2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
8 import sys, time, string, cStringIO, struct, glob, os;
11 fmt = ("B", "<H", None, "<L")
13 def getClient(name="GoodFET"):
14 import GoodFET, GoodFETCC, GoodFETAVR, GoodFETSPI, GoodFETMSP430, GoodFETNRF, GoodFETCCSPI;
15 if(name=="GoodFET" or name=="monitor"): return GoodFET.GoodFET();
16 elif name=="cc" or name=="cc51": return GoodFETCC.GoodFETCC();
17 elif name=="cc2420" or name=="ccspi": return GoodFETCCSPI.GoodFETCCSPI();
18 elif name=="avr": return GoodFETAVR.GoodFETAVR();
19 elif name=="spi": return GoodFETSPI.GoodFETSPI();
20 elif name=="msp430": return GoodFETMSP430.GoodFETMSP430();
21 elif name=="nrf": return GoodFETNRF.GoodFETNRF();
23 print "Unsupported target: %s" % name;
27 """GoodFET Symbol Table"""
28 db=sqlite3.connect(":memory:");
30 def __init__(self, *args, **kargs):
31 self.db.execute("create table if not exists symbols(adr,name,memory,size,comment);");
36 c.execute("select adr,memory from symbols where name=?",(name,));
42 except:# sqlite3.OperationalError:
46 def define(self,adr,name,comment="",memory="vn",size=16):
47 self.db.execute("insert into symbols(adr,name,memory,size,comment)"
48 "values(?,?,?,?,?);", (
49 adr,name,memory,size,comment));
50 #print "Set %s=%s." % (name,adr);
52 """py-bluez class for emulating py-serial."""
53 def __init__(self,btaddr):
55 while btaddr==None or btaddr=="none" or btaddr=="bluetooth":
56 print "performing inquiry..."
57 nearby_devices = bluetooth.discover_devices(lookup_names = True)
58 print "found %d devices" % len(nearby_devices)
59 for addr, name in nearby_devices:
60 print " %s - '%s'" % (addr, name)
61 if name=='FireFly-A6BD':
63 print "Identified GoodFET at %s" % btaddr;
65 # BlueFET doesn't run the Service Discovery Protocol.
66 # Instead we manually use the portnumber.
69 print "Connecting to %s on port %i." % (btaddr, port);
70 sock=bluetooth.BluetoothSocket(bluetooth.RFCOMM);
72 sock.connect((btaddr,port));
73 sock.settimeout(10); #IMPORTANT Must be patient.
75 ##This is what we'd do for a normal reset.
77 #while not str.endswith("goodfet.sf.net/"):
81 # Instead, just return and hope for the best.
90 def read(self,length):
93 while len(data)<length:
94 data=data+self.sock.recv(length-len(data));
97 """GoodFET Client Library"""
108 symbols=SymbolTable();
110 def __init__(self, *args, **kargs):
112 def getConsole(self):
113 from GoodFETConsole import GoodFETConsole;
114 return GoodFETConsole(self);
115 def name2adr(self,name):
116 return self.symbols.get(name);
119 def serInit(self, port=None, timeout=2, attemptlimit=None):
120 """Open a serial port of some kind."""
124 port=os.environ.get("GOODFET");
125 if port=="bluetooth" or (port is not None and re.match("..:..:..:..:..:..",port)):
126 self.btInit(port,timeout,attemptlimit);
128 self.pyserInit(port,timeout,attemptlimit);
129 def btInit(self, port, timeout, attemptlimit):
130 """Open a bluetooth port.""";
131 #self.verbose=True; #For debugging BT.
132 self.serialport=GoodFETbtser(port);
134 def pyserInit(self, port, timeout, attemptlimit):
135 """Open the serial port"""
136 # Make timeout None to wait forever, 0 for non-blocking mode.
139 if os.name=='nt' and sys.version.find('64 bit')!=-1:
140 print "WARNING: PySerial requires a 32-bit Python build in Windows.";
142 if port is None and os.environ.get("GOODFET")!=None:
143 glob_list = glob.glob(os.environ.get("GOODFET"));
144 if len(glob_list) > 0:
147 port = os.environ.get("GOODFET");
149 glob_list = glob.glob("/dev/tty.usbserial*");
150 if len(glob_list) > 0:
153 glob_list = glob.glob("/dev/ttyUSB*");
154 if len(glob_list) > 0:
157 glob_list = glob.glob("/dev/ttyU0");
158 if len(glob_list) > 0:
160 if port is None and os.name=='nt':
161 from scanwin32 import winScan;
163 for order,comport,desc,hwid in sorted(scan.comports()):
165 if hwid.index('FTDI')==0:
167 #print "Using FTDI port %s" % port
173 if(os.environ.get("platform")=='arduino'):
174 baud=19200; #Slower, for now.
175 self.serialport = serial.Serial(
179 parity = serial.PARITY_NONE,
187 while self.verb!=0x7F or self.data!="http://goodfet.sf.net/":
188 #while self.data!="http://goodfet.sf.net/":
189 #print "'%s'!=\n'%s'" % (self.data,"http://goodfet.sf.net/");
190 if attemptlimit is not None and attempts >= attemptlimit:
194 self.serialport.flushInput()
195 self.serialport.flushOutput()
197 #TelosB reset, prefer software to I2C SPST Switch.
198 if(os.environ.get("platform")=='telosb'):
199 #print "TelosB Reset";
202 #Explicitly set RTS and DTR to halt board.
203 self.serialport.setRTS(1);
204 self.serialport.setDTR(1);
205 #Drop DTR, which is !RST, low to begin the app.
206 self.serialport.setDTR(0);
208 #self.serialport.write(chr(0x80));
209 #self.serialport.write(chr(0x80));
210 #self.serialport.write(chr(0x80));
211 #self.serialport.write(chr(0x80));
214 #self.serialport.flushInput()
215 #self.serialport.flushOutput()
218 self.readcmd(); #Read the first command.
219 #print "Got %02x,%02x:'%s'" % (self.app,self.verb,self.data);
220 #Here we have a connection, but maybe not a good one.
221 #print "We have a connection."
223 olds=self.infostring();
224 clocking=self.monitorclocking();
225 #if(os.environ.get("platform")!='arduino'):
226 for foo in range(1,30):
227 if not self.monitorecho():
229 print "Comm error on %i try, resyncing out of %s." % (foo,
233 if self.verbose: print "Connected after %02i attempts." % attempts;
234 self.mon_connected();
235 self.serialport.setTimeout(12);
237 self.serialport.close();
238 def telosSetSCL(self, level):
239 self.serialport.setRTS(not level)
240 def telosSetSDA(self, level):
241 self.serialport.setDTR(not level)
243 def telosI2CStart(self):
248 def telosI2CStop(self):
253 def telosI2CWriteBit(self, bit):
255 self.telosSetSDA(bit)
261 def telosI2CWriteByte(self, byte):
262 self.telosI2CWriteBit( byte & 0x80 );
263 self.telosI2CWriteBit( byte & 0x40 );
264 self.telosI2CWriteBit( byte & 0x20 );
265 self.telosI2CWriteBit( byte & 0x10 );
266 self.telosI2CWriteBit( byte & 0x08 );
267 self.telosI2CWriteBit( byte & 0x04 );
268 self.telosI2CWriteBit( byte & 0x02 );
269 self.telosI2CWriteBit( byte & 0x01 );
270 self.telosI2CWriteBit( 0 ); # "acknowledge"
272 def telosI2CWriteCmd(self, addr, cmdbyte):
274 self.telosI2CWriteByte( 0x90 | (addr << 1) )
275 self.telosI2CWriteByte( cmdbyte )
278 def telosBReset(self,invokeBSL=0):
279 # "BSL entry sequence at dedicated JTAG pins"
280 # rst !s0: 0 0 0 0 1 1
281 # tck !s1: 1 0 1 0 0 1
284 # "BSL entry sequence at shared JTAG pins"
285 # rst !s0: 0 0 0 0 1 1
286 # tck !s1: 0 1 0 1 1 0
290 self.telosI2CWriteCmd(0,1)
291 self.telosI2CWriteCmd(0,3)
292 self.telosI2CWriteCmd(0,1)
293 self.telosI2CWriteCmd(0,3)
294 self.telosI2CWriteCmd(0,2)
295 self.telosI2CWriteCmd(0,0)
297 self.telosI2CWriteCmd(0,3)
298 self.telosI2CWriteCmd(0,2)
300 # This line was not defined inside the else: block, not sure where it
302 self.telosI2CWriteCmd(0,0)
303 time.sleep(0.250) #give MSP430's oscillator time to stabilize
304 self.serialport.flushInput() #clear buffers
307 def getbuffer(self,size=0x1c00):
308 writecmd(0,0xC2,[size&0xFF,(size>>16)&0xFF]);
309 print "Got %02x%02x buffer size." % (self.data[1],self.data[0]);
310 def writecmd(self, app, verb, count=0, data=[]):
311 """Write a command and some data to the GoodFET."""
312 self.serialport.write(chr(app));
313 self.serialport.write(chr(verb));
316 # count=len(data); #Initial count ignored.
318 #print "TX %02x %02x %04x" % (app,verb,count);
320 #little endian 16-bit length
321 self.serialport.write(chr(count&0xFF));
322 self.serialport.write(chr(count>>8));
325 print "Tx: ( 0x%02x, 0x%02x, 0x%04x )" % ( app, verb, count )
327 #print "count=%02x, len(data)=%04x" % (count,len(data));
330 if(isinstance(data,list)):
331 for i in range(0,count):
332 #print "Converting %02x at %i" % (data[i],i)
333 data[i]=chr(data[i]);
335 outstr=''.join(data);
336 self.serialport.write(outstr);
337 if not self.besilent:
338 return self.readcmd()
343 """Read a reply from the GoodFET."""
344 while 1:#self.serialport.inWaiting(): # Loop while input data is available
347 self.app=ord(self.serialport.read(1));
348 #print "APP=%02x" % self.app;
349 self.verb=ord(self.serialport.read(1));
351 #Fixes an obscure bug in the TelosB.
353 while self.verb==0x00:
354 self.verb=ord(self.serialport.read(1));
356 #print "VERB=%02x" % self.verb;
358 ord(self.serialport.read(1))
359 +(ord(self.serialport.read(1))<<8)
363 print "Rx: ( 0x%02x, 0x%02x, 0x%04x )" % ( self.app, self.verb, self.count )
365 #Debugging string; print, but wait.
368 print "# DEBUG %s" % self.serialport.read(self.count)
369 elif self.verb==0xFE:
370 print "# DEBUG 0x%x" % struct.unpack(fmt[self.count-1], self.serialport.read(self.count))[0]
371 elif self.verb==0xFD:
372 #Do nothing, just wait so there's no timeout.
377 self.data=self.serialport.read(self.count);
381 print "Warning: waiting for serial read timed out (most likely).";
382 #print "This shouldn't happen after syncing. Exiting for safety.";
386 def glitchApp(self,app):
387 """Glitch into a device by its application."""
388 self.data=[app&0xff];
389 self.writecmd(self.GLITCHAPP,0x80,1,self.data);
390 #return ord(self.data[0]);
391 def glitchVerb(self,app,verb,data):
392 """Glitch during a transaction."""
393 if data==None: data=[];
394 self.data=[app&0xff, verb&0xFF]+data;
395 self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data);
396 #return ord(self.data[0]);
397 def glitchstart(self):
398 """Glitch into the AVR application."""
399 self.glitchVerb(self.APP,0x20,None);
400 def glitchstarttime(self):
401 """Measure the timer of the START verb."""
402 return self.glitchTime(self.APP,0x20,None);
403 def glitchTime(self,app,verb,data):
404 """Time the execution of a verb."""
405 if data==None: data=[];
406 self.data=[app&0xff, verb&0xFF]+data;
407 print "Timing app %02x verb %02x." % (app,verb);
408 self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data);
409 time=ord(self.data[0])+(ord(self.data[1])<<8);
410 print "Timed to be %i." % time;
412 def glitchVoltages(self,low=0x0880, high=0x0fff):
413 """Set glitching voltages. (0x0fff is max.)"""
414 self.data=[low&0xff, (low>>8)&0xff,
415 high&0xff, (high>>8)&0xff];
416 self.writecmd(self.GLITCHAPP,0x90,4,self.data);
417 #return ord(self.data[0]);
418 def glitchRate(self,count=0x0800):
419 """Set glitching count period."""
420 self.data=[count&0xff, (count>>8)&0xff];
421 self.writecmd(self.GLITCHAPP,0x91,2,
423 #return ord(self.data[0]);
427 def silent(self,s=0):
428 """Transmissions halted when 1."""
430 print "besilent is %i" % self.besilent;
431 self.writecmd(0,0xB0,1,[s]);
433 def mon_connected(self):
434 """Announce to the monitor that the connection is good."""
436 self.writecmd(0,0xB1,0,[]);
438 """Write a byte to P5OUT."""
439 self.writecmd(0,0xA1,1,[byte]);
441 """Write a byte to P5DIR."""
442 self.writecmd(0,0xA0,1,[byte]);
444 """Call to an address."""
445 self.writecmd(0,0x30,2,
446 [adr&0xFF,(adr>>8)&0xFF]);
447 def execute(self,code):
448 """Execute supplied code."""
449 self.writecmd(0,0x31,2,#len(code),
451 def MONpeek8(self,address):
452 """Read a byte of memory from the monitor."""
453 self.data=[address&0xff,address>>8];
454 self.writecmd(0,0x02,2,self.data);
456 return ord(self.data[0]);
457 def MONpeek16(self,address):
458 """Read a word of memory from the monitor."""
459 return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
460 def peek(self,address):
461 """Read a word of memory from the monitor."""
462 return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
463 def eeprompeek(self,address):
464 """Read a word of memory from the monitor."""
465 print "EEPROM peeking not supported for the monitor.";
466 #return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
467 def peekbysym(self,name):
468 """Read a value by its symbol name."""
469 #TODO include memory in symbol.
470 reg=self.symbols.get(name);
471 return self.peek8(reg,"data");
472 def pokebysym(self,name,val):
473 """Write a value by its symbol name."""
474 #TODO include memory in symbol.
475 reg=self.symbols.get(name);
476 return self.pokebyte(reg,val);
477 def pokebyte(self,address,value,memory="vn"):
478 """Set a byte of memory by the monitor."""
479 self.data=[address&0xff,address>>8,value];
480 self.writecmd(0,0x03,3,self.data);
481 return ord(self.data[0]);
482 def poke16(self,address,value):
483 """Set a word of memory by the monitor."""
484 self.pokebyte(address,value&0xFF);
485 self.pokebyte(address,(value>>8)&0xFF);
487 def setsecret(self,value):
488 """Set a secret word for later retreival. Used by glitcher."""
489 #self.eeprompoke(0,value);
490 #self.eeprompoke(1,value);
491 print "Secret setting is not yet suppored for this target.";
495 """Get a secret word. Used by glitcher."""
497 print "Secret getting is not yet suppored for this target.";
501 def dumpmem(self,begin,end):
504 print "%04x %04x" % (i, self.MONpeek16(i));
506 def monitor_ram_pattern(self):
507 """Overwrite all of RAM with 0xBEEF."""
508 self.writecmd(0,0x90,0,self.data);
510 def monitor_ram_depth(self):
511 """Determine how many bytes of RAM are unused by looking for 0xBEEF.."""
512 self.writecmd(0,0x91,0,self.data);
513 return ord(self.data[0])+(ord(self.data[1])<<8);
522 def setBaud(self,baud):
523 """Change the baud rate. TODO fix this."""
524 rates=self.baudrates;
526 print "Changing FET baud."
527 self.serialport.write(chr(0x00));
528 self.serialport.write(chr(0x80));
529 self.serialport.write(chr(1));
530 self.serialport.write(chr(baud));
532 print "Changed host baud."
533 self.serialport.setBaudrate(rates[baud]);
535 self.serialport.flushInput()
536 self.serialport.flushOutput()
538 print "Baud is now %i." % rates[baud];
541 return ord(self.serialport.read(1));
543 for r in self.baudrates:
544 print "\nTrying %i" % r;
545 self.serialport.setBaudrate(r);
547 self.serialport.flushInput()
548 self.serialport.flushOutput()
550 for i in range(1,10):
553 print "Read %02x %02x %02x %02x" % (
554 self.readbyte(),self.readbyte(),self.readbyte(),self.readbyte());
555 def monitortest(self):
556 """Self-test several functions through the monitor."""
557 print "Performing monitor self-test.";
558 self.monitorclocking();
559 for f in range(0,3000):
560 a=self.MONpeek16(0x0c00);
561 b=self.MONpeek16(0x0c02);
562 if a!=0x0c04 and a!=0x0c06:
563 print "ERROR Fetched %04x, %04x" % (a,b);
564 self.pokebyte(0x0021,0); #Drop LED
565 if self.MONpeek8(0x0021)!=0:
566 print "ERROR, P1OUT not cleared.";
567 self.pokebyte(0x0021,1); #Light LED
568 if not self.monitorecho():
569 print "Echo test failed.";
570 print "Self-test complete.";
571 self.monitorclocking();
572 def monitorecho(self):
573 data="The quick brown fox jumped over the lazy dog.";
574 self.writecmd(self.MONITORAPP,0x81,len(data),data);
576 print "Comm error recognized by monitorecho(), got:\n%s" % self.data;
580 def monitor_info(self):
581 print "GoodFET with %s MCU" % self.infostring();
582 print "Clocked at %s" % self.monitorclocking();
585 def monitor_list_apps(self, full=False):
587 old_value = self.besilent
588 self.besilent = True # turn off automatic call to readcmd
589 self.writecmd(self.MONITORAPP, 0x82, 1, [int(full)]);
590 self.besilent = old_value
592 # read the build date string
594 print "Build Date: %s" % self.data
595 print "Firmware apps:"
603 def monitorclocking(self):
604 """Return the 16-bit clocking value."""
605 return "0x%04x" % self.monitorgetclock();
607 def monitorsetclock(self,clock):
608 """Set the clocking value."""
609 self.MONpoke16(0x56, clock);
610 def monitorgetclock(self):
611 """Get the clocking value."""
612 if(os.environ.get("platform")=='arduino'):
614 #Check for MSP430 before peeking this.
615 return self.MONpeek16(0x56);
616 # The following functions ought to be implemented in
619 def infostring(self):
620 if(os.environ.get("platform")=='arduino'):
623 a=self.MONpeek8(0xff0);
624 b=self.MONpeek8(0xff1);
625 return "%02x%02x" % (a,b);
627 print "Locking Unsupported.";
629 print "Erasure Unsupported.";
635 print "Unimplemented.";
638 print "Unimplemented.";
641 print "Unimplemented.";
644 print "Unimplemented.";
647 print "Unimplemented.";
649 def flash(self,file):
650 """Flash an intel hex file to code memory."""
651 print "Flash not implemented.";
652 def dump(self,file,start=0,stop=0xffff):
653 """Dump an intel hex file from code memory."""
654 print "Dump not implemented.";
655 def peek32(self,address, memory="vn"):
657 return (self.peek16(address,memory)+
658 (self.peek16(address+2,memory)<<16));
659 def peek16(self,address, memory="vn"):
660 """Peek 16 bits of memory."""
661 return (self.peek8(address,memory)+
662 (self.peek8(address+1,memory)<<8));
663 def peek8(self,address, memory="vn"):
664 """Peek a byte of memory."""
665 return self.MONpeek8(address); #monitor
666 def peekblock(self,address,length,memory="vn"):
667 """Return a block of data."""
668 data=range(0,length);
669 for foo in range(0,length):
670 data[foo]=self.peek8(address+foo,memory);
672 def pokeblock(self,address,bytes,memory="vn"):
673 """Poke a block of a data into memory at an address."""
675 self.pokebyte(address,foo,memory);
678 def loadsymbols(self):
679 """Load symbols from a file."""
projects / goodfet / blob