self.data=self.serialport.read(self.count);
return self.data;
#Glitching stuff.
- def glitchAPP(self,app):
+ def glitchApp(self,app):
"""Glitch into a device by its application."""
self.data=[app&0xff];
self.writecmd(self.GLITCHAPP,0x80,1,self.data);
#return ord(self.data[0]);
- def glitchVERB(self,app,verb, data):
- """Glitch during a transaction.."""
+ def glitchVerb(self,app,verb,data):
+ """Glitch during a transaction."""
+ if data==None: data=[];
self.data=[app&0xff, verb&0xFF]+data;
self.writecmd(self.GLITCHAPP,0x81,len(self.data),self.data);
#return ord(self.data[0]);
+ def glitchTime(self,app,verb,data):
+ """Time the execution of a verb."""
+ if data==None: data=[];
+ self.data=[app&0xff, verb&0xFF]+data;
+ self.writecmd(self.GLITCHAPP,0x82,len(self.data),self.data);
+ return ord(self.data[0])+(ord(self.data[1])<<8);
def glitchVoltages(self,low=0x0880, high=0x0fff):
"""Set glitching voltages. (0x0fff is max.)"""
self.data=[low&0xff, (low>>8)&0xff,
def start(self):
"""Start the connection."""
self.writecmd(self.AVRAPP,0x20,0,None);
+ def glitchstart(self):
+ """Glitch into the AVR application."""
+ self.glitchVerb(self.AVRAPP,0x20,None);
+ def glitchstarttime(self):
+ """Measure the timer of the START verb."""
+ return self.glitchTime(self.AVRAPP,0x20,None);
+ def forcestart(self):
+ """Forcibly start a connection."""
+
+ for i in range(0x880,0xfff):
+ #self.glitchVoltages(0x880, i);
+ self.start();
+ bits=self.lockbits();
+ print "At %04x, Lockbits: %02x" % (i,bits);
+ if(bits==0xFF): return;
def erase(self):
"""Erase the target chip."""
self.writecmd(self.AVRAPP,0xF0,0,None);
if(sys.argv[1]=="glitch"):
print "Identifies as %s" % client.identstr();
client.glitchVoltages(0x880, 0xfff);
- for i in range(1,20):
+ for i in range(1,2000):
client.start();
- print "Identifies as %s, fused 0x%02x" % (
+ print "Identifies as %s, fused 0x%02x; eeprom(0)=%02x" % (
client.identstr(),
- client.lockbits());
+ client.lockbits(),
+ client.eeprompeek(0));
if(sys.argv[1]=="glitchgraph"):
print "Identifies as %s" % client.identstr();
for voltage in range(0x860,0x890,5):
print "%04x %s" % (voltage,str);
#print "%f, %i" % (voltage*(3.3/4096.0),count);
if(sys.argv[1]=="info"):
- print "Identifies as %s" % client.identstr();
+ print "Identifies as %s, lock=%02x" % (client.identstr(),client.lockbits());
if(sys.argv[1]=="erase"):
print "Erasing %s" % client.identstr();
client.erase();
print "Lockbits are 0x%02x" % client.lockbits();
if(len(sys.argv)>2):
print "Lockbits set 0x%02x" % client.setlockbits(int(sys.argv[2],16));
-#if(sys.argv[1]=="lock"):
+if(sys.argv[1]=="lock"):
+ client.setlockbits(0xFC);
+
+if(sys.argv[1]=="unlock"):
+ print "Identifies as %s" % client.identstr();
+ client.glitchVoltages(0x880, 0xfff);
+ for i in range(1,20):
+ client.start();
+ print "Identifies as %s, fused 0x%02x; eeprom(0)=%02x" % (
+ client.identstr(),
+ client.lockbits(),
+ client.eeprompeek(0));
+ if(client.lockbits()==0xFF):
+ client.setlockbits(0xFF);
+ print "Chip unlocked!"
+ exit();
#if(sys.argv[1]=="unlock"):
#used for some hardware
self.invertRST = 0
self.invertTEST = 0
- self.swapRSTTEST = 0
- self.telosLatch = 0
- self.telosI2C = 0
+ self.swapRSTTEST = 0
+ self.telosLatch = 0
+ self.telosI2C = 0
self.protocolMode = self.MODE_BSL
self.BSLMemAccessWarning = 0 #Default: no warning.
self.serialport.setDTR(not level)
def telosI2CStart(self):
- self.telosSetSDA(1)
- self.telosSetSCL(1)
- self.telosSetSDA(0)
+ self.telosSetSDA(1)
+ self.telosSetSCL(1)
+ self.telosSetSDA(0)
def telosI2CStop(self):
- self.telosSetSDA(0)
- self.telosSetSCL(1)
- self.telosSetSDA(1)
+ self.telosSetSDA(0)
+ self.telosSetSCL(1)
+ self.telosSetSDA(1)
def telosI2CWriteBit(self, bit):
- self.telosSetSCL(0)
- self.telosSetSDA(bit)
+ self.telosSetSCL(0)
+ self.telosSetSDA(bit)
time.sleep(2e-6)
- self.telosSetSCL(1)
+ self.telosSetSCL(1)
time.sleep(1e-6)
- self.telosSetSCL(0)
+ self.telosSetSCL(0)
def telosI2CWriteByte(self, byte):
self.telosI2CWriteBit( byte & 0x80 );
self.telosI2CWriteBit( 0 ); # "acknowledge"
def telosI2CWriteCmd(self, addr, cmdbyte):
- self.telosI2CStart()
+ self.telosI2CStart()
self.telosI2CWriteByte( 0x90 | (addr << 1) )
- self.telosI2CWriteByte( cmdbyte )
- self.telosI2CStop()
+ self.telosI2CWriteByte( cmdbyte )
+ self.telosI2CStop()
def telosBReset(self,invokeBSL=0):
-
- # "BSL entry sequence at dedicated JTAG pins"
+ # "BSL entry sequence at dedicated JTAG pins"
# rst !s0: 0 0 0 0 1 1
- # tck !s1: 1 0 1 0 0 1
+ # tck !s1: 1 0 1 0 0 1
# s0|s1: 1 3 1 3 2 0
- # "BSL entry sequence at shared JTAG pins"
+ # "BSL entry sequence at shared JTAG pins"
# rst !s0: 0 0 0 0 1 1
- # tck !s1: 0 1 0 1 1 0
+ # tck !s1: 0 1 0 1 1 0
# s0|s1: 3 1 3 1 0 2
- if invokeBSL:
- self.telosI2CWriteCmd(0,1)
- self.telosI2CWriteCmd(0,3)
- self.telosI2CWriteCmd(0,1)
- self.telosI2CWriteCmd(0,3)
- self.telosI2CWriteCmd(0,2)
- self.telosI2CWriteCmd(0,0)
- else:
- self.telosI2CWriteCmd(0,3)
- self.telosI2CWriteCmd(0,2)
- self.telosI2CWriteCmd(0,0)
+ if invokeBSL:
+ self.telosI2CWriteCmd(0,1)
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,1)
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,2)
+ self.telosI2CWriteCmd(0,0)
+ else:
+ self.telosI2CWriteCmd(0,3)
+ self.telosI2CWriteCmd(0,2)
+
+ # This line was not defined inside the else: block, not sure where it
+ # should be however
+ self.telosI2CWriteCmd(0,0)
time.sleep(0.250) #give MSP430's oscillator time to stabilize
- self.serialport.flushInput() #clear buffers
+ self.serialport.flushInput() #clear buffers
def bslReset(self, invokeBSL=0):
"""Applies BSL entry sequence on RST/NMI and TEST/VPP pins
RST is inverted twice on boot loader hardware
TEST is inverted (only once)
Need positive voltage on DTR, RTS for power-supply of hardware"""
- if self.telosI2C:
- self.telosBReset(invokeBSL)
- return
+ if self.telosI2C:
+ self.telosBReset(invokeBSL)
+ return
if DEBUG > 1: sys.stderr.write("* bslReset(invokeBSL=%s)\n" % invokeBSL)
self.SetRSTpin(1) #power suply
self.SetTESTpin(1) #power suply
time.sleep(0.250) #charge capacitor on boot loader hardware
- if self.telosLatch:
- self.SetTESTpin(0)
- self.SetRSTpin(0)
- self.SetTESTpin(1)
+ if self.telosLatch:
+ self.SetTESTpin(0)
+ self.SetRSTpin(0)
+ self.SetTESTpin(1)
self.SetRSTpin(0) #RST pin: GND
if invokeBSL:
"upload=", "download=", "size=", "hex", "bin",
"intelhex", "titext", "notimeout", "bsl=", "speed=",
"bslversion", "f1x", "f2x", "f4x", "invert-reset", "invert-test",
- "swap-reset-test", "telos-latch", "telos-i2c", "telos", "telosb",
+ "swap-reset-test", "telos-latch", "telos-i2c", "telos", "telosb",
"tmote","no-BSL-download", "force-BSL-download", "slow",
"dumpivt", "dumpinfo", "fromweb",
- "goodfet30", "goodfet20", "goodfet10"
- ]
+ "goodfet30", "goodfet20", "goodfet10"
+ ]
)
except getopt.GetoptError:
# print help information and exit:
bsl.invertTEST = 1
bsl.swapRSTTEST = 1
bsl.telosLatch = 1
- elif o in ("--goodfet10", ):
- bsl.invertRST = 1
- bsl.invertTEST = 1
- elif o in ("--goodfet20", ):
- bsl.invertRST = 1
- bsl.invertTEST = 1
- elif o in ("--goodfet30", ):
- bsl.invertRST = 1
- bsl.invertTEST = 0
+ elif o in ("--goodfet10", ):
+ bsl.invertRST = 1
+ bsl.invertTEST = 1
+ elif o in ("--goodfet20", ):
+ bsl.invertRST = 1
+ bsl.invertTEST = 1
+ elif o in ("--goodfet30", ):
+ bsl.invertRST = 1
+ bsl.invertTEST = 0
elif o in ("--telosb", ):
bsl.swapRSTTEST = 1
bsl.telosI2C = 1
mayuseBSL = 0
- speed = 38400
+ speed = 38400
elif o in ("--tmote", ):
bsl.swapRSTTEST = 1
bsl.telosI2C = 1
mayuseBSL = 0
- speed = 38400
+ speed = 38400
elif o in ("--no-BSL-download", ):
mayuseBSL = 0
elif o in ("--force-BSL-download", ):