2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is ugly as sin, for bootstrapping the firmware only.
7 # Rewrite cleanly as soon as is convenient.
9 import sys, time, string, cStringIO, struct, glob, serial, os;
13 def __init__(self, *args, **kargs):
17 def serInit(self, port=None):
18 """Open the serial port"""
21 port=os.environ.get("GOODFET");
24 glob_list = glob.glob("/dev/tty.usbserial*");
25 if len(glob_list) > 0:
28 glob_list = glob.glob("/dev/ttyUSB*");
29 if len(glob_list) > 0:
32 self.serialport = serial.Serial(
36 parity = serial.PARITY_NONE
38 #Drop DTR, which is !RST, low to begin the app.
39 self.serialport.setDTR(0);
40 self.serialport.flushInput()
41 self.serialport.flushOutput()
43 #Read and handle the initial command.
45 self.readcmd(); #Read the first command.
47 print "Verb %02x is wrong. Incorrect firmware?" % self.verb;
49 def writecmd(self, app, verb, count, data):
50 """Write a command and some data to the GoodFET."""
51 self.serialport.write(chr(app));
52 self.serialport.write(chr(verb));
53 self.serialport.write(chr(count));
54 #print "count=%02x, len(data)=%04x" % (count,len(data));
57 self.serialport.write(chr(d));
58 self.readcmd(); #Uncomment this later, to ensure a response.
60 """Read a reply from the GoodFET."""
61 self.app=ord(self.serialport.read(1));
62 self.verb=ord(self.serialport.read(1));
63 self.count=ord(self.serialport.read(1));
65 self.data=self.serialport.read(self.count);
66 #print "READ %02x %02x %02x " % (self.app, self.verb, self.count);
69 def peekbyte(self,address):
70 """Read a byte of memory from the monitor."""
71 self.data=[address&0xff,address>>8];
72 self.writecmd(0,0x02,2,self.data);
74 return ord(self.data[0]);
75 def peekword(self,address):
76 """Read a word of memory from the monitor."""
77 return self.peekbyte(address)+(self.peekbyte(address+1)<<8);
78 def pokebyte(self,address,value):
79 """Set a byte of memory by the monitor."""
80 self.data=[address&0xff,address>>8,value];
81 self.writecmd(0,0x03,3,self.data);
82 return ord(self.data[0]);
83 def dumpmem(self,begin,end):
86 print "%04x %04x" % (i, self.peekword(i));
88 def monitor_ram_pattern(self):
89 """Overwrite all of RAM with 0xBEEF."""
90 self.writecmd(0,0x90,0,self.data);
92 def monitor_ram_depth(self):
93 """Determine how many bytes of RAM are unused by looking for 0xBEEF.."""
94 self.writecmd(0,0x91,0,self.data);
95 return ord(self.data[0])+(ord(self.data[1])<<8);
104 def setBaud(self,baud):
105 """Change the baud rate. TODO fix this."""
106 rates=self.baudrates;
108 print "Changing FET baud."
109 self.serialport.write(chr(0x00));
110 self.serialport.write(chr(0x80));
111 self.serialport.write(chr(1));
112 self.serialport.write(chr(baud));
114 print "Changed host baud."
115 self.serialport.setBaudrate(rates[baud]);
117 self.serialport.flushInput()
118 self.serialport.flushOutput()
120 print "Baud is now %i." % rates[baud];
123 return ord(self.serialport.read(1));
125 for r in self.baudrates:
126 print "\nTrying %i" % r;
127 self.serialport.setBaudrate(r);
129 self.serialport.flushInput()
130 self.serialport.flushOutput()
132 for i in range(1,10):
135 print "Read %02x %02x %02x %02x" % (
136 self.readbyte(),self.readbyte(),self.readbyte(),self.readbyte());
137 def monitortest(self):
138 """Self-test several functions through the monitor."""
139 print "Performing monitor self-test.";
141 if self.peekword(0x0c00)!=0x0c04 and self.peekword(0x0c00)!=0x0c06:
142 print "ERROR Fetched wrong value from 0x0c04.";
143 self.pokebyte(0x0021,0); #Drop LED
144 if self.peekbyte(0x0021)!=0:
145 print "ERROR, P1OUT not cleared.";
146 self.pokebyte(0x0021,1); #Light LED
148 print "Self-test complete.";
151 """Moved the FET into the SPI application."""
152 self.writecmd(0x01,0x10,0,self.data); #SPI/SETUP
154 def SPItrans8(self,byte):
155 """Read and write 8 bits by SPI."""
156 data=self.SPItrans([byte]);
159 def SPItrans(self,data):
160 """Exchange data by SPI."""
162 self.writecmd(0x01,0x00,len(data),data);
165 JEDECmanufacturers={0xFF: "MISSING",
171 JEDECdevices={0xFFFFFF: "MISSING",
176 0xC22014: "MX25L8005",
177 0xC22013: "MX25L4005",
181 """Grab an SPI Flash ROM's JEDEC bytes."""
182 data=[0x9f, 0, 0, 0];
183 data=self.SPItrans(data);
184 #print "Manufacturer: %02x\nType: %02x\nCapacity: %02x" % (ord(data[1]),ord(data[2]),ord(data[3]));
185 self.JEDECmanufacturer=ord(data[1]);
186 self.JEDECtype=ord(data[2]);
187 self.JEDECcapacity=ord(data[3]);
188 self.JEDECdevice=(ord(data[1])<<16)+(ord(data[2])<<8)+ord(data[3]);
190 def SPIpeek(self,adr):
191 """Grab a byte from an SPI Flash ROM."""
198 return ord(self.data[4]);
199 def SPIpeekblock(self,adr):
200 """Grab a byte from an SPI Flash ROM."""
201 data=[(adr&0xFF0000)>>16,
205 self.writecmd(0x01,0x02,3,data);
208 def SPIpokebyte(self,adr,val):
209 self.SPIpokebytes(adr,[val]);
210 def SPIpokebytes(self,adr,data):
211 #self.SPIwriteenable();
212 adranddata=[(adr&0xFF0000)>>16,
216 self.writecmd(0x01,0x03,
217 len(adranddata),adranddata);
219 def SPIchiperase(self):
220 """Mass erase an SPI Flash ROM."""
221 self.writecmd(0x01,0x81,0,[]);
222 def SPIwriteenable(self):
223 """SPI Flash Write Enable"""
227 def SPIjedecmanstr(self):
228 """Grab the JEDEC manufacturer string. Call after SPIjedec()."""
229 man=self.JEDECmanufacturers.get(self.JEDECmanufacturer)
234 def SPIjedecstr(self):
235 """Grab the JEDEC manufacturer string. Call after SPIjedec()."""
236 man=self.JEDECmanufacturers.get(self.JEDECmanufacturer);
239 device=self.JEDECdevices.get(self.JEDECdevice);
242 return "%s %s" % (man,device);
243 def MSP430setup(self):
244 """Move the FET into the MSP430 JTAG application."""
245 print "Initializing MSP430.";
246 self.writecmd(0x11,0x10,0,self.data);
251 """Move the FET into the CC2430/CC2530 application."""
252 #print "Initializing Chipcon.";
253 self.writecmd(0x30,0x10,0,self.data);
254 def CCrd_config(self):
255 """Read the config register of a Chipcon."""
256 self.writecmd(0x30,0x82,0,self.data);
257 return ord(self.data[0]);
258 def CCwr_config(self,config):
259 """Write the config register of a Chipcon."""
260 self.writecmd(0x30,0x81,1,[config&0xFF]);
262 CCversions={0x0100:"CC1110",
268 def CCidentstr(self):
269 ident=self.CCident();
270 chip=self.CCversions.get(ident&0xFF00);
271 return "%s/r%02x" % (chip, ident&0xFF);
273 """Get a chipcon's ID."""
274 self.writecmd(0x30,0x8B,0,None);
275 chip=ord(self.data[0]);
276 rev=ord(self.data[1]);
277 return (chip<<8)+rev;
279 """Get a chipcon's PC."""
280 self.writecmd(0x30,0x83,0,None);
281 hi=ord(self.data[0]);
282 lo=ord(self.data[1]);
284 def CCdebuginstr(self,instr):
285 self.writecmd(0x30,0x88,len(instr),instr);
286 return ord(self.data[0]);
287 def MSP430peek(self,adr):
288 """Read the contents of memory at an address."""
289 self.data=[adr&0xff, (adr&0xff00)>>8];
290 self.writecmd(0x11,0x02,2,self.data);
291 return ord(self.data[0])+(ord(self.data[1])<<8);
292 def CCpeekcodebyte(self,adr):
293 """Read the contents of code memory at an address."""
294 self.data=[adr&0xff, (adr&0xff00)>>8];
295 self.writecmd(0x30,0x90,2,self.data);
296 return ord(self.data[0]);
297 def CCpeekdatabyte(self,adr):
298 """Read the contents of data memory at an address."""
299 self.data=[adr&0xff, (adr&0xff00)>>8];
300 self.writecmd(0x30,0x91, 2, self.data);
301 return ord(self.data[0]);
302 def CCpokedatabyte(self,adr,val):
303 """Write a byte to data memory."""
304 self.data=[adr&0xff, (adr&0xff00)>>8, val];
305 self.writecmd(0x30, 0x92, 3, self.data);
306 return ord(self.data[0]);
307 def CCchiperase(self):
308 """Erase all of the target's memory."""
309 self.writecmd(0x30,0x80,0,None);
311 """Check the status."""
312 self.writecmd(0x30,0x84,0,None);
313 return ord(self.data[0])
314 CCstatusbits={0x80 : "erased",
322 def CCstatusstr(self):
323 """Check the status as a string."""
324 status=self.CCstatus();
329 str="%s %s" %(self.CCstatusbits[i],str);
332 def MSP430poke(self,adr,val):
333 """Read the contents of memory at an address."""
334 self.data=[adr&0xff, (adr&0xff00)>>8, val&0xff, (val&0xff00)>>8];
335 self.writecmd(0x11,0x03,4,self.data);
336 return;# ord(self.data[0])+(ord(self.data[1])<<8);
337 def MSP430start(self):
338 """Start debugging."""
339 self.writecmd(0x11,0x20,0,self.data);
340 ident=self.MSP430ident();
341 print "Target identifies as %04x." % ident;
344 """Start debugging."""
345 self.writecmd(0x30,0x20,0,self.data);
346 ident=self.CCidentstr();
347 print "Target identifies as %s." % ident;
348 #print "Status: %s." % self.CCstatusstr();
351 #print "Status: %s." % self.CCstatusstr();
354 """Stop debugging."""
355 self.writecmd(0x30,0x21,0,self.data);
356 def CCstep_instr(self):
357 """Step one instruction."""
358 self.writecmd(0x30,0x89,0,self.data);
359 def MSP430stop(self):
360 """Stop debugging."""
361 self.writecmd(0x11,0x21,0,self.data);
362 def MSP430haltcpu(self):
364 self.writecmd(0x11,0xA0,0,self.data);
365 def MSP430releasecpu(self):
366 """Resume the CPU."""
367 self.writecmd(0x11,0xA1,0,self.data);
370 self.writecmd(0x30,0x86,0,self.data);
371 def CCreleasecpu(self):
372 """Resume the CPU."""
373 self.writecmd(0x30,0x87,0,self.data);
374 def MSP430shiftir8(self,ins):
375 """Shift the 8-bit Instruction Register."""
377 self.writecmd(0x11,0x80,1,data);
378 return ord(self.data[0]);
379 def MSP430shiftdr16(self,dat):
380 """Shift the 16-bit Data Register."""
381 data=[dat&0xFF,(dat&0xFF00)>>8];
382 self.writecmd(0x11,0x81,2,data);
383 return ord(self.data[0])#+(ord(self.data[1])<<8);
384 def MSP430setinstrfetch(self):
385 """Set the instruction fetch mode."""
386 self.writecmd(0x11,0xC1,0,self.data);
388 def MSP430ident(self):
389 """Grab self-identification word from 0x0FF0 as big endian."""
390 i=self.MSP430peek(0x0ff0);
391 return ((i&0xFF00)>>8)+((i&0xFF)<<8)
392 def MSP430test(self):
393 """Test MSP430 JTAG. Requires that a chip be attached."""
394 if self.MSP430ident()==0xffff:
395 print "Is anything connected?";
396 print "Testing RAM.";
397 temp=self.MSP430peek(0x0200);
398 self.MSP430poke(0x0200,0xdead);
399 if(self.MSP430peek(0x0200)!=0xdead):
400 print "Poke of 0x0200 did not set to 0xDEAD properly.";
402 self.MSP430poke(0x0200,temp); #restore old value.
403 def MSP430flashtest(self):
404 self.MSP430masserase();
407 if(self.MSP430peek(i)!=0xFFFF):
408 print "ERROR: Unerased flash at %04x."%i;
409 self.MSP430writeflash(i,0xDEAD);
411 def MSP430masserase(self):
412 """Erase MSP430 flash memory."""
413 self.writecmd(0x11,0xE3,0,None);
414 def MSP430writeflash(self,adr,val):
415 """Write a word of flash memory."""
416 if(self.MSP430peek(adr)!=0xFFFF):
417 print "FLASH ERROR: %04x not clear." % adr;
418 data=[adr&0xFF,(adr&0xFF00)>>8,val&0xFF,(val&0xFF00)>>8];
419 self.writecmd(0x11,0xE1,4,data);
420 rval=ord(self.data[0])+(ord(self.data[1])<<8);
422 print "FLASH WRITE ERROR AT %04x. Found %04x, wrote %04x." % (adr,rval,val);
424 def MSP430dumpbsl(self):
425 self.MSP430dumpmem(0xC00,0xfff);
426 def MSP430dumpallmem(self):
427 self.MSP430dumpmem(0x200,0xffff);
428 def MSP430dumpmem(self,begin,end):
431 print "%04x %04x" % (i, self.MSP430peek(i));
436 #print "Status: %s" % self.CCstatusstr();
438 #Grab ident three times, should be equal.
439 ident1=self.CCident();
440 ident2=self.CCident();
441 ident3=self.CCident();
442 if(ident1!=ident2 or ident2!=ident3):
443 print "Error, repeated ident attempts unequal."
444 print "%04x, %04x, %04x" % (ident1, ident2, ident3);
446 #Single step, printing PC.
447 print "Tracing execution at startup."
448 for i in range(1,15):
450 byte=self.CCpeekcodebyte(i);
451 #print "PC=%04x, %02x" % (pc, byte);
454 print "Verifying that debugging a NOP doesn't affect the PC."
455 for i in range(1,15):
457 self.CCdebuginstr([0x00]);
458 if(pc!=self.CCgetPC()):
459 print "ERROR: PC changed during CCdebuginstr([NOP])!";
462 #print "Status: %s." % self.CCstatusstr();