//-----------------------------------------------------------------------------
// Jonathan Westhues, April 2006
+// iZsh <izsh at fail0verflow.com>, 2014
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// mode once it is configured.
//-----------------------------------------------------------------------------
+#include <stdint.h>
+#include <stddef.h>
+#include <stdbool.h>
+#include "fpgaloader.h"
#include "proxmark3.h"
-#include "apps.h"
#include "util.h"
#include "string.h"
+#include "BigBuf.h"
+#include "zlib.h"
+
+extern void Dbprintf(const char *fmt, ...);
+
+// remember which version of the bitstream we have already downloaded to the FPGA
+static int downloaded_bitstream = FPGA_BITSTREAM_ERR;
+
+// this is where the bitstreams are located in memory:
+extern uint8_t _binary_obj_fpga_all_bit_z_start, _binary_obj_fpga_all_bit_z_end;
+
+static uint8_t *fpga_image_ptr = NULL;
+static uint32_t uncompressed_bytes_cnt;
+
+static const uint8_t _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
+#define FPGA_BITSTREAM_FIXED_HEADER_SIZE sizeof(_bitparse_fixed_header)
+#define OUTPUT_BUFFER_LEN 80
+#define FPGA_INTERLEAVE_SIZE 288
//-----------------------------------------------------------------------------
// Set up the Serial Peripheral Interface as master
AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
// 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
- // pulse, no output sync, start on positive-going edge of sync
- AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
- AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
+ // pulse, no output sync
+ AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
// clock comes from TK pin, no clock output, outputs change on falling
- // edge of TK, start on rising edge of TF
- AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
- SSC_CLOCK_MODE_START(5);
+ // edge of TK, sample on rising edge of TK, start on positive-going edge of sync
+ AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
// tx framing is the same as the rx framing
AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
// ourselves, not to another buffer). The stuff to manipulate those buffers
// is in apps.h, because it should be inlined, for speed.
//-----------------------------------------------------------------------------
-void FpgaSetupSscDma(uint8_t *buf, int len)
+bool FpgaSetupSscDma(uint8_t *buf, int len)
+{
+ if (buf == NULL) {
+ return false;
+ }
+
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
+ AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
+ AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
+ AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
+
+ return true;
+}
+
+
+//----------------------------------------------------------------------------
+// Uncompress (inflate) the FPGA data. Returns one decompressed byte with
+// each call.
+//----------------------------------------------------------------------------
+static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8_t *output_buffer)
+{
+ if (fpga_image_ptr == compressed_fpga_stream->next_out) { // need more data
+ compressed_fpga_stream->next_out = output_buffer;
+ compressed_fpga_stream->avail_out = OUTPUT_BUFFER_LEN;
+ fpga_image_ptr = output_buffer;
+ int res = inflate(compressed_fpga_stream, Z_SYNC_FLUSH);
+ if (res != Z_OK) {
+ Dbprintf("inflate returned: %d, %s", res, compressed_fpga_stream->msg);
+ }
+ if (res < 0) {
+ return res;
+ }
+ }
+
+ uncompressed_bytes_cnt++;
+
+ return *fpga_image_ptr++;
+}
+
+//----------------------------------------------------------------------------
+// Undo the interleaving of several FPGA config files. FPGA config files
+// are combined into one big file:
+// 288 bytes from FPGA file 1, followed by 288 bytes from FGPA file 2, etc.
+//----------------------------------------------------------------------------
+static int get_from_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
+{
+ while((uncompressed_bytes_cnt / FPGA_INTERLEAVE_SIZE) % FPGA_BITSTREAM_MAX != (bitstream_version - 1)) {
+ // skip undesired data belonging to other bitstream_versions
+ get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
+ }
+
+ return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
+
+}
+
+
+static voidpf fpga_inflate_malloc(voidpf opaque, uInt items, uInt size)
+{
+ return BigBuf_malloc(items*size);
+}
+
+
+static void fpga_inflate_free(voidpf opaque, voidpf address)
+{
+ BigBuf_free();
+}
+
+
+//----------------------------------------------------------------------------
+// Initialize decompression of the respective (HF or LF) FPGA stream
+//----------------------------------------------------------------------------
+static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
{
- AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
- AT91C_BASE_PDC_SSC->PDC_RCR = len;
- AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
- AT91C_BASE_PDC_SSC->PDC_RNCR = len;
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
+ uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE];
+
+ uncompressed_bytes_cnt = 0;
+
+ // initialize z_stream structure for inflate:
+ compressed_fpga_stream->next_in = &_binary_obj_fpga_all_bit_z_start;
+ compressed_fpga_stream->avail_in = &_binary_obj_fpga_all_bit_z_start - &_binary_obj_fpga_all_bit_z_end;
+ compressed_fpga_stream->next_out = output_buffer;
+ compressed_fpga_stream->avail_out = OUTPUT_BUFFER_LEN;
+ compressed_fpga_stream->zalloc = &fpga_inflate_malloc;
+ compressed_fpga_stream->zfree = &fpga_inflate_free;
+
+ inflateInit2(compressed_fpga_stream, 0);
+
+ fpga_image_ptr = output_buffer;
+
+ for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++) {
+ header[i] = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
+ }
+
+ // Check for a valid .bit file (starts with _bitparse_fixed_header)
+ if(memcmp(_bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0) {
+ return true;
+ } else {
+ return false;
+ }
}
+
static void DownloadFPGA_byte(unsigned char w)
{
#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
SEND_BIT(0);
}
-// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
-// If bytereversal is set: reverse the byte order in each 4-byte word
-static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
+// Download the fpga image starting at current stream position with length FpgaImageLen bytes
+static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
{
+
+ Dbprintf("DownloadFPGA(len: %d)", FpgaImageLen);
+
int i=0;
AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
return;
}
- if(bytereversal) {
- /* This is only supported for uint32_t aligned images */
- if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
- i=0;
- while(FpgaImageLen-->0)
- DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
- /* Explanation of the magic in the above line:
- * i^0x3 inverts the lower two bits of the integer i, counting backwards
- * for each 4 byte increment. The generated sequence of (i++)^3 is
- * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
- */
+ for(i = 0; i < FpgaImageLen; i++) {
+ int b = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
+ if (b < 0) {
+ Dbprintf("Error %d during FpgaDownload", b);
+ break;
}
- } else {
- while(FpgaImageLen-->0)
- DownloadFPGA_byte(*FpgaImage++);
+ DownloadFPGA_byte(b);
}
-
+
// continue to clock FPGA until ready signal goes high
i=100000;
while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
LED_D_OFF();
}
-static char *bitparse_headers_start;
-static char *bitparse_bitstream_end;
-static int bitparse_initialized;
+
/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
* 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
* After that the format is 1 byte section type (ASCII character), 2 byte length
* (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
* length.
*/
-static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
-static int bitparse_init(void * start_address, void *end_address)
-{
- bitparse_initialized = 0;
-
- if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
- return 0; /* Not matched */
- } else {
- bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
- bitparse_bitstream_end= (char*)end_address;
- bitparse_initialized = 1;
- return 1;
- }
-}
-
-int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
+static int bitparse_find_section(int bitstream_version, char section_name, unsigned int *section_length, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
{
- char *pos = bitparse_headers_start;
int result = 0;
-
- if(!bitparse_initialized) return 0;
-
- while(pos < bitparse_bitstream_end) {
- char current_name = *pos++;
+ #define MAX_FPGA_BIT_STREAM_HEADER_SEARCH 100 // maximum number of bytes to search for the requested section
+ uint16_t numbytes = 0;
+ while(numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH) {
+ char current_name = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
+ numbytes++;
unsigned int current_length = 0;
if(current_name < 'a' || current_name > 'e') {
/* Strange section name, abort */
switch(current_name) {
case 'e':
/* Four byte length field */
- current_length += (*pos++) << 24;
- current_length += (*pos++) << 16;
+ current_length += get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer) << 24;
+ current_length += get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer) << 16;
+ numbytes += 2;
default: /* Fall through, two byte length field */
- current_length += (*pos++) << 8;
- current_length += (*pos++) << 0;
+ current_length += get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer) << 8;
+ current_length += get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer) << 0;
+ numbytes += 2;
}
if(current_name != 'e' && current_length > 255) {
if(current_name == section_name) {
/* Found it */
- *section_start = pos;
*section_length = current_length;
result = 1;
break;
}
- pos += current_length; /* Skip section */
+ for (uint16_t i = 0; i < current_length && numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH; i++) {
+ get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
+ numbytes++;
+ }
}
return result;
}
-//-----------------------------------------------------------------------------
-// Find out which FPGA image format is stored in flash, then call DownloadFPGA
-// with the right parameters to download the image
-//-----------------------------------------------------------------------------
-extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
-void FpgaDownloadAndGo(void)
+
+//----------------------------------------------------------------------------
+// Check which FPGA image is currently loaded (if any). If necessary
+// decompress and load the correct (HF or LF) image to the FPGA
+//----------------------------------------------------------------------------
+void FpgaDownloadAndGo(int bitstream_version)
{
- /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
- */
- if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
- /* Successfully initialized the .bit parser. Find the 'e' section and
- * send its contents to the FPGA.
- */
- char *bitstream_start;
- unsigned int bitstream_length;
- if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
- DownloadFPGA(bitstream_start, bitstream_length, 0);
-
- return; /* All done */
- }
+ z_stream compressed_fpga_stream;
+ uint8_t output_buffer[OUTPUT_BUFFER_LEN];
+
+ // check whether or not the bitstream is already loaded
+ if (downloaded_bitstream == bitstream_version)
+ return;
+
+ // make sure that we have enough memory to decompress
+ BigBuf_free();
+
+ if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
+ return;
}
- /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
- * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
- * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
- * is still to be transmitted in MSBit first order. Set the invert flag to indicate
- * that the DownloadFPGA function should invert every 4 byte sequence when doing
- * the bytewise download.
- */
- if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
- DownloadFPGA((char*)0x102000, 10524*4, 1);
-}
+ unsigned int bitstream_length;
+ if(bitparse_find_section(bitstream_version, 'e', &bitstream_length, &compressed_fpga_stream, output_buffer)) {
+ DownloadFPGA(bitstream_version, bitstream_length, &compressed_fpga_stream, output_buffer);
+ downloaded_bitstream = bitstream_version;
+ }
+
+ inflateEnd(&compressed_fpga_stream);
+}
+
-void FpgaGatherVersion(char *dst, int len)
+//-----------------------------------------------------------------------------
+// Gather version information from FPGA image. Needs to decompress the begin
+// of the respective (HF or LF) image.
+// Note: decompression makes use of (i.e. overwrites) BigBuf[]. It is therefore
+// advisable to call this only once and store the results for later use.
+//-----------------------------------------------------------------------------
+void FpgaGatherVersion(int bitstream_version, char *dst, int len)
{
- char *fpga_info;
unsigned int fpga_info_len;
- dst[0] = 0;
- if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
- strncat(dst, "FPGA image: legacy image without version information", len-1);
- } else {
- strncat(dst, "FPGA image built", len-1);
- /* USB packets only have 48 bytes data payload, so be terse */
-#if 0
- if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
- strncat(dst, " from ", len-1);
- strncat(dst, fpga_info, len-1);
+ char tempstr[40];
+ z_stream compressed_fpga_stream;
+ uint8_t output_buffer[OUTPUT_BUFFER_LEN];
+
+ dst[0] = '\0';
+
+ // ensure that we can allocate enough memory for decompression:
+ BigBuf_free();
+
+ if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
+ return;
+ }
+
+ if(bitparse_find_section(bitstream_version, 'a', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
+ for (uint16_t i = 0; i < fpga_info_len; i++) {
+ char c = (char)get_from_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer);
+ if (i < sizeof(tempstr)) {
+ tempstr[i] = c;
+ }
}
- if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
- strncat(dst, " for ", len-1);
- strncat(dst, fpga_info, len-1);
+ if (!memcmp("fpga_lf", tempstr, 7))
+ strncat(dst, "LF ", len-1);
+ else if (!memcmp("fpga_hf", tempstr, 7))
+ strncat(dst, "HF ", len-1);
+ }
+ strncat(dst, "FPGA image built", len-1);
+ if(bitparse_find_section(bitstream_version, 'b', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
+ strncat(dst, " for ", len-1);
+ for (uint16_t i = 0; i < fpga_info_len; i++) {
+ char c = (char)get_from_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer);
+ if (i < sizeof(tempstr)) {
+ tempstr[i] = c;
+ }
}
-#endif
- if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
- strncat(dst, " on ", len-1);
- strncat(dst, fpga_info, len-1);
+ strncat(dst, tempstr, len-1);
+ }
+ if(bitparse_find_section(bitstream_version, 'c', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
+ strncat(dst, " on ", len-1);
+ for (uint16_t i = 0; i < fpga_info_len; i++) {
+ char c = (char)get_from_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer);
+ if (i < sizeof(tempstr)) {
+ tempstr[i] = c;
+ }
}
- if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
- strncat(dst, " at ", len-1);
- strncat(dst, fpga_info, len-1);
+ strncat(dst, tempstr, len-1);
+ }
+ if(bitparse_find_section(bitstream_version, 'd', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
+ strncat(dst, " at ", len-1);
+ for (uint16_t i = 0; i < fpga_info_len; i++) {
+ char c = (char)get_from_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer);
+ if (i < sizeof(tempstr)) {
+ tempstr[i] = c;
+ }
}
+ strncat(dst, tempstr, len-1);
}
+
+ strncat(dst, "\n", len-1);
+
+ inflateEnd(&compressed_fpga_stream);
}
+
//-----------------------------------------------------------------------------
// Send a 16 bit command/data pair to the FPGA.
// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0