added packet fuzzing
[goodfet] / client / goodfet.maxusbmass
1 #!/usr/bin/env python
2
3 #USB Mass Storage Emulator
4 #by Travis Goodspeed
5 #with thanks to Brandon Wilson and his Linky project.
6
7 import sys;
8 import binascii;
9 import array;
10 import time;
11
12 from GoodFETMAXUSB import *;
13
14
15 # This constant is kinda complicated and very ugly.  The idea is that
16 # if we take too long in any given transaction, the host will abort.
17 # How many blocks we can send depends upon timeouts on both sides,
18 # with (at least in Linux) the behavior that aborting early causes the
19 # disk to reset with only warning and no real errors.  Somewhere
20 # there's a way to provide this constant to the host, in which case
21 # stalling and waiting for a reset will no longer be necessary.
22
23 MAXBLOCKSPERTRANSFER=128
24
25 def zeros(length):
26     """Returns a list of zeroes of the specified length."""
27     l=range(0,length);
28     for foo in l:
29         l[foo]=0;
30     return l;
31
32 class GoodFETMAXUSBMass(GoodFETMAXUSBDevice):
33     """This emulates a USB Mass Storage device."""
34     
35     #Too much data to watch everything.
36     usbverbose=False;
37
38     def getSectorData(self,lba):
39         """Overload this to return data from a given 512-byte sector."""
40         print "You forgot to overload getSectorData().  Returning something neighborly.";
41         sector=[
42             0xE9, 0x86, 0x00, 0x0A, 0x47, 0x6F, 0x6F, 0x64, 0x44, 0x69, 0x73, 0x6B, 0x20, 0x30, 0x2E, 0x30,
43             0x31, 0x0A, 0x0D, 0x62, 0x79, 0x20, 0x54, 0x72, 0x61, 0x76, 0x69, 0x73, 0x20, 0x47, 0x6F, 0x6F,
44             0x64, 0x73, 0x70, 0x65, 0x65, 0x64, 0x0A, 0x0A, 0x0D, 0x00, 0x59, 0x6F, 0x75, 0x20, 0x68, 0x61,
45             0x76, 0x65, 0x20, 0x62, 0x65, 0x65, 0x6E, 0x20, 0x65, 0x61, 0x74, 0x65, 0x6E, 0x20, 0x62, 0x79,
46             0x20, 0x61, 0x20, 0x67, 0x72, 0x75, 0x65, 0x2E, 0x20, 0x20, 0x53, 0x6F, 0x72, 0x72, 0x79, 0x2E,
47             0x0A, 0x0D, 0x00, 0x31, 0x29, 0x20, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6E, 0x67, 0x20, 0x6B, 0x65,
48             0x72, 0x6E, 0x65, 0x6C, 0x20, 0x66, 0x72, 0x6F, 0x6D, 0x20, 0x64, 0x69, 0x73, 0x6B, 0x2E, 0x0A,
49             0x0D, 0x00, 0x32, 0x29, 0x20, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6E, 0x67, 0x20, 0x6B,
50             0x65, 0x72, 0x6E, 0x65, 0x6C, 0x2E, 0x0A, 0x0D, 0x00, 0xBE, 0x03, 0x7C, 0xE8, 0x41, 0x00, 0xE8,
51             0x7B, 0x00, 0x31, 0xC0, 0x30, 0xD2, 0xCD, 0x13, 0x0F, 0x82, 0xE8, 0x00, 0xBE, 0x53, 0x7C, 0xE8,
52             0x2E, 0x00, 0xB8, 0xE0, 0x07, 0x8E, 0xC0, 0x31, 0xDB, 0xB8, 0x10, 0x02, 0xB5, 0x00, 0xB1, 0x02,
53             0xB6, 0x00, 0xB2, 0x00, 0xCD, 0x13, 0x0F, 0x82, 0xCA, 0x00, 0xB8, 0x00, 0x7E, 0x89, 0xC6, 0xE8,
54             0x7C, 0x00, 0xBE, 0x72, 0x7C, 0xE8, 0x08, 0x00, 0xEA, 0x00, 0x00, 0xE0, 0x07, 0xE8, 0xB4, 0x00,
55             0xAC, 0x3C, 0x00, 0x74, 0x06, 0xB4, 0x0E, 0xCD, 0x10, 0xEB, 0xF5, 0xC3, 0x30, 0x78, 0x00, 0x20,
56             0x62, 0x79, 0x74, 0x65, 0x73, 0x20, 0x6F, 0x66, 0x20, 0x6D, 0x65, 0x6D, 0x6F, 0x72, 0x79, 0x20,
57             0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x2E, 0x0A, 0x0D, 0x00, 0x53, 0x65, 0x67, 0x6D,
58             0x65, 0x6E, 0x74, 0x73, 0x3A, 0x20, 0x00, 0x2C, 0x20, 0x00, 0x0A, 0x0D, 0x00, 0xBE, 0xDC, 0x7C,
59             0xE8, 0xBD, 0xFF, 0xE8, 0x63, 0x00, 0xE8, 0x07, 0x00, 0xBE, 0xDF, 0x7C, 0xE8, 0xB1, 0xFF, 0xC3,
60             0x89, 0xC3, 0xC1, 0xE8, 0x0C, 0xE8, 0x39, 0x00, 0x89, 0xD8, 0xC1, 0xE8, 0x08, 0xE8, 0x31, 0x00,
61             0x89, 0xD8, 0xC1, 0xE8, 0x04, 0xE8, 0x29, 0x00, 0x89, 0xD8, 0xE8, 0x24, 0x00, 0xC3, 0x31, 0xC9,
62             0xAD, 0xE8, 0xDC, 0xFF, 0xE8, 0x2C, 0x00, 0x83, 0xC1, 0x02, 0x81, 0xF9, 0x00, 0x02, 0x75, 0xF0,
63             0xC3, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45,
64             0x46, 0x50, 0x56, 0x83, 0xE0, 0x0F, 0x05, 0x51, 0x7D, 0x89, 0xC6, 0xAC, 0xB4, 0x0E, 0xCD, 0x10,
65             0x5E, 0x58, 0xC3, 0xB8, 0x20, 0x0E, 0xCD, 0x10, 0xC3, 0x31, 0xC0, 0xCD, 0x12, 0x72, 0x05, 0x85,
66             0xC0, 0x74, 0x01, 0xC3, 0xBE, 0x2A, 0x7C, 0xE8, 0x46, 0xFF, 0xEB, 0xFE, 0xEA, 0x00, 0x00, 0xFF,
67             0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
73             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
74             ];
75         return sector;
76     def putSectorData(self,lba,block):
77         """Overload this to write data to a given 512-byte sector."""
78         print "You forgot to overload putSectorData().  Ignoring sector write.";
79         return;
80     
81     def getSectorCount(self):
82         """Returns the number of viable Logical Block Addresses."""
83         print "You forgot to overload getSectorCount().  Guessing 0x200.";
84         return 0x200;
85     
86     def massinit(self):
87         """Initialize a USB Mass Storage device."""
88         self.usb_disconnect();
89         time.sleep(1);
90         self.usb_connect();
91         self.massrun();
92         
93     def massrun(self):
94         """Main loop of the USB Mass Storage emulator."""
95         print "Starting a Mass Storage device.";
96         while 1:
97             sys.stdout.flush();
98             self.service_irqs();
99     def do_SETUP(self):
100         """Handle USB Enumeration"""
101         
102         #Grab the SETUP packet from the buffer.
103         SUD=self.readbytes(rSUDFIFO,8);
104         
105         #Parse the SETUP packet
106         print "Handling a setup packet of %s" % self.setup2str(SUD);
107         setuptype=(ord(SUD[bmRequestType])&0x60);
108         if setuptype==0x00:
109             self.std_request(SUD);
110         elif setuptype==0x20:
111             self.class_request(SUD);
112         elif setuptype==0x40:
113             self.vendor_request(SUD);
114         else:
115             print "Unknown bmRequestType=0x%02x." % ord(SUD[bmRequestType])
116             self.STALL_EP0(SUD);
117     def class_request(self,SUD):
118         """Handle a class request."""
119         requesttype=ord(SUD[bmRequestType]);
120         request=ord(SUD[bRequest]);
121         if requesttype==0xA1 and request==0xFE:
122             print "Reporting 0 as the maximum LUN.";
123             #This is a Get Max LUN request.
124             #Return 1-byte maximum Logical Unit Number
125             self.wreg(rEP0FIFO,0x00); # Just one LUN.
126             self.wregAS(rEP0BC,1); # ARM and fire!
127             return; #Don't stall.
128         if requesttype==0x21 and request==0xff:
129             print "Received BBB reset."
130             self.wregAS(rEP0BC,0); # ARM and fire!
131             return; #Don't stall.
132         print "Stalling an unknown class request: %s" % self.setup2str(SUD);
133         self.STALL_EP0(SUD);
134     def vendor_request(self,SUD):
135         """Handle a vendor request."""
136         request=ord(SUD[bRequest]);
137         print "Why the hell is there a vendor request?";
138         #self.wreg(rEP0FIFO,0);
139         self.wregAS(rEP0BC,0);
140     def std_request(self,SUD):
141         """Handles a standard setup request."""
142         setuptype=ord(SUD[bRequest]);
143         if setuptype==SR_GET_DESCRIPTOR: self.send_descriptor(SUD);
144         #elif setuptype==SR_SET_FEATURE: self.feature(1);
145         elif setuptype==SR_SET_CONFIGURATION: self.set_configuration(SUD);
146         elif setuptype==SR_GET_STATUS: self.get_status(SUD);
147         elif setuptype==SR_SET_ADDRESS: self.rregAS(rFNADDR);
148         elif setuptype==SR_GET_INTERFACE: self.get_interface(SUD);
149         else:
150             #print "Stalling Unknown standard setup request type %02x" % setuptype;
151             #self.STALL_EP0(SUD);
152             print "Accepting unknown standard setup request type %02x" % setuptype;
153             self.wregAS(rEP0BC,0);
154             
155     def get_interface(self,SUD):
156         """Handles a setup request for SR_GET_INTERFACE."""
157         if ord(SUD[wIndexL]==0):
158             self.wreg(rEP0FIFO,0);
159             self.wregAS(rEP0BC,1);
160         else:
161             self.STALL_EP0(SUD);
162     
163
164
165 #Device Descriptor
166     DD=[ 
167         
168     0x12, #length
169     0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x40,
170     0x81, 0x07, #Sandisk 
171     0x50, 0x51, #SDCZ2 Cruzer Mini Flash Drive (thin)
172     0x00, 0x03,
173     0x01, 0x02, 0x03, #Strings
174     0x01
175     
176     ];
177
178 #Configuration Descriptor
179     CD=[
180
181   0x09, #Length
182   0x02, #Type
183   0x20, #Total Length
184   0x00, 0x01, 0x01, 0x00, 0xE0, 0x00, 0x09, 0x04, 0x00, 0x00,
185   0x02, #Num Endpoints
186   0x08, #Mass Storage Bulk Only
187   0x06, #SCSI
188   0x50, 0x00,
189   
190   #OUT EP1
191   0x07, 0x05, 0x01, 0x02, 0x40, 0x00, 0x00,
192   #IN EP3
193   0x07, 0x05, 0x83, 0x02, 0x40, 0x00, 0x00,
194
195 ];
196     strDesc=[
197 # STRING descriptor 0--Language string
198 "\x04\x03\x09\x04",
199 # [
200 #         0x04,                 # bLength
201 #       0x03,                   # bDescriptorType = string
202 #       0x09,0x04               # wLANGID(L/H) = English-United Sates
203 # ],
204 # STRING descriptor 1--Manufacturer ID
205 "\x10\x03G\x00o\x00o\x00d\x00F\x00E\x00T\x00",
206 # STRING descriptor 2 - Product ID
207 "\x1C\x03M\x00A\x00S\x00S\x00 \x00E\x00m\x00u\x00l\x00a\x00t\x00o\x00r\x00",
208 # STRING descriptor 3 - Serial Number ID
209 "\x14\x03S\x00/\x00N\x00 \x003\x004\x002\x000\x00E\x00"
210 ];
211
212     def get_status(self,SUD):
213         """Get the USB Setup Status."""
214         testbyte=ord(SUD[bmRequestType])
215         
216         #Toward Device
217         if testbyte==0x80:
218             self.wreg(rEP0FIFO,0x03); #Enable RWU and self-powered
219             self.wreg(rEP0FIFO,0x00); #Second byte is always zero.
220             self.wregAS(rEP0BC,2);    #Load byte count, arm transfer, and ack CTL.
221         #Toward Interface
222         elif testbyte==0x81:
223             self.wreg(rEP0FIFO,0x00);
224             self.wreg(rEP0FIFO,0x00); #Second byte is always zero.
225             self.wregAS(rEP0BC,2);
226         #Toward Endpoint
227         elif testbyte==0x82:
228             if(ord(SUD[wIndexL])==0x83):
229                 print "This code almost certainly doesn't work.";
230                 self.wreg(rEP0FIFO,0x01); #Stall EP3
231                 self.wreg(rEP0FIFO,0x00); #Second byte is always zero.
232                 self.wregAS(rEP0BC,2);
233             else:
234                 print "Stalling unknown status.";
235                 self.STALL_EP0(SUD);
236         else:
237             print "Stalling unknown status.";
238             self.STALL_EP0(SUD);
239     
240     def do_IN3(self):
241         """Handle IN3 input event."""
242         # Do nothing here, as it'll be taken care of elsewhere.  The
243         # interrupt just means that the buffer is empty, not that we
244         # are expected to fill it.
245         
246     def do_OUT1(self):
247         """Handle an OUT1 output event."""
248         l=self.rreg(rEP1OUTBC);
249         frame=self.readbytes(rEP1OUTFIFO,l);
250         self.handleCBW(frame);
251         
252     lastCBW="";
253     def handleCBW(self,cbw):
254         """Handles an incoming Command Block Wrapper.  See USB Mass
255         Storage Class for details."""
256         
257         if len(cbw)!=31:
258             print "Invalid CBW length of %i bytes.  Aborting." % len(cbw);
259             return;
260         sig=cbw[0:4];
261         if sig!="USBC":
262             print "Invalid CBW signature: %s.  Should be USBC; aborting." % sig;
263             return;
264         self.lastCBW=cbw;
265         
266         dtlen=ord(cbw[8])+(ord(cbw[9])<<8)+(ord(cbw[10])<<16)+(ord(cbw[11])<<24);
267         flags=ord(cbw[12]);
268         dtdir=flags&0x80; # 0x80 for dev->host, 0x00 for host->dev
269         lun=ord(cbw[13])&0x0F; # Should be zero, as we only reported one LUN.
270         cblen=ord(cbw[14])&0x1F;
271         cb=cbw[15:31];
272         self.handleCB(cb,cblen,dtlen,dtdir);
273         
274     def handleCB(self,cb,cblen,dtlen,dtdir):
275         """Handles a command block, then replies with a CSW."""
276         if self.usbverbose:
277             print "Got command block, type 0x%02x requesting 0x%02x bytes" % (
278                 ord(cb[0]), dtlen);
279         verb=ord(cb[0]);
280         status=00; #good, set to 1 for bad.
281         if verb==0x00: # Test Unit Ready
282             # Send nothing, just the success code.
283             status=0;
284         elif verb==0x03: # Request Sense
285             print "Responding to Request Sense.  Needed for Macs.";
286             response=[0x70, 0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x0A,
287                       0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00,
288                       0x00, 0x00,
289                       0,0,0,0,0];
290             #status=1;
291             self.writebytes(rEP3INFIFO,
292                             response);
293             self.wreg(rEP3INBC,len(response));
294         elif verb==0x12: #Inquiry
295             #print "Responding to CB inquiry.";
296             response=[
297                 0x00, # 00 for Direct, 1F for "no floppy"
298                 0x80, # make 0x80 for removable media, 0x00 for fixed
299                 0x00, # Version
300                 0x01, # Response Data Format
301                 0x1f, #Additional length.
302                 0x00, 0x00, 0x00,
303                 #Manufacturer
304                 ord('G'),ord('o'),ord('o'),ord('d'),ord('F'),ord('E'),ord('T'),0x20,
305                 #Device name
306                 ord('G'),ord('o'),ord('o'),ord('d'),ord('F'),ord('E'),ord('T'),0x20,
307                 0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
308                 ord('0'),ord('.'),ord('0'),ord('1')]
309             #print "Sending %i byte reply to %i byte query." % (
310             #        len(response),dtlen);
311             while len(response)<dtlen:
312                 response=response+[0];
313             #while not(self.rreg(rEPIRQ)&bmIN3BAVIRQ):
314             #    #Wait for the packet to complete before sending the next.
315             #    print "Waiting to complete inquiry."
316             #    pass;
317             self.writebytes(rEP3INFIFO,
318                             response);
319             self.wregAS(rEP3INBC,
320                         dtlen);
321                         #len(response));
322             #self.wreg(rEPIRQ,bmIN3BAVIRQ); #Clear the bit
323             #while not(self.rreg(rEPIRQ)&bmIN3BAVIRQ):
324             #    #Wait for the packet to complete before sending the next.
325             #    print "Waiting to complete inquiry."
326             #    pass;
327         elif verb==0x1e: #Prevent/Allow Removal
328             # Give a good status to pretend we understand.
329             status=0x00;
330         elif verb==0x1A or verb==0x5A: #Mode Sense (6 or 10)
331             # I should probably send six bytes here.
332             page=ord(cb[2])&0x3F;
333             print "Mode Sense (6) requesting %i byte Page Code %02x" % (
334                 dtlen,page);
335             #This is completely wrong.
336             response=[0x07,0,0,0, 0,0,0,0x1C];
337             # response=[0x37,0x00,0x00,0x08,0x00,0x00,0x00,0x00, 0x00,0x00,0x02,0x00,0x01,0x0a,0x80,0x00,
338             #           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x08,0x12,0x04,0x00,0x00,0x00,0x00,0x00,
339             #           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x0a,0x0a,0x02,0x00,
340             #           0x00,0x00,0x00,0x00,0xff,0xff,0x00,0x1e];
341             if page!=0x3f:
342                 print "Unknown page, returning empty page.";
343                 response=[0x07,0,0,0, 0,0,0,0];
344             self.fifo_ep3in_tx(response);
345         elif verb==0x23: #Read Format Capacity
346             response=[
347                 0x00, 0,0x00,0x08,    # Capacity list length.
348                 0,0x00,0x10,0x00,     # Number of sectors, implying 10MB.  Should come from image.
349                 0x01,0x00,            # reserved/desciptor code.
350                 0x02,0x00             # 512 bytes/sector.  Why is this twice?
351                 ];
352             self.writebytes(rEP3INFIFO,
353                             response);
354             self.wregAS(rEP3INBC,
355                         len(response));
356         elif verb==0x25: #Read Capacity
357             lastlba=self.getSectorCount();
358             response=[
359                 #0x00, 0, 0x0f, 0xFF, # Last LBA
360                 (lastlba>>24)&0xFF, (lastlba>>16)&0xFF, (lastlba>>8)&0xFF, lastlba&0xFF, # Last LBA
361                 0x00,0x00,0x02,0x00   # Block length of 512 bytes.
362                 ];
363             self.writebytes(rEP3INFIFO,
364                             response);
365             self.wregAS(rEP3INBC,
366                         len(response));
367         elif verb==0x28: #READ SECTOR
368             cbw=self.lastCBW;
369             baselba=(
370                 ord(cbw[20]) |
371                 (ord(cbw[19])<<8) |
372                 (ord(cbw[18])<<16) |
373                 (ord(cbw[17])<<24)
374                 );
375             count=dtlen/512;
376             print "Fetching %i blocks starting at  LBA %i." % (count,baselba);
377             if count>MAXBLOCKSPERTRANSFER:
378                 count=0;
379                 #status=1; #Fail if we're asked to read more than 32 blocks.
380                 #Now we need to stall EP3.  It's not acceptable to just forget to transmit.
381                 self.wreg(rEPSTALLS,0x10);
382                 return;
383             for i in range(0,count):
384                 data=self.getSectorData(baselba+i);
385                 self.fifo_ep3in_tx(data);
386                 
387                 # for j in range(0,8):
388                 #     #print "Sending block fragment %i,%i" % (i,j);
389                 #     #Transmit each 64-byte block fragment, then wait for next.
390                 #     while not(self.rreg(rEPIRQ)&bmIN3BAVIRQ): pass;
391                 #     response=data[j*64:j*64+64];
392                 #     self.writebytes(rEP3INFIFO,
393                 #                     response);
394                 #     self.wregAS(rEP3INBC,
395                 #                 64);
396             #sys.exit();
397         elif verb==0x2A: #WRITE SECTOR
398             print "Haven't implemented WRITE SECTOR.";
399             #sys.exit();
400         elif verb==0x1B: #EJECT/RETRACT DISK
401             print "Haven't implemented SCSI Start Stop Unit Command (1B)";
402             print "https://en.wikipedia.org/wiki/SCSI_Start_Stop_Unit_Command";
403             #sys.exit();
404         else:
405             print "ERROR: Unknown SCSI command block verb %02x." % verb;
406             status=0x02; #Command Failed
407             if dtlen>0:
408                 print "Sending %i bytes of dummy data here." % dtlen;
409                 self.fifo_ep3in_tx(zeros(dtlen));
410             #sys.exit(1);
411         cbw=self.lastCBW;
412         
413         #Now we need to send the CSW.
414         csw=[
415             #Standard prefix.
416             ord('U'),ord('S'),ord('B'),ord('S'),
417             #CBW key; must be the same as the one we're replying to.
418             ord(cbw[4]),ord(cbw[5]),ord(cbw[6]),ord(cbw[7]),
419             #CSW Data Residue, probably oughtn't be zeroed.
420             0,0,0,0,
421             #Status byte: 00 for good, 01 for bad.
422             status];
423         self.writebytes(rEP3INFIFO,
424                         csw);
425         self.wregAS(rEP3INBC,len(csw));
426         
427         
428         return;
429
430 class GoodFETMAXUSBMassFile(GoodFETMAXUSBMass):
431     """This emulates a USB Mass Storage Device, providing a file as
432     its image.  Writes are not yet supported, and this is very slow.
433     Performance hacks will come after the code stabilizes."""
434     
435     datafile=None;
436     datafilelen=None;
437     def openImage(self,filename):
438         """Opens an image for use.  Call this *before* massinit()."""
439         self.datafile=open(filename,"rb");
440         print "Opened an image with %i blocks." % self.getSectorCount();
441     def putSectorData(self,lba,block):
442         """Writes a 512-byte sector to the lba address."""
443         print "Writes aren't yet supported.";
444         return;
445     
446     def getSectorData(self,lba):
447         """Returns data from a 512-byte sector."""
448         toret="";
449         
450         #Seek to the appropraite block.
451         #print "Seeking to position %i"% (lba*512)
452         self.datafile.seek(lba*512,0);
453         pos=self.datafile.tell();
454         if pos!=lba*512:
455             print "SEEK ERROR: Seeked to %i (lba=%i), but now I'm at %i (lba=%i)" % (
456                 lba*512,lba,
457                 pos,pos/512);
458             #sys.exit();
459         
460         #Dump the data out, assuming no blocking and filling with nonsense.
461         toret=self.datafile.read(512);
462         if len(toret)<512:
463             print "Holy hell, I only have %i bytes of 512." % len(toret);
464         
465         toretbytes=range(0,len(toret));
466         for b in range(0,len(toret)): toretbytes[b]=ord(toret[b]);
467         return toretbytes;
468         
469     def getSectorCount(self):
470         """Returns the number of viable Logical Block Addresses."""
471         
472         # Python must have a better way to read a file length, but for
473         # now we just read the whole damned thing and then throw it
474         # away.  With present performance, we can't read anything
475         # large enough for this to be a problem.
476         if self.datafilelen==None:
477             self.datafile.seek(0);
478             self.datafilelen=len(self.datafile.read());
479         if self.datafilelen%512!=0:
480             print "ERROR: Image does not have an integer number of blocks!"
481             print "%i \% 512 == %i" % (self.datafilelen,
482                                        self.datafilelen%512);
483             sys.exit();
484         return self.datafilelen/512-1;
485
486 if(len(sys.argv)==1):
487     print "Usage: %s disk.img\n" % sys.argv[0];
488     sys.exit();
489
490
491 #Initialize FET and set baud rate
492 client=GoodFETMAXUSBMassFile();
493 client.serInit()
494
495 client.openImage(sys.argv[1]);
496
497 client.MAXUSBsetup();
498 client.massinit();
499