class GoodFET:
"""GoodFET Client Library"""
+
+ GLITCHAPP=0x71;
+
def __init__(self, *args, **kargs):
self.data=[0];
def timeout(self):
115200,
parity = serial.PARITY_NONE
)
+
+ #This might cause problems, but it makes failure graceful.
+ #self.serialport._timeout = 5;
+
+ #Explicitly set RTS and DTR to halt board.
+ self.serialport.setRTS(1);
+ self.serialport.setDTR(1);
#Drop DTR, which is !RST, low to begin the app.
self.serialport.setDTR(0);
self.serialport.flushInput()
print "Verb %02x is wrong. Incorrect firmware?" % self.verb;
#print "Connected."
def getbuffer(self,size=0x1c00):
- writecmd(0,0xC2,[size&0xFF,(size>>16)&&0xFF]);
+ writecmd(0,0xC2,[size&0xFF,(size>>16)&0xFF]);
print "Got %02x%02x buffer size." % (self.data[1],self.data[0]);
- def writecmd(self, app, verb, count=0, data=[], blocks=1):
+ def writecmd(self, app, verb, count=0, data=[]):
"""Write a command and some data to the GoodFET."""
self.serialport.write(chr(app));
self.serialport.write(chr(verb));
- self.serialport.write(chr(count));
+
+ #if data!=None:
+ # count=len(data); #Initial count ignored.
+
+ #print "TX %02x %02x %04x" % (app,verb,count);
+
+ #little endian 16-bit length
+ self.serialport.write(chr(count&0xFF));
+ self.serialport.write(chr(count>>8));
+
#print "count=%02x, len(data)=%04x" % (count,len(data));
- if count!=0:
- for d in data:
- self.serialport.write(chr(d));
+ if count!=0:
+ if(isinstance(data,list)):
+ for i in range(0,count):
+ #print "Converting %02x at %i" % (data[i],i)
+ data[i]=chr(data[i]);
+ #print type(data);
+ outstr=''.join(data);
+ self.serialport.write(outstr);
if not self.besilent:
- #print "Reading reply to %02x/%02x." % (app,verb);
- self.readcmd(blocks);
- #print "Read reply."
-
+ self.readcmd();
+
besilent=0;
app=0;
verb=0;
count=0;
data="";
- def readcmd(self,blocks=1):
+ def readcmd(self):
"""Read a reply from the GoodFET."""
while 1:
+ #print "Reading...";
self.app=ord(self.serialport.read(1));
+ #print "APP=%2x" % self.app;
self.verb=ord(self.serialport.read(1));
- self.count=ord(self.serialport.read(1));
- self.data=self.serialport.read(self.count*blocks);
- #print "READ %02x %02x %02x " % (self.app, self.verb, self.count);
+ #print "VERB=%02x" % self.verb;
+ self.count=(
+ ord(self.serialport.read(1))
+ +(ord(self.serialport.read(1))<<8)
+ );
#Debugging string; print, but wait.
if self.app==0xFF and self.verb==0xFF:
- print "DEBUG %s" % self.data;
+ print "# DEBUG %s" % self.serialport.read(self.count);
else:
+ self.data=self.serialport.read(self.count);
return self.data;
+ #Glitching stuff.
+ def glitchAPP(self,app):
+ """Glitch into a device by its application."""
+ self.data=[app&0xff];
+ self.writecmd(self.GLITCHAPP,0x80,1,self.data);
+ #return ord(self.data[0]);
+ def glitchVERB(self,app,verb, data):
+ """Glitch during a transaction.."""
+ self.data=[app&0xff, verb&0xFF]+data;
+ self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data);
+ #return ord(self.data[0]);
+ def glitchVoltages(self,low=0x0880, high=0x0fff):
+ """Set glitching voltages. (0x0fff is max.)"""
+ self.data=[low&0xff, (low>>8)&0xff,
+ high&0xff, (high>>8)&0xff];
+ self.writecmd(self.GLITCHAPP,0x90,4,self.data);
+ #return ord(self.data[0]);
+ def glitchRate(self,count=0x0800):
+ """Set glitching count period."""
+ self.data=[count&0xff, (count>>8)&0xff];
+ self.writecmd(self.GLITCHAPP,0x91,2,
+ self.data);
+ #return ord(self.data[0]);
+
#Monitor stuff
def silent(self,s=0):
def dir(self,byte):
"""Write a byte to P5DIR."""
self.writecmd(0,0xA0,1,[byte]);
+ def call(self,adr):
+ """Call to an address."""
+ self.writecmd(0,0x30,2,
+ [adr&0xFF,(adr>>8)&0xFF]);
+ def execute(self,code):
+ """Execute supplied code."""
+ self.writecmd(0,0x31,2,#len(code),
+ code);
def peekbyte(self,address):
"""Read a byte of memory from the monitor."""
self.data=[address&0xff,address>>8];
"""Write bytes by I2C."""
self.writecmd(0x02,0x01,len(bytes),bytes); #SPI/SETUP
return ord(self.data[0]);
-class GoodFETCC(GoodFET):
- """A GoodFET variant for use with Chipcon 8051 Zigbe SoC."""
- def CChaltcpu(self):
- """Halt the CPU."""
- self.writecmd(0x30,0x86,0,self.data);
- def CCreleasecpu(self):
- """Resume the CPU."""
- self.writecmd(0x30,0x87,0,self.data);
- def CCtest(self):
- self.CCreleasecpu();
- self.CChaltcpu();
- #print "Status: %s" % self.CCstatusstr();
-
- #Grab ident three times, should be equal.
- ident1=self.CCident();
- ident2=self.CCident();
- ident3=self.CCident();
- if(ident1!=ident2 or ident2!=ident3):
- print "Error, repeated ident attempts unequal."
- print "%04x, %04x, %04x" % (ident1, ident2, ident3);
-
- #Single step, printing PC.
- print "Tracing execution at startup."
- for i in range(1,15):
- pc=self.CCgetPC();
- byte=self.CCpeekcodebyte(i);
- #print "PC=%04x, %02x" % (pc, byte);
- self.CCstep_instr();
-
- print "Verifying that debugging a NOP doesn't affect the PC."
- for i in range(1,15):
- pc=self.CCgetPC();
- self.CCdebuginstr([0x00]);
- if(pc!=self.CCgetPC()):
- print "ERROR: PC changed during CCdebuginstr([NOP])!";
-
-
- #print "Status: %s." % self.CCstatusstr();
- #Exit debugger
- self.CCstop();
- print "Done.";
-
- def CCsetup(self):
- """Move the FET into the CC2430/CC2530 application."""
- #print "Initializing Chipcon.";
- self.writecmd(0x30,0x10,0,self.data);
- def CCrd_config(self):
- """Read the config register of a Chipcon."""
- self.writecmd(0x30,0x82,0,self.data);
- return ord(self.data[0]);
- def CCwr_config(self,config):
- """Write the config register of a Chipcon."""
- self.writecmd(0x30,0x81,1,[config&0xFF]);
-
- CCversions={0x0100:"CC1110",
- 0x8500:"CC2430",
- 0x8900:"CC2431",
- 0x8100:"CC2510",
- 0x9100:"CC2511",
- 0xFF00:"CCmissing"};
- def CCidentstr(self):
- ident=self.CCident();
- chip=self.CCversions.get(ident&0xFF00);
- return "%s/r%02x" % (chip, ident&0xFF);
- def CCident(self):
- """Get a chipcon's ID."""
- self.writecmd(0x30,0x8B,0,None);
- chip=ord(self.data[0]);
- rev=ord(self.data[1]);
- return (chip<<8)+rev;
- def CCgetPC(self):
- """Get a chipcon's PC."""
- self.writecmd(0x30,0x83,0,None);
- hi=ord(self.data[0]);
- lo=ord(self.data[1]);
- return (hi<<8)+lo;
- def CCdebuginstr(self,instr):
- self.writecmd(0x30,0x88,len(instr),instr);
- return ord(self.data[0]);
- def CCpeekcodebyte(self,adr):
- """Read the contents of code memory at an address."""
- self.data=[adr&0xff, (adr&0xff00)>>8];
- self.writecmd(0x30,0x90,2,self.data);
- return ord(self.data[0]);
- def CCpeekdatabyte(self,adr):
- """Read the contents of data memory at an address."""
- self.data=[adr&0xff, (adr&0xff00)>>8];
- self.writecmd(0x30,0x91, 2, self.data);
- return ord(self.data[0]);
- def CCpokedatabyte(self,adr,val):
- """Write a byte to data memory."""
- self.data=[adr&0xff, (adr&0xff00)>>8, val];
- self.writecmd(0x30, 0x92, 3, self.data);
- return ord(self.data[0]);
- def CCchiperase(self):
- """Erase all of the target's memory."""
- self.writecmd(0x30,0x80,0,None);
- def CCstatus(self):
- """Check the status."""
- self.writecmd(0x30,0x84,0,None);
- return ord(self.data[0])
- CCstatusbits={0x80 : "erased",
- 0x40 : "pcon_idle",
- 0x20 : "halted",
- 0x10 : "pm0",
- 0x08 : "halted",
- 0x04 : "locked",
- 0x02 : "oscstable",
- 0x01 : "overflow"};
- def CCstatusstr(self):
- """Check the status as a string."""
- status=self.CCstatus();
- str="";
- i=1;
- while i<0x100:
- if(status&i):
- str="%s %s" %(self.CCstatusbits[i],str);
- i*=2;
- return str;
- def CCstart(self):
- """Start debugging."""
- self.writecmd(0x30,0x20,0,self.data);
- ident=self.CCidentstr();
- print "Target identifies as %s." % ident;
- #print "Status: %s." % self.CCstatusstr();
- self.CCreleasecpu();
- self.CChaltcpu();
- #print "Status: %s." % self.CCstatusstr();
-
- def CCstop(self):
- """Stop debugging."""
- self.writecmd(0x30,0x21,0,self.data);
- def CCstep_instr(self):
- """Step one instruction."""
- self.writecmd(0x30,0x89,0,self.data);
-
projects / goodfet / blobdiff