hmsniff: fix length-byte from HM-MOD-UART
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014-16 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43 #include "culfw.h"
44 #include "hmuartlgw.h"
45 #include "util.h"
46
47 #define MAX_RETRIES 5
48 #define NORMAL_MAX_PAYLOAD 37
49 #define LOWER_MAX_PAYLOAD 17
50
51 extern char *optarg;
52
53 uint32_t hmid = 0;
54 uint32_t my_hmid = 0;
55 uint8_t key[16] = {0};
56 int32_t kNo = -1;
57
58 /* Maximum payloadlen supported by IO */
59 uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
60
61 enum message_type {
62 MESSAGE_TYPE_E = 1,
63 MESSAGE_TYPE_R = 2,
64 };
65
66 enum hmuartlgw_state {
67 HMUARTLGW_STATE_GET_HMID,
68 HMUARTLGW_STATE_GET_FIRMWARE,
69 HMUARTLGW_STATE_GET_CREDITS,
70 HMUARTLGW_STATE_DONE,
71 HMUARTLGW_STATE_WAIT_APP,
72 HMUARTLGW_STATE_ACK_APP,
73 };
74
75 struct recv_data {
76 uint8_t message[64];
77 enum message_type message_type;
78 uint16_t status;
79 int speed;
80 uint16_t version;
81 uint8_t credits;
82 enum hmuartlgw_state uartlgw_state;
83 uint8_t uartlgw_version[3];
84 };
85
86 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
87 {
88 struct recv_data *rdata = data;
89
90 if (buf_len < 1)
91 return 1;
92
93 switch (buf[0]) {
94 case 'E':
95 if ((!hmid) ||
96 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
97 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
98 (buf[0x13] == (hmid & 0xff)))) {
99 memset(rdata->message, 0, sizeof(rdata->message));
100 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
101 rdata->message_type = MESSAGE_TYPE_E;
102 }
103 break;
104 case 'R':
105 memset(rdata->message, 0, sizeof(rdata->message));
106 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
107 rdata->status = (buf[5] << 8) | buf[6];
108 rdata->message_type = MESSAGE_TYPE_R;
109 break;
110 case 'G':
111 rdata->speed = buf[1];
112 break;
113 case 'H':
114 rdata->version = (buf[11] << 8) | buf[12];
115 rdata->credits = buf[36];
116 my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
117 break;
118 default:
119 break;
120 }
121
122 if (buf_len != 1)
123 return 1;
124
125 return 1;
126 }
127
128 static int parse_culfw(uint8_t *buf, int buf_len, void *data)
129 {
130 struct recv_data *rdata = data;
131 int pos = 0;
132
133 memset(rdata, 0, sizeof(struct recv_data));
134
135 if (buf_len <= 3)
136 return 0;
137
138 switch(buf[0]) {
139 case 'A':
140 if (buf[1] == 's')
141 return 0;
142
143 while(validate_nibble(buf[(pos * 2) + 1]) &&
144 validate_nibble(buf[(pos * 2) + 2]) &&
145 (pos + 1 < buf_len)) {
146 rdata->message[pos] = ascii_to_nibble(buf[(pos * 2) + 1]) << 4;
147 rdata->message[pos] |= ascii_to_nibble(buf[(pos * 2) + 2]);
148 pos++;
149 }
150
151 if (hmid && (SRC(rdata->message) != hmid))
152 return 0;
153
154 rdata->message_type = MESSAGE_TYPE_E;
155 break;
156 case 'V':
157 {
158 uint8_t v;
159 char *s;
160 char *e;
161
162 s = ((char*)buf) + 2;
163 e = strchr(s, '.');
164 if (!e) {
165 fprintf(stderr, "Unknown response from CUL: %s", buf);
166 return 0;
167 }
168 *e = '\0';
169 v = atoi(s);
170 rdata->version = v << 8;
171
172 s = e + 1;
173 e = strchr(s, ' ');
174 if (!e) {
175 fprintf(stderr, "Unknown response from CUL: %s", buf);
176 return 0;
177 }
178 *e = '\0';
179 v = atoi(s);
180 rdata->version |= v;
181
182 s = e + 1;
183 e = strchr(s, ' ');
184 if (!e) {
185 break;
186 }
187 *e = '\0';
188 if (!strcmp(s, "a-culfw")) {
189 rdata->version = 0xffff;
190 }
191 }
192 break;
193 case 'E':
194 {
195 if (!strncmp((char*)buf, "ERR:CCA", 7)) {
196 fprintf(stderr, "CCA didn't complete, too much traffic\n");
197 }
198 break;
199 }
200 default:
201 fprintf(stderr, "Unknown response from CUL: %s", buf);
202 return 0;
203 break;
204 }
205
206 return 1;
207 }
208
209 static int parse_hmuartlgw(enum hmuartlgw_dst dst, uint8_t *buf, int buf_len, void *data)
210 {
211 struct recv_data *rdata = data;
212
213 if (dst == HMUARTLGW_OS) {
214 switch (rdata->uartlgw_state) {
215 case HMUARTLGW_STATE_GET_FIRMWARE:
216 if (buf[0] == HMUARTLGW_OS_ACK) {
217 rdata->uartlgw_version[0] = buf[5];
218 rdata->uartlgw_version[1] = buf[6];
219 rdata->uartlgw_version[2] = buf[7];
220 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
221 }
222 break;
223 case HMUARTLGW_STATE_GET_CREDITS:
224 if (buf[0] == HMUARTLGW_OS_ACK) {
225 rdata->credits = buf[2] / 2;
226 rdata->uartlgw_state = HMUARTLGW_STATE_DONE;
227 }
228 break;
229 default:
230 break;
231 }
232 return 0;
233 }
234
235 switch(buf[0]) {
236 case HMUARTLGW_APP_ACK:
237 if (rdata->uartlgw_state == HMUARTLGW_STATE_GET_HMID) {
238 my_hmid = (buf[4] << 16) | (buf[5] << 8) | buf[6];
239 }
240
241 rdata->status = buf[1];
242 rdata->message_type = MESSAGE_TYPE_R;
243 rdata->uartlgw_state = HMUARTLGW_STATE_ACK_APP;
244 #if 0
245 hexdump(buf, buf_len, "ACK Status: ");
246 #endif
247
248 break;
249 case HMUARTLGW_APP_RECV:
250 if ((!hmid) ||
251 ((buf[7] == ((hmid >> 16) & 0xff)) &&
252 (buf[8] == ((hmid >> 8) & 0xff)) &&
253 (buf[9] == (hmid & 0xff)))) {
254 memset(rdata->message, 0, sizeof(rdata->message));
255 memcpy(rdata->message + 1, buf + 4, buf_len - 4);
256 rdata->message[LEN] = buf_len - 4;
257 rdata->message_type = MESSAGE_TYPE_E;
258 }
259 break;
260 default:
261 break;
262 }
263
264 return 1;
265 }
266
267 int send_hm_message(struct hm_dev *dev, struct recv_data *rdata, uint8_t *msg)
268 {
269 static uint32_t id = 1;
270 struct timeval tv;
271 uint8_t out[0x40];
272 int pfd;
273
274 switch(dev->type) {
275 case DEVICE_TYPE_HMCFGUSB:
276 if (gettimeofday(&tv, NULL) == -1) {
277 perror("gettimeofay");
278 return 0;
279 }
280
281 memset(out, 0, sizeof(out));
282
283 out[0] = 'S';
284 out[1] = (id >> 24) & 0xff;
285 out[2] = (id >> 16) & 0xff;
286 out[3] = (id >> 8) & 0xff;
287 out[4] = id & 0xff;
288 out[10] = 0x01;
289 out[11] = (tv.tv_usec >> 24) & 0xff;
290 out[12] = (tv.tv_usec >> 16) & 0xff;
291 out[13] = (tv.tv_usec >> 8) & 0xff;
292 out[14] = tv.tv_usec & 0xff;
293
294 memcpy(&out[0x0f], msg, msg[0] + 1);
295
296 memset(rdata, 0, sizeof(struct recv_data));
297 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
298
299 while (1) {
300 if (rdata->message_type == MESSAGE_TYPE_R) {
301 if (((rdata->status & 0xdf) == 0x01) ||
302 ((rdata->status & 0xdf) == 0x02)) {
303 break;
304 } else {
305 if ((rdata->status & 0xff00) == 0x0400) {
306 fprintf(stderr, "\nOut of credits!\n");
307 } else if ((rdata->status & 0xff) == 0x08) {
308 fprintf(stderr, "\nMissing ACK!\n");
309 } else if ((rdata->status & 0xff) == 0x30) {
310 fprintf(stderr, "\nUnknown AES-key requested!\n");
311 } else {
312 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
313 }
314 return 0;
315 }
316 }
317 errno = 0;
318 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
319 if ((pfd < 0) && errno) {
320 if (errno != ETIMEDOUT) {
321 perror("\n\nhmcfgusb_poll");
322 exit(EXIT_FAILURE);
323 }
324 }
325 }
326 break;
327 case DEVICE_TYPE_CULFW:
328 {
329 char buf[256];
330 int i;
331
332 memset(buf, 0, sizeof(buf));
333 buf[0] = 'A';
334 buf[1] = 's';
335 for (i = 0; i < msg[0] + 1; i++) {
336 buf[2 + (i * 2)] = nibble_to_ascii((msg[i] >> 4) & 0xf);
337 buf[2 + (i * 2) + 1] = nibble_to_ascii(msg[i] & 0xf);
338 }
339 buf[2 + (i * 2) ] = '\r';
340 buf[2 + (i * 2) + 1] = '\n';
341
342 memset(rdata, 0, sizeof(struct recv_data));
343 if (culfw_send(dev->culfw, buf, 2 + (i * 2) + 1) == 0) {
344 fprintf(stderr, "culfw_send failed!\n");
345 exit(EXIT_FAILURE);
346 }
347
348 if (msg[CTL] & 0x20) {
349 int cnt = 5;
350 int pfd;
351 do {
352 errno = 0;
353 pfd = culfw_poll(dev->culfw, 200);
354 if ((pfd < 0) && errno) {
355 if (errno != ETIMEDOUT) {
356 perror("\n\nculfw_poll");
357 exit(EXIT_FAILURE);
358 }
359 }
360 if (rdata->message_type == MESSAGE_TYPE_E) {
361 if (rdata->message[TYPE] == 0x02) {
362 if (rdata->message[PAYLOAD] == 0x04) {
363 int32_t req_kNo;
364 uint8_t challenge[6];
365 uint8_t respbuf[16];
366 uint8_t *resp;
367
368 req_kNo = rdata->message[rdata->message[LEN]] / 2;
369 memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
370
371 if (req_kNo != kNo) {
372 fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
373 } else {
374 resp = hm_sign(key, challenge, msg, NULL, respbuf);
375 if (resp) {
376 uint8_t rbuf[64];
377
378 memset(rbuf, 0, sizeof(rbuf));
379 rbuf[MSGID] = rdata->message[MSGID];
380 rbuf[CTL] = rdata->message[CTL];
381 rbuf[TYPE] = 0x03;
382 SET_SRC(rbuf, DST(rdata->message));
383 SET_DST(rbuf, SRC(rdata->message));
384 memcpy(&(rbuf[PAYLOAD]), resp, 16);
385 SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
386
387 usleep(110000); /* Determined by a fair dice roll */
388 return send_hm_message(dev, rdata, rbuf);
389 }
390 }
391 } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
392 fprintf(stderr, "NACK\n");
393 } else { /* ACK or ACKinfo */
394 break;
395 }
396 } else {
397 fprintf(stderr, "Unexpected message received: ");
398 for (i = 0; i < rdata->message[LEN]; i++) {
399 fprintf(stderr, "%02x", rdata->message[i+1]);
400 }
401 fprintf(stderr, "\n");
402 }
403 }
404 } while(cnt--);
405
406 if (cnt == -1) {
407 fprintf(stderr, "\nMissing ACK!\n");
408 return 0;
409 }
410 }
411 }
412 break;
413 case DEVICE_TYPE_HMUARTLGW:
414 memset(out, 0, sizeof(out));
415
416 out[0] = HMUARTLGW_APP_SEND;
417 out[1] = 0x00;
418 out[2] = 0x00;
419 out[3] = (msg[CTL] & 0x10) ? 0x01 : 0x00; /* Burst?! */
420 memcpy(&out[4], &msg[1], msg[0]);
421
422 memset(rdata, 0, sizeof(struct recv_data));
423 hmuartlgw_send(dev->hmuartlgw, out, msg[0] + 4, HMUARTLGW_APP);
424
425 while (1) {
426 if (rdata->message_type == MESSAGE_TYPE_R) {
427 if ((rdata->status == 0x02) ||
428 (rdata->status == 0x03) ||
429 (rdata->status == 0x0c)) {
430 break;
431 } else {
432 if (rdata->status == 0x0d) {
433 fprintf(stderr, "\nAES handshake failed!\n");
434 } else if (rdata->status == 0x04 || rdata->status == 0x06) {
435 fprintf(stderr, "\nMissing ACK!\n");
436 } else {
437 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
438 }
439 return 0;
440 }
441 }
442 errno = 0;
443 pfd = hmuartlgw_poll(dev->hmuartlgw, 1000);
444 if ((pfd < 0) && errno) {
445 if (errno != ETIMEDOUT) {
446 perror("\n\nhmcfgusb_poll");
447 exit(EXIT_FAILURE);
448 }
449 }
450 }
451 break;
452 }
453
454 id++;
455 return 1;
456 }
457
458 static int switch_speed(struct hm_dev *dev, struct recv_data *rdata, uint8_t speed)
459 {
460 uint8_t out[0x40];
461 int pfd;
462
463 printf("Entering %uk-mode\n", speed);
464
465 switch(dev->type) {
466 case DEVICE_TYPE_HMCFGUSB:
467 memset(out, 0, sizeof(out));
468 out[0] = 'G';
469 out[1] = speed;
470
471 hmcfgusb_send(dev->hmcfgusb, out, sizeof(out), 1);
472
473 while (1) {
474 errno = 0;
475 pfd = hmcfgusb_poll(dev->hmcfgusb, 1000);
476 if ((pfd < 0) && errno) {
477 if (errno != ETIMEDOUT) {
478 perror("\n\nhmcfgusb_poll");
479 exit(EXIT_FAILURE);
480 }
481 }
482 if (rdata->speed == speed)
483 break;
484 }
485 break;
486 case DEVICE_TYPE_CULFW:
487 if (speed == 100) {
488 return culfw_send(dev->culfw, "AR\r\n", 4);
489 } else {
490 return culfw_send(dev->culfw, "Ar\r\n", 4);
491 }
492 break;
493 case DEVICE_TYPE_HMUARTLGW:
494 if (speed == 100) {
495 out[0] = HMUARTLGW_OS_UPDATE_MODE;
496 out[1] = 0xe9;
497 out[2] = 0xca;
498 hmuartlgw_send(dev->hmuartlgw, out, 3, HMUARTLGW_OS);
499 } else {
500 out[0] = HMUARTLGW_OS_NORMAL_MODE;
501 hmuartlgw_send(dev->hmuartlgw, out, 1, HMUARTLGW_OS);
502 }
503 break;
504 }
505
506 return 1;
507 }
508
509 void flash_ota_syntax(char *prog)
510 {
511 fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
512 fprintf(stderr, "Mandatory parameters:\n");
513 fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
514 fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
515 fprintf(stderr, "\nOptional parameters:\n");
516 fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
517 fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
518 fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
519 fprintf(stderr, "\t-S serial\tuse HM-CFG-USB with given serial\n");
520 fprintf(stderr, "\t-U device\tuse HM-MOD-UART on given device\n");
521 fprintf(stderr, "\t-h\t\tthis help\n");
522 fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
523 fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
524 fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
525 fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
526 }
527
528 int main(int argc, char **argv)
529 {
530 const char twiddlie[] = { '-', '\\', '|', '/' };
531 const uint8_t cc1101_regs[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
532 char *fw_file = NULL;
533 char *serial = NULL;
534 char *culfw_dev = NULL;
535 char *endptr = NULL;
536 unsigned int bps = DEFAULT_CUL_BPS;
537 struct hm_dev dev;
538 struct recv_data rdata;
539 uint8_t out[0x40];
540 uint8_t *pos;
541 uint8_t msgid = 0x1;
542 uint16_t len;
543 struct firmware *fw;
544 char *hmcfgusb_serial = NULL;
545 char *uart = NULL;
546 int block;
547 int pfd;
548 int debug = 0;
549 int cnt;
550 int switchcnt = 0;
551 int msgnum = 0;
552 int switched = 0;
553 int opt;
554
555 printf("HomeMatic OTA flasher version " VERSION "\n\n");
556
557 while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:S:U:")) != -1) {
558 switch (opt) {
559 case 'b':
560 bps = atoi(optarg);
561 break;
562 case 'c':
563 culfw_dev = optarg;
564 break;
565 case 'f':
566 fw_file = optarg;
567 break;
568 case 'l':
569 printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
570 max_payloadlen = LOWER_MAX_PAYLOAD;
571 break;
572 case 's':
573 serial = optarg;
574 break;
575 case 'C':
576 my_hmid = strtoul(optarg, &endptr, 16);
577 if (*endptr != '\0') {
578 fprintf(stderr, "Invalid central HMID!\n\n");
579 flash_ota_syntax(argv[0]);
580 exit(EXIT_FAILURE);
581 }
582 break;
583 case 'D':
584 hmid = strtoul(optarg, &endptr, 16);
585 if (*endptr != '\0') {
586 fprintf(stderr, "Invalid device HMID!\n\n");
587 flash_ota_syntax(argv[0]);
588 exit(EXIT_FAILURE);
589 }
590 break;
591 case 'K':
592 kNo = strtoul(optarg, &endptr, 10);
593 if (*endptr != ':') {
594 fprintf(stderr, "Invalid key number!\n\n");
595 flash_ota_syntax(argv[0]);
596 exit(EXIT_FAILURE);
597 }
598 endptr++;
599 for (cnt = 0; cnt < 16; cnt++) {
600 if (*endptr == '\0' || *(endptr+1) == '\0' ||
601 !validate_nibble(*endptr) ||
602 !validate_nibble(*(endptr+1))) {
603 fprintf(stderr, "Invalid key!\n\n");
604 flash_ota_syntax(argv[0]);
605 exit(EXIT_FAILURE);
606 }
607 key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
608 endptr += 2;
609 }
610 break;
611 case 'S':
612 hmcfgusb_serial = optarg;
613 break;
614 case 'U':
615 uart = optarg;
616 break;
617 case 'h':
618 case ':':
619 case '?':
620 default:
621 flash_ota_syntax(argv[0]);
622 exit(EXIT_FAILURE);
623 break;
624
625 }
626 }
627
628 if (!fw_file || (!serial && !hmid)) {
629 flash_ota_syntax(argv[0]);
630 exit(EXIT_FAILURE);
631 }
632
633 fw = firmware_read_firmware(fw_file, debug);
634 if (!fw)
635 exit(EXIT_FAILURE);
636
637 memset(&rdata, 0, sizeof(rdata));
638 memset(&dev, 0, sizeof(struct hm_dev));
639
640 if (culfw_dev) {
641 printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
642 dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
643 if (!dev.culfw) {
644 fprintf(stderr, "Can't initialize CUL at %s with rate %u\n", culfw_dev, bps);
645 exit(EXIT_FAILURE);
646 }
647 dev.type = DEVICE_TYPE_CULFW;
648
649 printf("Requesting firmware version\n");
650 culfw_send(dev.culfw, "\r\n", 2);
651 culfw_flush(dev.culfw);
652
653 while (1) {
654 culfw_send(dev.culfw, "V\r\n", 3);
655
656 errno = 0;
657 pfd = culfw_poll(dev.culfw, 1000);
658 if ((pfd < 0) && errno) {
659 if (errno != ETIMEDOUT) {
660 perror("\n\nhmcfgusb_poll");
661 exit(EXIT_FAILURE);
662 }
663 }
664 if (rdata.version)
665 break;
666 }
667
668 printf("culfw-device firmware version: ");
669 if (rdata.version != 0xffff) {
670 printf("%u.%02u\n",
671 (rdata.version >> 8) & 0xff,
672 rdata.version & 0xff);
673 } else {
674 printf("a-culfw\n");
675 }
676
677 if (rdata.version < 0x013a) {
678 fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n");
679 exit(EXIT_FAILURE);
680 }
681 } else if (uart) {
682 uint32_t new_hmid = my_hmid;
683
684 hmuartlgw_set_debug(debug);
685
686 dev.hmuartlgw = hmuart_init(uart, parse_hmuartlgw, &rdata);
687 if (!dev.hmuartlgw) {
688 fprintf(stderr, "Can't initialize HM-MOD-UART\n");
689 exit(EXIT_FAILURE);
690 }
691 dev.type = DEVICE_TYPE_HMUARTLGW;
692
693 out[0] = HMUARTLGW_APP_GET_HMID;
694 do {
695 rdata.uartlgw_state = HMUARTLGW_STATE_GET_HMID;
696 hmuartlgw_send(dev.hmuartlgw, out, 1, HMUARTLGW_APP);
697 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
698 } while (rdata.status == 0x08);
699
700 out[0] = HMUARTLGW_OS_GET_FIRMWARE;
701 do {
702 rdata.uartlgw_state = HMUARTLGW_STATE_GET_FIRMWARE;
703 hmuartlgw_send(dev.hmuartlgw, out, 1, HMUARTLGW_OS);
704 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_DONE);
705 } while (rdata.status == 0x08);
706
707 out[0] = HMUARTLGW_OS_GET_CREDITS;
708 do {
709 rdata.uartlgw_state = HMUARTLGW_STATE_GET_CREDITS;
710 hmuartlgw_send(dev.hmuartlgw, out, 1, HMUARTLGW_OS);
711 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_DONE);
712 } while (rdata.status == 0x08);
713
714 printf("HM-MOD-UART firmware version: %u.%u.%u, used credits: %u%%\n",
715 rdata.uartlgw_version[0],
716 rdata.uartlgw_version[1],
717 rdata.uartlgw_version[2],
718 rdata.credits);
719
720 if (rdata.credits >= 40) {
721 printf("\nRebooting HM-MOD-UART to avoid running out of credits\n");
722
723 hmuartlgw_enter_bootloader(dev.hmuartlgw);
724 hmuartlgw_enter_app(dev.hmuartlgw);
725 }
726
727 printf("\nHM-MOD-UART opened\n\n");
728
729 if (new_hmid && (my_hmid != new_hmid)) {
730 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
731
732 out[0] = HMUARTLGW_APP_SET_HMID;
733 out[1] = (new_hmid >> 16) & 0xff;
734 out[2] = (new_hmid >> 8) & 0xff;
735 out[3] = new_hmid & 0xff;
736 do {
737 rdata.uartlgw_state = HMUARTLGW_STATE_WAIT_APP;
738 hmuartlgw_send(dev.hmuartlgw, out, 4, HMUARTLGW_APP);
739 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
740 } while (rdata.status == 0x08);
741
742 my_hmid = new_hmid;
743 }
744
745 if (kNo > 0) {
746 printf("Setting AES-key\n");
747
748 memset(out, 0, sizeof(out));
749 out[0] = HMUARTLGW_APP_SET_CURRENT_KEY;
750 memcpy(&(out[1]), key, 16);
751 out[17] = kNo;
752
753 do {
754 rdata.uartlgw_state = HMUARTLGW_STATE_WAIT_APP;
755 hmuartlgw_send(dev.hmuartlgw, out, 18, HMUARTLGW_APP);
756 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
757 } while (rdata.status == 0x08);
758
759 memset(out, 0, sizeof(out));
760 out[0] = HMUARTLGW_APP_SET_OLD_KEY;
761 memcpy(&(out[1]), key, 16);
762 out[17] = kNo;
763
764 do {
765 rdata.uartlgw_state = HMUARTLGW_STATE_WAIT_APP;
766 hmuartlgw_send(dev.hmuartlgw, out, 18, HMUARTLGW_APP);
767 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
768 } while (rdata.status == 0x08);
769 }
770 } else {
771 uint32_t new_hmid = my_hmid;
772
773 hmcfgusb_set_debug(debug);
774
775 dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial);
776 if (!dev.hmcfgusb) {
777 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
778 exit(EXIT_FAILURE);
779 }
780 dev.type = DEVICE_TYPE_HMCFGUSB;
781
782 memset(out, 0, sizeof(out));
783 out[0] = 'K';
784 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
785
786 while (1) {
787 errno = 0;
788 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
789 if ((pfd < 0) && errno) {
790 if (errno != ETIMEDOUT) {
791 perror("\n\nhmcfgusb_poll");
792 exit(EXIT_FAILURE);
793 }
794 }
795 if (rdata.version)
796 break;
797 }
798
799 if (rdata.version < 0x3c7) {
800 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.version);
801 exit(EXIT_FAILURE);
802 }
803
804 printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
805
806 if (rdata.credits >= 40) {
807 printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
808
809 if (!dev.hmcfgusb->bootloader) {
810 printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
811 printf("Waiting for device to reappear...\n");
812
813 do {
814 if (dev.hmcfgusb) {
815 if (!dev.hmcfgusb->bootloader)
816 hmcfgusb_enter_bootloader(dev.hmcfgusb);
817 hmcfgusb_close(dev.hmcfgusb);
818 }
819 sleep(1);
820 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (!dev.hmcfgusb->bootloader));
821 }
822
823 if (dev.hmcfgusb->bootloader) {
824 printf("HM-CFG-USB in bootloader mode, rebooting\n");
825
826 do {
827 if (dev.hmcfgusb) {
828 if (dev.hmcfgusb->bootloader)
829 hmcfgusb_leave_bootloader(dev.hmcfgusb);
830 hmcfgusb_close(dev.hmcfgusb);
831 }
832 sleep(1);
833 } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata, hmcfgusb_serial)) == NULL) || (dev.hmcfgusb->bootloader));
834 }
835 }
836
837 printf("\n\nHM-CFG-USB opened\n\n");
838
839 if (new_hmid && (my_hmid != new_hmid)) {
840 printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
841
842 memset(out, 0, sizeof(out));
843 out[0] = 'A';
844 out[1] = (new_hmid >> 16) & 0xff;
845 out[2] = (new_hmid >> 8) & 0xff;
846 out[3] = new_hmid & 0xff;
847
848 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
849
850 my_hmid = new_hmid;
851 }
852
853 if (kNo > 0) {
854 printf("Setting AES-key\n");
855
856 memset(out, 0, sizeof(out));
857 out[0] = 'Y';
858 out[1] = 0x01;
859 out[2] = kNo;
860 out[3] = sizeof(key);
861 memcpy(&(out[4]), key, sizeof(key));
862 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
863
864 memset(out, 0, sizeof(out));
865 out[0] = 'Y';
866 out[1] = 0x02;
867 out[2] = 0x00;
868 out[3] = 0x00;
869 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
870
871 memset(out, 0, sizeof(out));
872 out[0] = 'Y';
873 out[1] = 0x03;
874 out[2] = 0x00;
875 out[3] = 0x00;
876 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
877 }
878 }
879
880 if (!switch_speed(&dev, &rdata, 10)) {
881 fprintf(stderr, "Can't switch speed!\n");
882 exit(EXIT_FAILURE);
883 }
884
885 if (hmid && my_hmid) {
886 switch (dev.type) {
887 case DEVICE_TYPE_HMCFGUSB:
888 printf("Adding HMID\n");
889
890 memset(out, 0, sizeof(out));
891 out[0] = '+';
892 out[1] = (hmid >> 16) & 0xff;
893 out[2] = (hmid >> 8) & 0xff;
894 out[3] = hmid & 0xff;
895
896 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
897 break;
898 case DEVICE_TYPE_HMUARTLGW:
899 printf("Adding HMID\n");
900
901 memset(out, 0, sizeof(out));
902 out[0] = HMUARTLGW_APP_ADD_PEER;
903 out[1] = (hmid >> 16) & 0xff;
904 out[2] = (hmid >> 8) & 0xff;
905 out[3] = hmid & 0xff;
906 out[4] = (kNo > 0) ? kNo : 0x00; /* KeyIndex */
907 out[5] = 0x00; /* WakeUp? */
908 out[6] = 0x00; /* WakeUp? */
909
910 do {
911 rdata.uartlgw_state = HMUARTLGW_STATE_WAIT_APP;
912 hmuartlgw_send(dev.hmuartlgw, out, 7, HMUARTLGW_APP);
913 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
914 } while (rdata.status == 0x08);
915
916 break;
917 }
918 printf("Sending device with hmid %06x to bootloader\n", hmid);
919 out[CTL] = 0x30;
920 out[TYPE] = 0x11;
921 SET_SRC(out, my_hmid);
922 SET_DST(out, hmid);
923 out[PAYLOAD] = 0xCA;
924 SET_LEN_FROM_PAYLOADLEN(out, 1);
925
926 cnt = 3;
927 do {
928 out[MSGID] = msgid++;
929 if (send_hm_message(&dev, &rdata, out)) {
930 break;
931 }
932 } while (cnt--);
933 if (cnt == -1) {
934 printf("Failed to send device to bootloader, please enter bootloader manually.\n");
935 }
936 }
937
938 if (serial) {
939 printf("Waiting for device with serial %s\n", serial);
940 } else {
941 printf("Waiting for device with HMID %06x\n", hmid);
942 }
943
944 while (1) {
945 errno = 0;
946 switch (dev.type) {
947 case DEVICE_TYPE_CULFW:
948 pfd = culfw_poll(dev.culfw, 1000);
949 break;
950 case DEVICE_TYPE_HMCFGUSB:
951 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
952 break;
953 case DEVICE_TYPE_HMUARTLGW:
954 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
955 break;
956 default:
957 pfd = -1;
958 break;
959 }
960
961 if ((pfd < 0) && errno) {
962 if (errno != ETIMEDOUT) {
963 perror("\n\npoll");
964 exit(EXIT_FAILURE);
965 }
966 }
967
968 if ((rdata.message[LEN] == 0x14) && /* Length */
969 (rdata.message[MSGID] == 0x00) && /* Message ID */
970 (rdata.message[CTL] == 0x00) && /* Control Byte */
971 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
972 (DST(rdata.message) == 0x000000) && /* Broadcast */
973 (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
974 if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
975 hmid = SRC(rdata.message);
976 break;
977 } else if (!serial && SRC(rdata.message) == hmid) {
978 serial = (char*)&(rdata.message[0x0b]);
979 break;
980 }
981 }
982 }
983
984 printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
985
986 switch (dev.type) {
987 case DEVICE_TYPE_HMCFGUSB:
988 printf("Adding HMID\n");
989
990 memset(out, 0, sizeof(out));
991 out[0] = '+';
992 out[1] = (hmid >> 16) & 0xff;
993 out[2] = (hmid >> 8) & 0xff;
994 out[3] = hmid & 0xff;
995
996 hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
997 break;
998 case DEVICE_TYPE_HMUARTLGW:
999 printf("Adding HMID\n");
1000
1001 memset(out, 0, sizeof(out));
1002 out[0] = HMUARTLGW_APP_ADD_PEER;
1003 out[1] = (hmid >> 16) & 0xff;
1004 out[2] = (hmid >> 8) & 0xff;
1005 out[3] = hmid & 0xff;
1006 out[4] = 0x00; /* KeyIndex */
1007 out[5] = 0x00; /* WakeUp? */
1008 out[6] = 0x00; /* WakeUp? */
1009
1010 do {
1011 rdata.uartlgw_state = HMUARTLGW_STATE_WAIT_APP;
1012 hmuartlgw_send(dev.hmuartlgw, out, 7, HMUARTLGW_APP);
1013 do { hmuartlgw_poll(dev.hmuartlgw, 500); } while (rdata.uartlgw_state != HMUARTLGW_STATE_ACK_APP);
1014 } while (rdata.status == 0x08);
1015
1016 break;
1017 }
1018
1019 switchcnt = 3;
1020 do {
1021 printf("Initiating remote switch to 100k\n");
1022
1023 memset(out, 0, sizeof(out));
1024
1025 out[MSGID] = msgid++;
1026 out[CTL] = 0x00;
1027 out[TYPE] = 0xCB;
1028 SET_SRC(out, my_hmid);
1029 SET_DST(out, hmid);
1030
1031 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1032 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
1033
1034 if (!send_hm_message(&dev, &rdata, out)) {
1035 exit(EXIT_FAILURE);
1036 }
1037
1038 if (!switch_speed(&dev, &rdata, 100)) {
1039 fprintf(stderr, "Can't switch speed!\n");
1040 exit(EXIT_FAILURE);
1041 }
1042
1043 printf("Has the device switched?\n");
1044
1045 memset(out, 0, sizeof(out));
1046
1047 out[MSGID] = msgid++;
1048 out[CTL] = 0x20;
1049 out[TYPE] = 0xCB;
1050 SET_SRC(out, my_hmid);
1051 SET_DST(out, hmid);
1052
1053 memcpy(&out[PAYLOAD], cc1101_regs, sizeof(cc1101_regs));
1054 SET_LEN_FROM_PAYLOADLEN(out, sizeof(cc1101_regs));
1055
1056 cnt = 3;
1057 do {
1058 if (send_hm_message(&dev, &rdata, out)) {
1059 /* A0A02000221B9AD00000000 */
1060 switched = 1;
1061 break;
1062 }
1063 } while (cnt--);
1064
1065 if (!switched) {
1066 printf("No!\n");
1067
1068 if (!switch_speed(&dev, &rdata, 10)) {
1069 fprintf(stderr, "Can't switch speed!\n");
1070 exit(EXIT_FAILURE);
1071 }
1072 }
1073 } while ((!switched) && (switchcnt--));
1074
1075 if (!switched) {
1076 fprintf(stderr, "Too many errors, giving up!\n");
1077 exit(EXIT_FAILURE);
1078 }
1079
1080 printf("Yes!\n");
1081
1082 printf("Flashing %d blocks", fw->fw_blocks);
1083 if (debug) {
1084 printf("\n");
1085 } else {
1086 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
1087 fflush(stdout);
1088 }
1089
1090 for (block = 0; block < fw->fw_blocks; block++) {
1091 int first;
1092
1093 len = fw->fw[block][2] << 8;
1094 len |= fw->fw[block][3];
1095
1096 pos = &(fw->fw[block][2]);
1097
1098 len += 2; /* length */
1099
1100 if (debug)
1101 hexdump(pos, len, "F> ");
1102
1103 first = 1;
1104 cnt = 0;
1105 do {
1106 int payloadlen = max_payloadlen - 2;
1107 int ack = 0;
1108
1109 if (first) {
1110 payloadlen = max_payloadlen;
1111 first = 0;
1112 }
1113
1114 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
1115 payloadlen = (len - (pos - &(fw->fw[block][2])));
1116
1117 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
1118 ack = 1;
1119
1120 memset(&rdata, 0, sizeof(rdata));
1121
1122 memset(out, 0, sizeof(out));
1123
1124 out[MSGID] = msgid;
1125 if (ack)
1126 out[CTL] = 0x20;
1127 out[TYPE] = 0xCA;
1128 SET_SRC(out, my_hmid);
1129 SET_DST(out, hmid);
1130
1131 memcpy(&out[PAYLOAD], pos, payloadlen);
1132 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
1133
1134 if (send_hm_message(&dev, &rdata, out)) {
1135 pos += payloadlen;
1136 } else {
1137 pos = &(fw->fw[block][2]);
1138 cnt++;
1139 if (cnt == MAX_RETRIES) {
1140 fprintf(stderr, "\nToo many errors, giving up!\n");
1141 exit(EXIT_FAILURE);
1142 } else {
1143 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1144 }
1145 }
1146
1147 msgnum++;
1148
1149 if (!debug) {
1150 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
1151 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
1152 fflush(stdout);
1153 }
1154 } while((pos - &(fw->fw[block][2])) < len);
1155 msgid++;
1156 }
1157
1158 firmware_free(fw);
1159
1160 printf("\n");
1161
1162 if (!switch_speed(&dev, &rdata, 10)) {
1163 fprintf(stderr, "Can't switch speed!\n");
1164 exit(EXIT_FAILURE);
1165 }
1166
1167 printf("Waiting for device to reboot\n");
1168 rdata.message_type = MESSAGE_TYPE_R;
1169
1170 cnt = 10;
1171 if (dev.type == DEVICE_TYPE_HMUARTLGW)
1172 cnt = 200; /* FIXME */
1173 do {
1174 errno = 0;
1175 switch(dev.type) {
1176 case DEVICE_TYPE_CULFW:
1177 pfd = culfw_poll(dev.culfw, 1000);
1178 break;
1179 case DEVICE_TYPE_HMCFGUSB:
1180 pfd = hmcfgusb_poll(dev.hmcfgusb, 1000);
1181 break;
1182 case DEVICE_TYPE_HMUARTLGW:
1183 pfd = hmuartlgw_poll(dev.hmuartlgw, 1000);
1184 break;
1185 default:
1186 pfd = -1;
1187 break;
1188 }
1189 if ((pfd < 0) && errno) {
1190 if (errno != ETIMEDOUT) {
1191 perror("\n\npoll");
1192 exit(EXIT_FAILURE);
1193 }
1194 }
1195 if (rdata.message_type == MESSAGE_TYPE_E) {
1196 break;
1197 }
1198 } while(cnt--);
1199
1200 if (rdata.message_type == MESSAGE_TYPE_E) {
1201 printf("Device rebooted\n");
1202 }
1203
1204 switch(dev.type) {
1205 case DEVICE_TYPE_HMCFGUSB:
1206 hmcfgusb_close(dev.hmcfgusb);
1207 hmcfgusb_exit();
1208 break;
1209 case DEVICE_TYPE_CULFW:
1210 culfw_close(dev.culfw);
1211 break;
1212 }
1213
1214 return EXIT_SUCCESS;
1215 }
Impressum, Datenschutz