/* flasher for HomeMatic-devices supporting OTA updates
*
- * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
+ * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
#define MAX_RETRIES 5
#define NORMAL_MAX_PAYLOAD 37
-#define LOWE_MAX_PAYLOAD 17
+#define LOWER_MAX_PAYLOAD 17
extern char *optarg;
uint32_t hmid = 0;
uint32_t my_hmid = 0;
+uint8_t key[16] = {0};
+int32_t kNo = -1;
/* Maximum payloadlen supported by IO */
uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD;
uint16_t status;
int speed;
uint16_t version;
+ uint8_t credits;
};
static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data)
break;
case 'H':
rdata->version = (buf[11] << 8) | buf[12];
+ rdata->credits = buf[36];
my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d];
break;
default:
rdata->version |= v;
}
break;
+ case 'E':
+ {
+ if (!strncmp((char*)buf, "ERR:CCA", 7)) {
+ fprintf(stderr, "CCA didn't complete, too much traffic\n");
+ }
+ break;
+ }
default:
fprintf(stderr, "Unknown response from CUL: %s", buf);
return 0;
while (1) {
if (rdata->message_type == MESSAGE_TYPE_R) {
- if (((rdata->status & 0xff) == 0x01) ||
- ((rdata->status & 0xff) == 0x02)) {
+ if (((rdata->status & 0xdf) == 0x01) ||
+ ((rdata->status & 0xdf) == 0x02)) {
break;
} else {
if ((rdata->status & 0xff00) == 0x0400) {
fprintf(stderr, "\nOut of credits!\n");
} else if ((rdata->status & 0xff) == 0x08) {
fprintf(stderr, "\nMissing ACK!\n");
+ } else if ((rdata->status & 0xff) == 0x30) {
+ fprintf(stderr, "\nUnknown AES-key requested!\n");
} else {
fprintf(stderr, "\nInvalid status: %04x\n", rdata->status);
}
}
if (msg[CTL] & 0x20) {
- int cnt = 3;
+ int cnt = 5;
int pfd;
do {
errno = 0;
}
}
if (rdata->message_type == MESSAGE_TYPE_E) {
- break;
+ if (rdata->message[TYPE] == 0x02) {
+ if (rdata->message[PAYLOAD] == 0x04) {
+ int32_t req_kNo;
+ uint8_t challenge[6];
+ uint8_t respbuf[16];
+ uint8_t *resp;
+
+ req_kNo = rdata->message[rdata->message[LEN]] / 2;
+ memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
+
+ if (req_kNo != kNo) {
+ fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
+ } else {
+ resp = hm_sign(key, challenge, msg, NULL, respbuf);
+ if (resp) {
+ uint8_t rbuf[64];
+
+ memset(rbuf, 0, sizeof(rbuf));
+ rbuf[MSGID] = rdata->message[MSGID];
+ rbuf[CTL] = rdata->message[CTL];
+ rbuf[TYPE] = 0x03;
+ SET_SRC(rbuf, DST(rdata->message));
+ SET_DST(rbuf, SRC(rdata->message));
+ memcpy(&(rbuf[PAYLOAD]), resp, 16);
+ SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
+
+ return send_hm_message(dev, rdata, rbuf);
+ }
+ }
+ } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
+ fprintf(stderr, "NACK\n");
+ } else { /* ACK or ACKinfo */
+ break;
+ }
+ } else {
+ fprintf(stderr, "Unexpected message received: ");
+ for (i = 0; i < rdata->message[LEN]; i++) {
+ fprintf(stderr, "%02x", rdata->message[i+1]);
+ }
+ fprintf(stderr, "\n");
+ }
}
} while(cnt--);
fprintf(stderr, "Syntax: %s parameters options\n\n", prog);
fprintf(stderr, "Mandatory parameters:\n");
fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n");
- fprintf(stderr, "\t-s SERIAL\tserial of device to flash\n");
- fprintf(stderr, "\nPossible options:\n");
+ fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n");
+ fprintf(stderr, "\nOptional parameters:\n");
fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n");
fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS);
fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n");
fprintf(stderr, "\t-h\t\tthis help\n");
+ fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n");
+ fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
+ fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
+ fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
}
int main(int argc, char **argv)
char *fw_file = NULL;
char *serial = NULL;
char *culfw_dev = NULL;
+ char *endptr = NULL;
unsigned int bps = DEFAULT_CUL_BPS;
struct ota_dev dev;
struct recv_data rdata;
printf("HomeMatic OTA flasher version " VERSION "\n\n");
- while((opt = getopt(argc, argv, "b:c:f:hls:")) != -1) {
+ while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:")) != -1) {
switch (opt) {
case 'b':
bps = atoi(optarg);
fw_file = optarg;
break;
case 'l':
- printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWE_MAX_PAYLOAD);
- max_payloadlen = LOWE_MAX_PAYLOAD;
+ printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD);
+ max_payloadlen = LOWER_MAX_PAYLOAD;
break;
case 's':
serial = optarg;
break;
+ case 'C':
+ my_hmid = strtoul(optarg, &endptr, 16);
+ if (*endptr != '\0') {
+ fprintf(stderr, "Invalid central HMID!\n\n");
+ flash_ota_syntax(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 'D':
+ hmid = strtoul(optarg, &endptr, 16);
+ if (*endptr != '\0') {
+ fprintf(stderr, "Invalid device HMID!\n\n");
+ flash_ota_syntax(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 'K':
+ kNo = strtoul(optarg, &endptr, 10);
+ if (*endptr != ':') {
+ fprintf(stderr, "Invalid key number!\n\n");
+ flash_ota_syntax(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ endptr++;
+ for (cnt = 0; cnt < 16; cnt++) {
+ if (*endptr == '\0' || *(endptr+1) == '\0' ||
+ !validate_nibble(*endptr) ||
+ !validate_nibble(*(endptr+1))) {
+ fprintf(stderr, "Invalid key!\n\n");
+ flash_ota_syntax(argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1));
+ endptr += 2;
+ }
+ break;
case 'h':
case ':':
case '?':
}
}
- if (!fw_file || !serial) {
+ if (!fw_file || (!serial && !hmid)) {
flash_ota_syntax(argv[0]);
exit(EXIT_FAILURE);
}
exit(EXIT_FAILURE);
}
} else {
+ uint32_t new_hmid = my_hmid;
+
hmcfgusb_set_debug(debug);
dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata);
}
dev.type = DEVICE_TYPE_HMCFGUSB;
- printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
-
- if (!dev.hmcfgusb->bootloader) {
- printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
- printf("Waiting for device to reappear...\n");
-
- do {
- if (dev.hmcfgusb) {
- if (!dev.hmcfgusb->bootloader)
- hmcfgusb_enter_bootloader(dev.hmcfgusb);
- hmcfgusb_close(dev.hmcfgusb);
- }
- sleep(1);
- } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
- }
-
- if (dev.hmcfgusb->bootloader) {
- printf("HM-CFG-USB in bootloader mode, rebooting\n");
-
- do {
- if (dev.hmcfgusb) {
- if (dev.hmcfgusb->bootloader)
- hmcfgusb_leave_bootloader(dev.hmcfgusb);
- hmcfgusb_close(dev.hmcfgusb);
- }
- sleep(1);
- } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
- }
-
- printf("\n\nHM-CFG-USB opened\n\n");
-
memset(out, 0, sizeof(out));
out[0] = 'K';
hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
exit(EXIT_FAILURE);
}
- printf("HM-CFG-USB firmware version: %u\n", rdata.version);
+ printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits);
+
+ if (rdata.credits >= 40) {
+ printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n");
+
+ if (!dev.hmcfgusb->bootloader) {
+ printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n");
+ printf("Waiting for device to reappear...\n");
+
+ do {
+ if (dev.hmcfgusb) {
+ if (!dev.hmcfgusb->bootloader)
+ hmcfgusb_enter_bootloader(dev.hmcfgusb);
+ hmcfgusb_close(dev.hmcfgusb);
+ }
+ sleep(1);
+ } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader));
+ }
+
+ if (dev.hmcfgusb->bootloader) {
+ printf("HM-CFG-USB in bootloader mode, rebooting\n");
+
+ do {
+ if (dev.hmcfgusb) {
+ if (dev.hmcfgusb->bootloader)
+ hmcfgusb_leave_bootloader(dev.hmcfgusb);
+ hmcfgusb_close(dev.hmcfgusb);
+ }
+ sleep(1);
+ } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader));
+ }
+ }
+
+ printf("\n\nHM-CFG-USB opened\n\n");
+
+ if (new_hmid && (my_hmid != new_hmid)) {
+ printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid);
+
+ memset(out, 0, sizeof(out));
+ out[0] = 'A';
+ out[1] = (new_hmid >> 16) & 0xff;
+ out[2] = (new_hmid >> 8) & 0xff;
+ out[3] = new_hmid & 0xff;
+
+ hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
+
+ my_hmid = new_hmid;
+ }
+
+ if (kNo > 0) {
+ printf("Setting AES-key\n");
+
+ memset(out, 0, sizeof(out));
+ out[0] = 'Y';
+ out[1] = 0x01;
+ out[2] = kNo;
+ out[3] = sizeof(key);
+ memcpy(&(out[4]), key, sizeof(key));
+ hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
+
+ memset(out, 0, sizeof(out));
+ out[0] = 'Y';
+ out[1] = 0x02;
+ out[2] = 0x00;
+ out[3] = 0x00;
+ hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
+
+ memset(out, 0, sizeof(out));
+ out[0] = 'Y';
+ out[1] = 0x03;
+ out[2] = 0x00;
+ out[3] = 0x00;
+ hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1);
+ }
}
if (!switch_speed(&dev, &rdata, 10)) {
exit(EXIT_FAILURE);
}
- printf("Waiting for device with serial %s\n", serial);
+ if (hmid && my_hmid) {
+ printf("Sending device with hmid %06x to bootloader\n", hmid);
+ out[CTL] = 0x30;
+ out[TYPE] = 0x11;
+ SET_SRC(out, my_hmid);
+ SET_DST(out, hmid);
+ out[PAYLOAD] = 0xCA;
+ SET_LEN_FROM_PAYLOADLEN(out, 1);
+
+ cnt = 3;
+ do {
+ out[MSGID] = msgid++;
+ if (send_hm_message(&dev, &rdata, out)) {
+ break;
+ }
+ } while (cnt--);
+ if (cnt == -1) {
+ printf("Failed to send device to bootloader, please enter bootloader manually.\n");
+ }
+ }
+
+ if (serial) {
+ printf("Waiting for device with serial %s\n", serial);
+ } else {
+ printf("Waiting for device with HMID %06x\n", hmid);
+ }
while (1) {
errno = 0;
(rdata.message[TYPE] == 0x10) && /* Messagte type: Information */
(DST(rdata.message) == 0x000000) && /* Broadcast */
(rdata.message[PAYLOAD] == 0x00)) { /* FUP? */
- if (!strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
+ if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) {
hmid = SRC(rdata.message);
break;
+ } else if (!serial && SRC(rdata.message) == hmid) {
+ serial = (char*)&(rdata.message[0x0b]);
+ break;
}
}
}
- printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", serial, hmid);
+ printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid);
if (dev.type == DEVICE_TYPE_HMCFGUSB) {
printf("Adding HMID\n");
projects / hmcfgusb / blobdiff