]> git.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
71cb57e548bbe35970a571ba516185f6291f6925
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "util.h"
45
46 #define MAX_RETRIES 5
47
48 extern char *optarg;
49
50 uint32_t hmid = 0;
51 uint32_t my_hmid = 0;
52
53 enum device_type {
54 DEVICE_TYPE_HMCFGUSB,
55 DEVICE_TYPE_CULFW,
56 };
57
58 struct ota_dev {
59 int type;
60 struct hmcfgusb_dev *hmcfgusb;
61 struct culfw_dev *culfw;
62 };
63
64 enum message_type {
65 MESSAGE_TYPE_E = 1,
66 MESSAGE_TYPE_R = 2,
67 };
68
69 struct recv_data {
70 uint8_t message[64];
71 enum message_type message_type;
72 uint16_t status;
73 int speed;
74 uint16_t hmcfgusb_version;
75 };
76
77 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
78 {
79 struct recv_data *rdata = data;
80
81 if (buf_len < 1)
82 return 1;
83
84 switch (buf[0]) {
85 case 'E':
86 if ((!hmid) ||
87 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
88 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
89 (buf[0x13] == (hmid & 0xff)))) {
90 memset(rdata->message, 0, sizeof(rdata->message));
91 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
92 rdata->message_type = MESSAGE_TYPE_E;
93 }
94 break;
95 case 'R':
96 memset(rdata->message, 0, sizeof(rdata->message));
97 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
98 rdata->status = (buf[5] << 8) | buf[6];
99 rdata->message_type = MESSAGE_TYPE_R;
100 break;
101 case 'G':
102 rdata->speed = buf[1];
103 break;
104 case 'H':
105 rdata->hmcfgusb_version = (buf[11] << 8) | buf[12];
106 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
107 break;
108 default:
109 break;
110 }
111
112 if (buf_len != 1)
113 return 1;
114
115 return 1;
116 }
117
118 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
119 {
120 struct recv_data *rdata = data;
121 int pos = 0;
122
123 memset(rdata, 0, sizeof(struct recv_data));
124
125 if (buf_len <= 3)
126 return 0;
127
128 if (buf[0] != 'A')
129 return 0;
130
131 if (buf[1] == 's')
132 return 0;
133
134 while(validate_nibble(buf[(pos * 2) + 1]) &&
135 validate_nibble(buf[(pos * 2) + 2]) &&
136 (pos + 1 < buf_len)) {
137 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
138 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
139 pos++;
140 }
141
142 if (hmid && (SRC(rdata->message) != hmid))
143 return 0;
144
145 rdata->message_type = MESSAGE_TYPE_E;
146
147 return 1;
148 }
149
150 int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
151 {
152 static uint32_t id = 1;
153 struct timeval tv;
154 uint8_t out[0x40];
155 int pfd;
156
157 switch(dev->type) {
158 case DEVICE_TYPE_HMCFGUSB:
159 if (gettimeofday(&tv, NULL) == -1) {
160 perror("gettimeofay");
161 return 0;
162 }
163
164 memset(out, 0, sizeof(out));
165
166 out[0] = 'S';
167 out[1] = (id >> 24) & 0xff;
168 out[2] = (id >> 16) & 0xff;
169 out[3] = (id >> 8) & 0xff;
170 out[4] = id & 0xff;
171 out[10] = 0x01;
172 out[11] = (tv.tv_usec >> 24) & 0xff;
173 out[12] = (tv.tv_usec >> 16) & 0xff;
174 out[13] = (tv.tv_usec >> 8) & 0xff;
175 out[14] = tv.tv_usec & 0xff;
176
177 memcpy(&out[0x0f], msg, msg[0] + 1);
178
179 memset(rdata, 0, sizeof(struct recv_data));
180 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
181
182 while (1) {
183 if (rdata->message_type == MESSAGE_TYPE_R) {
184 if (((rdata->status & 0xff) == 0x01) ||
185 ((rdata->status & 0xff) == 0x02)) {
186 break;
187 } else {
188 if ((rdata->status & 0xff00) == 0x0400) {
189 fprintf(stderr, "\nOut of credits!\n");
190 } else if ((rdata->status & 0xff) == 0x08) {
191 fprintf(stderr, "\nMissing ACK!\n");
192 } else {
193 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
194 }
195 return 0;
196 }
197 }
198 errno = 0;
199 pfd = hmcfgusb_poll(dev->hmcfgusb, 1);
200 if ((pfd < 0) && errno) {
201 if (errno != ETIMEDOUT) {
202 perror("\n\nhmcfgusb_poll");
203 exit(EXIT_FAILURE);
204 }
205 }
206 }
207 break;
208 case DEVICE_TYPE_CULFW:
209 {
210 char buf[128];
211 int i;
212
213 memset(buf, 0, sizeof(buf));
214 buf[0] = 'A';
215 buf[1] = 's';
216 for (i = 0; i < msg[0] + 1; i++) {
217 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
218 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
219 }
220 buf[2 + (i * 2) ] = '\r';
221 buf[2 + (i * 2) + 1] = '\n';
222
223 memset(rdata, 0, sizeof(struct recv_data));
224 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
225 fprintf(stderr, "culfw_send failed!\n");
226 exit(EXIT_FAILURE);
227 }
228
229 if (msg[CTL] & 0x20) {
230 int cnt = 3;
231 int pfd;
232 do {
233 errno = 0;
234 pfd = culfw_poll(dev->culfw, 1);
235 if ((pfd < 0) && errno) {
236 if (errno != ETIMEDOUT) {
237 perror("\n\nhmcfgusb_poll");
238 exit(EXIT_FAILURE);
239 }
240 }
241 if (rdata->message_type == MESSAGE_TYPE_E) {
242 break;
243 }
244 } while(cnt--);
245
246 if (cnt == -1) {
247 fprintf(stderr, "\nMissing ACK!\n");
248 return 0;
249 }
250 }
251 }
252 break;
253 }
254
255 id++;
256 return 1;
257 }
258
259 static int switch_speed(struct ota_dev *dev, struct recv_data *rdata, uint8_t speed)
260 {
261 uint8_t out[0x40];
262 int pfd;
263
264 printf("Entering %uk-mode\n", speed);
265
266 switch(dev->type) {
267 case DEVICE_TYPE_HMCFGUSB:
268 memset(out, 0, sizeof(out));
269 out[0] = 'G';
270 out[1] = speed;
271
272 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
273
274 while (1) {
275 errno = 0;
276 pfd = hmcfgusb_poll(dev->hmcfgusb, 1);
277 if ((pfd < 0) && errno) {
278 if (errno != ETIMEDOUT) {
279 perror("\n\nhmcfgusb_poll");
280 exit(EXIT_FAILURE);
281 }
282 }
283 if (rdata->speed == speed)
284 break;
285 }
286 break;
287 case DEVICE_TYPE_CULFW:
288 if (speed == 100) {
289 return culfw_send(dev->culfw, "AR\r\n", 4);
290 } else {
291 return culfw_send(dev->culfw, "Ar\r\n", 4);
292 }
293 break;
294 }
295
296 return 1;
297 }
298
299 void flash_ota_syntax(char *prog)
300 {
301 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
302 fprintf(stderr, "Mandatory parameters:\n");
303 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
304 fprintf(stderr, "\t-s SERIAL\tserial of device to flash\n");
305 fprintf(stderr, "\nPossible options:\n");
306 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
307 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
308 fprintf(stderr, "\t-h\t\tthis help\n");
309 }
310
311 int main(int argc, char **argv)
312 {
313 const char twiddlie[] = { '-', '\\', '|', '/' };
314 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
315 char *fw_file = NULL;
316 char *serial = NULL;
317 char *culfw_dev = NULL;
318 unsigned int bps = DEFAULT_CUL_BPS;
319 struct ota_dev dev;
320 struct recv_data rdata;
321 uint8_t out[0x40];
322 uint8_t *pos;
323 uint8_t msgid = 0x1;
324 uint16_t len;
325 struct firmware *fw;
326 int block;
327 int pfd;
328 int debug = 0;
329 int cnt;
330 int switchcnt = 0;
331 int msgnum = 0;
332 int switched = 0;
333 int opt;
334
335 printf("HomeMatic OTA flasher version " VERSION "\n\n");
336
337 while((opt = getopt(argc, argv, "b:c:f:hs:")) != -1) {
338 switch (opt) {
339 case 'b':
340 bps = atoi(optarg);
341 break;
342 case 'c':
343 culfw_dev = optarg;
344 break;
345 case 'f':
346 fw_file = optarg;
347 break;
348 case 's':
349 serial = optarg;
350 break;
351 case 'h':
352 case ':':
353 case '?':
354 default:
355 flash_ota_syntax(argv[0]);
356 exit(EXIT_FAILURE);
357 break;
358
359 }
360 }
361
362 if (!fw_file || !serial) {
363 flash_ota_syntax(argv[0]);
364 exit(EXIT_FAILURE);
365 }
366
367 fw = firmware_read_firmware(fw_file, debug);
368 if (!fw)
369 exit(EXIT_FAILURE);
370
371 memset(&rdata, 0, sizeof(rdata));
372 memset(&dev, 0, sizeof(struct ota_dev));
373
374 if (culfw_dev) {
375 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
376 if (!dev.culfw) {
377 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
378 exit(EXIT_FAILURE);
379 }
380 dev.type = DEVICE_TYPE_CULFW;
381 } else {
382 hmcfgusb_set_debug(debug);
383
384 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata);
385 if (!dev.hmcfgusb) {
386 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
387 exit(EXIT_FAILURE);
388 }
389 dev.type = DEVICE_TYPE_HMCFGUSB;
390
391 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
392
393 if (!dev.hmcfgusb->bootloader) {
394 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
395 hmcfgusb_enter_bootloader(dev.hmcfgusb);
396 printf("Waiting for device to reappear...\n");
397
398 do {
399 if (dev.hmcfgusb) {
400 hmcfgusb_close(dev.hmcfgusb);
401 }
402 sleep(1);
403 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
404 }
405
406 if (dev.hmcfgusb->bootloader) {
407 printf("HM-CFG-USB in bootloader mode, rebooting\n");
408 hmcfgusb_leave_bootloader(dev.hmcfgusb);
409
410 do {
411 if (dev.hmcfgusb) {
412 hmcfgusb_close(dev.hmcfgusb);
413 }
414 sleep(1);
415 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
416 }
417
418 printf("\n\nHM-CFG-USB opened\n\n");
419
420 memset(out, 0, sizeof(out));
421 out[0] = 'K';
422 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
423
424 while (1) {
425 errno = 0;
426 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
427 if ((pfd < 0) && errno) {
428 if (errno != ETIMEDOUT) {
429 perror("\n\nhmcfgusb_poll");
430 exit(EXIT_FAILURE);
431 }
432 }
433 if (rdata.hmcfgusb_version)
434 break;
435 }
436
437 if (rdata.hmcfgusb_version < 0x3c7) {
438 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
439 exit(EXIT_FAILURE);
440 }
441
442 printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);
443 }
444
445 if (!switch_speed(&dev, &rdata, 10)) {
446 fprintf(stderr, "Can't switch speed!\n");
447 exit(EXIT_FAILURE);
448 }
449
450 printf("Waiting for device with serial %s\n", serial);
451
452 while (1) {
453 switch (dev.type) {
454 errno = 0;
455 case DEVICE_TYPE_CULFW:
456 pfd = culfw_poll(dev.culfw, 1);
457 break;
458 case DEVICE_TYPE_HMCFGUSB:
459 default:
460 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
461 break;
462 }
463
464 if ((pfd < 0) && errno) {
465 if (errno != ETIMEDOUT) {
466 perror("\n\npoll");
467 exit(EXIT_FAILURE);
468 }
469 }
470
471 if ((rdata.message[LEN] == 0x14) && /* Length */
472 (rdata.message[MSGID] == 0x00) && /* Message ID */
473 (rdata.message[CTL] == 0x00) && /* Control Byte */
474 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
475 (DST(rdata.message) == 0x000000) && /* Broadcast */
476 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
477 if (!strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
478 hmid = SRC(rdata.message);
479 break;
480 }
481 }
482 }
483
484 printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", serial, hmid);
485
486 if (dev.type == DEVICE_TYPE_HMCFGUSB) {
487 printf("Adding HMID\n");
488
489 memset(out, 0, sizeof(out));
490 out[0] = '+';
491 out[1] = (hmid >> 16) & 0xff;
492 out[2] = (hmid >> 8) & 0xff;
493 out[3] = hmid & 0xff;
494
495 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
496 }
497
498 switchcnt = 3;
499 do {
500 printf("Initiating remote switch to 100k\n");
501
502 memset(out, 0, sizeof(out));
503
504 out[MSGID] = msgid++;
505 out[CTL] = 0x00;
506 out[TYPE] = 0xCB;
507 SET_SRC(out, my_hmid);
508 SET_DST(out, hmid);
509
510 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
511 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
512
513 if (!send_hm_message(&dev, &rdata, out)) {
514 exit(EXIT_FAILURE);
515 }
516
517 if (!switch_speed(&dev, &rdata, 100)) {
518 fprintf(stderr, "Can't switch speed!\n");
519 exit(EXIT_FAILURE);
520 }
521
522 printf("Has the device switched?\n");
523
524 memset(out, 0, sizeof(out));
525
526 out[MSGID] = msgid++;
527 out[CTL] = 0x20;
528 out[TYPE] = 0xCB;
529 SET_SRC(out, my_hmid);
530 SET_DST(out, hmid);
531
532 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
533 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
534
535 cnt = 3;
536 do {
537 if (send_hm_message(&dev, &rdata, out)) {
538 /* A0A02000221B9AD00000000 */
539 switched = 1;
540 break;
541 }
542 } while (cnt--);
543
544 if (!switched) {
545 printf("No!\n");
546
547 if (!switch_speed(&dev, &rdata, 10)) {
548 fprintf(stderr, "Can't switch speed!\n");
549 exit(EXIT_FAILURE);
550 }
551 }
552 } while ((!switched) && (switchcnt--));
553
554 if (!switched) {
555 fprintf(stderr, "Too many errors, giving up!\n");
556 exit(EXIT_FAILURE);
557 }
558
559 printf("Yes!\n");
560
561 printf("Flashing %d blocks", fw->fw_blocks);
562 if (debug) {
563 printf("\n");
564 } else {
565 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
566 fflush(stdout);
567 }
568
569 for (block = 0; block < fw->fw_blocks; block++) {
570 int first;
571
572 len = fw->fw[block][2] << 8;
573 len |= fw->fw[block][3];
574
575 pos = &(fw->fw[block][2]);
576
577 len += 2; /* length */
578
579 if (debug)
580 hexdump(pos, len, "F> ");
581
582 first = 1;
583 cnt = 0;
584 do {
585 int payloadlen = 35;
586 int ack = 0;
587
588 if (first) {
589 payloadlen = 37;
590 first = 0;
591 }
592
593 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
594 payloadlen = (len - (pos - &(fw->fw[block][2])));
595
596 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
597 ack = 1;
598
599 memset(&rdata, 0, sizeof(rdata));
600
601 memset(out, 0, sizeof(out));
602
603 out[MSGID] = msgid;
604 if (ack)
605 out[CTL] = 0x20;
606 out[TYPE] = 0xCA;
607 SET_SRC(out, my_hmid);
608 SET_DST(out, hmid);
609
610 memcpy(&out[PAYLOAD], pos, payloadlen);
611 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
612
613 if (send_hm_message(&dev, &rdata, out)) {
614 pos += payloadlen;
615 } else {
616 pos = &(fw->fw[block][2]);
617 cnt++;
618 if (cnt == MAX_RETRIES) {
619 fprintf(stderr, "\nToo many errors, giving up!\n");
620 exit(EXIT_FAILURE);
621 } else {
622 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
623 }
624 }
625
626 msgnum++;
627
628 if (!debug) {
629 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
630 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
631 fflush(stdout);
632 }
633 } while((pos - &(fw->fw[block][2])) < len);
634 msgid++;
635 }
636
637 firmware_free(fw);
638
639 printf("\n");
640
641 if (!switch_speed(&dev, &rdata, 10)) {
642 fprintf(stderr, "Can't switch speed!\n");
643 exit(EXIT_FAILURE);
644 }
645
646 printf("Waiting for device to reboot\n");
647
648 cnt = 10;
649 do {
650 errno = 0;
651 switch(dev.type) {
652 case DEVICE_TYPE_CULFW:
653 pfd = culfw_poll(dev.culfw, 1);
654 break;
655 case DEVICE_TYPE_HMCFGUSB:
656 default:
657 pfd = hmcfgusb_poll(dev.hmcfgusb, 1);
658 break;
659 }
660 if ((pfd < 0) && errno) {
661 if (errno != ETIMEDOUT) {
662 perror("\n\nhmcfgusb_poll");
663 exit(EXIT_FAILURE);
664 }
665 }
666 if (rdata.message_type == MESSAGE_TYPE_E) {
667 break;
668 }
669 } while(cnt--);
670
671 if (rdata.message_type == MESSAGE_TYPE_E) {
672 printf("Device rebooted\n");
673 }
674
675 switch(dev.type) {
676 case DEVICE_TYPE_HMCFGUSB:
677 hmcfgusb_close(dev.hmcfgusb);
678 break;
679 case DEVICE_TYPE_CULFW:
680 culfw_close(dev.culfw);
681 break;
682 }
683
684 return EXIT_SUCCESS;
685 }
Impressum, Datenschutz