X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FGoodFET.py;h=353d937ec80f1f4f68c441f9a970f397fdbce2b9;hp=8d588ed29d5915bae857275ee7f522cbc352e2d7;hb=1ef22a7f7983e4bb7513686cd573776a8338c904;hpb=8f05454eedc506a9b46c2b8bce9af2480089827f diff --git a/client/GoodFET.py b/client/GoodFET.py index 8d588ed..353d937 100755 --- a/client/GoodFET.py +++ b/client/GoodFET.py @@ -3,20 +3,85 @@ # # (C) 2009 Travis Goodspeed # -# This code is ugly as sin, for bootstrapping the firmware only. -# Rewrite cleanly as soon as is convenient. +# This code is being rewritten and refactored. You've been warned! -import sys, time, string, cStringIO, struct, glob, serial +import sys, time, string, cStringIO, struct, glob, serial, os; +import sqlite3; +fmt = ("B", " 0: + port = glob_list[0]; + else: + port = os.environ.get("GOODFET"); if port is None: glob_list = glob.glob("/dev/tty.usbserial*"); if len(glob_list) > 0: @@ -25,62 +90,338 @@ class GoodFET: glob_list = glob.glob("/dev/ttyUSB*"); if len(glob_list) > 0: port = glob_list[0]; + if port is None: + glob_list = glob.glob("/dev/ttyU0"); + if len(glob_list) > 0: + port = glob_list[0]; + if os.name=='nt': + from scanwin32 import winScan; + scan=winScan(); + for order,comport,desc,hwid in sorted(scan.comports()): + try: + if hwid.index('FTDI')==0: + port=comport; + #print "Using FTDI port %s" % port + except: + #Do nothing. + a=1; self.serialport = serial.Serial( port, #9600, 115200, - parity = serial.PARITY_NONE + parity = serial.PARITY_NONE, + timeout=timeout ) - #Drop DTR, which is !RST, low to begin the app. - self.serialport.setDTR(0); - self.serialport.flushInput() - self.serialport.flushOutput() - - #Read and handle the initial command. - #time.sleep(1); - self.readcmd(); #Read the first command. - if(self.verb!=0x7F): - print "Verb is wrong. Incorrect firmware?"; - def writecmd(self, app, verb, count, data): + self.verb=0; + attempts=0; + connected=0; + while connected==0: + while self.verb!=0x7F or self.data!="http://goodfet.sf.net/": + if attemptlimit is not None and attempts >= attemptlimit: + return + elif attempts>2: + print "Resyncing."; + self.serialport.flushInput() + self.serialport.flushOutput() + #Explicitly set RTS and DTR to halt board. + self.serialport.setRTS(1); + self.serialport.setDTR(1); + #Drop DTR, which is !RST, low to begin the app. + self.serialport.setDTR(0); + + #TelosB reset, prefer software to I2C SPST Switch. + if(os.environ.get("platform")=='telosb'): + #print "TelosB Reset"; + self.telosBReset(); + #self.serialport.write(chr(0x80)); + #self.serialport.write(chr(0x80)); + #self.serialport.write(chr(0x80)); + #self.serialport.write(chr(0x80)); + + + self.serialport.flushInput() + self.serialport.flushOutput() + #time.sleep(60); + attempts=attempts+1; + self.readcmd(); #Read the first command. + #Here we have a connection, but maybe not a good one. + connected=1; + olds=self.infostring(); + clocking=self.monitorclocking(); + for foo in range(1,30): + if not self.monitorecho(): + if self.verbose: print "Comm error on %i try, resyncing out of %s." % (foo, + clocking); + connected=0; + break; + if self.verbose: print "Connected after %02i attempts." % attempts; + self.mon_connected(); + self.serialport.setTimeout(12); + def serClose(self): + self.serialport.close(); + def telosSetSCL(self, level): + self.serialport.setRTS(not level) + def telosSetSDA(self, level): + self.serialport.setDTR(not level) + + def telosI2CStart(self): + self.telosSetSDA(1) + self.telosSetSCL(1) + self.telosSetSDA(0) + + def telosI2CStop(self): + self.telosSetSDA(0) + self.telosSetSCL(1) + self.telosSetSDA(1) + + def telosI2CWriteBit(self, bit): + self.telosSetSCL(0) + self.telosSetSDA(bit) + time.sleep(2e-6) + self.telosSetSCL(1) + time.sleep(1e-6) + self.telosSetSCL(0) + + def telosI2CWriteByte(self, byte): + self.telosI2CWriteBit( byte & 0x80 ); + self.telosI2CWriteBit( byte & 0x40 ); + self.telosI2CWriteBit( byte & 0x20 ); + self.telosI2CWriteBit( byte & 0x10 ); + self.telosI2CWriteBit( byte & 0x08 ); + self.telosI2CWriteBit( byte & 0x04 ); + self.telosI2CWriteBit( byte & 0x02 ); + self.telosI2CWriteBit( byte & 0x01 ); + self.telosI2CWriteBit( 0 ); # "acknowledge" + + def telosI2CWriteCmd(self, addr, cmdbyte): + self.telosI2CStart() + self.telosI2CWriteByte( 0x90 | (addr << 1) ) + self.telosI2CWriteByte( cmdbyte ) + self.telosI2CStop() + + def telosBReset(self,invokeBSL=0): + # "BSL entry sequence at dedicated JTAG pins" + # rst !s0: 0 0 0 0 1 1 + # tck !s1: 1 0 1 0 0 1 + # s0|s1: 1 3 1 3 2 0 + + # "BSL entry sequence at shared JTAG pins" + # rst !s0: 0 0 0 0 1 1 + # tck !s1: 0 1 0 1 1 0 + # s0|s1: 3 1 3 1 0 2 + + if invokeBSL: + self.telosI2CWriteCmd(0,1) + self.telosI2CWriteCmd(0,3) + self.telosI2CWriteCmd(0,1) + self.telosI2CWriteCmd(0,3) + self.telosI2CWriteCmd(0,2) + self.telosI2CWriteCmd(0,0) + else: + self.telosI2CWriteCmd(0,3) + self.telosI2CWriteCmd(0,2) + + # This line was not defined inside the else: block, not sure where it + # should be however + self.telosI2CWriteCmd(0,0) + time.sleep(0.250) #give MSP430's oscillator time to stabilize + self.serialport.flushInput() #clear buffers + + + def getbuffer(self,size=0x1c00): + writecmd(0,0xC2,[size&0xFF,(size>>16)&0xFF]); + print "Got %02x%02x buffer size." % (self.data[1],self.data[0]); + def writecmd(self, app, verb, count=0, data=[]): """Write a command and some data to the GoodFET.""" self.serialport.write(chr(app)); self.serialport.write(chr(verb)); - self.serialport.write(chr(count)); + + #if data!=None: + # count=len(data); #Initial count ignored. + + #print "TX %02x %02x %04x" % (app,verb,count); + + #little endian 16-bit length + self.serialport.write(chr(count&0xFF)); + self.serialport.write(chr(count>>8)); + + if self.verbose: + print "Tx: ( 0x%02x, 0x%02x, 0x%04x )" % ( app, verb, count ) + #print "count=%02x, len(data)=%04x" % (count,len(data)); + if count!=0: - for d in data: - self.serialport.write(chr(d)); - self.readcmd(); #Uncomment this later, to ensure a response. + if(isinstance(data,list)): + for i in range(0,count): + #print "Converting %02x at %i" % (data[i],i) + data[i]=chr(data[i]); + #print type(data); + outstr=''.join(data); + self.serialport.write(outstr); + if not self.besilent: + return self.readcmd() + else: + return [] + def readcmd(self): """Read a reply from the GoodFET.""" - self.app=ord(self.serialport.read(1)); - self.verb=ord(self.serialport.read(1)); - self.count=ord(self.serialport.read(1)); - if self.count>0: - self.data=self.serialport.read(self.count); - #print "READ %02x %02x %02x " % (self.app, self.verb, self.count); - + while 1:#self.serialport.inWaiting(): # Loop while input data is available + try: + #print "Reading..."; + self.app=ord(self.serialport.read(1)); + #print "APP=%2x" % self.app; + self.verb=ord(self.serialport.read(1)); + #print "VERB=%02x" % self.verb; + self.count=( + ord(self.serialport.read(1)) + +(ord(self.serialport.read(1))<<8) + ); + + if self.verbose: + print "Rx: ( 0x%02x, 0x%02x, 0x%04x )" % ( self.app, self.verb, self.count ) + + #Debugging string; print, but wait. + if self.app==0xFF: + if self.verb==0xFF: + print "# DEBUG %s" % self.serialport.read(self.count) + elif self.verb==0xFE: + print "# DEBUG 0x%x" % struct.unpack(fmt[self.count-1], self.serialport.read(self.count))[0] + elif self.verb==0xFD: + #Do nothing, just wait so there's no timeout. + print "# NOP."; + + sys.stdout.flush(); + else: + self.data=self.serialport.read(self.count); + return self.data; + except TypeError: + if self.connected: + print "Warning: waiting for serial read timed out (most likely)."; + #print "This shouldn't happen after syncing. Exiting for safety."; + #sys.exit(-1) + return self.data; + #Glitching stuff. + def glitchApp(self,app): + """Glitch into a device by its application.""" + self.data=[app&0xff]; + self.writecmd(self.GLITCHAPP,0x80,1,self.data); + #return ord(self.data[0]); + def glitchVerb(self,app,verb,data): + """Glitch during a transaction.""" + if data==None: data=[]; + self.data=[app&0xff, verb&0xFF]+data; + self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data); + #return ord(self.data[0]); + def glitchstart(self): + """Glitch into the AVR application.""" + self.glitchVerb(self.APP,0x20,None); + def glitchstarttime(self): + """Measure the timer of the START verb.""" + return self.glitchTime(self.APP,0x20,None); + def glitchTime(self,app,verb,data): + """Time the execution of a verb.""" + if data==None: data=[]; + self.data=[app&0xff, verb&0xFF]+data; + print "Timing app %02x verb %02x." % (app,verb); + self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data); + time=ord(self.data[0])+(ord(self.data[1])<<8); + print "Timed to be %i." % time; + return time; + def glitchVoltages(self,low=0x0880, high=0x0fff): + """Set glitching voltages. (0x0fff is max.)""" + self.data=[low&0xff, (low>>8)&0xff, + high&0xff, (high>>8)&0xff]; + self.writecmd(self.GLITCHAPP,0x90,4,self.data); + #return ord(self.data[0]); + def glitchRate(self,count=0x0800): + """Set glitching count period.""" + self.data=[count&0xff, (count>>8)&0xff]; + self.writecmd(self.GLITCHAPP,0x91,2, + self.data); + #return ord(self.data[0]); + + #Monitor stuff - def peekbyte(self,address): + def silent(self,s=0): + """Transmissions halted when 1.""" + self.besilent=s; + print "besilent is %i" % self.besilent; + self.writecmd(0,0xB0,1,[s]); + connected=0; + def mon_connected(self): + """Announce to the monitor that the connection is good.""" + self.connected=1; + self.writecmd(0,0xB1,0,[]); + def out(self,byte): + """Write a byte to P5OUT.""" + self.writecmd(0,0xA1,1,[byte]); + def dir(self,byte): + """Write a byte to P5DIR.""" + self.writecmd(0,0xA0,1,[byte]); + def call(self,adr): + """Call to an address.""" + self.writecmd(0,0x30,2, + [adr&0xFF,(adr>>8)&0xFF]); + def execute(self,code): + """Execute supplied code.""" + self.writecmd(0,0x31,2,#len(code), + code); + def MONpeek8(self,address): """Read a byte of memory from the monitor.""" self.data=[address&0xff,address>>8]; self.writecmd(0,0x02,2,self.data); #self.readcmd(); return ord(self.data[0]); - def peekword(self,address): + def MONpeek16(self,address): + """Read a word of memory from the monitor.""" + return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8); + def peek(self,address): + """Read a word of memory from the monitor.""" + return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8); + def eeprompeek(self,address): """Read a word of memory from the monitor.""" - return self.peekbyte(address)+(self.peekbyte(address+1)<<8); - def pokebyte(self,address,value): + print "EEPROM peeking not supported for the monitor."; + #return self.MONpeek8(address)+(self.MONpeek8(address+1)<<8); + def peekbysym(self,name): + """Read a value by its symbol name.""" + #TODO include memory in symbol. + reg=self.symbols.get(name); + return self.peek8(reg,"data"); + def pokebysym(self,name,val): + """Write a value by its symbol name.""" + #TODO include memory in symbol. + reg=self.symbols.get(name); + return self.pokebyte(reg,val); + def pokebyte(self,address,value,memory="vn"): """Set a byte of memory by the monitor.""" self.data=[address&0xff,address>>8,value]; self.writecmd(0,0x03,3,self.data); return ord(self.data[0]); + def poke16(self,address,value): + """Set a word of memory by the monitor.""" + self.pokebyte(address,value&0xFF); + self.pokebyte(address,(value>>8)&0xFF); + return value; + def setsecret(self,value): + """Set a secret word for later retreival. Used by glitcher.""" + #self.eeprompoke(0,value); + #self.eeprompoke(1,value); + print "Secret setting is not yet suppored for this target."; + print "Aborting."; + + def getsecret(self): + """Get a secret word. Used by glitcher.""" + #self.eeprompeek(0); + print "Secret setting is not yet suppored for this target."; + print "Aborting."; + sys.exit(); + def dumpmem(self,begin,end): i=begin; while i>16, - (adr&0xFF00)>>8, - adr&0xFF, - 0]; - self.SPItrans(data); - return ord(self.data[4]); - def SPIpeekblock(self,adr): - """Grab a byte from an SPI Flash ROM.""" - data=[(adr&0xFF0000)>>16, - (adr&0xFF00)>>8, - adr&0xFF]; - - self.writecmd(0x01,0x02,3,data); - return self.data; - - def SPIpokebyte(self,adr,val): - self.SPIpokebytes(adr,[val]); - def SPIpokebytes(self,adr,data): - #self.SPIwriteenable(); - adranddata=[(adr&0xFF0000)>>16, - (adr&0xFF00)>>8, - adr&0xFF - ]+data; - self.writecmd(0x01,0x03, - len(adranddata),adranddata); - - def SPIchiperase(self): - """Mass erase an SPI Flash ROM.""" - self.writecmd(0x01,0x81,0,[]); - def SPIwriteenable(self): - """SPI Flash Write Enable""" - data=[0x06]; - self.SPItrans(data); + def monitor_info(self): + print "GoodFET with %s MCU" % self.infostring(); + print "Clocked at %s" % self.monitorclocking(); + return 1; + + def monitor_list_apps(self, full=False): + self.monitor_info() + old_value = self.besilent + self.besilent = True # turn off automatic call to readcmd + self.writecmd(self.MONITORAPP, 0x82, 1, [int(full)]); + self.besilent = old_value - def SPIjedecmanstr(self): - """Grab the JEDEC manufacturer string. Call after SPIjedec().""" - man=self.JEDECmanufacturers.get(self.JEDECmanufacturer) - if man==0: - man="UNKNOWN"; - return man; - - def SPIjedecstr(self): - """Grab the JEDEC manufacturer string. Call after SPIjedec().""" - man=self.JEDECmanufacturers.get(self.JEDECmanufacturer); - if man==0: - man="UNKNOWN"; - device=self.JEDECdevices.get(self.JEDECdevice); - if device==0: - device="???" - return "%s %s" % (man,device); - def MSP430setup(self): - """Move the FET into the MSP430 JTAG application.""" - print "Initializing MSP430."; - self.writecmd(0x11,0x10,0,self.data); + # read the build date string + self.readcmd() + print "Build Date: %s" % self.data + print "Firmware apps:" + while True: + self.readcmd() + if self.count == 0: + break + print self.data + return 1; + def monitorclocking(self): + """Return the 16-bit clocking value.""" + return "0x%04x" % self.monitorgetclock(); + def monitorsetclock(self,clock): + """Set the clocking value.""" + self.MONpoke16(0x56, clock); + def monitorgetclock(self): + """Get the clocking value.""" + return self.MONpeek16(0x56); + # The following functions ought to be implemented in + # every client. - def CCsetup(self): - """Move the FET into the CC2430/CC2530 application.""" - print "Initializing Chipcon."; - self.writecmd(0x30,0x10,0,self.data); - def CCrd_config(self): - """Read the config register of a Chipcon.""" - self.writecmd(0x30,0x82,0,self.data); - return ord(self.data[0]); - def CCwr_config(self,config): - """Write the config register of a Chipcon.""" - self.writecmd(0x30,0x81,1,[config&0xFF]); - - CCversions={0x0100:"CC1110", - 0x8500:"CC2430", - 0x8900:"CC2431", - 0x8100:"CC2510", - 0x9100:"CC2511", - 0xFF00:"CCmissing"}; - def CCidentstr(self): - ident=self.CCident(); - chip=self.CCversions.get(ident&0xFF00); - return "%s/r%02x" % (chip, ident&0xFF); - def CCident(self): - """Get a chipcon's ID.""" - self.writecmd(0x30,0x8B,0,None); - chip=ord(self.data[0]); - rev=ord(self.data[1]); - return (chip<<8)+rev; - def CCgetPC(self): - """Get a chipcon's PC.""" - self.writecmd(0x30,0x83,0,None); - hi=ord(self.data[0]); - lo=ord(self.data[1]); - return (hi<<8)+lo; - def CCdebuginstr(self,instr): - self.writecmd(0x30,0x88,len(instr),instr); - return ord(self.data[0]); - def MSP430peek(self,adr): - """Read the contents of memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8]; - self.writecmd(0x11,0x02,2,self.data); - return ord(self.data[0])+(ord(self.data[1])<<8); - def CCpeekcodebyte(self,adr): - """Read the contents of code memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8]; - self.writecmd(0x30,0x90,2,self.data); - return ord(self.data[0]); - def CCpeekdatabyte(self,adr): - """Read the contents of data memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8]; - self.writecmd(0x30,0x91, 2, self.data); - return ord(self.data[0]); - def CCpokedatabyte(self,adr,val): - """Write a byte to data memory.""" - self.data=[adr&0xff, (adr&0xff00)>>8, val]; - self.writecmd(0x30, 0x92, 3, self.data); - return ord(self.data[0]); - def CCchiperase(self): - """Erase all of the target's memory.""" - self.writecmd(0x30,0x80,0,None); - def CCstatus(self): - """Check the status.""" - self.writecmd(0x30,0x84,0,None); - return ord(self.data[0]) - CCstatusbits={0x80 : "erased", - 0x40 : "pcon_idle", - 0x20 : "halted", - 0x10 : "pm0", - 0x08 : "halted", - 0x04 : "locked", - 0x02 : "oscstable", - 0x01 : "overflow"}; - def CCstatusstr(self): - """Check the status as a string.""" - status=self.CCstatus(); - str=""; - i=1; - while i<0x100: - if(status&i): - str="%s %s" %(self.CCstatusbits[i],str); - i*=2; - return str; - def MSP430poke(self,adr,val): - """Read the contents of memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8, val&0xff, (val&0xff00)>>8]; - self.writecmd(0x11,0x03,4,self.data); - return;# ord(self.data[0])+(ord(self.data[1])<<8); - def MSP430start(self): - """Start debugging.""" - self.writecmd(0x11,0x20,0,self.data); - ident=self.MSP430ident(); - print "Target identifies as %04x." % ident; - - def CCstart(self): - """Start debugging.""" - self.writecmd(0x30,0x20,0,self.data); - ident=self.CCidentstr(); - print "Target identifies as %s." % ident; - #print "Status: %s." % self.CCstatusstr(); - self.CCreleasecpu(); - self.CChaltcpu(); - print "Status: %s." % self.CCstatusstr(); - - def CCstop(self): - """Stop debugging.""" - self.writecmd(0x30,0x21,0,self.data); - def CCstep_instr(self): - """Step one instruction.""" - self.writecmd(0x30,0x89,0,self.data); - def MSP430stop(self): - """Stop debugging.""" - self.writecmd(0x11,0x21,0,self.data); - def MSP430haltcpu(self): - """Halt the CPU.""" - self.writecmd(0x11,0xA0,0,self.data); - def MSP430releasecpu(self): - """Resume the CPU.""" - self.writecmd(0x11,0xA1,0,self.data); - def CChaltcpu(self): - """Halt the CPU.""" - self.writecmd(0x30,0x86,0,self.data); - def CCreleasecpu(self): - """Resume the CPU.""" - self.writecmd(0x30,0x87,0,self.data); - def MSP430shiftir8(self,ins): - """Shift the 8-bit Instruction Register.""" - data=[ins]; - self.writecmd(0x11,0x80,1,data); - return ord(self.data[0]); - def MSP430shiftdr16(self,dat): - """Shift the 16-bit Data Register.""" - data=[dat&0xFF,(dat&0xFF00)>>8]; - self.writecmd(0x11,0x81,2,data); - return ord(self.data[0])#+(ord(self.data[1])<<8); - def MSP430setinstrfetch(self): - """Set the instruction fetch mode.""" - self.writecmd(0x11,0xC1,0,self.data); - return self.data[0]; - def MSP430ident(self): - """Grab self-identification word from 0x0FF0 as big endian.""" - i=self.MSP430peek(0x0ff0); - return ((i&0xFF00)>>8)+((i&0xFF)<<8) - def MSP430test(self): - """Test MSP430 JTAG. Requires that a chip be attached.""" - if self.MSP430ident()==0xffff: - print "Is anything connected?"; - print "Testing RAM."; - temp=self.MSP430peek(0x0200); - self.MSP430poke(0x0200,0xdead); - if(self.MSP430peek(0x0200)!=0xdead): - print "Poke of 0x0200 did not set to 0xDEAD properly."; - return; - self.MSP430poke(0x0200,temp); #restore old value. - def MSP430flashtest(self): - self.MSP430masserase(); - i=0x2500; - while(i<0xFFFF): - if(self.MSP430peek(i)!=0xFFFF): - print "ERROR: Unerased flash at %04x."%i; - self.MSP430writeflash(i,0xDEAD); - i+=2; - def MSP430masserase(self): - """Erase MSP430 flash memory.""" - self.writecmd(0x11,0xE3,0,None); - def MSP430writeflash(self,adr,val): - """Write a word of flash memory.""" - if(self.MSP430peek(adr)!=0xFFFF): - print "FLASH ERROR: %04x not clear." % adr; - data=[adr&0xFF,(adr&0xFF00)>>8,val&0xFF,(val&0xFF00)>>8]; - self.writecmd(0x11,0xE1,4,data); - rval=ord(self.data[0])+(ord(self.data[1])<<8); - if(val!=rval): - print "FLASH WRITE ERROR AT %04x. Found %04x, wrote %04x." % (adr,rval,val); - - def MSP430dumpbsl(self): - self.MSP430dumpmem(0xC00,0xfff); - def MSP430dumpallmem(self): - self.MSP430dumpmem(0x200,0xffff); - def MSP430dumpmem(self,begin,end): - i=begin; - while i