X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FGoodFET.py;h=654995b87817a2ca0854f457b81d82a6144a1570;hp=74974975d4f308cc2fc8ddc919c39da6092309e1;hb=a6afe092f45e72e65198bf6fbe07e8da40706970;hpb=78f4f21969789bec27a8e2957eb00a87d8756041 diff --git a/client/GoodFET.py b/client/GoodFET.py index 7497497..654995b 100755 --- a/client/GoodFET.py +++ b/client/GoodFET.py @@ -10,6 +10,9 @@ import sys, time, string, cStringIO, struct, glob, serial, os; class GoodFET: """GoodFET Client Library""" + + GLITCHAPP=0x71; + def __init__(self, *args, **kargs): self.data=[0]; def timeout(self): @@ -36,6 +39,13 @@ class GoodFET: 115200, parity = serial.PARITY_NONE ) + + #This might cause problems, but it makes failure graceful. + #self.serialport._timeout = 5; + + #Explicitly set RTS and DTR to halt board. + self.serialport.setRTS(1); + self.serialport.setDTR(1); #Drop DTR, which is !RST, low to begin the app. self.serialport.setDTR(0); self.serialport.flushInput() @@ -55,17 +65,25 @@ class GoodFET: self.serialport.write(chr(app)); self.serialport.write(chr(verb)); + #if data!=None: + # count=len(data); #Initial count ignored. - #print "TX %02x %02x" % (app,verb); + #print "TX %02x %02x %04x" % (app,verb,count); #little endian 16-bit length self.serialport.write(chr(count&0xFF)); self.serialport.write(chr(count>>8)); #print "count=%02x, len(data)=%04x" % (count,len(data)); + if count!=0: - for d in data: - self.serialport.write(chr(d)); + if(isinstance(data,list)): + for i in range(0,count): + #print "Converting %02x at %i" % (data[i],i) + data[i]=chr(data[i]); + #print type(data); + outstr=''.join(data); + self.serialport.write(outstr); if not self.besilent: self.readcmd(); @@ -90,10 +108,41 @@ class GoodFET: #Debugging string; print, but wait. if self.app==0xFF and self.verb==0xFF: - print "DEBUG %s" % self.serialport.read(self.count); + print "# DEBUG %s" % self.serialport.read(self.count); else: self.data=self.serialport.read(self.count); return self.data; + #Glitching stuff. + def glitchApp(self,app): + """Glitch into a device by its application.""" + self.data=[app&0xff]; + self.writecmd(self.GLITCHAPP,0x80,1,self.data); + #return ord(self.data[0]); + def glitchVerb(self,app,verb,data): + """Glitch during a transaction.""" + if data==None: data=[]; + self.data=[app&0xff, verb&0xFF]+data; + self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data); + #return ord(self.data[0]); + def glitchTime(self,app,verb,data): + """Time the execution of a verb.""" + if data==None: data=[]; + self.data=[app&0xff, verb&0xFF]+data; + self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data); + return ord(self.data[0])+(ord(self.data[1])<<8); + def glitchVoltages(self,low=0x0880, high=0x0fff): + """Set glitching voltages. (0x0fff is max.)""" + self.data=[low&0xff, (low>>8)&0xff, + high&0xff, (high>>8)&0xff]; + self.writecmd(self.GLITCHAPP,0x90,4,self.data); + #return ord(self.data[0]); + def glitchRate(self,count=0x0800): + """Set glitching count period.""" + self.data=[count&0xff, (count>>8)&0xff]; + self.writecmd(self.GLITCHAPP,0x91,2, + self.data); + #return ord(self.data[0]); + #Monitor stuff def silent(self,s=0): @@ -108,6 +157,14 @@ class GoodFET: def dir(self,byte): """Write a byte to P5DIR.""" self.writecmd(0,0xA0,1,[byte]); + def call(self,adr): + """Call to an address.""" + self.writecmd(0,0x30,2, + [adr&0xFF,(adr>>8)&0xFF]); + def execute(self,code): + """Execute supplied code.""" + self.writecmd(0,0x31,2,#len(code), + code); def peekbyte(self,address): """Read a byte of memory from the monitor.""" self.data=[address&0xff,address>>8]; @@ -208,139 +265,3 @@ class GoodFET: """Write bytes by I2C.""" self.writecmd(0x02,0x01,len(bytes),bytes); #SPI/SETUP return ord(self.data[0]); -class GoodFETCC(GoodFET): - """A GoodFET variant for use with Chipcon 8051 Zigbe SoC.""" - def CChaltcpu(self): - """Halt the CPU.""" - self.writecmd(0x30,0x86,0,self.data); - def CCreleasecpu(self): - """Resume the CPU.""" - self.writecmd(0x30,0x87,0,self.data); - def CCtest(self): - self.CCreleasecpu(); - self.CChaltcpu(); - #print "Status: %s" % self.CCstatusstr(); - - #Grab ident three times, should be equal. - ident1=self.CCident(); - ident2=self.CCident(); - ident3=self.CCident(); - if(ident1!=ident2 or ident2!=ident3): - print "Error, repeated ident attempts unequal." - print "%04x, %04x, %04x" % (ident1, ident2, ident3); - - #Single step, printing PC. - print "Tracing execution at startup." - for i in range(1,15): - pc=self.CCgetPC(); - byte=self.CCpeekcodebyte(i); - #print "PC=%04x, %02x" % (pc, byte); - self.CCstep_instr(); - - print "Verifying that debugging a NOP doesn't affect the PC." - for i in range(1,15): - pc=self.CCgetPC(); - self.CCdebuginstr([0x00]); - if(pc!=self.CCgetPC()): - print "ERROR: PC changed during CCdebuginstr([NOP])!"; - - - #print "Status: %s." % self.CCstatusstr(); - #Exit debugger - self.CCstop(); - print "Done."; - - def CCsetup(self): - """Move the FET into the CC2430/CC2530 application.""" - #print "Initializing Chipcon."; - self.writecmd(0x30,0x10,0,self.data); - def CCrd_config(self): - """Read the config register of a Chipcon.""" - self.writecmd(0x30,0x82,0,self.data); - return ord(self.data[0]); - def CCwr_config(self,config): - """Write the config register of a Chipcon.""" - self.writecmd(0x30,0x81,1,[config&0xFF]); - - CCversions={0x0100:"CC1110", - 0x8500:"CC2430", - 0x8900:"CC2431", - 0x8100:"CC2510", - 0x9100:"CC2511", - 0xFF00:"CCmissing"}; - def CCidentstr(self): - ident=self.CCident(); - chip=self.CCversions.get(ident&0xFF00); - return "%s/r%02x" % (chip, ident&0xFF); - def CCident(self): - """Get a chipcon's ID.""" - self.writecmd(0x30,0x8B,0,None); - chip=ord(self.data[0]); - rev=ord(self.data[1]); - return (chip<<8)+rev; - def CCgetPC(self): - """Get a chipcon's PC.""" - self.writecmd(0x30,0x83,0,None); - hi=ord(self.data[0]); - lo=ord(self.data[1]); - return (hi<<8)+lo; - def CCdebuginstr(self,instr): - self.writecmd(0x30,0x88,len(instr),instr); - return ord(self.data[0]); - def CCpeekcodebyte(self,adr): - """Read the contents of code memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8]; - self.writecmd(0x30,0x90,2,self.data); - return ord(self.data[0]); - def CCpeekdatabyte(self,adr): - """Read the contents of data memory at an address.""" - self.data=[adr&0xff, (adr&0xff00)>>8]; - self.writecmd(0x30,0x91, 2, self.data); - return ord(self.data[0]); - def CCpokedatabyte(self,adr,val): - """Write a byte to data memory.""" - self.data=[adr&0xff, (adr&0xff00)>>8, val]; - self.writecmd(0x30, 0x92, 3, self.data); - return ord(self.data[0]); - def CCchiperase(self): - """Erase all of the target's memory.""" - self.writecmd(0x30,0x80,0,None); - def CCstatus(self): - """Check the status.""" - self.writecmd(0x30,0x84,0,None); - return ord(self.data[0]) - CCstatusbits={0x80 : "erased", - 0x40 : "pcon_idle", - 0x20 : "halted", - 0x10 : "pm0", - 0x08 : "halted", - 0x04 : "locked", - 0x02 : "oscstable", - 0x01 : "overflow"}; - def CCstatusstr(self): - """Check the status as a string.""" - status=self.CCstatus(); - str=""; - i=1; - while i<0x100: - if(status&i): - str="%s %s" %(self.CCstatusbits[i],str); - i*=2; - return str; - def CCstart(self): - """Start debugging.""" - self.writecmd(0x30,0x20,0,self.data); - ident=self.CCidentstr(); - print "Target identifies as %s." % ident; - #print "Status: %s." % self.CCstatusstr(); - self.CCreleasecpu(); - self.CChaltcpu(); - #print "Status: %s." % self.CCstatusstr(); - - def CCstop(self): - """Stop debugging.""" - self.writecmd(0x30,0x21,0,self.data); - def CCstep_instr(self): - """Step one instruction.""" - self.writecmd(0x30,0x89,0,self.data); -