2 # GoodFET Client Library
4 # (C) 2009 Travis Goodspeed <travis at radiantmachines.com>
6 # This code is being rewritten and refactored. You've been warned!
11 from GoodFET import GoodFET;
12 from intelhex import IntelHex;
14 import xml.dom.minidom;
16 class GoodFETCC(GoodFET):
17 """A GoodFET variant for use with Chipcon 8051 Zigbee SoC."""
23 smartrfpath="/opt/smartrf7";
24 def loadsymbols(self):
25 try: self.SRF_loadsymbols();
27 if self.verbose==1: print "SmartRF load failed.";
28 def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"):
29 fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc);
30 #print "Opening %s" % fn;
31 return xml.dom.minidom.parse(fn)
33 def CMDrs(self,args=[]):
34 """Chip command to grab the radio state."""
35 self.SRF_radiostate();
36 def SRF_bitfieldstr(self,bf):
43 for e in bf.childNodes:
44 if e.localName=="Name" and e.childNodes: name= e.childNodes[0].nodeValue;
45 elif e.localName=="Start": start=e.childNodes[0].nodeValue;
46 elif e.localName=="Stop": stop=e.childNodes[0].nodeValue;
47 return " [%s:%s] %30s " % (start,stop,name);
48 def SRF_radiostate(self):
50 chip=self.CCversions.get(ident&0xFF00);
51 dom=self.SRF_chipdom(chip,"register_definition.xml");
52 for e in dom.getElementsByTagName("registerdefinition"):
53 for f in e.childNodes:
54 if f.localName=="DeviceName":
55 print "// %s RadioState" % (f.childNodes[0].nodeValue);
56 elif f.localName=="Register":
61 for g in f.childNodes:
62 if g.localName=="Name":
63 name=g.childNodes[0].nodeValue;
64 elif g.localName=="Address":
65 address=g.childNodes[0].nodeValue;
66 elif g.localName=="Description":
68 description=g.childNodes[0].nodeValue;
69 elif g.localName=="Bitfield":
70 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
71 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
72 print "%-10s=0x%02x; /* %-50s */" % (
73 name,self.CCpeekdatabyte(eval(address)), description);
74 if bitfields!="": print bitfields.rstrip();
76 """Returns the received signal strenght, from 0 to 1."""
77 rssireg=self.symbols.get("RSSI");
78 return self.CCpeekdatabyte(rssireg);
79 def SRF_loadsymbols(self):
81 chip=self.CCversions.get(ident&0xFF00);
82 dom=self.SRF_chipdom(chip,"register_definition.xml");
83 for e in dom.getElementsByTagName("registerdefinition"):
84 for f in e.childNodes:
85 if f.localName=="Register":
90 for g in f.childNodes:
91 if g.localName=="Name":
92 name=g.childNodes[0].nodeValue;
93 elif g.localName=="Address":
94 address=g.childNodes[0].nodeValue;
95 elif g.localName=="Description":
97 description=g.childNodes[0].nodeValue;
98 elif g.localName=="Bitfield":
99 bitfields+="%17s/* %-50s */\n" % ("",self.SRF_bitfieldstr(g));
100 #print "SFRX(%10s, %s); /* %50s */" % (name,address, description);
101 self.symbols.define(eval(address),name,description,"data");
107 self.writecmd(self.APP,0x86,0,self.data);
110 def CCreleasecpu(self):
111 """Resume the CPU."""
112 self.writecmd(self.APP,0x87,0,self.data);
116 #print "Status: %s" % self.CCstatusstr();
118 #Grab ident three times, should be equal.
119 ident1=self.CCident();
120 ident2=self.CCident();
121 ident3=self.CCident();
122 if(ident1!=ident2 or ident2!=ident3):
123 print "Error, repeated ident attempts unequal."
124 print "%04x, %04x, %04x" % (ident1, ident2, ident3);
126 #Single step, printing PC.
127 print "Tracing execution at startup."
128 for i in range(1,15):
130 byte=self.CCpeekcodebyte(i);
131 #print "PC=%04x, %02x" % (pc, byte);
134 print "Verifying that debugging a NOP doesn't affect the PC."
135 for i in range(1,15):
137 self.CCdebuginstr([0x00]);
138 if(pc!=self.CCgetPC()):
139 print "ERROR: PC changed during CCdebuginstr([NOP])!";
141 print "Checking pokes to XRAM."
142 for i in range(0xf000,0xf020):
143 self.CCpokedatabyte(i,0xde);
144 if(self.CCpeekdatabyte(i)!=0xde):
145 print "Error in XDATA at 0x%04x" % i;
147 #print "Status: %s." % self.CCstatusstr();
153 """Move the FET into the CC2430/CC2530 application."""
154 #print "Initializing Chipcon.";
155 self.writecmd(self.APP,0x10,0,self.data);
156 def CCrd_config(self):
157 """Read the config register of a Chipcon."""
158 self.writecmd(self.APP,0x82,0,self.data);
159 return ord(self.data[0]);
160 def CCwr_config(self,config):
161 """Write the config register of a Chipcon."""
162 self.writecmd(self.APP,0x81,1,[config&0xFF]);
163 def CClockchip(self):
164 """Set the flash lock bit in info mem."""
165 self.writecmd(self.APP, 0x9A, 0, None);
167 """Set the flash lock bit in info mem."""
171 CCversions={0x0100:"cc1110",
177 0xA500:"cc2530", #page 52 of SWRU191
180 CCpagesizes={0x01: 1024, #"CC1110",
181 0x11: 1024, #"CC1111",
182 0x85: 2048, #"CC2430",
183 0x89: 2048, #"CC2431",
184 0x81: 1024, #"CC2510",
185 0x91: 1024, #"CC2511",
186 0xA5: 2048, #"CC2530", #page 52 of SWRU191
187 0xB5: 2048, #"CC2531",
188 0xFF: 0 } #"CCmissing"};
189 def infostring(self):
190 return self.CCidentstr();
191 def CCidentstr(self):
192 ident=self.CCident();
193 chip=self.CCversions.get(ident&0xFF00);
194 pagesize=self.CCpagesizes.get(ident>0xFF);
196 return "%s/r%0.4x/ps0x%0.4x" % (chip, ident, pagesize);
198 return "%04x" % ident;
200 """Get a chipcon's ID."""
201 self.writecmd(self.APP,0x8B,0,None);
202 chip=ord(self.data[0]);
203 rev=ord(self.data[1]);
204 return (chip<<8)+rev;
205 def CCpagesize(self):
206 """Get a chipcon's ID."""
207 self.writecmd(self.APP,0x8B,0,None);
208 chip=ord(self.data[0]);
209 size=self.CCpagesizes.get(chip);
211 print "ERROR: Pagesize undefined.";
212 print "chip=%0.4x" %chip;
217 return self.CCgetPC();
219 """Get a chipcon's PC."""
220 self.writecmd(self.APP,0x83,0,None);
221 hi=ord(self.data[0]);
222 lo=ord(self.data[1]);
224 def CCcmd(self,phrase):
225 self.writecmd(self.APP,0x00,len(phrase),phrase);
226 val=ord(self.data[0]);
227 print "Got %02x" % val;
229 def CCdebuginstr(self,instr):
230 self.writecmd(self.APP,0x88,len(instr),instr);
231 return ord(self.data[0]);
232 def peekblock(self,adr,length,memory="vn"):
233 """Return a block of data."""
234 data=[adr&0xff, (adr&0xff00)>>8,
235 length&0xFF,(length&0xFF00)>>8];
236 self.writecmd(self.APP,0x91,4,data);
237 return [ord(x) for x in self.data]
238 def peek8(self,address, memory="code"):
239 if(memory=="code" or memory=="flash" or memory=="vn"):
240 return self.CCpeekcodebyte(address);
241 elif(memory=="data" or memory=="xdata" or memory=="ram"):
242 return self.CCpeekdatabyte(address);
243 elif(memory=="idata" or memory=="iram"):
244 return self.CCpeekirambyte(address);
245 print "%s is an unknown memory." % memory;
247 def CCpeekcodebyte(self,adr):
248 """Read the contents of code memory at an address."""
249 self.data=[adr&0xff, (adr&0xff00)>>8];
250 self.writecmd(self.APP,0x90,2,self.data);
251 return ord(self.data[0]);
252 def CCpeekdatabyte(self,adr):
253 """Read the contents of data memory at an address."""
254 self.data=[adr&0xff, (adr&0xff00)>>8];
255 self.writecmd(self.APP,0x91, 2, self.data);
256 return ord(self.data[0]);
257 def CCpeekirambyte(self,adr):
258 """Read the contents of IRAM at an address."""
259 self.data=[adr&0xff];
260 self.writecmd(self.APP,0x02, 1, self.data);
261 return ord(self.data[0]);
262 def CCpeekiramword(self,adr):
263 """Read the little-endian contents of IRAM at an address."""
264 return self.CCpeekirambyte(adr)+(
265 self.CCpeekirambyte(adr+1)<<8);
266 def CCpokeiramword(self,adr,val):
267 self.CCpokeirambyte(adr,val&0xff);
268 self.CCpokeirambyte(adr+1,(val>>8)&0xff);
269 def CCpokeirambyte(self,adr,val):
270 """Write the contents of IRAM at an address."""
271 self.data=[adr&0xff, val&0xff];
272 self.writecmd(self.APP,0x02, 2, self.data);
273 return ord(self.data[0]);
275 def CCpokedatabyte(self,adr,val):
276 """Write a byte to data memory."""
277 self.data=[adr&0xff, (adr&0xff00)>>8, val];
278 self.writecmd(self.APP, 0x92, 3, self.data);
279 return ord(self.data[0]);
280 def CCchiperase(self):
281 """Erase all of the target's memory."""
282 self.writecmd(self.APP,0x80,0,None);
284 """Erase all of the target's memory."""
289 """Check the status."""
290 self.writecmd(self.APP,0x84,0,None);
291 return ord(self.data[0])
293 CCstatusbits={0x80 : "erase_busy",
297 0x08 : "halt_status",
302 CCconfigbits={0x20 : "soft_power_mode", #new for CC2530
305 0x02 : "timer_suspend",
306 0x01 : "sel_flash_info_page" #stricken from CC2530
310 """Check the status as a string."""
311 status=self.CCstatus();
316 str="%s %s" %(self.CCstatusbits[i],str);
320 """Start debugging."""
322 self.writecmd(self.APP,0x20,0,self.data);
323 ident=self.CCidentstr();
324 #print "Target identifies as %s." % ident;
325 #print "Status: %s." % self.status();
328 #Get SmartRF Studio regs if they exist.
332 """Stop debugging."""
333 self.writecmd(self.APP,0x21,0,self.data);
334 def CCstep_instr(self):
335 """Step one instruction."""
336 self.writecmd(self.APP,0x89,0,self.data);
337 def CCeraseflashbuffer(self):
338 """Erase the 2kB flash buffer"""
339 self.writecmd(self.APP,0x99);
340 def CCflashpage(self,adr):
341 """Flash 2kB a page of flash from 0xF000 in XDATA"""
346 print "Flashing buffer to 0x%06x" % adr;
347 self.writecmd(self.APP,0x95,4,data);
349 def setsecret(self,value):
350 """Set a secret word for later retreival. Used by glitcher."""
352 pagelen = self.CCpagesize(); #Varies by chip.
353 print "page=%04x, pagelen=%04x" % (page,pagelen);
355 self.CCeraseflashbuffer();
356 print "Setting secret to %x" % value;
357 self.CCpokedatabyte(0xF000,value);
358 self.CCpokedatabyte(0xF800,value);
359 print "Setting secret to %x==%x" % (value,
360 self.CCpeekdatabyte(0xf000));
362 print "code[0]=%x" % self.CCpeekcodebyte(0);
364 """Get a secret word. Used by glitcher."""
365 secret=self.CCpeekcodebyte(0);
366 #print "Got secret %02x" % secret;
369 def dump(self,file,start=0,stop=0xffff):
370 """Dump an intel hex file from code memory."""
371 print "Dumping code from %04x to %04x as %s." % (start,stop,file);
375 h[i]=self.CCpeekcodebyte(i);
377 print "Dumped %04x."%i;
378 h.write_hex_file(file); #buffer to disk.
380 h.write_hex_file(file);
382 def flash(self,file):
383 """Flash an intel hex file to code memory."""
384 print "Flashing %s" % file;
388 pagelen = self.CCpagesize(); #Varies by chip.
390 #print "page=%04x, pagelen=%04x" % (page,pagelen);
394 #Wipe the RAM buffer for the next flash page.
395 self.CCeraseflashbuffer();
396 for i in h._buf.keys():
397 while(i>=page+pagelen):
399 self.CCflashpage(page);
400 #client.CCeraseflashbuffer();
402 print "Flashed page at %06x" % page
405 #Place byte into buffer.
406 self.CCpokedatabyte(0xF000+i-page,
410 print "Buffering %04x toward %06x" % (i,page);
412 self.CCflashpage(page);
413 print "Flashed final page at %06x" % page;