1 /*
2 *
3 * BlueZ - Bluetooth protocol stack for Linux
4 *
5 * Copyright (C) 2003-2010 Marcel Holtmann <marcel@holtmann.org>
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 *
22 */
23
24 #ifdef HAVE_CONFIG_H
25 #include <config.h>
26 #endif
27
28 #include <stdio.h>
29 #include <errno.h>
30 #include <ctype.h>
31 #include <fcntl.h>
32 #include <unistd.h>
33 #include <stdint.h>
34 #include <stdlib.h>
35 #include <getopt.h>
36 #include <string.h>
37 #include <libgen.h>
38 #include <endian.h>
39 #include <byteswap.h>
40 #include <sys/types.h>
41 #include <sys/stat.h>
42
43 #include <usb.h>
44
45 #include "dfu.h"
46
47 #if __BYTE_ORDER == __LITTLE_ENDIAN
48 #define cpu_to_le16(d) (d)
49 #define cpu_to_le32(d) (d)
50 #define le16_to_cpu(d) (d)
51 #define le32_to_cpu(d) (d)
52 #elif __BYTE_ORDER == __BIG_ENDIAN
53 #define cpu_to_le16(d) bswap_16(d)
54 #define cpu_to_le32(d) bswap_32(d)
55 #define le16_to_cpu(d) bswap_16(d)
56 #define le32_to_cpu(d) bswap_32(d)
57 #else
58 #error "Unknown byte order"
59 #endif
60
61 #ifdef NEED_USB_GET_BUSSES
usb_get_busses(void)62 static inline struct usb_bus *usb_get_busses(void)
63 {
64 return usb_busses;
65 }
66 #endif
67
68 #ifndef USB_CLASS_WIRELESS
69 #define USB_CLASS_WIRELESS 0xe0
70 #endif
71
72 #ifndef USB_CLASS_APPLICATION
73 #define USB_CLASS_APPLICATION 0xfe
74 #endif
75
get_interface_number(struct usb_device * dev)76 static int get_interface_number(struct usb_device *dev)
77 {
78 int c, i, a;
79
80 for (c = 0; c < dev->descriptor.bNumConfigurations; c++) {
81 struct usb_config_descriptor *config = &dev->config[c];
82
83 for (i = 0; i < config->bNumInterfaces; i++) {
84 struct usb_interface *interface = &config->interface[i];
85
86 for (a = 0; a < interface->num_altsetting; a++) {
87 struct usb_interface_descriptor *desc = &interface->altsetting[a];
88
89 if (desc->bInterfaceClass != USB_CLASS_APPLICATION)
90 continue;
91 if (desc->bInterfaceSubClass != 0x01)
92 continue;
93 if (desc->bInterfaceProtocol != 0x00)
94 continue;
95
96 return desc->bInterfaceNumber;
97 }
98 }
99 }
100
101 return -1;
102 }
103
print_device(struct usb_device * dev)104 static void print_device(struct usb_device *dev)
105 {
106 printf("Bus %s Device %s: ID %04x:%04x Interface %d%s\n",
107 dev->bus->dirname, dev->filename,
108 dev->descriptor.idVendor, dev->descriptor.idProduct,
109 get_interface_number(dev),
110 dev->descriptor.bDeviceClass == USB_CLASS_APPLICATION ? " (DFU mode)" : "");
111 }
112
open_device(char * device,struct dfu_suffix * suffix)113 static struct usb_dev_handle *open_device(char *device, struct dfu_suffix *suffix)
114 {
115 struct usb_bus *bus;
116 struct usb_device *dev, *dfu_dev[10];
117 struct usb_dev_handle *udev;
118 struct dfu_status status;
119 char str[8];
120 int i, intf, sel = 0, num = 0, try = 5, bus_id = -1, dev_id = -1;
121
122 printf("Scanning USB busses ... ");
123 fflush(stdout);
124
125 usb_find_busses();
126 usb_find_devices();
127
128 for (bus = usb_get_busses(); bus; bus = bus->next) {
129 if (bus_id > 0) {
130 snprintf(str, sizeof(str) - 1, "%03i", bus_id);
131 if (strcmp(str, bus->dirname))
132 continue;
133 }
134
135 for (dev = bus->devices; dev; dev = dev->next) {
136 if (bus_id > 0 && dev_id > 0) {
137 snprintf(str, sizeof(str) - 1, "%03i", dev_id);
138 if (strcmp(str, dev->filename))
139 continue;
140 }
141
142 if (dev->descriptor.bDeviceClass == USB_CLASS_HUB)
143 continue;
144
145 if (num > 9 || get_interface_number(dev) < 0)
146 continue;
147
148 dfu_dev[num++] = dev;
149 }
150 }
151
152 if (num < 1) {
153 printf("\rCan't find any DFU devices\n");
154 return NULL;
155 }
156
157 printf("\rAvailable devices with DFU support:\n\n");
158 for (i = 0; i < num; i++) {
159 printf("\t%2d) ", i + 1);
160 print_device(dfu_dev[i]);
161 }
162 printf("\n");
163
164 do {
165 printf("\rSelect device (abort with 0): ");
166 fflush(stdout);
167 memset(str, 0, sizeof(str));
168 if (!fgets(str, sizeof(str) - 1, stdin))
169 continue;
170 sel = atoi(str);
171 } while (!isdigit(str[0]) || sel < 0 || sel > num );
172
173 if (sel < 1)
174 return NULL;
175
176 sel--;
177 intf = get_interface_number(dfu_dev[sel]);
178 printf("\n");
179
180 udev = usb_open(dfu_dev[sel]);
181 if (!udev) {
182 printf("Can't open device: %s (%d)\n", strerror(errno), errno);
183 return NULL;
184 }
185
186 if (usb_claim_interface(udev, intf) < 0) {
187 printf("Can't claim interface: %s (%d)\n", strerror(errno), errno);
188 usb_close(udev);
189 return NULL;
190 }
191
192 if (dfu_get_status(udev, intf, &status) < 0) {
193 printf("Can't get status: %s (%d)\n", strerror(errno), errno);
194 goto error;
195 }
196
197 if (status.bState == DFU_STATE_ERROR) {
198 if (dfu_clear_status(udev, intf) < 0) {
199 printf("Can't clear status: %s (%d)\n", strerror(errno), errno);
200 goto error;
201 }
202 if (dfu_abort(udev, intf) < 0) {
203 printf("Can't abort previous action: %s (%d)\n", strerror(errno), errno);
204 goto error;
205 }
206 if (dfu_get_status(udev, intf, &status) < 0) {
207 printf("Can't get status: %s (%d)\n", strerror(errno), errno);
208 goto error;
209 }
210 }
211
212 if (status.bState == DFU_STATE_DFU_IDLE) {
213 if (suffix) {
214 suffix->idVendor = cpu_to_le16(0x0000);
215 suffix->idProduct = cpu_to_le16(0x0000);
216 suffix->bcdDevice = cpu_to_le16(0x0000);
217 }
218 return udev;
219 }
220
221 if (status.bState != DFU_STATE_APP_IDLE) {
222 printf("Device is not idle, can't detach it (state %d)\n", status.bState);
223 goto error;
224 }
225
226 printf("Switching device into DFU mode ... ");
227 fflush(stdout);
228
229 if (suffix) {
230 suffix->idVendor = cpu_to_le16(dfu_dev[sel]->descriptor.idVendor);
231 suffix->idProduct = cpu_to_le16(dfu_dev[sel]->descriptor.idProduct);
232 suffix->bcdDevice = cpu_to_le16(dfu_dev[sel]->descriptor.bcdDevice);
233 }
234
235 if (dfu_detach(udev, intf) < 0) {
236 printf("\rCan't detach device: %s (%d)\n", strerror(errno), errno);
237 goto error;
238 }
239
240 if (dfu_get_status(udev, intf, &status) < 0) {
241 printf("\rCan't get status: %s (%d)\n", strerror(errno), errno);
242 goto error;
243 }
244
245 if (status.bState != DFU_STATE_APP_DETACH) {
246 printf("\rDevice is not in detach mode, try again\n");
247 goto error;
248 }
249
250 usb_release_interface(udev, intf);
251 usb_reset(udev);
252 usb_close(udev);
253
254 bus = dfu_dev[sel]->bus;
255 num = 0;
256
257 while (num != 1 && try-- > 0) {
258 sleep(1);
259 usb_find_devices();
260
261 for (dev = bus->devices; dev; dev = dev->next) {
262 if (dev->descriptor.bDeviceClass != USB_CLASS_APPLICATION)
263 continue;
264
265 if (suffix && dev->descriptor.idVendor != le16_to_cpu(suffix->idVendor))
266 continue;
267
268 if (num > 9 || get_interface_number(dev) != 0)
269 continue;
270
271 dfu_dev[num++] = dev;
272 }
273 }
274
275 if (num != 1) {
276 printf("\rCan't identify device with DFU mode\n");
277 goto error;
278 }
279
280 printf("\r");
281
282 intf = 0;
283
284 udev = usb_open(dfu_dev[0]);
285 if (!udev) {
286 printf("Can't open device: %s (%d)\n", strerror(errno), errno);
287 return NULL;
288 }
289
290 if (usb_claim_interface(udev, intf) < 0) {
291 printf("Can't claim interface: %s (%d)\n", strerror(errno), errno);
292 usb_close(udev);
293 return NULL;
294 }
295
296 if (dfu_get_status(udev, intf, &status) < 0) {
297 printf("Can't get status: %s (%d)\n", strerror(errno), errno);
298 goto error;
299 }
300
301 if (status.bState != DFU_STATE_DFU_IDLE) {
302 printf("Device is not in DFU mode, can't use it\n");
303 goto error;
304 }
305
306 return udev;
307
308 error:
309 usb_release_interface(udev, intf);
310 usb_close(udev);
311 return NULL;
312 }
313
314 static void usage(void);
315
cmd_verify(char * device,int argc,char ** argv)316 static void cmd_verify(char *device, int argc, char **argv)
317 {
318 struct stat st;
319 struct dfu_suffix *suffix;
320 uint32_t crc;
321 uint16_t bcd;
322 char str[16];
323 unsigned char *buf;
324 size_t size;
325 char *filename;
326 unsigned int i, len;
327 int fd;
328
329 if (argc < 2) {
330 usage();
331 exit(1);
332 }
333
334 filename = argv[1];
335
336 if (stat(filename, &st) < 0) {
337 perror("Can't access firmware");
338 exit(1);
339 }
340
341 size = st.st_size;
342
343 if (!(buf = malloc(size))) {
344 perror("Unable to allocate file buffer");
345 exit(1);
346 }
347
348 if ((fd = open(filename, O_RDONLY)) < 0) {
349 perror("Can't open firmware");
350 free(buf);
351 exit(1);
352 }
353
354 if (read(fd, buf, size) < (ssize_t) size) {
355 perror("Can't load firmware");
356 free(buf);
357 close(fd);
358 exit(1);
359 }
360
361 printf("Filename\t%s\n", basename(filename));
362 printf("Filesize\t%zd\n", size);
363
364 crc = crc32_init();
365 for (i = 0; i < size - 4; i++)
366 crc = crc32_byte(crc, buf[i]);
367 printf("Checksum\t%08x\n", crc);
368
369 printf("\n");
370 len = buf[size - 5];
371 printf("DFU suffix\t");
372 for (i = 0; i < len; i++) {
373 printf("%02x ", buf[size - len + i]);
374 }
375 printf("\n\n");
376
377 suffix = (struct dfu_suffix *) (buf + size - DFU_SUFFIX_SIZE);
378
379 printf("idVendor\t%04x\n", le16_to_cpu(suffix->idVendor));
380 printf("idProduct\t%04x\n", le16_to_cpu(suffix->idProduct));
381 printf("bcdDevice\t%x\n", le16_to_cpu(suffix->bcdDevice));
382
383 printf("\n");
384
385 bcd = le16_to_cpu(suffix->bcdDFU);
386
387 printf("bcdDFU\t\t%x.%x\n", bcd >> 8, bcd & 0xff);
388 printf("ucDfuSignature\t%c%c%c\n", suffix->ucDfuSignature[2],
389 suffix->ucDfuSignature[1], suffix->ucDfuSignature[0]);
390 printf("bLength\t\t%d\n", suffix->bLength);
391 printf("dwCRC\t\t%08x\n", le32_to_cpu(suffix->dwCRC));
392 printf("\n");
393
394 memset(str, 0, sizeof(str));
395 memcpy(str, buf, 8);
396
397 if (!strcmp(str, "CSR-dfu1") || !strcmp(str, "CSR-dfu2")) {
398 crc = crc32_init();
399 for (i = 0; i < size - DFU_SUFFIX_SIZE; i++)
400 crc = crc32_byte(crc, buf[i]);
401
402 printf("Firmware type\t%s\n", str);
403 printf("Firmware check\t%s checksum\n", crc == 0 ? "valid" : "corrupt");
404 printf("\n");
405 }
406
407 free(buf);
408
409 close(fd);
410 }
411
cmd_modify(char * device,int argc,char ** argv)412 static void cmd_modify(char *device, int argc, char **argv)
413 {
414 }
415
cmd_upgrade(char * device,int argc,char ** argv)416 static void cmd_upgrade(char *device, int argc, char **argv)
417 {
418 struct usb_dev_handle *udev;
419 struct dfu_status status;
420 struct dfu_suffix suffix;
421 struct stat st;
422 char *buf;
423 size_t filesize;
424 unsigned long count, timeout = 0;
425 char *filename;
426 uint32_t crc, dwCRC;
427 unsigned int i;
428 int fd, block, len, size, sent = 0, try = 10;
429
430 if (argc < 2) {
431 usage();
432 exit(1);
433 }
434
435 filename = argv[1];
436
437 if (stat(filename, &st) < 0) {
438 perror("Can't access firmware");
439 exit(1);
440 }
441
442 filesize = st.st_size;
443
444 if (!(buf = malloc(filesize))) {
445 perror("Unable to allocate file buffer");
446 exit(1);
447 }
448
449 if ((fd = open(filename, O_RDONLY)) < 0) {
450 perror("Can't open firmware");
451 free(buf);
452 exit(1);
453 }
454
455 if (read(fd, buf, filesize) < (ssize_t) filesize) {
456 perror("Can't load firmware");
457 free(buf);
458 close(fd);
459 exit(1);
460 }
461
462 memcpy(&suffix, buf + filesize - DFU_SUFFIX_SIZE, sizeof(suffix));
463 dwCRC = le32_to_cpu(suffix.dwCRC);
464
465 printf("Filename\t%s\n", basename(filename));
466 printf("Filesize\t%zd\n", filesize);
467
468 crc = crc32_init();
469 for (i = 0; i < filesize - 4; i++)
470 crc = crc32_byte(crc, buf[i]);
471
472 printf("Checksum\t%08x (%s)\n", crc,
473 crc == dwCRC ? "valid" : "corrupt");
474
475 if (crc != dwCRC) {
476 free(buf);
477 close(fd);
478 exit(1);
479 }
480
481 printf("\n");
482
483 udev = open_device(device, &suffix);
484 if (!udev)
485 exit(1);
486
487 printf("\r" " " " " " " " " " ");
488 printf("\rFirmware download ... ");
489 fflush(stdout);
490
491 count = filesize - DFU_SUFFIX_SIZE;
492 block = 0;
493
494 while (count) {
495 size = (count > 1023) ? 1023 : count;
496
497 if (dfu_get_status(udev, 0, &status) < 0) {
498 if (try-- > 0) {
499 sleep(1);
500 continue;
501 }
502 printf("\rCan't get status: %s (%d)\n", strerror(errno), errno);
503 goto done;
504 }
505
506 if (status.bStatus != DFU_OK) {
507 if (try-- > 0) {
508 dfu_clear_status(udev, 0);
509 sleep(1);
510 continue;
511 }
512 printf("\rFirmware download ... aborting (status %d state %d)\n",
513 status.bStatus, status.bState);
514 goto done;
515 }
516
517 if (status.bState != DFU_STATE_DFU_IDLE &&
518 status.bState != DFU_STATE_DFU_DNLOAD_IDLE) {
519 sleep(1);
520 continue;
521 }
522
523 timeout = (status.bwPollTimeout[2] << 16) |
524 (status.bwPollTimeout[1] << 8) |
525 status.bwPollTimeout[0];
526
527 usleep(timeout * 1000);
528
529 len = dfu_download(udev, 0, block, buf + sent, size);
530 if (len < 0) {
531 if (try-- > 0) {
532 sleep(1);
533 continue;
534 }
535 printf("\rCan't upload next block: %s (%d)\n", strerror(errno), errno);
536 goto done;
537 }
538
539 printf("\rFirmware download ... %d bytes ", block * 1023 + len);
540 fflush(stdout);
541
542 sent += len;
543 count -= len;
544 block++;
545 }
546
547 printf("\r" " " " " " " " " " ");
548 printf("\rFinishing firmware download ... ");
549 fflush(stdout);
550
551 sleep(1);
552
553 if (dfu_get_status(udev, 0, &status) < 0) {
554 printf("\rCan't get status: %s (%d)\n", strerror(errno), errno);
555 goto done;
556 }
557
558 timeout = (status.bwPollTimeout[2] << 16) |
559 (status.bwPollTimeout[1] << 8) |
560 status.bwPollTimeout[0];
561
562 usleep(timeout * 1000);
563
564 if (count == 0) {
565 len = dfu_download(udev, 0, block, NULL, 0);
566 if (len < 0) {
567 printf("\rCan't send final block: %s (%d)\n", strerror(errno), errno);
568 goto done;
569 }
570 }
571
572 printf("\r" " " " " " " " " " ");
573 printf("\rWaiting for device ... ");
574 fflush(stdout);
575
576 sleep(10);
577
578 printf("\n");
579
580 done:
581 free(buf);
582 close(fd);
583
584 usb_release_interface(udev, 0);
585 usb_reset(udev);
586 usb_close(udev);
587 }
588
cmd_archive(char * device,int argc,char ** argv)589 static void cmd_archive(char *device, int argc, char **argv)
590 {
591 struct usb_dev_handle *udev;
592 struct dfu_status status;
593 struct dfu_suffix suffix;
594 char buf[2048];
595 unsigned long timeout = 0;
596 char *filename;
597 uint32_t crc;
598 int fd, i, n, len, try = 8;
599
600 if (argc < 2) {
601 usage();
602 exit(1);
603 }
604
605 filename = argv[1];
606
607 udev = open_device(device, &suffix);
608 if (!udev)
609 exit(1);
610
611 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
612 if (fd < 0) {
613 printf("Can't open firmware file: %s (%d)\n", strerror(errno), errno);
614 goto done;
615 }
616
617 printf("\r" " " " " " " " " " ");
618 printf("\rFirmware upload ... ");
619 fflush(stdout);
620
621 crc = crc32_init();
622 n = 0;
623 while (1) {
624 if (dfu_get_status(udev, 0, &status) < 0) {
625 if (try-- > 0) {
626 sleep(1);
627 continue;
628 }
629 printf("\rCan't get status: %s (%d)\n", strerror(errno), errno);
630 goto done;
631 }
632
633 if (status.bStatus != DFU_OK) {
634 if (try-- > 0) {
635 dfu_clear_status(udev, 0);
636 sleep(1);
637 continue;
638 }
639 printf("\rFirmware upload ... aborting (status %d state %d)\n",
640 status.bStatus, status.bState);
641 goto done;
642 }
643
644 if (status.bState != DFU_STATE_DFU_IDLE &&
645 status.bState != DFU_STATE_UPLOAD_IDLE) {
646 sleep(1);
647 continue;
648 }
649
650 timeout = (status.bwPollTimeout[2] << 16) |
651 (status.bwPollTimeout[1] << 8) |
652 status.bwPollTimeout[0];
653
654 usleep(timeout * 1000);
655
656 len = dfu_upload(udev, 0, n, buf, 1023);
657 if (len < 0) {
658 if (try-- > 0) {
659 sleep(1);
660 continue;
661 }
662 printf("\rCan't upload next block: %s (%d)\n", strerror(errno), errno);
663 goto done;
664 }
665
666 printf("\rFirmware upload ... %d bytes ", n * 1023 + len);
667 fflush(stdout);
668
669 for (i = 0; i < len; i++)
670 crc = crc32_byte(crc, buf[i]);
671
672 if (len > 0) {
673 if (write(fd, buf, len) < 0) {
674 printf("\rCan't write next block: %s (%d)\n", strerror(errno), errno);
675 goto done;
676 }
677 }
678
679 n++;
680 if (len != 1023)
681 break;
682 }
683 printf("\n");
684
685 suffix.bcdDFU = cpu_to_le16(0x0100);
686 suffix.ucDfuSignature[0] = 'U';
687 suffix.ucDfuSignature[1] = 'F';
688 suffix.ucDfuSignature[2] = 'D';
689 suffix.bLength = DFU_SUFFIX_SIZE;
690
691 memcpy(buf, &suffix, DFU_SUFFIX_SIZE);
692 for (i = 0; i < DFU_SUFFIX_SIZE - 4; i++)
693 crc = crc32_byte(crc, buf[i]);
694
695 suffix.dwCRC = cpu_to_le32(crc);
696
697 if (write(fd, &suffix, DFU_SUFFIX_SIZE) < 0)
698 printf("Can't write suffix block: %s (%d)\n", strerror(errno), errno);
699
700 done:
701 close(fd);
702
703 usb_release_interface(udev, 0);
704 usb_reset(udev);
705 usb_close(udev);
706 }
707
708 struct {
709 char *cmd;
710 char *alt;
711 void (*func)(char *device, int argc, char **argv);
712 char *opt;
713 char *doc;
714 } command[] = {
715 { "verify", "check", cmd_verify, "<dfu-file>", "Check firmware file" },
716 { "modify", "change", cmd_modify, "<dfu-file>", "Change firmware attributes" },
717 { "upgrade", "download", cmd_upgrade, "<dfu-file>", "Download a new firmware" },
718 { "archive", "upload", cmd_archive, "<dfu-file>", "Upload the current firmware" },
719 { NULL, NULL, NULL, 0, 0 }
720 };
721
usage(void)722 static void usage(void)
723 {
724 int i;
725
726 printf("dfutool - Device Firmware Upgrade utility ver %s\n\n", VERSION);
727
728 printf("Usage:\n"
729 "\tdfutool [options] <command>\n"
730 "\n");
731
732 printf("Options:\n"
733 "\t-d, --device <device> USB device\n"
734 "\t-h, --help Display help\n"
735 "\n");
736
737 printf("Commands:\n");
738 for (i = 0; command[i].cmd; i++)
739 printf("\t%-8s %-10s\t%s\n", command[i].cmd,
740 command[i].opt ? command[i].opt : " ",
741 command[i].doc);
742 printf("\n");
743 }
744
745 static struct option main_options[] = {
746 { "help", 0, 0, 'h' },
747 { "device", 1, 0, 'd' },
748 { 0, 0, 0, 0 }
749 };
750
main(int argc,char * argv[])751 int main(int argc, char *argv[])
752 {
753 char *device = NULL;
754 int i, opt;
755
756 while ((opt = getopt_long(argc, argv, "+d:h", main_options, NULL)) != -1) {
757 switch(opt) {
758 case 'd':
759 device = strdup(optarg);
760 break;
761
762 case 'h':
763 usage();
764 exit(0);
765
766 default:
767 exit(0);
768 }
769 }
770
771 argc -= optind;
772 argv += optind;
773 optind = 0;
774
775 if (argc < 1) {
776 usage();
777 exit(1);
778 }
779
780 usb_init();
781
782 for (i = 0; command[i].cmd; i++) {
783 if (strcmp(command[i].cmd, argv[0]) && strcmp(command[i].alt, argv[0]))
784 continue;
785 command[i].func(device, argc, argv);
786 exit(0);
787 }
788
789 usage();
790 exit(1);
791 }
792