);
469 if (*endptr != ':') {
470 fprintf(stderr, "Invalid key number!\n\n");
471 flash_ota_syntax(argv[0]);
472 exit(EXIT_FAILURE);
473 }
474 endptr++;
475 for (cnt = 0; cnt < 16; cnt++) {
476 if (*endptr == '\0' || *(endptr+1) == '\0' ||
477 !validate_nibble(*endptr) ||
478 !validate_nibble(*(endptr+1))) {
479 fprintf(stderr, "Invalid key!\n\n");
480 flash_ota_syntax(argv[0]);
481 exit(EXIT_FAILURE);
482 }
483 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
484 endptr += 2;
485 }
486 break;
487 case 'h':
488 case ':':
489 case '?':
490 default:
491 flash_ota_syntax(argv[0]);
492 exit(EXIT_FAILURE);
493 break;
494
495 }
496 }
497
498 if (!fw_file || (!serial && !hmid)) {
499 flash_ota_syntax(argv[0]);
500 exit(EXIT_FAILURE);
501 }
502
503 fw = firmware_read_firmware(fw_file, debug);
504 if (!fw)
505 exit(EXIT_FAILURE);
506
507 memset(&rdata, 0, sizeof(rdata));
508 memset(&dev, 0, sizeof(struct ota_dev));
509
510 if (culfw_dev) {
511 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
512 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
513 if (!dev.culfw) {
514 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
515 exit(EXIT_FAILURE);
516 }
517 dev.type = DEVICE_TYPE_CULFW;
518
519 printf("Requesting firmware version\n");
520 culfw_send(dev.culfw, "\r\n", 2);
521 culfw_flush(dev.culfw);
522
523 while (1) {
524 culfw_send(dev.culfw, "V\r\n", 3);
525
526 errno = 0;
527 pfd = culfw_poll(dev.culfw, 1000);
528 if ((pfd < 0) && errno) {
529 if (errno != ETIMEDOUT) {
530 perror("\n\nhmcfgusb_poll");
531 exit(EXIT_FAILURE);
532 }
533 }
534 if (rdata.version)
535 break;
536 }
537
538 printf("culfw-device firmware version: %u.%02u\n",
539 (rdata.version >> 8) & 0xff,
540 rdata.version & 0xff);
541
542 if (rdata.version < 0x013a) {
543 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
544 exit(EXIT_FAILURE);
545 }
546 } else {
547 uint32_t new_hmid = my_hmid;
548
549 hmcfgusb_set_debug(debug);
550
551 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata);
552 if (!dev.hmcfgusb) {
553 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
554 exit(EXIT_FAILURE);
555 }
556 dev.type = DEVICE_TYPE_HMCFGUSB;
557
558 memset(out, 0, sizeof(out));
559 out[0] = 'K';
560 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
561
562 while (1) {
563 errno = 0;
564 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
565 if ((pfd < 0) && errno) {
566 if (errno != ETIMEDOUT) {
567 perror("\n\nhmcfgusb_poll");
568 exit(EXIT_FAILURE);
569 }
570 }
571 if (rdata.version)
572 break;
573 }
574
575 if (rdata.version < 0x3c7) {
576 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
577 exit(EXIT_FAILURE);
578 }
579
580 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
581
582 if (rdata.credits >= 40) {
583 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
584
585 if (!dev.hmcfgusb->bootloader) {
586 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
587 printf("Waiting for device to reappear...\n");
588
589 do {
590 if (dev.hmcfgusb) {
591 if (!dev.hmcfgusb->bootloader)
592 hmcfgusb_enter_bootloader(dev.hmcfgusb);
593 hmcfgusb_close(dev.hmcfgusb);
594 }
595 sleep(1);
596 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
597 }
598
599 if (dev.hmcfgusb->bootloader) {
600 printf("HM-CFG-USB in bootloader mode, rebooting\n");
601
602 do {
603 if (dev.hmcfgusb) {
604 if (dev.hmcfgusb->bootloader)
605 hmcfgusb_leave_bootloader(dev.hmcfgusb);
606 hmcfgusb_close(dev.hmcfgusb);
607 }
608 sleep(1);
609 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
610 }
611 }
612
613 printf("\n\nHM-CFG-USB opened\n\n");
614
615 if (new_hmid && (my_hmid != new_hmid)) {
616 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
617
618 memset(out, 0, sizeof(out));
619 out[0] = 'A';
620 out[1] = (new_hmid >> 16) & 0xff;
621 out[2] = (new_hmid >> 8) & 0xff;
622 out[3] = new_hmid & 0xff;
623
624 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
625
626 my_hmid = new_hmid;
627 }
628
629 if (kNo > 0) {
630 printf("Setting AES-key\n");
631
632 memset(out, 0, sizeof(out));
633 out[0] = 'Y';
634 out[1] = 0x01;
635 out[2] = kNo;
636 out[3] = sizeof(key);
637 memcpy(&(out[4]), key, sizeof(key));
638 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
639
640 memset(out, 0, sizeof(out));
641 out[0] = 'Y';
642 out[1] = 0x02;
643 out[2] = 0x00;
644 out[3] = 0x00;
645 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
646
647 memset(out, 0, sizeof(out));
648 out[0] = 'Y';
649 out[1] = 0x03;
650 out[2] = 0x00;
651 out[3] = 0x00;
652 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
653 }
654 }
655
656 if (!switch_speed(&dev, &rdata, 10)) {
657 fprintf(stderr, "Can't switch speed!\n");
658 exit(EXIT_FAILURE);
659 }
660
661 if (hmid && my_hmid) {
662 printf("Sending device with hmid %06x to bootloader\n", hmid);
663 out[CTL] = 0x30;
664 out[TYPE] = 0x11;
665 SET_SRC(out, my_hmid);
666 SET_DST(out, hmid);
667 out[PAYLOAD] = 0xCA;
668 SET_LEN_FROM_PAYLOADLEN(out, 1);
669
670 cnt = 3;
671 do {
672 out[MSGID] = msgid++;
673 if (send_hm_message(&dev, &rdata, out)) {
674 break;
675 }
676 } while (cnt--);
677 if (cnt == -1) {
678 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
679 }
680 }
681
682 if (serial) {
683 printf("Waiting for device with serial %s\n", serial);
684 } else {
685 printf("Waiting for device with HMID %06x\n", hmid);
686 }
687
688 while (1) {
689 errno = 0;
690 switch (dev.type) {
691 case DEVICE_TYPE_CULFW:
692 pfd = culfw_poll(dev.culfw, 1000);
693 break;
694 case DEVICE_TYPE_HMCFGUSB:
695 default:
696 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
697 break;
698 }
699
700 if ((pfd < 0) && errno) {
701 if (errno != ETIMEDOUT) {
702 perror("\n\npoll");
703 exit(EXIT_FAILURE);
704 }
705 }
706
707 if ((rdata.message[LEN] == 0x14) && /* Length */
708 (rdata.message[MSGID] == 0x00) && /* Message ID */
709 (rdata.message[CTL] == 0x00) && /* Control Byte */
710 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
711 (DST(rdata.message) == 0x000000) && /* Broadcast */
712 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
713 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
714 hmid = SRC(rdata.message);
715 break;
716 } else if (!serial && SRC(rdata.message) == hmid) {
717 serial = (char*)&(rdata.message[0x0b]);
718 break;
719 }
720 }
721 }
722
723 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
724
725 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
726 printf("Adding HMID\n");
727
728 memset(out, 0, sizeof(out));
729 out[0] = '+';
730 out[1] = (hmid >> 16) & 0xff;
731 out[2] = (hmid >> 8) & 0xff;
732 out[3] = hmid & 0xff;
733
734 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
735 }
736
737 switchcnt = 3;
738 do {
739 printf("Initiating remote switch to 100k\n");
740
741 memset(out, 0, sizeof(out));
742
743 out[MSGID] = msgid++;
744 out[CTL] = 0x00;
745 out[TYPE] = 0xCB;
746 SET_SRC(out, my_hmid);
747 SET_DST(out, hmid);
748
749 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
750 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
751
752 if (!send_hm_message(&dev, &rdata, out)) {
753 exit(EXIT_FAILURE);
754 }
755
756 if (!switch_speed(&dev, &rdata, 100)) {
757 fprintf(stderr, "Can't switch speed!\n");
758 exit(EXIT_FAILURE);
759 }
760
761 printf("Has the device switched?\n");
762
763 memset(out, 0, sizeof(out));
764
765 out[MSGID] = msgid++;
766 out[CTL] = 0x20;
767 out[TYPE] = 0xCB;
768 SET_SRC(out, my_hmid);
769 SET_DST(out, hmid);
770
771 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
772 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
773
774 cnt = 3;
775 do {
776 if (send_hm_message(&dev, &rdata, out)) {
777 /* A0A02000221B9AD00000000 */
778 switched = 1;
779 break;
780 }
781 } while (cnt--);
782
783 if (!switched) {
784 printf("No!\n");
785
786 if (!switch_speed(&dev, &rdata, 10)) {
787 fprintf(stderr, "Can't switch speed!\n");
788 exit(EXIT_FAILURE);
789 }
790 }
791 } while ((!switched) && (switchcnt--));
792
793 if (!switched) {
794 fprintf(stderr, "Too many errors, giving up!\n");
795 exit(EXIT_FAILURE);
796 }
797
798 printf("Yes!\n");
799
800 printf("Flashing %d blocks", fw->fw_blocks);
801 if (debug) {
802 printf("\n");
803 } else {
804 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
805 fflush(stdout);
806 }
807
808 for (block = 0; block < fw->fw_blocks; block++) {
809 int first;
810
811 len = fw->fw[block][2] << 8;
812 len |= fw->fw[block][3];
813
814 pos = &(fw->fw[block][2]);
815
816 len += 2; /* length */
817
818 if (debug)
819 hexdump(pos, len, "F> ");
820
821 first = 1;
822 cnt = 0;
823 do {
824 int payloadlen = max_payloadlen - 2;
825 int ack = 0;
826
827 if (first) {
828 payloadlen = max_payloadlen;
829 first = 0;
830 }
831
832 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
833 payloadlen = (len - (pos - &(fw->fw[block][2])));
834
835 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
836 ack = 1;
837
838 memset(&rdata, 0, sizeof(rdata));
839
840 memset(out, 0, sizeof(out));
841
842 out[MSGID] = msgid;
843 if (ack)
844 out[CTL] = 0x20;
845 out[TYPE] = 0xCA;
846 SET_SRC(out, my_hmid);
847 SET_DST(out, hmid);
848
849 memcpy(&out[PAYLOAD], pos, payloadlen);
850 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
851
852 if (send_hm_message(&dev, &rdata, out)) {
853 pos += payloadlen;
854 } else {
855 pos = &(fw->fw[block][2]);
856 cnt++;
857 if (cnt == MAX_RETRIES) {
858 fprintf(stderr, "\nToo many errors, giving up!\n");
859 exit(EXIT_FAILURE);
860 } else {
861 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
862 }
863 }
864
865 msgnum++;
866
867 if (!debug) {
868 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
869 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
870 fflush(stdout);
871 }
872 } while((pos - &(fw->fw[block][2])) < len);
873 msgid++;
874 }
875
876 firmware_free(fw);
877
878 printf("\n");
879
880 if (!switch_speed(&dev, &rdata, 10)) {
881 fprintf(stderr, "Can't switch speed!\n");
882 exit(EXIT_FAILURE);
883 }
884
885 printf("Waiting for device to reboot\n");
886
887 cnt = 10;
888 do {
889 errno = 0;
890 switch(dev.type) {
891 case DEVICE_TYPE_CULFW:
892 pfd = culfw_poll(dev.culfw, 1000);
893 break;
894 case DEVICE_TYPE_HMCFGUSB:
895 default:
896 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
897 break;
898 }
899 if ((pfd < 0) && errno) {
900 if (errno != ETIMEDOUT) {
901 perror("\n\npoll");
902 exit(EXIT_FAILURE);
903 }
904 }
905 if (rdata.message_type == MESSAGE_TYPE_E) {
906 break;
907 }
908 } while(cnt--);
909
910 if (rdata.message_type == MESSAGE_TYPE_E) {
911 printf("Device rebooted\n");
912 }
913
914 switch(dev.type) {
915 case DEVICE_TYPE_HMCFGUSB:
916 hmcfgusb_close(dev.hmcfgusb);
917 hmcfgusb_exit();
918 break;
919 case DEVICE_TYPE_CULFW:
920 culfw_close(dev.culfw);
921 break;
922 }
923
924 return EXIT_SUCCESS;
925 }
Impressum, Datenschutz