X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/hmcfgusb/blobdiff_plain/3b35a8c145cb567b625d32030ba3a287b478dd43..103d40f78446345f6f5b705139492418cf6ee953:/flash-ota.c?ds=sidebyside diff --git a/flash-ota.c b/flash-ota.c index 634e19b..953ed34 100644 --- a/flash-ota.c +++ b/flash-ota.c @@ -1,6 +1,6 @@ /* flasher for HomeMatic-devices supporting OTA updates * - * Copyright (c) 2014 Michael Gernoth + * Copyright (c) 2014-15 Michael Gernoth * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to @@ -43,12 +43,19 @@ #include "culfw.h" #include "util.h" -#define MAX_RETRIES 5 +#define MAX_RETRIES 5 +#define NORMAL_MAX_PAYLOAD 37 +#define LOWER_MAX_PAYLOAD 17 extern char *optarg; uint32_t hmid = 0; uint32_t my_hmid = 0; +uint8_t key[16] = {0}; +int32_t kNo = -1; + +/* Maximum payloadlen supported by IO */ +uint32_t max_payloadlen = NORMAL_MAX_PAYLOAD; enum device_type { DEVICE_TYPE_HMCFGUSB, @@ -72,6 +79,7 @@ struct recv_data { uint16_t status; int speed; uint16_t version; + uint8_t credits; }; static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data) @@ -103,6 +111,7 @@ static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data) break; case 'H': rdata->version = (buf[11] << 8) | buf[12]; + rdata->credits = buf[36]; my_hmid = (buf[0x1b] << 16) | (buf[0x1c] << 8) | buf[0x1d]; break; default: @@ -170,6 +179,13 @@ static int parse_culfw(uint8_t *buf, int buf_len, void *data) rdata->version |= v; } break; + case 'E': + { + if (!strncmp((char*)buf, "ERR:CCA", 7)) { + fprintf(stderr, "CCA didn't complete, too much traffic\n"); + } + break; + } default: fprintf(stderr, "Unknown response from CUL: %s", buf); return 0; @@ -213,14 +229,16 @@ int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg) while (1) { if (rdata->message_type == MESSAGE_TYPE_R) { - if (((rdata->status & 0xff) == 0x01) || - ((rdata->status & 0xff) == 0x02)) { + if (((rdata->status & 0xdf) == 0x01) || + ((rdata->status & 0xdf) == 0x02)) { break; } else { if ((rdata->status & 0xff00) == 0x0400) { fprintf(stderr, "\nOut of credits!\n"); } else if ((rdata->status & 0xff) == 0x08) { fprintf(stderr, "\nMissing ACK!\n"); + } else if ((rdata->status & 0xff) == 0x30) { + fprintf(stderr, "\nUnknown AES-key requested!\n"); } else { fprintf(stderr, "\nInvalid status: %04x\n", rdata->status); } @@ -259,7 +277,7 @@ int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg) } if (msg[CTL] & 0x20) { - int cnt = 3; + int cnt = 5; int pfd; do { errno = 0; @@ -271,7 +289,47 @@ int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg) } } if (rdata->message_type == MESSAGE_TYPE_E) { - break; + if (rdata->message[TYPE] == 0x02) { + if (rdata->message[PAYLOAD] == 0x04) { + int32_t req_kNo; + uint8_t challenge[6]; + uint8_t respbuf[16]; + uint8_t *resp; + + req_kNo = rdata->message[rdata->message[LEN]] / 2; + memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6); + + if (req_kNo != kNo) { + fprintf(stderr, "AES request for unknown key %d!\n", req_kNo); + } else { + resp = hm_sign(key, challenge, msg, NULL, respbuf); + if (resp) { + uint8_t rbuf[64]; + + memset(rbuf, 0, sizeof(rbuf)); + rbuf[MSGID] = rdata->message[MSGID]; + rbuf[CTL] = rdata->message[CTL]; + rbuf[TYPE] = 0x03; + SET_SRC(rbuf, DST(rdata->message)); + SET_DST(rbuf, SRC(rdata->message)); + memcpy(&(rbuf[PAYLOAD]), resp, 16); + SET_LEN_FROM_PAYLOADLEN(rbuf, 16); + + return send_hm_message(dev, rdata, rbuf); + } + } + } else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) { + fprintf(stderr, "NACK\n"); + } else { /* ACK or ACKinfo */ + break; + } + } else { + fprintf(stderr, "Unexpected message received: "); + for (i = 0; i < rdata->message[LEN]; i++) { + fprintf(stderr, "%02x", rdata->message[i+1]); + } + fprintf(stderr, "\n"); + } } } while(cnt--); @@ -333,11 +391,16 @@ void flash_ota_syntax(char *prog) fprintf(stderr, "Syntax: %s parameters options\n\n", prog); fprintf(stderr, "Mandatory parameters:\n"); fprintf(stderr, "\t-f firmware.eq3\tfirmware file to flash\n"); - fprintf(stderr, "\t-s SERIAL\tserial of device to flash\n"); - fprintf(stderr, "\nPossible options:\n"); + fprintf(stderr, "\t-s SERIAL\tserial of device to flash (optional when using -D)\n"); + fprintf(stderr, "\nOptional parameters:\n"); fprintf(stderr, "\t-c device\tenable CUL-mode with CUL at path \"device\"\n"); fprintf(stderr, "\t-b bps\t\tuse CUL with speed \"bps\" (default: %u)\n", DEFAULT_CUL_BPS); + fprintf(stderr, "\t-l\t\tlower payloadlen (required for devices with little RAM, e.g. CUL v2 and CUL v4)\n"); fprintf(stderr, "\t-h\t\tthis help\n"); + fprintf(stderr, "\nOptional parameters for automatically sending device to bootloader\n"); + fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n"); + fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n"); + fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n"); } int main(int argc, char **argv) @@ -347,6 +410,7 @@ int main(int argc, char **argv) char *fw_file = NULL; char *serial = NULL; char *culfw_dev = NULL; + char *endptr = NULL; unsigned int bps = DEFAULT_CUL_BPS; struct ota_dev dev; struct recv_data rdata; @@ -366,7 +430,7 @@ int main(int argc, char **argv) printf("HomeMatic OTA flasher version " VERSION "\n\n"); - while((opt = getopt(argc, argv, "b:c:f:hs:")) != -1) { + while((opt = getopt(argc, argv, "b:c:f:hls:C:D:K:")) != -1) { switch (opt) { case 'b': bps = atoi(optarg); @@ -377,9 +441,49 @@ int main(int argc, char **argv) case 'f': fw_file = optarg; break; + case 'l': + printf("Reducing payload-len from %d to %d\n", max_payloadlen, LOWER_MAX_PAYLOAD); + max_payloadlen = LOWER_MAX_PAYLOAD; + break; case 's': serial = optarg; break; + case 'C': + my_hmid = strtoul(optarg, &endptr, 16); + if (*endptr != '\0') { + fprintf(stderr, "Invalid central HMID!\n\n"); + flash_ota_syntax(argv[0]); + exit(EXIT_FAILURE); + } + break; + case 'D': + hmid = strtoul(optarg, &endptr, 16); + if (*endptr != '\0') { + fprintf(stderr, "Invalid device HMID!\n\n"); + flash_ota_syntax(argv[0]); + exit(EXIT_FAILURE); + } + break; + case 'K': + kNo = strtoul(optarg, &endptr, 10); + if (*endptr != ':') { + fprintf(stderr, "Invalid key number!\n\n"); + flash_ota_syntax(argv[0]); + exit(EXIT_FAILURE); + } + endptr++; + for (cnt = 0; cnt < 16; cnt++) { + if (*endptr == '\0' || *(endptr+1) == '\0' || + !validate_nibble(*endptr) || + !validate_nibble(*(endptr+1))) { + fprintf(stderr, "Invalid key!\n\n"); + flash_ota_syntax(argv[0]); + exit(EXIT_FAILURE); + } + key[cnt] = ascii_to_nibble(*endptr) << 4 | ascii_to_nibble(*(endptr+1)); + endptr += 2; + } + break; case 'h': case ':': case '?': @@ -391,7 +495,7 @@ int main(int argc, char **argv) } } - if (!fw_file || !serial) { + if (!fw_file || (!serial && !hmid)) { flash_ota_syntax(argv[0]); exit(EXIT_FAILURE); } @@ -412,7 +516,7 @@ int main(int argc, char **argv) } dev.type = DEVICE_TYPE_CULFW; - printf("Requesting firmware-version\n"); + printf("Requesting firmware version\n"); culfw_send(dev.culfw, "\r\n", 2); culfw_flush(dev.culfw); @@ -435,13 +539,13 @@ int main(int argc, char **argv) (rdata.version >> 8) & 0xff, rdata.version & 0xff); - if (rdata.version < 0x0139) { - fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode!\n"); + if (rdata.version < 0x013a) { + fprintf(stderr, "\nThis version does _not_ support firmware upgrade mode, you need at least 1.58!\n"); exit(EXIT_FAILURE); - } else if (rdata.version < 0x0140) { - printf("\n*** This version probably not supports firmware upgrade mode! ***\n\n"); } } else { + uint32_t new_hmid = my_hmid; + hmcfgusb_set_debug(debug); dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata); @@ -451,35 +555,6 @@ int main(int argc, char **argv) } dev.type = DEVICE_TYPE_HMCFGUSB; - printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n"); - - if (!dev.hmcfgusb->bootloader) { - printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n"); - hmcfgusb_enter_bootloader(dev.hmcfgusb); - printf("Waiting for device to reappear...\n"); - - do { - if (dev.hmcfgusb) { - hmcfgusb_close(dev.hmcfgusb); - } - sleep(1); - } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader)); - } - - if (dev.hmcfgusb->bootloader) { - printf("HM-CFG-USB in bootloader mode, rebooting\n"); - hmcfgusb_leave_bootloader(dev.hmcfgusb); - - do { - if (dev.hmcfgusb) { - hmcfgusb_close(dev.hmcfgusb); - } - sleep(1); - } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader)); - } - - printf("\n\nHM-CFG-USB opened\n\n"); - memset(out, 0, sizeof(out)); out[0] = 'K'; hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1); @@ -502,7 +577,80 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - printf("HM-CFG-USB firmware version: %u\n", rdata.version); + printf("HM-CFG-USB firmware version: %u, used credits: %u%%\n", rdata.version, rdata.credits); + + if (rdata.credits >= 40) { + printf("\nRebooting HM-CFG-USB to avoid running out of credits\n\n"); + + if (!dev.hmcfgusb->bootloader) { + printf("HM-CFG-USB not in bootloader mode, entering bootloader.\n"); + printf("Waiting for device to reappear...\n"); + + do { + if (dev.hmcfgusb) { + if (!dev.hmcfgusb->bootloader) + hmcfgusb_enter_bootloader(dev.hmcfgusb); + hmcfgusb_close(dev.hmcfgusb); + } + sleep(1); + } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (!dev.hmcfgusb->bootloader)); + } + + if (dev.hmcfgusb->bootloader) { + printf("HM-CFG-USB in bootloader mode, rebooting\n"); + + do { + if (dev.hmcfgusb) { + if (dev.hmcfgusb->bootloader) + hmcfgusb_leave_bootloader(dev.hmcfgusb); + hmcfgusb_close(dev.hmcfgusb); + } + sleep(1); + } while (((dev.hmcfgusb = hmcfgusb_init(parse_hmcfgusb, &rdata)) == NULL) || (dev.hmcfgusb->bootloader)); + } + } + + printf("\n\nHM-CFG-USB opened\n\n"); + + if (new_hmid && (my_hmid != new_hmid)) { + printf("Changing hmid from %06x to %06x\n", my_hmid, new_hmid); + + memset(out, 0, sizeof(out)); + out[0] = 'A'; + out[1] = (new_hmid >> 16) & 0xff; + out[2] = (new_hmid >> 8) & 0xff; + out[3] = new_hmid & 0xff; + + hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1); + + my_hmid = new_hmid; + } + + if (kNo > 0) { + printf("Setting AES-key\n"); + + memset(out, 0, sizeof(out)); + out[0] = 'Y'; + out[1] = 0x01; + out[2] = kNo; + out[3] = sizeof(key); + memcpy(&(out[4]), key, sizeof(key)); + hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1); + + memset(out, 0, sizeof(out)); + out[0] = 'Y'; + out[1] = 0x02; + out[2] = 0x00; + out[3] = 0x00; + hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1); + + memset(out, 0, sizeof(out)); + out[0] = 'Y'; + out[1] = 0x03; + out[2] = 0x00; + out[3] = 0x00; + hmcfgusb_send(dev.hmcfgusb, out, sizeof(out), 1); + } } if (!switch_speed(&dev, &rdata, 10)) { @@ -510,7 +658,32 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } - printf("Waiting for device with serial %s\n", serial); + if (hmid && my_hmid) { + printf("Sending device with hmid %06x to bootloader\n", hmid); + out[MSGID] = msgid++; + out[CTL] = 0x30; + out[TYPE] = 0x11; + SET_SRC(out, my_hmid); + SET_DST(out, hmid); + out[PAYLOAD] = 0xCA; + SET_LEN_FROM_PAYLOADLEN(out, 1); + + cnt = 3; + do { + if (send_hm_message(&dev, &rdata, out)) { + break; + } + } while (cnt--); + if (cnt == -1) { + printf("Failed to send device to bootloader, please enter bootloader manually.\n"); + } + } + + if (serial) { + printf("Waiting for device with serial %s\n", serial); + } else { + printf("Waiting for device with HMID %06x\n", hmid); + } while (1) { errno = 0; @@ -537,14 +710,17 @@ int main(int argc, char **argv) (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */ (DST(rdata.message) == 0x000000) && /* Broadcast */ (rdata.message[PAYLOAD] == 0x00)) { /* FUP? */ - if (!strncmp((char*)&(rdata.message[0x0b]), serial, 10)) { + if (serial && !strncmp((char*)&(rdata.message[0x0b]), serial, 10)) { hmid = SRC(rdata.message); break; + } else if (!serial && SRC(rdata.message) == hmid) { + serial = (char*)&(rdata.message[0x0b]); + break; } } } - printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", serial, hmid); + printf("Device with serial %s (HMID: %06x) entered firmware-update-mode\n", serial, hmid); if (dev.type == DEVICE_TYPE_HMCFGUSB) { printf("Adding HMID\n"); @@ -645,11 +821,11 @@ int main(int argc, char **argv) first = 1; cnt = 0; do { - int payloadlen = 35; + int payloadlen = max_payloadlen - 2; int ack = 0; if (first) { - payloadlen = 37; + payloadlen = max_payloadlen; first = 0; } @@ -738,6 +914,7 @@ int main(int argc, char **argv) switch(dev.type) { case DEVICE_TYPE_HMCFGUSB: hmcfgusb_close(dev.hmcfgusb); + hmcfgusb_exit(); break; case DEVICE_TYPE_CULFW: culfw_close(dev.culfw);