#!/usr/bin/env python
# GoodFET ARM Client Library
#
-#
-# Good luck with alpha / beta code.
# Contributions and bug reports welcome.
#
# todo:
# * ensure correct PC handling
# * flash manipulation (probably need to get the specific chip for this one)
# * set security (chip-specific)
-# * -ancilary/faster- ldm/stm versions of memory access (had trouble in past, possibly also due to haphazard abuse of DCLK)
-#
-# fixme now stuff:
-# * thumb mode get/set_register - DONE!
-# * thumb to arm mode - DONE!
-# * rethink the whole python/c trade-off for cross-python session debugging
import sys, binascii, struct, time
-import atlasutils.smartprint as asp
from GoodFET import GoodFET
from intelhex import IntelHex
IR_SHIFT = 0x80
DR_SHIFT = 0x81
RESETTAP = 0x82
-RESETTARGET = 0x86
+RESETTARGET = 0x83
GET_REGISTER = 0x87
SET_REGISTER = 0x88
DEBUG_INSTR = 0x89
ARM_READ_MEM = ARM_INSTR_LDR_R1_r0_4
ARM_INSTR_STR_R1_r0_4 = 0xe4801004L
ARM_WRITE_MEM = ARM_INSTR_STR_R1_r0_4
+ARM_INSTR_STRB_R1_r0_1 = 0xe4c01001L
+ARM_WRITE_MEM_BYTE = ARM_INSTR_STRB_R1_r0_1
ARM_INSTR_MRS_R0_CPSR = 0xe10f0000L
ARM_INSTR_MSR_cpsr_cxsf_R0 =0xe12ff000L
-ARM_INSTR_STMIA_R14_r0_rx = 0xE88E0000L # add up to 65k to indicate which registers...
+ARM_INSTR_STMIA_R14_r0_rx = 0xE88e0000L # add up to 65k to indicate which registers...
+ARM_INSTR_LDMIA_R14_r0_rx = 0xE89e0000L # add up to 65k to indicate which registers...
ARM_STORE_MULTIPLE = ARM_INSTR_STMIA_R14_r0_rx
ARM_INSTR_SKANKREGS = 0xE88F7fffL
ARM_INSTR_CLOBBEREGS = 0xE89F7fffL
1<<ENABLE:'ENABLE',
}
+LDM_BITMASKS = [(1<<x)-1 for x in xrange(16)]
#### TOTALLY BROKEN, NEED VALIDATION AND TESTING
PCOFF_DBGRQ = 4 * 4
PCOFF_WATCH = 4 * 4
return retval
def ARMidentstr(self):
ident=self.ARMident()
- ver = ident >> 28
- partno = (ident >> 12) & 0x10
- mfgid = ident & 0xfff
- return "mfg: %x\npartno: %x\nver: %x\n(%x)" % (ver, partno, mfgid, ident);
+ ver = (ident >> 28)
+ partno = (ident >> 12) & 0xffff
+ mfgid = (ident >> 1) & 0x7ff
+ return "Chip IDCODE: 0x%x\n\tver: %x\n\tpartno: %x\n\tmfgid: %x\n" % (ident, ver, partno, mfgid);
def ARMeice_write(self, reg, val):
data = chop(val,4)
data.extend([reg])
return retval
def ARMget_registers(self):
"""Get ARM Registers"""
- # FIXME: should we clobber r15 first? if results get wonky, we will.
- self.ARMdebuginstr(ARM_INSTR_SKANKREGS,0)
- self.ARM_nop(0)
- self.ARM_nop(0)
- regs = [ struct.unpack("<L", self.ARM_nop(0))[0] for x in range(15) ]
+ regs = [ self.ARMget_register(x) for x in range(15) ]
regs.append(self.ARMgetPC()) # make sure we snag the "static" version of PC
return regs
def ARMset_registers(self, regs, mask):
"""Set ARM Registers"""
for x in xrange(15):
if (1<<x) & mask:
- self.ARMset_register(x,regs.pop())
+ self.ARMset_register(x,regs.pop(0))
if (1<<15) & mask: # make sure we set the "static" version of PC or changes will be lost
- self.ARMsetPC(regs.pop())
+ self.ARMsetPC(regs.pop(0))
def ARMdebuginstr(self,instr,bkpt):
if type (instr) == int or type(instr) == long:
instr = struct.pack("<L", instr)
instr.extend([bkpt])
self.writecmd(0x13,DEBUG_INSTR,len(instr),instr)
return (self.data)
- def ARM_nop(self, bkpt):
+ def ARM_nop(self, bkpt=0):
if self.status() & DBG_TBIT:
return self.ARMdebuginstr(THUMB_INSTR_NOP, bkpt)
return self.ARMdebuginstr(ARM_INSTR_NOP, bkpt)
print hex(self.ARMget_register(15))
print hex(self.ARMchain0(self.storedPC,self.flags)[0])
self.ARMdebuginstr(THUMB_INSTR_B_IMM | (0x7fc07fc),0)
- self.ARM_nop()
+ self.ARM_nop(0)
self.ARMrestart()
self.ARMset_register(1, r1); # restore R0 and R1
self.ARMset_register(0, r0);
return retval
-
- def ARMwriteMem(self, adr, wordarray):
+ def ARMreadChunk(self, adr, wordcount):
+ """ Only works in ARM mode currently
+ WARNING: Addresses must be word-aligned!
+ """
+ regs = self.ARMget_registers()
+ self.ARMset_registers([0xdeadbeef for x in xrange(14)], 0xe)
+ output = []
+ count = wordcount
+ while (wordcount > 0):
+ if (wordcount%64 == 0): sys.stderr.write(".")
+ count = (wordcount, 0xe)[wordcount>0xd]
+ bitmask = LDM_BITMASKS[count]
+ self.ARMset_register(14,adr)
+ self.ARM_nop(1)
+ self.ARMdebuginstr(ARM_INSTR_LDMIA_R14_r0_rx | bitmask ,0)
+ #FIXME: do we need the extra nop here?
+ self.ARMrestart()
+ self.ARMwaitDBG()
+ output.extend([self.ARMget_register(x) for x in xrange(count)])
+ wordcount -= count
+ adr += count*4
+ #print hex(adr)
+ # FIXME: handle the rest of the wordcount here.
+ self.ARMset_registers(regs,0xe)
+ return output
+ def ARMreadStream(self, adr, bytecount):
+ data = [struct.unpack("<L", x) for x in self.ARMreadChunk(adr, (bytecount-1/4)+1)]
+ return "".join(data)[:bytecount]
+
+ def ARMwriteChunk(self, adr, wordarray):
+ """ Only works in ARM mode currently
+ WARNING: Addresses must be word-aligned!
+ """
+ regs = self.ARMget_registers()
+ wordcount = len(wordarray)
+ while (wordcount > 0):
+ if (wordcount%64 == 0): sys.stderr.write(".")
+ count = (wordcount, 0xe)[wordcount>0xd]
+ bitmask = LDM_BITMASKS[count]
+ self.ARMset_register(14,adr)
+ #print len(wordarray),bin(bitmask)
+ self.ARMset_registers(wordarray[:count],bitmask)
+ self.ARM_nop(1)
+ self.ARMdebuginstr(ARM_INSTR_STMIA_R14_r0_rx | bitmask ,0)
+ #FIXME: do we need the extra nop here?
+ self.ARMrestart()
+ self.ARMwaitDBG()
+ wordarray = wordarray[count:]
+ wordcount -= count
+ adr += count*4
+ #print hex(adr)
+ # FIXME: handle the rest of the wordcount here.
+ def ARMwriteMem(self, adr, wordarray, instr=ARM_WRITE_MEM):
r0 = self.ARMget_register(0); # store R0 and R1
r1 = self.ARMget_register(1);
#print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
self.ARMset_register(1, word); # write address into R0
self.ARM_nop(0)
self.ARM_nop(1)
- self.ARMdebuginstr(ARM_WRITE_MEM, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
+ self.ARMdebuginstr(instr, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
self.ARM_nop(0)
self.ARMrestart()
self.ARMwaitDBG()
- print hex(self.ARMget_register(1))
+ print >>sys.stderr,hex(self.ARMget_register(1))
self.ARMset_register(1, r1); # restore R0 and R1
self.ARMset_register(0, r0);
+ def writeMemByte(self, adr, byte):
+ self.ARMwriteMem(adr, byte, ARM_WRITE_MEM_BYTE)
+
ARMstatusbits={
0x10 : "TBIT",
0x02 : "force dbgrq",
0x01 : "force dbgack"
}
-
+ def ARMresettarget(self, delay=10):
+ return self.writecmd(0x13,RESETTARGET,2, [ delay&0xff, (delay>>8)&0xff ] )
def ARMchain0(self, address, bits=0x819684c054, data=0):
bulk = chop(address,4)
bulk.extend(chop(bits,8))
bulk.extend(chop(data,4))
- print (repr(bulk))
+ print >>sys.stderr,(repr(bulk))
self.writecmd(0x13,CHAIN0,16,bulk)
d1,b1,a1 = struct.unpack("<LQL",self.data)
return (a1,b1,d1)
def start(self):
"""Start debugging."""
self.writecmd(0x13,START,0,self.data)
+ print >>sys.stderr,"Identifying Target:"
ident=self.ARMidentstr()
- print "Target identifies as %s." % ident
- print "Debug Status: %s." % self.statusstr()
- #print "System State: %x." % self.ARMget_regCPSRstr()
+ print >>sys.stderr,ident
+ print >>sys.stderr,"Debug Status:\t%s\n" % self.statusstr()
+
def stop(self):
"""Stop debugging."""
self.writecmd(0x13,STOP,0,self.data)