2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
8 import sys, time, string, cStringIO, struct, glob, os;
11 fmt = ("B", "<H", None, "<L")
13 def getClient(name="GoodFET"):
14 import GoodFET, GoodFETCC, GoodFETAVR, GoodFETSPI, GoodFETMSP430, GoodFETNRF, GoodFETCCSPI;
15 if(name=="GoodFET" or name=="monitor"): return GoodFET.GoodFET();
16 elif name=="cc" or name=="cc51": return GoodFETCC.GoodFETCC();
17 elif name=="cc2420" or name=="ccspi": return GoodFETCCSPI.GoodFETCCSPI();
18 elif name=="avr": return GoodFETAVR.GoodFETAVR();
19 elif name=="spi": return GoodFETSPI.GoodFETSPI();
20 elif name=="msp430": return GoodFETMSP430.GoodFETMSP430();
21 elif name=="nrf": return GoodFETNRF.GoodFETNRF();
23 print "Unsupported target: %s" % name;
27 """GoodFET Symbol Table"""
28 db=sqlite3.connect(":memory:");
30 def __init__(self, *args, **kargs):
31 self.db.execute("create table if not exists symbols(adr,name,memory,size,comment);");
36 c.execute("select adr,memory from symbols where name=?",(name,));
42 except:# sqlite3.OperationalError:
46 def define(self,adr,name,comment="",memory="vn",size=16):
47 self.db.execute("insert into symbols(adr,name,memory,size,comment)"
48 "values(?,?,?,?,?);", (
49 adr,name,memory,size,comment));
50 #print "Set %s=%s." % (name,adr);
52 """py-bluez class for emulating py-serial."""
53 def __init__(self,btaddr):
55 if btaddr==None or btaddr=="none" or btaddr=="bluetooth":
56 print "performing inquiry..."
57 nearby_devices = bluetooth.discover_devices(lookup_names = True)
58 print "found %d devices" % len(nearby_devices)
59 for addr, name in nearby_devices:
60 print " %s - '%s'" % (addr, name)
61 #TODO switch to wildcards.
62 if name=='FireFly-A6BD':
67 print "Please set $GOODFET to the address of your device.";
69 print "Identified GoodFET at %s" % btaddr;
71 # Manually use the portnumber.
74 print "Connecting to %s on port %i." % (btaddr, port);
75 sock=bluetooth.BluetoothSocket(bluetooth.RFCOMM);
77 sock.connect((btaddr,port));
78 sock.settimeout(10); #IMPORTANT Must be patient.
80 ##This is what we'd do for a normal reset.
82 #while not str.endswith("goodfet.sf.net/"):
86 # Instead, just return and hope for the best.
95 def read(self,length):
98 while len(data)<length:
99 data=data+self.sock.recv(length-len(data));
102 """GoodFET Client Library"""
113 symbols=SymbolTable();
115 def __init__(self, *args, **kargs):
117 def getConsole(self):
118 from GoodFETConsole import GoodFETConsole;
119 return GoodFETConsole(self);
120 def name2adr(self,name):
121 return self.symbols.get(name);
124 def serInit(self, port=None, timeout=2, attemptlimit=None):
125 """Open a serial port of some kind."""
129 port=os.environ.get("GOODFET");
130 if port=="bluetooth" or (port is not None and re.match("..:..:..:..:..:..",port)):
131 self.btInit(port,2,attemptlimit);
133 self.pyserInit(port,timeout,attemptlimit);
134 def btInit(self, port, timeout, attemptlimit):
135 """Open a bluetooth port.""";
136 #self.verbose=True; #For debugging BT.
137 self.serialport=GoodFETbtser(port);
139 def pyserInit(self, port, timeout, attemptlimit):
140 """Open the serial port"""
141 # Make timeout None to wait forever, 0 for non-blocking mode.
145 if os.name=='nt' and sys.version.find('64 bit')!=-1:
146 print "WARNING: PySerial requires a 32-bit Python build in Windows.";
148 if port is None and os.environ.get("GOODFET")!=None:
149 glob_list = glob.glob(os.environ.get("GOODFET"));
150 if len(glob_list) > 0:
153 port = os.environ.get("GOODFET");
155 glob_list = glob.glob("/dev/tty.usbserial*");
156 if len(glob_list) > 0:
159 glob_list = glob.glob("/dev/ttyUSB*");
160 if len(glob_list) > 0:
163 glob_list = glob.glob("/dev/ttyU0");
164 if len(glob_list) > 0:
166 if port is None and os.name=='nt':
167 from scanwin32 import winScan;
169 for order,comport,desc,hwid in sorted(scan.comports()):
171 if hwid.index('FTDI')==0:
173 #print "Using FTDI port %s" % port
179 if(os.environ.get("platform")=='arduino' or os.environ.get("board")=='arduino'):
180 baud=19200; #Slower, for now.
181 self.serialport = serial.Serial(
185 parity = serial.PARITY_NONE,
193 while self.verb!=0x7F or self.data!="http://goodfet.sf.net/":
194 #while self.data!="http://goodfet.sf.net/":
195 #print "'%s'!=\n'%s'" % (self.data,"http://goodfet.sf.net/");
196 if attemptlimit is not None and attempts >= attemptlimit:
198 elif attempts==2 and os.environ.get("board")!='telosb':
199 print "See the GoodFET FAQ about missing info flash.";
200 self.serialport.setTimeout(0.2);
201 elif attempts == 100:
202 print "Tried 100 times to connect and failed."
203 sys.stdout.write("Continuing to try forever.") # No newline
205 self.verbose=True # Something isn't going right, give the user more info
206 elif attempts > 100 and attempts % 10 == 0:
207 sys.stdout.write('.')
209 #self.serialport.flushInput()
210 #self.serialport.flushOutput()
212 #TelosB reset, prefer software to I2C SPST Switch.
213 if (os.environ.get("board")=='telosb'):
214 #print "TelosB Reset";
216 elif (os.environ.get("board")=='z1'):
217 self.bslResetZ1(invokeBSL=0);
218 elif (os.environ.get("board")=='apimote1') or (os.environ.get("board")=='apimote'):
219 #Explicitly set RTS and DTR to halt board.
220 self.serialport.setRTS(1);
221 self.serialport.setDTR(1);
222 #RTS pin, not DTR is used for reset.
223 self.serialport.setRTS(0);
224 #print "Resetting Apimote not yet tested.";
226 #Explicitly set RTS and DTR to halt board.
227 self.serialport.setRTS(1);
228 self.serialport.setDTR(1);
229 #Drop DTR, which is !RST, low to begin the app.
230 self.serialport.setDTR(0);
232 #self.serialport.write(chr(0x80));
233 #self.serialport.write(chr(0x80));
234 #self.serialport.write(chr(0x80));
235 #self.serialport.write(chr(0x80));
238 #self.serialport.flushInput()
239 #self.serialport.flushOutput()
242 self.readcmd(); #Read the first command.
243 #print "Got %02x,%02x:'%s'" % (self.app,self.verb,self.data);
245 #Retry again. This usually times out, but helps connect.
247 #print "Retry got %02x,%02x:'%s'" % (self.app,self.verb,self.data);
248 #Here we have a connection, but maybe not a good one.
249 #print "We have a connection."
252 print "" # Add a newline
253 olds=self.infostring();
254 clocking=self.monitorclocking();
255 for foo in range(1,30):
256 if not self.monitorecho():
258 print "Comm error on %i try, resyncing out of %s." % (foo,
262 if self.verbose: print "Connected after %02i attempts." % attempts;
263 self.mon_connected();
264 self.serialport.setTimeout(12);
266 self.serialport.close();
267 def telosSetSCL(self, level):
268 self.serialport.setRTS(not level)
269 def telosSetSDA(self, level):
270 self.serialport.setDTR(not level)
272 def telosI2CStart(self):
277 def telosI2CStop(self):
282 def telosI2CWriteBit(self, bit):
284 self.telosSetSDA(bit)
290 def telosI2CWriteByte(self, byte):
291 self.telosI2CWriteBit( byte & 0x80 );
292 self.telosI2CWriteBit( byte & 0x40 );
293 self.telosI2CWriteBit( byte & 0x20 );
294 self.telosI2CWriteBit( byte & 0x10 );
295 self.telosI2CWriteBit( byte & 0x08 );
296 self.telosI2CWriteBit( byte & 0x04 );
297 self.telosI2CWriteBit( byte & 0x02 );
298 self.telosI2CWriteBit( byte & 0x01 );
299 self.telosI2CWriteBit( 0 ); # "acknowledge"
301 def telosI2CWriteCmd(self, addr, cmdbyte):
303 self.telosI2CWriteByte( 0x90 | (addr << 1) )
304 self.telosI2CWriteByte( cmdbyte )
306 def bslResetZ1(self, invokeBSL=0):
308 Applies BSL entry sequence on RST/NMI and TEST/VPP pins
310 invokeBSL = 1: complete sequence
311 invokeBSL = 0: only RST/NMI pin accessed
313 By now only BSL mode is accessed
316 #if DEBUG > 1: sys.stderr.write("* bslReset(invokeBSL=%s)\n" % invokeBSL)
318 #sys.stderr.write("in Z1 bsl reset...\n")
320 self.writepicROM(0xFF, 0xFF)
322 #sys.stderr.write("z1 bsl reset done...\n")
324 #sys.stderr.write("in Z1 reset...\n")
326 self.writepicROM(0xFF, 0xFE)
328 #sys.stderr.write("z1 reset done...\n")
329 def writepicROM(self, address, data):
330 ''' Writes data to @address'''
331 for i in range(7,-1,-1):
332 self.picROMclock((address >> i) & 0x01)
335 for i in range(7,-1,-1):
336 s = ((data >> i) & 0x01)
339 r = not self.picROMclock(s, True)
341 r = not self.picROMclock(s)
342 recbuf = (recbuf << 1) + r
344 self.picROMclock(0, True)
346 #while not self.serial.getCTS():
350 def readpicROM(self, address):
351 ''' reads a byte from @address'''
352 for i in range(7,-1,-1):
353 self.picROMclock((address >> i) & 0x01)
357 for i in range(7,-1,-1):
358 r = self.picROMclock(0)
359 recbuf = (recbuf << 1) + r
364 #This seems more reliable when slowed.
365 def picROMclock(self, masterout, slow = True):
366 #print "setting masterout to "+str(masterout)
367 self.serialport.setRTS(masterout)
368 self.serialport.setDTR(1)
370 self.serialport.setDTR(0)
373 return self.serialport.getCTS()
375 def picROMfastclock(self, masterout):
376 #print "setting masterout to "+str(masterout)
377 self.serialport.setRTS(masterout)
378 self.serialport.setDTR(1)
379 self.serialport.setDTR(0)
381 return self.serialport.getCTS()
383 def telosBReset(self,invokeBSL=0):
384 # "BSL entry sequence at dedicated JTAG pins"
385 # rst !s0: 0 0 0 0 1 1
386 # tck !s1: 1 0 1 0 0 1
389 # "BSL entry sequence at shared JTAG pins"
390 # rst !s0: 0 0 0 0 1 1
391 # tck !s1: 0 1 0 1 1 0
395 self.telosI2CWriteCmd(0,1)
396 self.telosI2CWriteCmd(0,3)
397 self.telosI2CWriteCmd(0,1)
398 self.telosI2CWriteCmd(0,3)
399 self.telosI2CWriteCmd(0,2)
400 self.telosI2CWriteCmd(0,0)
402 self.telosI2CWriteCmd(0,3)
403 self.telosI2CWriteCmd(0,2)
405 # This line was not defined inside the else: block, not sure where it
407 self.telosI2CWriteCmd(0,0)
408 time.sleep(0.250) #give MSP430's oscillator time to stabilize
409 self.serialport.flushInput() #clear buffers
412 def getbuffer(self,size=0x1c00):
413 writecmd(0,0xC2,[size&0xFF,(size>>16)&0xFF]);
414 print "Got %02x%02x buffer size." % (self.data[1],self.data[0]);
415 def writecmd(self, app, verb, count=0, data=[]):
416 """Write a command and some data to the GoodFET."""
417 self.serialport.write(chr(app));
418 self.serialport.write(chr(verb));
421 # count=len(data); #Initial count ignored.
423 #print "TX %02x %02x %04x" % (app,verb,count);
425 #little endian 16-bit length
426 self.serialport.write(chr(count&0xFF));
427 self.serialport.write(chr(count>>8));
430 print "Tx: ( 0x%02x, 0x%02x, 0x%04x )" % ( app, verb, count )
432 #print "count=%02x, len(data)=%04x" % (count,len(data));
435 if(isinstance(data,list)):
436 for i in range(0,count):
437 #print "Converting %02x at %i" % (data[i],i)
438 data[i]=chr(data[i]);
440 outstr=''.join(data);
441 self.serialport.write(outstr);
442 if not self.besilent:
443 return self.readcmd()
448 """Read a reply from the GoodFET."""
449 while 1:#self.serialport.inWaiting(): # Loop while input data is available
452 self.app=ord(self.serialport.read(1));
453 #print "APP=%02x" % self.app;
454 self.verb=ord(self.serialport.read(1));
456 #Fixes an obscure bug in the TelosB.
458 while self.verb==0x00:
459 self.verb=ord(self.serialport.read(1));
461 #print "VERB=%02x" % self.verb;
463 ord(self.serialport.read(1))
464 +(ord(self.serialport.read(1))<<8)
468 print "Rx: ( 0x%02x, 0x%02x, 0x%04x )" % ( self.app, self.verb, self.count )
470 #Debugging string; print, but wait.
473 print "# DEBUG %s" % self.serialport.read(self.count)
474 elif self.verb==0xFE:
475 print "# DEBUG 0x%x" % struct.unpack(fmt[self.count-1], self.serialport.read(self.count))[0]
476 elif self.verb==0xFD:
477 #Do nothing, just wait so there's no timeout.
482 self.data=self.serialport.read(self.count);
486 print "Warning: waiting for serial read timed out (most likely).";
487 #print "This shouldn't happen after syncing. Exiting for safety.";
491 def glitchApp(self,app):
492 """Glitch into a device by its application."""
493 self.data=[app&0xff];
494 self.writecmd(self.GLITCHAPP,0x80,1,self.data);
495 #return ord(self.data[0]);
496 def glitchVerb(self,app,verb,data):
497 """Glitch during a transaction."""
498 if data==None: data=[];
499 self.data=[app&0xff, verb&0xFF]+data;
500 self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data);
501 #return ord(self.data[0]);
502 def glitchstart(self):
503 """Glitch into the AVR application."""
504 self.glitchVerb(self.APP,0x20,None);
505 def glitchstarttime(self):
506 """Measure the timer of the START verb."""
507 return self.glitchTime(self.APP,0x20,None);
508 def glitchTime(self,app,verb,data):
509 """Time the execution of a verb."""
510 if data==None: data=[];
511 self.data=[app&0xff, verb&0xFF]+data;
512 print "Timing app %02x verb %02x." % (app,verb);
513 self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data);
514 time=ord(self.data[0])+(ord(self.data[1])<<8);
515 print "Timed to be %i." % time;
517 def glitchVoltages(self,low=0x0880, high=0x0fff):
518 """Set glitching voltages. (0x0fff is max.)"""
519 self.data=[low&0xff, (low>>8)&0xff,
520 high&0xff, (high>>8)&0xff];
521 self.writecmd(self.GLITCHAPP,0x90,4,self.data);
522 #return ord(self.data[0]);
523 def glitchRate(self,count=0x0800):
524 """Set glitching count period."""
525 self.data=[count&0xff, (count>>8)&0xff];
526 self.writecmd(self.GLITCHAPP,0x91,2,
528 #return ord(self.data[0]);
532 def silent(self,s=0):
533 """Transmissions halted when 1."""
535 print "besilent is %i" % self.besilent;
536 self.writecmd(0,0xB0,1,[s]);
538 def mon_connected(self):
539 """Announce to the monitor that the connection is good."""
541 self.writecmd(0,0xB1,0,[]);
543 """Write a byte to P5OUT."""
544 self.writecmd(0,0xA1,1,[byte]);
546 """Write a byte to P5DIR."""
547 self.writecmd(0,0xA0,1,[byte]);
549 """Call to an address."""
550 self.writecmd(0,0x30,2,
551 [adr&0xFF,(adr>>8)&0xFF]);
552 def execute(self,code):
553 """Execute supplied code."""
554 self.writecmd(0,0x31,2,#len(code),
556 def MONpeek8(self,address):
557 """Read a byte of memory from the monitor."""
558 self.data=[address&0xff,address>>8];
559 self.writecmd(0,0x02,2,self.data);
561 return ord(self.data[0]);
562 def MONpeek16(self,address):
563 """Read a word of memory from the monitor."""
564 return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
565 def peek(self,address):
566 """Read a word of memory from the monitor."""
567 return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
568 def eeprompeek(self,address):
569 """Read a word of memory from the monitor."""
570 print "EEPROM peeking not supported for the monitor.";
571 #return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8);
572 def peekbysym(self,name):
573 """Read a value by its symbol name."""
574 #TODO include memory in symbol.
575 reg=self.symbols.get(name);
576 return self.peek8(reg,"data");
577 def pokebysym(self,name,val):
578 """Write a value by its symbol name."""
579 #TODO include memory in symbol.
580 reg=self.symbols.get(name);
581 return self.pokebyte(reg,val);
582 def pokebyte(self,address,value,memory="vn"):
583 """Set a byte of memory by the monitor."""
584 self.data=[address&0xff,address>>8,value];
585 self.writecmd(0,0x03,3,self.data);
586 return ord(self.data[0]);
587 def poke16(self,address,value):
588 """Set a word of memory by the monitor."""
589 self.MONpoke16(address,value);
590 def MONpoke16(self,address,value):
591 """Set a word of memory by the monitor."""
592 self.pokebyte(address,value&0xFF);
593 self.pokebyte(address,(value>>8)&0xFF);
595 def setsecret(self,value):
596 """Set a secret word for later retreival. Used by glitcher."""
597 #self.eeprompoke(0,value);
598 #self.eeprompoke(1,value);
599 print "Secret setting is not yet suppored for this target.";
603 """Get a secret word. Used by glitcher."""
605 print "Secret getting is not yet suppored for this target.";
609 def dumpmem(self,begin,end):
612 print "%04x %04x" % (i, self.MONpeek16(i));
614 def monitor_ram_pattern(self):
615 """Overwrite all of RAM with 0xBEEF."""
616 self.writecmd(0,0x90,0,self.data);
618 def monitor_ram_depth(self):
619 """Determine how many bytes of RAM are unused by looking for 0xBEEF.."""
620 self.writecmd(0,0x91,0,self.data);
621 return ord(self.data[0])+(ord(self.data[1])<<8);
630 def setBaud(self,baud):
631 """Change the baud rate. TODO fix this."""
632 rates=self.baudrates;
634 print "Changing FET baud."
635 self.serialport.write(chr(0x00));
636 self.serialport.write(chr(0x80));
637 self.serialport.write(chr(1));
638 self.serialport.write(chr(baud));
640 print "Changed host baud."
641 self.serialport.setBaudrate(rates[baud]);
643 self.serialport.flushInput()
644 self.serialport.flushOutput()
646 print "Baud is now %i." % rates[baud];
649 return ord(self.serialport.read(1));
651 for r in self.baudrates:
652 print "\nTrying %i" % r;
653 self.serialport.setBaudrate(r);
655 self.serialport.flushInput()
656 self.serialport.flushOutput()
658 for i in range(1,10):
661 print "Read %02x %02x %02x %02x" % (
662 self.readbyte(),self.readbyte(),self.readbyte(),self.readbyte());
663 def monitortest(self):
664 """Self-test several functions through the monitor."""
665 print "Performing monitor self-test.";
666 self.monitorclocking();
667 for f in range(0,3000):
668 a=self.MONpeek16(0x0c00);
669 b=self.MONpeek16(0x0c02);
670 if a!=0x0c04 and a!=0x0c06:
671 print "ERROR Fetched %04x, %04x" % (a,b);
672 self.pokebyte(0x0021,0); #Drop LED
673 if self.MONpeek8(0x0021)!=0:
674 print "ERROR, P1OUT not cleared.";
675 self.pokebyte(0x0021,1); #Light LED
676 if not self.monitorecho():
677 print "Echo test failed.";
678 print "Self-test complete.";
679 self.monitorclocking();
680 def monitorecho(self):
681 data="The quick brown fox jumped over the lazy dog.";
682 self.writecmd(self.MONITORAPP,0x81,len(data),data);
685 print "Comm error recognized by monitorecho(), got:\n%s" % self.data;
689 def monitor_info(self):
690 print "GoodFET with %s MCU" % self.infostring();
691 print "Clocked at %s" % self.monitorclocking();
695 print "Flashing LEDs"
696 self.writecmd(self.MONITORAPP,0xD0,0,"")
698 print "Flashed %d LED." % ord(self.data)
700 print "Unable to process response:", self.data
703 def monitor_list_apps(self, full=False):
705 old_value = self.besilent
706 self.besilent = True # turn off automatic call to readcmd
707 self.writecmd(self.MONITORAPP, 0x82, 1, [int(full)]);
708 self.besilent = old_value
710 # read the build date string
712 print "Build Date: %s" % self.data
713 print "Firmware apps:"
721 def monitorclocking(self):
722 """Return the 16-bit clocking value."""
723 return "0x%04x" % self.monitorgetclock();
725 def monitorsetclock(self,clock):
726 """Set the clocking value."""
727 self.MONpoke16(0x56, clock);
728 def monitorgetclock(self):
729 """Get the clocking value."""
730 if(os.environ.get("platform")=='arduino' or os.environ.get("board")=='arduino'):
732 #Check for MSP430 before peeking this.
733 return self.MONpeek16(0x56);
734 # The following functions ought to be implemented in
737 def infostring(self):
738 if(os.environ.get("platform")=='arduino' or os.environ.get("board")=='arduino'):
741 a=self.MONpeek8(0xff0);
742 b=self.MONpeek8(0xff1);
743 return "%02x%02x" % (a,b);
745 print "Locking Unsupported.";
747 print "Erasure Unsupported.";
753 print "Unimplemented.";
756 print "Unimplemented.";
759 print "Unimplemented.";
762 print "Unimplemented.";
765 print "Unimplemented.";
767 def flash(self,file):
768 """Flash an intel hex file to code memory."""
769 print "Flash not implemented.";
770 def dump(self,file,start=0,stop=0xffff):
771 """Dump an intel hex file from code memory."""
772 print "Dump not implemented.";
773 def peek32(self,address, memory="vn"):
775 return (self.peek16(address,memory)+
776 (self.peek16(address+2,memory)<<16));
777 def peek16(self,address, memory="vn"):
778 """Peek 16 bits of memory."""
779 return (self.peek8(address,memory)+
780 (self.peek8(address+1,memory)<<8));
781 def peek8(self,address, memory="vn"):
782 """Peek a byte of memory."""
783 return self.MONpeek8(address); #monitor
784 def peekblock(self,address,length,memory="vn"):
785 """Return a block of data."""
786 data=range(0,length);
787 for foo in range(0,length):
788 data[foo]=self.peek8(address+foo,memory);
790 def pokeblock(self,address,bytes,memory="vn"):
791 """Poke a block of a data into memory at an address."""
793 self.pokebyte(address,foo,memory);
796 def loadsymbols(self):
797 """Load symbols from a file."""
projects / goodfet / blob