]> git.zerfleddert.de Git - hmcfgusb/blob - flash-ota.c
fd6cd6e030ef8a3b17d8fe5d2262acf4e48f1f60
[hmcfgusb] / flash-ota.c
1 /* flasher for HomeMatic-devices supporting OTA updates
2 *
3 * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to
7 * deal in the Software without restriction, including without limitation the
8 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
9 * sell copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 * IN THE SOFTWARE.
22 */
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <unistd.h>
27 #include <stdint.h>
28 #include <string.h>
29 #include <strings.h>
30 #include <poll.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <sys/time.h>
36 #include <libusb-1.0/libusb.h>
37
38 #include "hexdump.h"
39 #include "firmware.h"
40 #include "hm.h"
41 #include "version.h"
42 #include "hmcfgusb.h"
43
44 uint32_t hmid = 0;
45
46 enum message_type {
47 MESSAGE_TYPE_E,
48 MESSAGE_TYPE_R,
49 };
50
51 struct recv_data {
52 uint8_t message[64];
53 enum message_type message_type;
54 uint16_t status;
55 int speed;
56 uint16_t hmcfgusb_version;
57 };
58
59 static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
60 {
61 struct recv_data *rdata = data;
62
63 if (buf_len < 1)
64 return 1;
65
66 switch (buf[0]) {
67 case 'E':
68 if ((!hmid) ||
69 ((buf[0x11] == ((hmid >> 16) & 0xff)) &&
70 (buf[0x12] == ((hmid >> 8) & 0xff)) &&
71 (buf[0x13] == (hmid & 0xff)))) {
72 memset(rdata->message, 0, sizeof(rdata->message));
73 memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1);
74 rdata->message_type = MESSAGE_TYPE_E;
75 }
76 break;
77 case 'R':
78 memset(rdata->message, 0, sizeof(rdata->message));
79 memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1);
80 rdata->status = (buf[5] << 8) | buf[6];
81 rdata->message_type = MESSAGE_TYPE_R;
82 break;
83 case 'G':
84 rdata->speed = buf[1];
85 break;
86 case 'H':
87 rdata->hmcfgusb_version = (buf[11] << 8) | buf[12];
88 break;
89 default:
90 break;
91 }
92
93 if (buf_len != 1)
94 return 1;
95
96 return 1;
97 }
98
99 int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg)
100 {
101 static uint32_t id = 1;
102 struct timeval tv;
103 uint8_t out[0x40];
104 int pfd;
105
106 if (gettimeofday(&tv, NULL) == -1) {
107 perror("gettimeofay");
108 return 0;
109 }
110
111 memset(out, 0, sizeof(out));
112
113 out[0] = 'S';
114 out[1] = (id >> 24) & 0xff;
115 out[2] = (id >> 16) & 0xff;
116 out[3] = (id >> 8) & 0xff;
117 out[4] = id & 0xff;
118 out[10] = 0x01;
119 out[11] = (tv.tv_usec >> 24) & 0xff;
120 out[12] = (tv.tv_usec >> 16) & 0xff;
121 out[13] = (tv.tv_usec >> 8) & 0xff;
122 out[14] = tv.tv_usec & 0xff;
123
124
125 memcpy(&out[0x0f], msg, msg[0] + 1);
126
127 memset(rdata, 0, sizeof(struct recv_data));
128 hmcfgusb_send(dev, out, sizeof(out), 1);
129
130 while (1) {
131 if (rdata->message_type == MESSAGE_TYPE_R) {
132 if (((rdata->status & 0xff) == 0x01) ||
133 ((rdata->status & 0xff) == 0x02)) {
134 break;
135 } else {
136 fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
137 return 0;
138 }
139 }
140 errno = 0;
141 pfd = hmcfgusb_poll(dev, 1);
142 if ((pfd < 0) && errno) {
143 if (errno != ETIMEDOUT) {
144 perror("\n\nhmcfgusb_poll");
145 exit(EXIT_FAILURE);
146 }
147 }
148 }
149
150 id++;
151 return 1;
152 }
153
154 static int switch_speed(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t speed)
155 {
156 uint8_t out[0x40];
157 int pfd;
158
159 printf("Entering %uk-mode\n", speed);
160
161 memset(out, 0, sizeof(out));
162 out[0] = 'G';
163 out[1] = speed;
164
165 hmcfgusb_send(dev, out, sizeof(out), 1);
166
167 while (1) {
168 errno = 0;
169 pfd = hmcfgusb_poll(dev, 1);
170 if ((pfd < 0) && errno) {
171 if (errno != ETIMEDOUT) {
172 perror("\n\nhmcfgusb_poll");
173 exit(EXIT_FAILURE);
174 }
175 }
176 if (rdata->speed == speed)
177 break;
178 }
179
180 return 1;
181 }
182
183 int main(int argc, char **argv)
184 {
185 const char twiddlie[] = { '-', '\\', '|', '/' };
186 const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 };
187 struct hmcfgusb_dev *dev;
188 struct recv_data rdata;
189 uint8_t out[0x40];
190 uint8_t *pos;
191 uint8_t msgid = 0x1;
192 uint16_t len;
193 struct firmware *fw;
194 int block;
195 int pfd;
196 int debug = 0;
197 int cnt;
198 int switchcnt = 0;
199 int msgnum = 0;
200 int switched = 0;
201
202 printf("HomeMatic OTA flasher version " VERSION "\n\n");
203
204 if (argc != 3) {
205 if (argc == 1)
206 fprintf(stderr, "Missing firmware filename!\n\n");
207
208 if (argc == 2)
209 fprintf(stderr, "Missing serial!\n\n");
210
211 fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]);
212 exit(EXIT_FAILURE);
213 }
214
215 fw = firmware_read_firmware(argv[1], debug);
216 if (!fw)
217 exit(EXIT_FAILURE);
218
219 hmcfgusb_set_debug(debug);
220
221 memset(&rdata, 0, sizeof(rdata));
222
223 dev = hmcfgusb_init(parse_hmcfgusb, &rdata);
224 if (!dev) {
225 fprintf(stderr, "Can't initialize HM-CFG-USB\n");
226 exit(EXIT_FAILURE);
227 }
228
229 if (dev->bootloader) {
230 fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n");
231 exit(EXIT_FAILURE);
232 }
233
234 printf("\nHM-CFG-USB opened\n\n");
235
236 memset(out, 0, sizeof(out));
237 out[0] = 'K';
238 hmcfgusb_send(dev, out, sizeof(out), 1);
239
240 while (1) {
241 errno = 0;
242 pfd = hmcfgusb_poll(dev, 1);
243 if ((pfd < 0) && errno) {
244 if (errno != ETIMEDOUT) {
245 perror("\n\nhmcfgusb_poll");
246 exit(EXIT_FAILURE);
247 }
248 }
249 if (rdata.hmcfgusb_version)
250 break;
251 }
252
253 if (rdata.hmcfgusb_version < 0x3c7) {
254 fprintf(stderr, "HM-CFG-USB firmware too low: %u < 967\n", rdata.hmcfgusb_version);
255 exit(EXIT_FAILURE);
256 }
257
258 printf("HM-CFG-USB firmware version: %u\n", rdata.hmcfgusb_version);
259
260 if (!switch_speed(dev, &rdata, 10)) {
261 fprintf(stderr, "Can't switch speed!\n");
262 exit(EXIT_FAILURE);
263 }
264
265 printf("Waiting for device with serial %s\n", argv[2]);
266
267 while (1) {
268 errno = 0;
269 pfd = hmcfgusb_poll(dev, 1);
270 if ((pfd < 0) && errno) {
271 if (errno != ETIMEDOUT) {
272 perror("\n\nhmcfgusb_poll");
273 exit(EXIT_FAILURE);
274 }
275 }
276
277 if ((rdata.message[LEN] == 0x14) && /* Length */
278 (rdata.message[MSGID] == 0x00) && /* Message ID */
279 (rdata.message[CTL] == 0x00) && /* Control Byte */
280 (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
281 (DST(rdata.message) == 0x000000) && /* Broadcast */
282 (rdata.message[PAYLOAD] == 0x00) && /* FUP? */
283 (rdata.message[PAYLOAD+2] == 'E') &&
284 (rdata.message[PAYLOAD+3] == 'Q')) {
285 if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) {
286 hmid = SRC(rdata.message);
287 break;
288 }
289 }
290 }
291
292 printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid);
293
294 printf("Adding HMID\n");
295
296 memset(out, 0, sizeof(out));
297 out[0] = '+';
298 out[1] = (hmid >> 16) & 0xff;
299 out[2] = (hmid >> 8) & 0xff;
300 out[3] = hmid & 0xff;
301
302 hmcfgusb_send(dev, out, sizeof(out), 1);
303
304 switchcnt = 3;
305 do {
306 printf("Initiating remote switch to 100k\n");
307
308 memset(out, 0, sizeof(out));
309
310 out[MSGID] = msgid++;
311 out[CTL] = 0x00;
312 out[TYPE] = 0xCB;
313 SET_SRC(out, 0x000000);
314 SET_DST(out, hmid);
315
316 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
317 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
318
319 if (!send_hm_message(dev, &rdata, out)) {
320 exit(EXIT_FAILURE);
321 }
322
323 if (!switch_speed(dev, &rdata, 100)) {
324 fprintf(stderr, "Can't switch speed!\n");
325 exit(EXIT_FAILURE);
326 }
327
328 printf("Has the device switched?\n");
329
330 memset(out, 0, sizeof(out));
331
332 out[MSGID] = msgid++;
333 out[CTL] = 0x20;
334 out[TYPE] = 0xCB;
335 SET_SRC(out, 0x000000);
336 SET_DST(out, hmid);
337
338 memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg));
339 SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg));
340
341 cnt = 3;
342 do {
343 if (send_hm_message(dev, &rdata, out)) {
344 /* A0A02000221B9AD00000000 */
345 switched = 1;
346 break;
347
348 }
349 } while (cnt--);
350
351 if (!switched) {
352 printf("No!\n");
353
354 if (!switch_speed(dev, &rdata, 10)) {
355 fprintf(stderr, "Can't switch speed!\n");
356 exit(EXIT_FAILURE);
357 }
358 }
359 } while ((!switched) && (switchcnt--));
360
361 if (!switched) {
362 fprintf(stderr, "Too many errors, giving up!\n");
363 exit(EXIT_FAILURE);
364 }
365
366 printf("Yes!\n");
367
368 printf("Flashing %d blocks", fw->fw_blocks);
369 if (debug) {
370 printf("\n");
371 } else {
372 printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]);
373 fflush(stdout);
374 }
375
376 for (block = 0; block < fw->fw_blocks; block++) {
377 int first;
378
379 len = fw->fw[block][2] << 8;
380 len |= fw->fw[block][3];
381
382 pos = &(fw->fw[block][2]);
383
384 len += 2; /* length */
385
386 if (debug)
387 hexdump(pos, len, "F> ");
388
389 first = 1;
390 cnt = 0;
391 do {
392 int payloadlen = 35;
393 int ack = 0;
394
395 if (first) {
396 payloadlen = 37;
397 first = 0;
398 }
399
400 if ((len - (pos - &(fw->fw[block][2]))) < payloadlen)
401 payloadlen = (len - (pos - &(fw->fw[block][2])));
402
403 if (((pos + payloadlen) - &(fw->fw[block][2])) == len)
404 ack = 1;
405
406 memset(&rdata, 0, sizeof(rdata));
407
408 memset(out, 0, sizeof(out));
409
410 out[MSGID] = msgid;
411 if (ack)
412 out[CTL] = 0x20;
413 out[TYPE] = 0xCA;
414 SET_SRC(out, 0x000000);
415 SET_DST(out, hmid);
416
417 memcpy(&out[PAYLOAD], pos, payloadlen);
418 SET_LEN_FROM_PAYLOADLEN(out, payloadlen);
419
420 if (send_hm_message(dev, &rdata, out)) {
421 pos += payloadlen;
422 } else {
423 pos = &(fw->fw[block][2]);
424 cnt++;
425 if (cnt == 3) {
426 fprintf(stderr, "\nToo many errors, giving up!\n");
427 exit(EXIT_FAILURE);
428 } else {
429 printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
430 }
431 }
432
433 msgnum++;
434
435 if (!debug) {
436 printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c",
437 block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]);
438 fflush(stdout);
439 }
440 } while((pos - &(fw->fw[block][2])) < len);
441 msgid++;
442 }
443
444 firmware_free(fw);
445
446 printf("\n");
447
448 if (!switch_speed(dev, &rdata, 10)) {
449 fprintf(stderr, "Can't switch speed!\n");
450 exit(EXIT_FAILURE);
451 }
452
453 printf("Waiting for device to reboot\n");
454
455 cnt = 10;
456 do {
457 errno = 0;
458 pfd = hmcfgusb_poll(dev, 1);
459 if ((pfd < 0) && errno) {
460 if (errno != ETIMEDOUT) {
461 perror("\n\nhmcfgusb_poll");
462 exit(EXIT_FAILURE);
463 }
464 }
465 if (rdata.message_type == MESSAGE_TYPE_E) {
466 break;
467 }
468 } while(cnt--);
469
470 if (rdata.message_type == MESSAGE_TYPE_E) {
471 printf("Device rebooted\n");
472 }
473
474 hmcfgusb_close(dev);
475
476 return EXIT_SUCCESS;
477 }
Impressum, Datenschutz