]> git.zerfleddert.de Git - proxmark3-svn/blame - client/flash.c
Potential fix for 0-length usb packets seen on OSX
[proxmark3-svn] / client / flash.c
CommitLineData
a553f267 1//-----------------------------------------------------------------------------
8fe1a992 2// Copyright (C) 2010 Hector Martin "marcan" <marcan@marcansoft.com>
3//
a553f267 4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8fe1a992 8// ELF file flasher
a553f267 9//-----------------------------------------------------------------------------
10
6e4d4ee6 11#include <stdio.h>
6e4d4ee6 12#include <string.h>
83a9b236 13#include <stdlib.h>
125a98a1 14#include "proxmark3.h"
4cd41f34 15#include "sleep.h"
6e4d4ee6 16#include "flash.h"
2cab856f 17#include "elf.h"
8fe1a992 18#include "proxendian.h"
28fdb04f 19#include "usb_cmd.h"
20
21void SendCommand(UsbCommand* txcmd);
22void ReceiveCommand(UsbCommand* rxcmd);
23void CloseProxmark();
24int OpenProxmark(size_t i);
6e4d4ee6 25
0ae6234a 26// FIXME: what the fuckity fuck
8fe1a992 27unsigned int current_command = CMD_UNKNOWN;
28
29#define FLASH_START 0x100000
30#define FLASH_SIZE (256*1024)
31#define FLASH_END (FLASH_START + FLASH_SIZE)
32#define BOOTLOADER_SIZE 0x2000
33#define BOOTLOADER_END (FLASH_START + BOOTLOADER_SIZE)
34
28fdb04f 35#define BLOCK_SIZE 0x200
8fe1a992 36
37static const uint8_t elf_ident[] = {
38 0x7f, 'E', 'L', 'F',
39 ELFCLASS32,
40 ELFDATA2LSB,
41 EV_CURRENT
42};
43
44// Turn PHDRs into flasher segments, checking for PHDR sanity and merging adjacent
45// unaligned segments if needed
46static int build_segs_from_phdrs(flash_file_t *ctx, FILE *fd, Elf32_Phdr *phdrs, int num_phdrs)
7fe9b0b7 47{
8fe1a992 48 Elf32_Phdr *phdr = phdrs;
49 flash_seg_t *seg;
50 uint32_t last_end = 0;
51
52 ctx->segments = malloc(sizeof(flash_seg_t) * num_phdrs);
53 if (!ctx->segments) {
54 fprintf(stderr, "Out of memory\n");
55 return -1;
56 }
57 ctx->num_segs = 0;
58 seg = ctx->segments;
59
60 fprintf(stderr, "Loading usable ELF segments:\n");
61 for (int i = 0; i < num_phdrs; i++) {
62 if (le32(phdr->p_type) != PT_LOAD) {
63 phdr++;
64 continue;
65 }
66 uint32_t vaddr = le32(phdr->p_vaddr);
67 uint32_t paddr = le32(phdr->p_paddr);
68 uint32_t filesz = le32(phdr->p_filesz);
69 uint32_t memsz = le32(phdr->p_memsz);
70 uint32_t offset = le32(phdr->p_offset);
71 uint32_t flags = le32(phdr->p_flags);
72 if (!filesz) {
73 phdr++;
74 continue;
75 }
76 fprintf(stderr, "%d: V 0x%08x P 0x%08x (0x%08x->0x%08x) [%c%c%c] @0x%x\n",
77 i, vaddr, paddr, filesz, memsz,
78 flags & PF_R ? 'R' : ' ',
79 flags & PF_W ? 'W' : ' ',
80 flags & PF_X ? 'X' : ' ',
81 offset);
82 if (filesz != memsz) {
83 fprintf(stderr, "Error: PHDR file size does not equal memory size\n"
84 "(DATA+BSS PHDRs do not make sense on ROM platforms!)\n");
85 return -1;
86 }
87 if (paddr < last_end) {
88 fprintf(stderr, "Error: PHDRs not sorted or overlap\n");
89 return -1;
90 }
91 if (paddr < FLASH_START || (paddr+filesz) > FLASH_END) {
92 fprintf(stderr, "Error: PHDR is not contained in Flash\n");
93 return -1;
94 }
95 if (vaddr >= FLASH_START && vaddr < FLASH_END && (flags & PF_W)) {
96 fprintf(stderr, "Error: Flash VMA segment is writable\n");
97 return -1;
98 }
99
100 uint8_t *data;
101 // make extra space if we need to move the data forward
102 data = malloc(filesz + BLOCK_SIZE);
103 if (!data) {
104 fprintf(stderr, "Out of memory\n");
105 return -1;
106 }
107 if (fseek(fd, offset, SEEK_SET) < 0 || fread(data, 1, filesz, fd) != filesz) {
108 fprintf(stderr, "Error while reading PHDR payload\n");
109 free(data);
110 return -1;
111 }
112
113 uint32_t block_offset = paddr & (BLOCK_SIZE-1);
114 if (block_offset) {
115 if (ctx->num_segs) {
116 flash_seg_t *prev_seg = seg - 1;
117 uint32_t this_end = paddr + filesz;
118 uint32_t this_firstblock = paddr & ~(BLOCK_SIZE-1);
119 uint32_t prev_lastblock = (last_end - 1) & ~(BLOCK_SIZE-1);
120
121 if (this_firstblock == prev_lastblock) {
122 uint32_t new_length = this_end - prev_seg->start;
123 uint32_t this_offset = paddr - prev_seg->start;
124 uint32_t hole = this_offset - prev_seg->length;
125 uint8_t *new_data = malloc(new_length);
126 if (!new_data) {
127 fprintf(stderr, "Out of memory\n");
128 free(data);
129 return -1;
130 }
131 memset(new_data, 0xff, new_length);
132 memcpy(new_data, prev_seg->data, prev_seg->length);
133 memcpy(new_data + this_offset, data, filesz);
134 fprintf(stderr, "Note: Extending previous segment from 0x%x to 0x%x bytes\n",
135 prev_seg->length, new_length);
136 if (hole)
137 fprintf(stderr, "Note: 0x%x-byte hole created\n", hole);
138 free(data);
139 free(prev_seg->data);
140 prev_seg->data = new_data;
141 prev_seg->length = new_length;
142 last_end = this_end;
143 phdr++;
144 continue;
145 }
146 }
147 fprintf(stderr, "Warning: segment does not begin on a block boundary, will pad\n");
148 memmove(data + block_offset, data, filesz);
149 memset(data, 0xFF, block_offset);
150 filesz += block_offset;
151 paddr -= block_offset;
152 }
153
154 seg->data = data;
155 seg->start = paddr;
156 seg->length = filesz;
157 seg++;
158 ctx->num_segs++;
159
160 last_end = paddr + filesz;
161 phdr++;
162 }
163 return 0;
6e4d4ee6 164}
165
8fe1a992 166// Sanity check segments and check for bootloader writes
167static int check_segs(flash_file_t *ctx, int can_write_bl) {
168 for (int i = 0; i < ctx->num_segs; i++) {
169 flash_seg_t *seg = &ctx->segments[i];
170
171 if (seg->start & (BLOCK_SIZE-1)) {
172 fprintf(stderr, "Error: Segment is not aligned\n");
173 return -1;
174 }
175 if (seg->start < FLASH_START) {
176 fprintf(stderr, "Error: Segment is outside of flash bounds\n");
177 return -1;
178 }
179 if (seg->start + seg->length > FLASH_END) {
180 fprintf(stderr, "Error: Segment is outside of flash bounds\n");
181 return -1;
182 }
183 if (!can_write_bl && seg->start < BOOTLOADER_END) {
184 fprintf(stderr, "Attempted to write bootloader but bootloader writes are not enabled\n");
185 return -1;
186 }
187 }
188 return 0;
189}
190
191// Load an ELF file and prepare it for flashing
192int flash_load(flash_file_t *ctx, const char *name, int can_write_bl)
193{
194 FILE *fd = NULL;
195 Elf32_Ehdr ehdr;
196 Elf32_Phdr *phdrs = NULL;
197 int num_phdrs;
198 int res;
199
200 fd = fopen(name, "rb");
201 if (!fd) {
202 fprintf(stderr, "Could not open file '%s': ", name);
203 perror(NULL);
204 goto fail;
205 }
206
207 fprintf(stderr, "Loading ELF file '%s'...\n", name);
208
209 if (fread(&ehdr, sizeof(ehdr), 1, fd) != 1) {
210 fprintf(stderr, "Error while reading ELF file header\n");
211 goto fail;
212 }
213 if (memcmp(ehdr.e_ident, elf_ident, sizeof(elf_ident))
214 || le32(ehdr.e_version) != 1)
215 {
216 fprintf(stderr, "Not an ELF file or wrong ELF type\n");
217 goto fail;
218 }
219 if (le16(ehdr.e_type) != ET_EXEC) {
220 fprintf(stderr, "ELF is not executable\n");
221 goto fail;
222 }
223 if (le16(ehdr.e_machine) != EM_ARM) {
224 fprintf(stderr, "Wrong ELF architecture\n");
225 goto fail;
226 }
227 if (!ehdr.e_phnum || !ehdr.e_phoff) {
228 fprintf(stderr, "ELF has no PHDRs\n");
229 goto fail;
230 }
231 if (le16(ehdr.e_phentsize) != sizeof(Elf32_Phdr)) {
232 // could be a structure padding issue...
233 fprintf(stderr, "Either the ELF file or this code is made of fail\n");
234 goto fail;
235 }
236 num_phdrs = le16(ehdr.e_phnum);
237
238 phdrs = malloc(le16(ehdr.e_phnum) * sizeof(Elf32_Phdr));
239 if (!phdrs) {
240 fprintf(stderr, "Out of memory\n");
241 goto fail;
242 }
243 if (fseek(fd, le32(ehdr.e_phoff), SEEK_SET) < 0) {
244 fprintf(stderr, "Error while reading ELF PHDRs\n");
245 goto fail;
246 }
247 if (fread(phdrs, sizeof(Elf32_Phdr), num_phdrs, fd) != num_phdrs) {
248 fprintf(stderr, "Error while reading ELF PHDRs\n");
249 goto fail;
250 }
251
252 res = build_segs_from_phdrs(ctx, fd, phdrs, num_phdrs);
253 if (res < 0)
254 goto fail;
255 res = check_segs(ctx, can_write_bl);
256 if (res < 0)
257 goto fail;
258
66d6ba70 259 free(phdrs);
8fe1a992 260 fclose(fd);
261 ctx->filename = name;
262 return 0;
263
264fail:
265 if (phdrs)
266 free(phdrs);
267 if (fd)
268 fclose(fd);
269 flash_free(ctx);
270 return -1;
271}
6e4d4ee6 272
8fe1a992 273// Get the state of the proxmark, backwards compatible
274static int get_proxmark_state(uint32_t *state)
6e4d4ee6 275{
28fdb04f 276 UsbCommand c;
8fe1a992 277 c.cmd = CMD_DEVICE_INFO;
28fdb04f 278 SendCommand(&c);
279 UsbCommand resp;
8fe1a992 280 ReceiveCommand(&resp);
281
282 // Three outcomes:
283 // 1. The old bootrom code will ignore CMD_DEVICE_INFO, but respond with an ACK
284 // 2. The old os code will respond with CMD_DEBUG_PRINT_STRING and "unknown command"
285 // 3. The new bootrom and os codes will respond with CMD_DEVICE_INFO and flags
286
287 switch (resp.cmd) {
288 case CMD_ACK:
289 *state = DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM;
290 break;
291 case CMD_DEBUG_PRINT_STRING:
292 *state = DEVICE_INFO_FLAG_CURRENT_MODE_OS;
293 break;
294 case CMD_DEVICE_INFO:
295 *state = resp.arg[0];
296 break;
297 default:
125a98a1 298 fprintf(stderr, "Error: Couldn't get proxmark state, bad response type: 0x%04"llx"\n", resp.cmd);
8fe1a992 299 return -1;
300 break;
301 }
302
303 return 0;
6e4d4ee6 304}
305
8fe1a992 306// Enter the bootloader to be able to start flashing
e12b82d3 307static int enter_bootloader(char *serial_port_name)
6e4d4ee6 308{
8fe1a992 309 uint32_t state;
310
311 if (get_proxmark_state(&state) < 0)
312 return -1;
313
314 if (state & DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM) {
315 /* Already in flash state, we're done. */
316 return 0;
317 }
318
319 if (state & DEVICE_INFO_FLAG_CURRENT_MODE_OS) {
320 fprintf(stderr,"Entering bootloader...\n");
28fdb04f 321 UsbCommand c;
8fe1a992 322 memset(&c, 0, sizeof (c));
323
324 if ((state & DEVICE_INFO_FLAG_BOOTROM_PRESENT)
325 && (state & DEVICE_INFO_FLAG_OSIMAGE_PRESENT))
326 {
327 // New style handover: Send CMD_START_FLASH, which will reset the board
328 // and enter the bootrom on the next boot.
329 c.cmd = CMD_START_FLASH;
28fdb04f 330 SendCommand(&c);
8fe1a992 331 fprintf(stderr,"(Press and release the button only to abort)\n");
332 } else {
333 // Old style handover: Ask the user to press the button, then reset the board
334 c.cmd = CMD_HARDWARE_RESET;
28fdb04f 335 SendCommand(&c);
8fe1a992 336 fprintf(stderr,"Press and hold down button NOW if your bootloader requires it.\n");
337 }
d8193fa5 338 msleep(100);
8fe1a992 339 CloseProxmark();
d8193fa5 340
e654346b 341 fprintf(stderr,"Waiting for Proxmark to reappear on %s",serial_port_name);
d8193fa5 342 do {
8fe1a992 343 sleep(1);
344 fprintf(stderr, ".");
d8193fa5 345 } while (!OpenProxmark(0));
8fe1a992 346 fprintf(stderr," Found.\n");
347
348 return 0;
349 }
350
351 fprintf(stderr, "Error: Unknown Proxmark mode\n");
352 return -1;
6e4d4ee6 353}
354
8fe1a992 355static int wait_for_ack(void)
6e4d4ee6 356{
28fdb04f 357 UsbCommand ack;
8fe1a992 358 ReceiveCommand(&ack);
359 if (ack.cmd != CMD_ACK) {
125a98a1 360 printf("Error: Unexpected reply 0x%04"llx" (expected ACK)\n", ack.cmd);
8fe1a992 361 return -1;
362 }
363 return 0;
6e4d4ee6 364}
365
8fe1a992 366// Go into flashing mode
e12b82d3 367int flash_start_flashing(int enable_bl_writes,char *serial_port_name)
6e4d4ee6 368{
8fe1a992 369 uint32_t state;
370
e12b82d3 371 if (enter_bootloader(serial_port_name) < 0)
8fe1a992 372 return -1;
373
374 if (get_proxmark_state(&state) < 0)
375 return -1;
376
377 if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) {
378 // This command is stupid. Why the heck does it care which area we're
379 // flashing, as long as it's not the bootloader area? The mind boggles.
28fdb04f 380 UsbCommand c = {CMD_START_FLASH};
8fe1a992 381
382 if (enable_bl_writes) {
383 c.arg[0] = FLASH_START;
384 c.arg[1] = FLASH_END;
385 c.arg[2] = START_FLASH_MAGIC;
386 } else {
387 c.arg[0] = BOOTLOADER_END;
388 c.arg[1] = FLASH_END;
389 c.arg[2] = 0;
390 }
28fdb04f 391 SendCommand(&c);
8fe1a992 392 return wait_for_ack();
393 } else {
394 fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
395 fprintf(stderr, " It is recommended that you update your bootloader\n\n");
396 }
397
398 return 0;
6e4d4ee6 399}
400
8fe1a992 401static int write_block(uint32_t address, uint8_t *data, uint32_t length)
6e4d4ee6 402{
8fe1a992 403 uint8_t block_buf[BLOCK_SIZE];
404
405 memset(block_buf, 0xFF, BLOCK_SIZE);
406 memcpy(block_buf, data, length);
28fdb04f 407 UsbCommand c;
8fe1a992 408 c.cmd = CMD_FINISH_WRITE;
409 c.arg[0] = address;
28fdb04f 410 memcpy(c.d.asBytes, block_buf, length);
411 SendCommand(&c);
412 return wait_for_ack();
6e4d4ee6 413}
414
8fe1a992 415// Write a file's segments to Flash
416int flash_write(flash_file_t *ctx)
6e4d4ee6 417{
8fe1a992 418 fprintf(stderr, "Writing segments for file: %s\n", ctx->filename);
419 for (int i = 0; i < ctx->num_segs; i++) {
420 flash_seg_t *seg = &ctx->segments[i];
421
422 uint32_t length = seg->length;
423 uint32_t blocks = (length + BLOCK_SIZE - 1) / BLOCK_SIZE;
424 uint32_t end = seg->start + length;
425
426 fprintf(stderr, " 0x%08x..0x%08x [0x%x / %d blocks]",
427 seg->start, end - 1, length, blocks);
428
429 int block = 0;
430 uint8_t *data = seg->data;
431 uint32_t baddr = seg->start;
432
433 while (length) {
434 uint32_t block_size = length;
435 if (block_size > BLOCK_SIZE)
436 block_size = BLOCK_SIZE;
437
438 if (write_block(baddr, data, block_size) < 0) {
439 fprintf(stderr, " ERROR\n");
440 fprintf(stderr, "Error writing block %d of %d\n", block, blocks);
441 return -1;
442 }
443
444 data += block_size;
445 baddr += block_size;
446 length -= block_size;
447 block++;
448 fprintf(stderr, ".");
449 }
450 fprintf(stderr, " OK\n");
451 }
452 return 0;
6e4d4ee6 453}
454
8fe1a992 455// free a file context
456void flash_free(flash_file_t *ctx)
7fe9b0b7 457{
8fe1a992 458 if (!ctx)
459 return;
460 if (ctx->segments) {
461 for (int i = 0; i < ctx->num_segs; i++)
462 free(ctx->segments[i].data);
463 free(ctx->segments);
464 ctx->segments = NULL;
465 ctx->num_segs = 0;
466 }
467}
468
469// just reset the unit
470int flash_stop_flashing(void) {
28fdb04f 471 UsbCommand c = {CMD_HARDWARE_RESET};
28fdb04f 472 SendCommand(&c);
d8193fa5 473 msleep(100);
28fdb04f 474 return 0;
6e4d4ee6 475}
Impressum, Datenschutz