6658905f |
1 | #include <usb.h> |
2 | #include <stdio.h> |
3 | #include <unistd.h> |
4 | #include <stdlib.h> |
5 | #include <strings.h> |
6 | #include <string.h> |
7 | #include <errno.h> |
8 | #include <ctype.h> |
9 | |
10 | #include "translate.h" |
11 | #include "../winsrc/prox.h" |
12 | #include "proxmark3.h" |
13 | |
14 | static DWORD ExpectedAddr; |
15 | static BYTE QueuedToSend[256]; |
16 | static BOOL AllWritten; |
a5b1ba20 |
17 | #define PHYSICAL_FLASH_START 0x100000 |
18 | |
19 | struct partition { |
20 | int start; |
21 | int end; |
22 | int precious; |
23 | const char *name; |
24 | }; |
25 | struct partition partitions[] = { |
26 | {0x100000, 0x102000, 1, "bootrom"}, |
27 | {0x102000, 0x110000, 0, "fpga"}, |
28 | {0x110000, 0x140000, 0, "os"}, |
29 | }; |
30 | |
31 | /* If translate is set, subtract PHYSICAL_FLASH_START to translate for old |
32 | * bootroms. |
33 | */ |
34 | static void FlushPrevious(int translate) |
6658905f |
35 | { |
36 | UsbCommand c; |
37 | memset(&c, 0, sizeof(c)); |
38 | |
39 | printf("expected = %08x flush, ", ExpectedAddr); |
40 | |
41 | int i; |
42 | for(i = 0; i < 240; i += 48) { |
43 | c.cmd = CMD_SETUP_WRITE; |
44 | memcpy(c.d.asBytes, QueuedToSend+i, 48); |
45 | c.ext1 = (i/4); |
46 | SendCommand(&c, TRUE); |
47 | } |
48 | |
49 | c.cmd = CMD_FINISH_WRITE; |
50 | c.ext1 = (ExpectedAddr-1) & (~255); |
a5b1ba20 |
51 | if(translate) { |
52 | c.ext1 -= PHYSICAL_FLASH_START; |
53 | } |
6658905f |
54 | printf("c.ext1 = %08x\r", c.ext1); |
55 | memcpy(c.d.asBytes, QueuedToSend+240, 16); |
56 | SendCommand(&c, TRUE); |
57 | |
58 | AllWritten = TRUE; |
59 | } |
60 | |
a5b1ba20 |
61 | /* Where must be between start_addr (inclusive) and end_addr (exclusive). |
62 | */ |
63 | static void GotByte(DWORD where, BYTE which, int start_addr, int end_addr, int translate) |
6658905f |
64 | { |
65 | AllWritten = FALSE; |
a5b1ba20 |
66 | |
67 | if(where < start_addr || where >= end_addr) { |
68 | printf("bad: got byte at %08x, outside of range %08x-%08x\n", where, start_addr, end_addr); |
69 | exit(-1); |
70 | } |
6658905f |
71 | |
72 | if(where != ExpectedAddr) { |
73 | printf("bad: got at %08x, expected at %08x\n", where, ExpectedAddr); |
74 | exit(-1); |
75 | } |
76 | QueuedToSend[where & 255] = which; |
77 | ExpectedAddr++; |
78 | |
79 | if((where & 255) == 255) { |
80 | // we have completed a full page |
a5b1ba20 |
81 | FlushPrevious(translate); |
6658905f |
82 | } |
83 | } |
84 | |
85 | static int HexVal(int c) |
86 | { |
87 | c = tolower(c); |
88 | if(c >= '0' && c <= '9') { |
89 | return c - '0'; |
90 | } else if(c >= 'a' && c <= 'f') { |
91 | return (c - 'a') + 10; |
92 | } else { |
93 | printf("bad hex digit '%c'\n", c); |
94 | exit(-1); |
95 | } |
96 | } |
97 | |
98 | static BYTE HexByte(char *s) |
99 | { |
100 | return (HexVal(s[0]) << 4) | HexVal(s[1]); |
101 | } |
102 | |
a5b1ba20 |
103 | static void LoadFlashFromSRecords(const char *file, int start_addr, int end_addr, int translate) |
6658905f |
104 | { |
a5b1ba20 |
105 | ExpectedAddr = start_addr; |
106 | |
6658905f |
107 | FILE *f = fopen(file, "r"); |
108 | if(!f) { |
109 | printf("couldn't open file\n"); |
110 | exit(-1); |
111 | } |
112 | |
113 | char line[512]; |
114 | while(fgets(line, sizeof(line), f)) { |
115 | if(memcmp(line, "S3", 2)==0) { |
116 | char *s = line + 2; |
117 | int len = HexByte(s) - 5; |
118 | s += 2; |
119 | |
120 | char addrStr[9]; |
121 | memcpy(addrStr, s, 8); |
122 | addrStr[8] = '\0'; |
123 | DWORD addr; |
124 | sscanf(addrStr, "%x", &addr); |
125 | s += 8; |
a5b1ba20 |
126 | |
127 | /* Accept files that are located at PHYSICAL_FLASH_START, and files that are located at 0 */ |
128 | if(addr < PHYSICAL_FLASH_START) |
129 | addr += PHYSICAL_FLASH_START; |
6658905f |
130 | |
131 | int i; |
132 | for(i = 0; i < len; i++) { |
133 | while((addr+i) > ExpectedAddr) { |
a5b1ba20 |
134 | GotByte(ExpectedAddr, 0xff, start_addr, end_addr, translate); |
6658905f |
135 | } |
a5b1ba20 |
136 | GotByte(addr+i, HexByte(s), start_addr, end_addr, translate); |
6658905f |
137 | s += 2; |
138 | } |
139 | } |
140 | } |
141 | |
a5b1ba20 |
142 | if(!AllWritten) FlushPrevious(translate); |
6658905f |
143 | |
144 | fclose(f); |
145 | printf("\ndone.\n"); |
146 | } |
147 | |
a5b1ba20 |
148 | static int PrepareFlash(struct partition *p, const char *filename, unsigned int state) |
149 | { |
150 | int translate = 0; |
151 | if(state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) { |
152 | UsbCommand c; |
153 | c.cmd = CMD_START_FLASH; |
154 | c.ext1 = p->start; |
155 | c.ext2 = p->end; |
156 | |
157 | /* Only send magic when flashing bootrom */ |
158 | if(p->precious) { |
159 | c.ext3 = START_FLASH_MAGIC; |
160 | } else { |
161 | c.ext3 = 0; |
162 | } |
163 | SendCommand(&c, TRUE); |
164 | translate = 0; |
6658905f |
165 | } else { |
a5b1ba20 |
166 | fprintf(stderr, "Warning: Your bootloader does not understand the new START_FLASH command\n"); |
167 | fprintf(stderr, " It is recommended that you update your bootloader\n\n"); |
168 | translate = 1; |
6658905f |
169 | } |
a5b1ba20 |
170 | |
171 | LoadFlashFromSRecords(filename, p->start, p->end, translate); |
172 | return 1; |
173 | } |
6658905f |
174 | |
a5b1ba20 |
175 | static unsigned int GetProxmarkState(void) |
176 | { |
177 | unsigned int state = 0; |
178 | |
179 | UsbCommand c; |
180 | c.cmd = CMD_DEVICE_INFO; |
181 | SendCommand(&c, FALSE); |
182 | |
183 | UsbCommand resp; |
184 | ReceiveCommand(&resp); |
185 | /* Three cases: |
186 | * 1. The old bootrom code will ignore CMD_DEVICE_INFO, but respond with an ACK |
187 | * 2. The old os code will respond with CMD_DEBUG_PRINT_STRING and "unknown command" |
188 | * 3. The new bootrom and os codes will respond with CMD_DEVICE_INFO and flags |
189 | */ |
190 | |
191 | switch(resp.cmd) { |
192 | case CMD_ACK: |
193 | state = DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM; |
194 | break; |
195 | case CMD_DEBUG_PRINT_STRING: |
196 | state = DEVICE_INFO_FLAG_CURRENT_MODE_OS; |
197 | break; |
198 | case CMD_DEVICE_INFO: |
199 | state = resp.ext1; |
200 | break; |
201 | default: |
202 | fprintf(stderr, "Couldn't get proxmark state, bad response type: 0x%04X\n", resp.cmd); |
203 | exit(-1); |
204 | break; |
431ae7e0 |
205 | } |
a5b1ba20 |
206 | |
207 | #if 0 |
208 | if(state & DEVICE_INFO_FLAG_BOOTROM_PRESENT) printf("New bootrom present\n"); |
209 | if(state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT) printf("New osimage present\n"); |
210 | if(state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) printf("Currently in bootrom\n"); |
211 | if(state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) printf("Currently in OS\n"); |
212 | #endif |
213 | |
214 | return state; |
215 | } |
431ae7e0 |
216 | |
a5b1ba20 |
217 | static unsigned int EnterFlashState(void) |
218 | { |
219 | unsigned int state = GetProxmarkState(); |
220 | |
221 | if(state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) { |
222 | /* Already in flash state, we're done. */ |
223 | return state; |
224 | } |
225 | |
226 | if(state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) { |
431ae7e0 |
227 | fprintf(stderr,"Entering flash-mode...\n"); |
a5b1ba20 |
228 | UsbCommand c; |
431ae7e0 |
229 | bzero(&c, sizeof(c)); |
a5b1ba20 |
230 | |
231 | if( (state & DEVICE_INFO_FLAG_BOOTROM_PRESENT) && (state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT) ) { |
232 | /* New style handover: Send CMD_START_FLASH, which will reset the board and |
233 | * enter the bootrom on the next boot. |
234 | */ |
235 | c.cmd = CMD_START_FLASH; |
236 | SendCommand(&c, FALSE); |
237 | fprintf(stderr,"(You don't have to do anything. Press and release the button only if you want to abort)\n"); |
238 | fprintf(stderr,"Waiting for Proxmark to reappear on USB... "); |
239 | } else { |
240 | /* Old style handover: Ask the user to press the button, then reset the board */ |
241 | c.cmd = CMD_HARDWARE_RESET; |
242 | SendCommand(&c, FALSE); |
243 | fprintf(stderr,"(Press and hold down button NOW if your bootloader requires it)\n"); |
244 | fprintf(stderr,"Waiting for Proxmark to reappear on USB... "); |
245 | } |
246 | |
431ae7e0 |
247 | CloseProxmark(); |
248 | sleep(1); |
249 | |
431ae7e0 |
250 | while(!(devh=OpenProxmark(0))) { sleep(1); } |
a5b1ba20 |
251 | fprintf(stderr,"Found.\n"); |
252 | |
253 | return GetProxmarkState(); |
254 | } |
255 | |
256 | return 0; |
257 | } |
258 | |
259 | static void usage(char **argv) |
260 | { |
261 | int i; |
262 | fprintf(stderr, "Usage: %s areas image [image [image]]\n", argv[0]); |
263 | fprintf(stderr, " areas is a comma-separated list of areas to flash, with no spaces\n"); |
264 | fprintf(stderr, " Known areas are:"); |
265 | for(i=0; i<(sizeof(partitions)/sizeof(partitions[0])); i++) { |
266 | fprintf(stderr, " %s", partitions[i].name); |
431ae7e0 |
267 | } |
a5b1ba20 |
268 | fprintf(stderr, "\n"); |
269 | fprintf(stderr, " image is the path to the corresponding image\n\n"); |
270 | fprintf(stderr, "Example: %s os,fpga path/to/osimage.s19 path/to/fpgaimage.s19\n", argv[0]); |
271 | } |
6658905f |
272 | |
a5b1ba20 |
273 | /* On first call, have *offset = -1, *length = 0; */ |
274 | static int find_next_area(const char *str, int *offset, int *length) |
275 | { |
276 | if(*str == '\0') return 0; |
277 | if((*offset >= 0) && str[*offset + *length] == '\0') return 0; |
278 | *offset += 1 + *length; |
279 | |
280 | char *next_comma = strchr(str + *offset, ','); |
281 | if(next_comma == NULL) { |
282 | *length = strlen(str) - *offset; |
283 | } else { |
284 | *length = next_comma-(str+*offset); |
431ae7e0 |
285 | } |
a5b1ba20 |
286 | return 1; |
287 | } |
6658905f |
288 | |
a5b1ba20 |
289 | int main(int argc, char **argv) { |
290 | if(argc < 2) { |
291 | usage(argv); |
292 | exit(-1); |
293 | } |
294 | |
295 | /* Count area arguments */ |
296 | int areas = 0, offset=-1, length=0; |
297 | while(find_next_area(argv[1], &offset, &length)) areas++; |
298 | |
299 | if(areas != argc - 2) { |
300 | usage(argv); |
301 | exit(-1); |
302 | } |
303 | |
304 | usb_init(); |
305 | |
306 | fprintf(stderr,"Waiting for Proxmark to appear on USB... "); |
307 | while(!(devh=OpenProxmark(0))) { sleep(1); } |
308 | fprintf(stderr,"Found.\n"); |
309 | |
310 | unsigned int state = EnterFlashState(); |
311 | |
312 | if( !(state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) ) { |
313 | fprintf(stderr, "Proxmark would not enter flash state, abort\n"); |
314 | exit(-1); |
315 | } |
316 | |
317 | offset=-1; length=0; |
318 | int current_area = 0; |
319 | while(find_next_area(argv[1], &offset, &length)) { |
320 | int i; |
321 | struct partition *p = NULL; |
322 | for(i=0; i<sizeof(partitions)/sizeof(partitions[0]); i++) { |
323 | if(strncmp(partitions[i].name, argv[1] + offset, length) == 0) { |
324 | /* Check if the name matches the bootrom partition, and if so, require "bootrom" to |
325 | * be written in full. The other names may be abbreviated. |
326 | */ |
327 | if(!partitions[i].precious || (strlen(partitions[i].name) == length)) { |
328 | p = &partitions[i]; |
329 | } |
330 | break; |
331 | } |
332 | } |
333 | |
334 | if(p == NULL) { |
335 | fprintf(stderr, "Warning: area name '"); |
336 | fwrite(argv[1]+offset, length, 1, stderr); |
337 | fprintf(stderr, "' unknown, ignored\n"); |
338 | } else { |
339 | fprintf(stderr, "Flashing %s from %s\n", p->name, argv[2+current_area]); |
340 | PrepareFlash(p, argv[2+current_area], state); |
341 | } |
342 | current_area++; |
343 | } |
344 | |
345 | UsbCommand c; |
6658905f |
346 | bzero(&c, sizeof(c)); |
347 | c.cmd = CMD_HARDWARE_RESET; |
348 | SendCommand(&c, FALSE); |
349 | |
350 | CloseProxmark(); |
351 | |
352 | fprintf(stderr,"Have a nice day!\n"); |
353 | |
354 | return 0; |
355 | } |