# This code is being rewritten and refactored. You've been warned!
import sys, time, string, cStringIO, struct, glob, serial, os;
+import sqlite3;
+fmt = ("B", "<H", None, "<L")
+
+def getClient(name="GoodFET"):
+ import GoodFET, GoodFETCC, GoodFETAVR, GoodFETSPI, GoodFETMSP430, GoodFETNRF;
+ if(name=="GoodFET" or name=="monitor"): return GoodFET.GoodFET();
+ elif name=="cc" or name=="cc51": return GoodFETCC.GoodFETCC();
+ elif name=="cc2420" or name=="ccspi": return GoodFETCC.GoodFETCC();
+ elif name=="avr": return GoodFETAVR.GoodFETAVR();
+ elif name=="spi": return GoodFETSPI.GoodFETSPI();
+ elif name=="msp430": return GoodFETMSP430.GoodFETMSP430();
+ elif name=="nrf": return GoodFETNRF.GoodFETNRF();
+
+ print "Unsupported target: %s" % name;
+ sys.exit(0);
+
+class SymbolTable:
+ """GoodFET Symbol Table"""
+ db=sqlite3.connect(":memory:");
+
+ def __init__(self, *args, **kargs):
+ self.db.execute("create table if not exists symbols(adr,name,memory,size,comment);");
+ def get(self,name):
+ self.db.commit();
+ c=self.db.cursor();
+ try:
+ c.execute("select adr,memory from symbols where name=?",(name,));
+ for row in c:
+ #print "Found it.";
+ sys.stdout.flush();
+ return row[0];
+ #print "No dice.";
+ except:# sqlite3.OperationalError:
+ #print "SQL error.";
+ return eval(name);
+ return eval(name);
+ def define(self,adr,name,comment="",memory="vn",size=16):
+ self.db.execute("insert into symbols(adr,name,memory,size,comment)"
+ "values(?,?,?,?,?);", (
+ adr,name,memory,size,comment));
+ #print "Set %s=%s." % (name,adr);
class GoodFET:
"""GoodFET Client Library"""
+
+ besilent=0;
+ app=0;
+ verb=0;
+ count=0;
+ data="";
+ verbose=False
+
+ GLITCHAPP=0x71;
+ MONITORAPP=0x00;
+ symbols=SymbolTable();
+
def __init__(self, *args, **kargs):
self.data=[0];
+ def getConsole(self):
+ from GoodFETConsole import GoodFETConsole;
+ return GoodFETConsole(self);
+ def name2adr(self,name):
+ return self.symbols.get(name);
def timeout(self):
print "timeout\n";
- def serInit(self, port=None):
+ def serInit(self, port=None, timeout=2):
"""Open the serial port"""
+ # Make timeout None to wait forever, 0 for non-blocking mode.
if port is None and os.environ.get("GOODFET")!=None:
glob_list = glob.glob(os.environ.get("GOODFET"));
if len(glob_list) > 0:
port = glob_list[0];
+ else:
+ port = os.environ.get("GOODFET");
if port is None:
glob_list = glob.glob("/dev/tty.usbserial*");
if len(glob_list) > 0:
glob_list = glob.glob("/dev/ttyUSB*");
if len(glob_list) > 0:
port = glob_list[0];
+ if os.name=='nt':
+ from scanwin32 import winScan;
+ scan=winScan();
+ for order,comport,desc,hwid in sorted(scan.comports()):
+ try:
+ if hwid.index('FTDI')==0:
+ port=comport;
+ #print "Using FTDI port %s" % port
+ except:
+ #Do nothing.
+ a=1;
self.serialport = serial.Serial(
port,
#9600,
115200,
- parity = serial.PARITY_NONE
+ parity = serial.PARITY_NONE,
+ timeout=timeout
)
- #Drop DTR, which is !RST, low to begin the app.
- self.serialport.setDTR(0);
- self.serialport.flushInput()
- self.serialport.flushOutput()
- #Read and handle the initial command.
- #time.sleep(1);
- self.readcmd(); #Read the first command.
- if(self.verb!=0x7F):
- print "Verb %02x is wrong. Incorrect firmware?" % self.verb;
- #print "Connected."
- def writecmd(self, app, verb, count=0, data=[], blocks=1):
+ self.verb=0;
+ attempts=0;
+ connected=0;
+ while connected==0:
+ while self.verb!=0x7F or self.data!="http://goodfet.sf.net/":
+ #print "Resyncing.";
+ self.serialport.flushInput()
+ self.serialport.flushOutput()
+ #Explicitly set RTS and DTR to halt board.
+ self.serialport.setRTS(1);
+ self.serialport.setDTR(1);
+ #Drop DTR, which is !RST, low to begin the app.
+ self.serialport.setDTR(0);
+
+ #TelosB reset, prefer software to I2C SPST Switch.
+ if(os.environ.get("platform")=='telosb'):
+ self.telosBReset();
+ #self.serialport.write(chr(0x80));
+ #self.serialport.write(chr(0x80));
+ #self.serialport.write(chr(0x80));
+ #self.serialport.write(chr(0x80));
+
+
+ self.serialport.flushInput()
+ self.serialport.flushOutput()
+ #time.sleep(60);
+ attempts=attempts+1;
+ self.readcmd(); #Read the first command.
+ #Here we have a connection, but maybe not a good one.
+ connected=1;
+ olds=self.infostring();
+ clocking=self.monitorclocking();
+ for foo in range(1,30):
+ if not self.monitorecho():
+ if self.verbose: print "Comm error on %i try, resyncing out of %s." % (foo,
+ clocking);
+ connected=0;
+ break;
+ if self.verbose: print "Connected after %02i attempts." % attempts;
+ self.mon_connected();
+ def telosSetSCL(self, level):
+ self.serialport.setRTS(not level)
+ def telosSetSDA(self, level):
+ self.serialport.setDTR(not level)
+
+ def telosI2CStart(self):
+ self.telosSetSDA(1)
+ self.telosSetSCL(1)
+ self.telosSetSDA(0)
+
+ def telosI2CStop(self):
+ self.telosSetSDA(0)
+ self.telosSetSCL(1)
+ self.telosSetSDA(1)
+
+ def telosI2CWriteBit(self, bit):
+ self.telosSetSCL(0)
+ self.telosSetSDA(bit)
+ time.sleep(2e-6)
+ self.telosSetSCL(1)
+ time.sleep(1e-6)
+ self.telosSetSCL(0)
+
+ def telosI2CWriteByte(self, byte):
+ self.telosI2CWriteBit( byte & 0x80 );
+ self.telosI2CWriteBit( byte & 0x40 );
+ self.telosI2CWriteBit( byte & 0x20 );
+ self.telosI2CWriteBit( byte & 0x10 );
+ self.telosI2CWriteBit( byte & 0x08 );
+ self.telosI2CWriteBit( byte & 0x04 );
+ self.telosI2CWriteBit( byte & 0x02 );
+ self.telosI2CWriteBit( byte & 0x01 );
+ self.telosI2CWriteBit( 0 ); # "acknowledge"
+
+ def telosI2CWriteCmd(self, addr, cmdbyte):
+ self.telosI2CStart()
+ self.telosI2CWriteByte( 0x90 | (addr << 1) )
+ self.telosI2CWriteByte( cmdbyte )
+ self.telosI2CStop()
+
+ def telosBReset(self,invokeBSL=0):
+ # "BSL entry sequence at dedicated JTAG pins"
+ # rst !s0: 0 0 0 0 1 1
+ # tck !s1: 1 0 1 0 0 1
+ # s0|s1: 1 3 1 3 2 0
+
+ # "BSL entry sequence at shared JTAG pins"
+ # rst !s0: 0 0 0 0 1 1
+ # tck !s1: 0 1 0 1 1 0
+ # s0|s1: 3 1 3 1 0 2
+
+ if invokeBSL:
+ self.telosI2CWriteCmd(0,1)
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,1)
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,2)
+ self.telosI2CWriteCmd(0,0)
+ else:
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,2)
+
+ # This line was not defined inside the else: block, not sure where it
+ # should be however
+ self.telosI2CWriteCmd(0,0)
+ time.sleep(0.250) #give MSP430's oscillator time to stabilize
+ self.serialport.flushInput() #clear buffers
+
+
+ def getbuffer(self,size=0x1c00):
+ writecmd(0,0xC2,[size&0xFF,(size>>16)&0xFF]);
+ print "Got %02x%02x buffer size." % (self.data[1],self.data[0]);
+ def writecmd(self, app, verb, count=0, data=[]):
"""Write a command and some data to the GoodFET."""
self.serialport.write(chr(app));
self.serialport.write(chr(verb));
- self.serialport.write(chr(count));
+
+ #if data!=None:
+ # count=len(data); #Initial count ignored.
+
+ #print "TX %02x %02x %04x" % (app,verb,count);
+
+ #little endian 16-bit length
+ self.serialport.write(chr(count&0xFF));
+ self.serialport.write(chr(count>>8));
+
+ if self.verbose:
+ print "Tx: ( 0x%02x, 0x%02x, 0x%04x )" % ( app, verb, count )
+
#print "count=%02x, len(data)=%04x" % (count,len(data));
- if count!=0:
- for d in data:
- self.serialport.write(chr(d));
- self.readcmd(blocks); #Uncomment this later, to ensure a response.
- def readcmd(self,blocks=1):
+ if count!=0:
+ if(isinstance(data,list)):
+ for i in range(0,count):
+ #print "Converting %02x at %i" % (data[i],i)
+ data[i]=chr(data[i]);
+ #print type(data);
+ outstr=''.join(data);
+ self.serialport.write(outstr);
+ if not self.besilent:
+ return self.readcmd()
+ else:
+ return []
+
+ def readcmd(self):
"""Read a reply from the GoodFET."""
- while 1:
- self.app=ord(self.serialport.read(1));
- self.verb=ord(self.serialport.read(1));
- self.count=ord(self.serialport.read(1));
- self.data=self.serialport.read(self.count*blocks);
- #print "READ %02x %02x %02x " % (self.app, self.verb, self.count);
+ while 1:#self.serialport.inWaiting(): # Loop while input data is available
+ try:
+ #print "Reading...";
+ self.app=ord(self.serialport.read(1));
+ #print "APP=%2x" % self.app;
+ self.verb=ord(self.serialport.read(1));
+ #print "VERB=%02x" % self.verb;
+ self.count=(
+ ord(self.serialport.read(1))
+ +(ord(self.serialport.read(1))<<8)
+ );
+
+ if self.verbose:
+ print "Rx: ( 0x%02x, 0x%02x, 0x%04x )" % ( self.app, self.verb, self.count )
- #Debugging string; print, but wait.
- if self.app==0xFF and self.verb==0xFF:
- print "DEBUG %s" % self.data;
- else:
+ #Debugging string; print, but wait.
+ if self.app==0xFF:
+ if self.verb==0xFF:
+ print "# DEBUG %s" % self.serialport.read(self.count)
+ elif self.verb==0xFE:
+ print "# DEBUG 0x%x" % struct.unpack(fmt[self.count-1], self.serialport.read(self.count))[0]
+ elif self.verb==0xFD:
+ #Do nothing, just wait so there's no timeout.
+ print "# NOP.";
+
+ sys.stdout.flush();
+ else:
+ self.data=self.serialport.read(self.count);
+ return self.data;
+ except TypeError:
+ if self.connected:
+ print "Error: waiting for serial read timed out (most likely).";
+ print "This shouldn't happen after syncing. Exiting for safety.";
+ sys.exit(-1)
return self.data;
-
+ #Glitching stuff.
+ def glitchApp(self,app):
+ """Glitch into a device by its application."""
+ self.data=[app&0xff];
+ self.writecmd(self.GLITCHAPP,0x80,1,self.data);
+ #return ord(self.data[0]);
+ def glitchVerb(self,app,verb,data):
+ """Glitch during a transaction."""
+ if data==None: data=[];
+ self.data=[app&0xff, verb&0xFF]+data;
+ self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data);
+ #return ord(self.data[0]);
+ def glitchstart(self):
+ """Glitch into the AVR application."""
+ self.glitchVerb(self.APP,0x20,None);
+ def glitchstarttime(self):
+ """Measure the timer of the START verb."""
+ return self.glitchTime(self.APP,0x20,None);
+ def glitchTime(self,app,verb,data):
+ """Time the execution of a verb."""
+ if data==None: data=[];
+ self.data=[app&0xff, verb&0xFF]+data;
+ print "Timing app %02x verb %02x." % (app,verb);
+ self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data);
+ time=ord(self.data[0])+(ord(self.data[1])<<8);
+ print "Timed to be %i." % time;
+ return time;
+ def glitchVoltages(self,low=0x0880, high=0x0fff):
+ """Set glitching voltages. (0x0fff is max.)"""
+ self.data=[low&0xff, (low>>8)&0xff,
+ high&0xff, (high>>8)&0xff];
+ self.writecmd(self.GLITCHAPP,0x90,4,self.data);
+ #return ord(self.data[0]);
+ def glitchRate(self,count=0x0800):
+ """Set glitching count period."""
+ self.data=[count&0xff, (count>>8)&0xff];
+ self.writecmd(self.GLITCHAPP,0x91,2,
+ self.data);
+ #return ord(self.data[0]);
+
+
#Monitor stuff
+ def silent(self,s=0):
+ """Transmissions halted when 1."""
+ self.besilent=s;
+ print "besilent is %i" % self.besilent;
+ self.writecmd(0,0xB0,1,[s]);
+ connected=0;
+ def mon_connected(self):
+ """Announce to the monitor that the connection is good."""
+ self.connected=1;
+ self.writecmd(0,0xB1,0,[]);
def out(self,byte):
"""Write a byte to P5OUT."""
self.writecmd(0,0xA1,1,[byte]);
def dir(self,byte):
"""Write a byte to P5DIR."""
self.writecmd(0,0xA0,1,[byte]);
+ def call(self,adr):
+ """Call to an address."""
+ self.writecmd(0,0x30,2,
+ [adr&0xFF,(adr>>8)&0xFF]);
+ def execute(self,code):
+ """Execute supplied code."""
+ self.writecmd(0,0x31,2,#len(code),
+ code);
def peekbyte(self,address):
"""Read a byte of memory from the monitor."""
self.data=[address&0xff,address>>8];
def peekword(self,address):
"""Read a word of memory from the monitor."""
return self.peekbyte(address)+(self.peekbyte(address+1)<<8);
+ def peek(self,address):
+ """Read a word of memory from the monitor."""
+ return self.peekbyte(address)+(self.peekbyte(address+1)<<8);
+ def eeprompeek(self,address):
+ """Read a word of memory from the monitor."""
+ return self.peekbyte(address)+(self.peekbyte(address+1)<<8);
+
def pokebyte(self,address,value):
"""Set a byte of memory by the monitor."""
self.data=[address&0xff,address>>8,value];
self.writecmd(0,0x03,3,self.data);
return ord(self.data[0]);
+ def poke16(self,address,value):
+ """Set a word of memory by the monitor."""
+ self.pokebyte(address,value&0xFF);
+ self.pokebyte(address,(value>>8)&0xFF);
+ return value;
+ def setsecret(self,value):
+ """Set a secret word for later retreival. Used by glitcher."""
+ self.eeprompoke(0,value);
+ self.eeprompoke(1,value);
+ def getsecret(self):
+ """Get a secret word. Used by glitcher."""
+ self.eeprompeek(0);
+
def dumpmem(self,begin,end):
i=begin;
while i<end:
def monitortest(self):
"""Self-test several functions through the monitor."""
print "Performing monitor self-test.";
-
- if self.peekword(0x0c00)!=0x0c04 and self.peekword(0x0c00)!=0x0c06:
- print "ERROR Fetched wrong value from 0x0c04.";
- self.pokebyte(0x0021,0); #Drop LED
- if self.peekbyte(0x0021)!=0:
- print "ERROR, P1OUT not cleared.";
- self.pokebyte(0x0021,1); #Light LED
-
+ self.monitorclocking();
+ for f in range(0,3000):
+ a=self.peekword(0x0c00);
+ b=self.peekword(0x0c02);
+ if a!=0x0c04 and a!=0x0c06:
+ print "ERROR Fetched %04x, %04x" % (a,b);
+ self.pokebyte(0x0021,0); #Drop LED
+ if self.peekbyte(0x0021)!=0:
+ print "ERROR, P1OUT not cleared.";
+ self.pokebyte(0x0021,1); #Light LED
+ if not self.monitorecho():
+ print "Echo test failed.";
print "Self-test complete.";
+ self.monitorclocking();
+ def monitorecho(self):
+ data="The quick brown fox jumped over the lazy dog.";
+ self.writecmd(self.MONITORAPP,0x81,len(data),data);
+ if self.data!=data:
+ if self.verbose: print "Comm error recognized by monitorecho().";
+ return 0;
+ return 1;
+ def monitorclocking(self):
+ """Return the 16-bit clocking value."""
+ return "0x%04x" % self.monitorgetclock();
-
-
- def I2Csetup(self):
- """Move the FET into the I2C application."""
- self.writecmd(0x02,0x10,0,self.data); #SPI/SETUP
- def I2Cstart(self):
- """Start an I2C transaction."""
- self.writecmd(0x02,0x20,0,self.data); #SPI/SETUP
- def I2Cstop(self):
- """Stop an I2C transaction."""
- self.writecmd(0x02,0x21,0,self.data); #SPI/SETUP
- def I2Cread(self,len=1):
- """Read len bytes by I2C."""
- self.writecmd(0x02,0x00,1,[len]); #SPI/SETUP
- return self.data;
- def I2Cwrite(self,bytes):
- """Write bytes by I2C."""
- self.writecmd(0x02,0x01,len(bytes),bytes); #SPI/SETUP
- return ord(self.data[0]);
-class GoodFETCC(GoodFET):
- """A GoodFET variant for use with Chipcon 8051 Zigbe SoC."""
- def CChaltcpu(self):
- """Halt the CPU."""
- self.writecmd(0x30,0x86,0,self.data);
- def CCreleasecpu(self):
- """Resume the CPU."""
- self.writecmd(0x30,0x87,0,self.data);
- def CCtest(self):
- self.CCreleasecpu();
- self.CChaltcpu();
- #print "Status: %s" % self.CCstatusstr();
-
- #Grab ident three times, should be equal.
- ident1=self.CCident();
- ident2=self.CCident();
- ident3=self.CCident();
- if(ident1!=ident2 or ident2!=ident3):
- print "Error, repeated ident attempts unequal."
- print "%04x, %04x, %04x" % (ident1, ident2, ident3);
-
- #Single step, printing PC.
- print "Tracing execution at startup."
- for i in range(1,15):
- pc=self.CCgetPC();
- byte=self.CCpeekcodebyte(i);
- #print "PC=%04x, %02x" % (pc, byte);
- self.CCstep_instr();
-
- print "Verifying that debugging a NOP doesn't affect the PC."
- for i in range(1,15):
- pc=self.CCgetPC();
- self.CCdebuginstr([0x00]);
- if(pc!=self.CCgetPC()):
- print "ERROR: PC changed during CCdebuginstr([NOP])!";
-
-
- #print "Status: %s." % self.CCstatusstr();
- #Exit debugger
- self.CCstop();
- print "Done.";
+ def monitorsetclock(self,clock):
+ """Set the clocking value."""
+ self.poke16(0x56, clock);
+ def monitorgetclock(self):
+ """Get the clocking value."""
+ return self.peek16(0x56);
+ # The following functions ought to be implemented in
+ # every client.
- def CCsetup(self):
- """Move the FET into the CC2430/CC2530 application."""
- #print "Initializing Chipcon.";
- self.writecmd(0x30,0x10,0,self.data);
- def CCrd_config(self):
- """Read the config register of a Chipcon."""
- self.writecmd(0x30,0x82,0,self.data);
- return ord(self.data[0]);
- def CCwr_config(self,config):
- """Write the config register of a Chipcon."""
- self.writecmd(0x30,0x81,1,[config&0xFF]);
+ def infostring(self):
+ a=self.peekbyte(0xff0);
+ b=self.peekbyte(0xff1);
+ return "%02x%02x" % (a,b);
+ def lock(self):
+ print "Locking Unsupported.";
+ def erase(self):
+ print "Erasure Unsupported.";
+ def setup(self):
+ return;
+ def start(self):
+ return;
+ def test(self):
+ print "Unimplemented.";
+ return;
+ def status(self):
+ print "Unimplemented.";
+ return;
+ def halt(self):
+ print "Unimplemented.";
+ return;
+ def resume(self):
+ print "Unimplemented.";
+ return;
+ def getpc(self):
+ print "Unimplemented.";
+ return 0xdead;
+ def flash(self,file):
+ """Flash an intel hex file to code memory."""
+ print "Flash not implemented.";
+ def dump(self,file,start=0,stop=0xffff):
+ """Dump an intel hex file from code memory."""
+ print "Dump not implemented.";
+ def peek32(self,address, memory="vn"):
+ return (self.peek16(address,memory)+
+ (self.peek16(address+2,memory)<<16));
+ def peek16(self,address, memory="vn"):
+ return (self.peek8(address,memory)+
+ (self.peek8(address+1,memory)<<8));
+ def peek8(self,address, memory="vn"):
+ return self.peekbyte(address); #monitor
+ def peekword(self,address, memory="vn"):
+ return self.peek(address); #monitor
- CCversions={0x0100:"CC1110",
- 0x8500:"CC2430",
- 0x8900:"CC2431",
- 0x8100:"CC2510",
- 0x9100:"CC2511",
- 0xFF00:"CCmissing"};
- def CCidentstr(self):
- ident=self.CCident();
- chip=self.CCversions.get(ident&0xFF00);
- return "%s/r%02x" % (chip, ident&0xFF);
- def CCident(self):
- """Get a chipcon's ID."""
- self.writecmd(0x30,0x8B,0,None);
- chip=ord(self.data[0]);
- rev=ord(self.data[1]);
- return (chip<<8)+rev;
- def CCgetPC(self):
- """Get a chipcon's PC."""
- self.writecmd(0x30,0x83,0,None);
- hi=ord(self.data[0]);
- lo=ord(self.data[1]);
- return (hi<<8)+lo;
- def CCdebuginstr(self,instr):
- self.writecmd(0x30,0x88,len(instr),instr);
- return ord(self.data[0]);
- def CCpeekcodebyte(self,adr):
- """Read the contents of code memory at an address."""
- self.data=[adr&0xff, (adr&0xff00)>>8];
- self.writecmd(0x30,0x90,2,self.data);
- return ord(self.data[0]);
- def CCpeekdatabyte(self,adr):
- """Read the contents of data memory at an address."""
- self.data=[adr&0xff, (adr&0xff00)>>8];
- self.writecmd(0x30,0x91, 2, self.data);
- return ord(self.data[0]);
- def CCpokedatabyte(self,adr,val):
- """Write a byte to data memory."""
- self.data=[adr&0xff, (adr&0xff00)>>8, val];
- self.writecmd(0x30, 0x92, 3, self.data);
- return ord(self.data[0]);
- def CCchiperase(self):
- """Erase all of the target's memory."""
- self.writecmd(0x30,0x80,0,None);
- def CCstatus(self):
- """Check the status."""
- self.writecmd(0x30,0x84,0,None);
- return ord(self.data[0])
- CCstatusbits={0x80 : "erased",
- 0x40 : "pcon_idle",
- 0x20 : "halted",
- 0x10 : "pm0",
- 0x08 : "halted",
- 0x04 : "locked",
- 0x02 : "oscstable",
- 0x01 : "overflow"};
- def CCstatusstr(self):
- """Check the status as a string."""
- status=self.CCstatus();
- str="";
- i=1;
- while i<0x100:
- if(status&i):
- str="%s %s" %(self.CCstatusbits[i],str);
- i*=2;
- return str;
- def CCstart(self):
- """Start debugging."""
- self.writecmd(0x30,0x20,0,self.data);
- ident=self.CCidentstr();
- print "Target identifies as %s." % ident;
- #print "Status: %s." % self.CCstatusstr();
- self.CCreleasecpu();
- self.CChaltcpu();
- #print "Status: %s." % self.CCstatusstr();
-
- def CCstop(self):
- """Stop debugging."""
- self.writecmd(0x30,0x21,0,self.data);
- def CCstep_instr(self):
- """Step one instruction."""
- self.writecmd(0x30,0x89,0,self.data);
-
+ def loadsymbols(self):
+ return;