From 25870f587b45735699cc4479034cb864116b2f22 Mon Sep 17 00:00:00 2001 From: Michael Gernoth Date: Sun, 16 Feb 2014 03:09:47 +0100 Subject: [PATCH] Add flasher for OTA devices --- .gitignore | 6 +- Makefile | 9 +- flash-ota.c | 470 ++++++++++++++++++++++++++++++++++++++++++++++++++++ hm.h | 36 ++++ version.h | 2 +- 5 files changed, 518 insertions(+), 5 deletions(-) create mode 100644 flash-ota.c create mode 100644 hm.h diff --git a/.gitignore b/.gitignore index 7f65d5a..af9b617 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ flash-hmcfgusb flash-hmcfgusb.d flash-hmcfgusb.o +flash-ota +flash-ota.d +flash-ota.o firmware.d firmware.o hmcfgusb.d @@ -11,4 +14,5 @@ hmland.o hmsniff hmsniff.d hmsniff.o -hmusbif.enc +*.enc +*.eq3 diff --git a/Makefile b/Makefile index e4e705d..88b187a 100644 --- a/Makefile +++ b/Makefile @@ -6,10 +6,11 @@ CC=gcc HMLAN_OBJS=hmcfgusb.o hmland.o HMSNIFF_OBJS=hmcfgusb.o hmsniff.o FLASH_HMCFGUSB_OBJS=hmcfgusb.o firmware.o flash-hmcfgusb.o +FLASH_OTA_OBJS=hmcfgusb.o firmware.o flash-ota.o -OBJS=$(HMLAN_OBJS) $(HMSNIFF_OBJS) $(FLASH_HMCFGUSB_OBJS) +OBJS=$(HMLAN_OBJS) $(HMSNIFF_OBJS) $(FLASH_HMCFGUSB_OBJS) $(FLASH_OTA_OBJS) -all: hmland hmsniff flash-hmcfgusb +all: hmland hmsniff flash-hmcfgusb flash-ota DEPEND=$(OBJS:.o=.d) -include $(DEPEND) @@ -20,7 +21,9 @@ hmsniff: $(HMSNIFF_OBJS) flash-hmcfgusb: $(FLASH_HMCFGUSB_OBJS) +flash-ota: $(FLASH_OTA_OBJS) + clean: - rm -f $(HMLAN_OBJS) $(HMSNIFF_OBJS) $(FLASH_HMCFGUSB_OBJS) $(DEPEND) hmland hmsniff flash-hmcfgusb + rm -f $(HMLAN_OBJS) $(HMSNIFF_OBJS) $(FLASH_HMCFGUSB_OBJS) $(FLASH_OTA_OBJS) $(DEPEND) hmland hmsniff flash-hmcfgusb flash-ota .PHONY: all clean diff --git a/flash-ota.c b/flash-ota.c new file mode 100644 index 0000000..46d3adb --- /dev/null +++ b/flash-ota.c @@ -0,0 +1,470 @@ +/* flasher for HomeMatic-devices supporting OTA updates + * + * Copyright (c) 2014 Michael Gernoth + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "hexdump.h" +#include "firmware.h" +#include "hm.h" +#include "version.h" +#include "hmcfgusb.h" + +uint32_t hmid = 0; + +enum message_type { + MESSAGE_TYPE_E, + MESSAGE_TYPE_R, +}; + +struct recv_data { + uint8_t message[64]; + enum message_type message_type; + uint16_t status; + int speed; +}; + +static int parse_hmcfgusb(uint8_t *buf, int buf_len, void *data) +{ + struct recv_data *rdata = data; + + if (buf_len < 1) + return 1; + + switch (buf[0]) { + case 'E': + if ((!hmid) || + ((buf[0x11] == ((hmid >> 16) & 0xff)) && + (buf[0x12] == ((hmid >> 8) & 0xff)) && + (buf[0x13] == (hmid & 0xff)))) { + memset(rdata->message, 0, sizeof(rdata->message)); + memcpy(rdata->message, buf + 0x0d, buf[0x0d] + 1); + rdata->message_type = MESSAGE_TYPE_E; + } + break; + case 'R': + memset(rdata->message, 0, sizeof(rdata->message)); + memcpy(rdata->message, buf + 0x0e, buf[0x0e] + 1); + rdata->status = (buf[5] << 8) | buf[6]; + rdata->message_type = MESSAGE_TYPE_R; + break; + case 'G': + rdata->speed = buf[1]; + break; + default: + break; + } + + if (buf_len != 1) + return 1; + + return 1; +} + +int send_hm_message(struct hmcfgusb_dev *dev, struct recv_data *rdata, uint8_t *msg) +{ + static uint32_t id = 1; + struct timeval tv; + uint8_t out[0x40]; + int pfd; + + if (gettimeofday(&tv, NULL) == -1) { + perror("gettimeofay"); + return 0; + } + + memset(out, 0, sizeof(out)); + + out[0] = 'S'; + out[1] = (id >> 24) & 0xff; + out[2] = (id >> 16) & 0xff; + out[3] = (id >> 8) & 0xff; + out[4] = id & 0xff; + out[10] = 0x01; + out[11] = (tv.tv_usec >> 24) & 0xff; + out[12] = (tv.tv_usec >> 16) & 0xff; + out[13] = (tv.tv_usec >> 8) & 0xff; + out[14] = tv.tv_usec & 0xff; + + + memcpy(&out[0x0f], msg, msg[0] + 1); + + memset(rdata, 0, sizeof(struct recv_data)); + hmcfgusb_send(dev, out, sizeof(out), 2); + + while (1) { + if (rdata->message_type == MESSAGE_TYPE_R) { + if (((rdata->status & 0xff) == 0x01) || + ((rdata->status & 0xff) == 0x02)) { + break; + } else { + fprintf(stderr, "\n\nInvalid status: %04x\n\n", rdata->status); + return 0; + } + } + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + } + + id++; + return 1; +} + +int main(int argc, char **argv) +{ + const char twiddlie[] = { '-', '\\', '|', '/' }; + const uint8_t switch_msg[] = { 0x10, 0x5B, 0x11, 0xF8, 0x15, 0x47 }; + struct hmcfgusb_dev *dev; + struct recv_data rdata; + uint8_t out[0x40]; + uint8_t *pos; + uint8_t msgid = 0x1; + uint16_t len; + struct firmware *fw; + int block; + int pfd; + int debug = 0; + int cnt; + int msgnum = 0; + int switched = 0; + + printf("HomeMatic OTA flasher version " VERSION "\n\n"); + + if (argc != 3) { + if (argc == 1) + fprintf(stderr, "Missing firmware filename!\n\n"); + + if (argc == 2) + fprintf(stderr, "Missing serial!\n\n"); + + fprintf(stderr, "Syntax: %s firmware.eq3 SERIALNUMBER\n\n", argv[0]); + exit(EXIT_FAILURE); + } + + fw = firmware_read_firmware(argv[1], debug); + if (!fw) + exit(EXIT_FAILURE); + + hmcfgusb_set_debug(debug); + + memset(&rdata, 0, sizeof(rdata)); + + dev = hmcfgusb_init(parse_hmcfgusb, &rdata); + if (!dev) { + fprintf(stderr, "Can't initialize HM-CFG-USB\n"); + exit(EXIT_FAILURE); + } + + if (dev->bootloader) { + fprintf(stderr, "\nHM-CFG-USB not in bootloader mode, aborting!\n"); + exit(EXIT_FAILURE); + } + + printf("\nHM-CFG-USB opened\n\n"); + + printf("Entering 10k-mode\n"); + + memset(out, 0, sizeof(out)); + out[0] = 'G'; + out[1] = 10; + hmcfgusb_send(dev, out, sizeof(out), 1); + + while (1) { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + if (rdata.speed == 10) + break; + } + + printf("Waiting for device with serial %s\n", argv[2]); + + while (1) { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + + if ((rdata.message[LEN] == 0x14) && /* Length */ + (rdata.message[MSGID] == 0x00) && /* Message ID */ + (rdata.message[CTL] == 0x00) && /* Control Byte */ + (rdata.message[TYPE] == 0x10) && /* Messagte type: Information */ + (DST(rdata.message) == 0x000000) && /* Broadcast */ + (rdata.message[PAYLOAD] == 0x00) && /* FUP? */ + (rdata.message[PAYLOAD+2] == 'E') && + (rdata.message[PAYLOAD+3] == 'Q')) { + if (!strncmp((char*)&(rdata.message[0x0b]), argv[2], 10)) { + hmid = SRC(rdata.message); + break; + } + } + } + + printf("Device with serial %s (hmid: %06x) entered firmware-update-mode\n", argv[2], hmid); + + printf("Adding HMID\n"); + + memset(out, 0, sizeof(out)); + out[0] = '+'; + out[1] = (hmid >> 16) & 0xff; + out[2] = (hmid >> 8) & 0xff; + out[3] = hmid & 0xff; + + hmcfgusb_send(dev, out, sizeof(out), 2); + + do { + printf("Initiating remote switch to 100k\n"); + + memset(out, 0, sizeof(out)); + + out[MSGID] = msgid++; + out[CTL] = 0x00; + out[TYPE] = 0xCB; + SET_SRC(out, 0x000000); + SET_DST(out, hmid); + + memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg)); + SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg)); + + if (!send_hm_message(dev, &rdata, out)) { + exit(EXIT_FAILURE); + } + + printf("Entering 100k-mode\n"); + + memset(out, 0, sizeof(out)); + out[0] = 'G'; + out[1] = 100; + + hmcfgusb_send(dev, out, sizeof(out), 2); + + while (1) { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + if (rdata.speed == 100) + break; + } + + printf("Has the device switched?\n"); + + memset(out, 0, sizeof(out)); + + out[MSGID] = msgid++; + out[CTL] = 0x20; + out[TYPE] = 0xCB; + SET_SRC(out, 0x000000); + SET_DST(out, hmid); + + memcpy(&out[PAYLOAD], switch_msg, sizeof(switch_msg)); + SET_LEN_FROM_PAYLOADLEN(out, sizeof(switch_msg)); + + cnt = 3; + do { + if (send_hm_message(dev, &rdata, out)) { + /* A0A02000221B9AD00000000 */ + switched = 1; + break; + + } + } while (cnt--); + + if (!switched) { + printf("Entering 10k-mode\n"); + + memset(out, 0, sizeof(out)); + out[0] = 'G'; + out[1] = 10; + hmcfgusb_send(dev, out, sizeof(out), 1); + + while (1) { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + if (rdata.speed == 10) + break; + } + } + } while (!switched); + + + printf("Initiating firmware upload!\n"); + + printf("Flashing %d blocks", fw->fw_blocks); + if (debug) { + printf("\n"); + } else { + printf(": %04u/%04u %c", 0, fw->fw_blocks, twiddlie[0]); + fflush(stdout); + } + + for (block = 0; block < fw->fw_blocks; block++) { + int first; + + len = fw->fw[block][2] << 8; + len |= fw->fw[block][3]; + + pos = &(fw->fw[block][2]); + + len += 2; /* length */ + + if (debug) + hexdump(pos, len, "F> "); + + first = 1; + cnt = 0; + do { + int payloadlen = 35; + int ack = 0; + + if (first) { + payloadlen = 37; + first = 0; + } + + if ((len - (pos - &(fw->fw[block][2]))) < payloadlen) + payloadlen = (len - (pos - &(fw->fw[block][2]))); + + if (((pos + payloadlen) - &(fw->fw[block][2])) == len) + ack = 1; + + memset(&rdata, 0, sizeof(rdata)); + + memset(out, 0, sizeof(out)); + + out[MSGID] = msgid++; + if (ack) + out[CTL] = 0x20; + out[TYPE] = 0xCA; + SET_SRC(out, 0x000000); + SET_DST(out, hmid); + + memcpy(&out[PAYLOAD], pos, payloadlen); + SET_LEN_FROM_PAYLOADLEN(out, payloadlen); + + if (send_hm_message(dev, &rdata, out)) { + pos += payloadlen; + } else { + pos = &(fw->fw[block][2]); + cnt++; + if (cnt == 3) { + fprintf(stderr, "\nToo many errors, giving up!\n"); + exit(EXIT_FAILURE); + } else { + printf("Flashing %d blocks: %04u/%04u %c", fw->fw_blocks, block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]); + } + } + + msgnum++; + + if (!debug) { + printf("\b\b\b\b\b\b\b\b\b\b\b%04u/%04u %c", + block + 1, fw->fw_blocks, twiddlie[msgnum % sizeof(twiddlie)]); + fflush(stdout); + } + } while((pos - &(fw->fw[block][2])) < len); + } + + firmware_free(fw); + + printf("Entering 10k-mode\n"); + + memset(out, 0, sizeof(out)); + out[0] = 'G'; + out[1] = 10; + hmcfgusb_send(dev, out, sizeof(out), 1); + + while (1) { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + if (rdata.speed == 10) + break; + } + + printf("Waiting for device to reboot\n"); + + cnt = 10; + do { + errno = 0; + pfd = hmcfgusb_poll(dev, 1); + if ((pfd < 0) && errno) { + if (errno != ETIMEDOUT) { + perror("\n\nhmcfgusb_poll"); + exit(EXIT_FAILURE); + } + } + if (rdata.message_type == MESSAGE_TYPE_E) { + break; + } + } while(cnt--); + + if (rdata.message_type == MESSAGE_TYPE_E) { + printf("Device rebooted\n"); + } + + hmcfgusb_close(dev); + + return EXIT_SUCCESS; +} diff --git a/hm.h b/hm.h new file mode 100644 index 0000000..d0d7147 --- /dev/null +++ b/hm.h @@ -0,0 +1,36 @@ +/* HomeMatic defines + * + * Copyright (c) 2014 Michael Gernoth + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#define LEN 0x00 +#define MSGID 0x01 +#define CTL 0x02 +#define TYPE 0x03 +#define PAYLOAD 0x0a + +#define SRC(buf) (buf[0x06] | (buf[0x05] << 8) | (buf[0x04]) << 16) +#define DST(buf) (buf[0x09] | (buf[0x08] << 8) | (buf[0x07]) << 16) + +#define SET_SRC(buf, src) do { buf[0x04] = (src >> 16) & 0xff; buf[0x05] = (src >> 8) & 0xff; buf[0x06] = src & 0xff; } while(0) +#define SET_DST(buf, dst) do { buf[0x07] = (dst >> 16) & 0xff; buf[0x08] = (dst >> 8) & 0xff; buf[0x09] = dst & 0xff; } while(0) + +#define SET_LEN_FROM_PAYLOADLEN(buf, payloadlen) do { buf[0x00] = payloadlen + 0x09; } while(0) diff --git a/version.h b/version.h index fcd5d7b..aa8235f 100644 --- a/version.h +++ b/version.h @@ -1 +1 @@ -#define VERSION "0.092-git" +#define VERSION "0.093-git" -- 2.39.5