def processBulkSubmit(self, dat_cur): if self.urb.type & USB_DIR_IN: g_payload_bytes.bulk.req_in += self.urb.length else: g_payload_bytes.bulk.req_out += self.urb.length pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb printv('Remaining data: %d' % (len(dat_cur))) # printv("Packet %d bulk submit (control info size %lu)" % (self.pktn_str(), 666)) if self.urb.endpoint & URB_TRANSFER_IN: dbg("%d: IN" % (self.g_cur_packet)) else: dbg("%d: OUT" % (self.g_cur_packet)) if len(dat_cur) != self.urb.data_length: comment("WARNING: remaining bytes %d != expected payload out bytes %d" % (len(dat_cur), self.urb.data_length)) hexdump(dat_cur, " ") raise Exception('See above') pending.m_data_out = str(dat_cur) pending.packet_number = self.pktn_str() g_pending[self.urb.id] = pending printV('Added pending bulk URB %s' % self.urb.id)
def processBulkSubmit(self, dat_cur): if self.urb.type & USB_DIR_IN: g_payload_bytes.bulk.req_in += self.urb.length else: g_payload_bytes.bulk.req_out += self.urb.length pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb if args.verbose: print 'Remaining data: %d' % (len(dat_cur)) #if args.verbose: # print "Packet %d bulk submit (control info size %lu)" % (self.pktn_str(), 666) if self.urb.endpoint & URB_TRANSFER_IN: dbg("%d: IN" % (self.g_cur_packet)) else: dbg("%d: OUT" % (self.g_cur_packet)) if len(dat_cur) != self.urb.data_length: comment( "WARNING: remaining bytes %d != expected payload out bytes %d" % (len(dat_cur), self.urb.data_length)) hexdump(dat_cur, " ") #raise Exception('See above') pending.m_data_out = str(dat_cur) pending.packet_number = self.pktn_str() if args.verbose: print 'Added pending bulk URB %s' % self.urb.id g_pending[self.urb.id] = pending
def loop_cb_devmax(self, caplen, packet, ts): self.g_cur_packet += 1 if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print "# Skipping packet %d" % (self.g_cur_packet) return if caplen != len(packet): print "packet %s: malformed, caplen %d != len %d", self.pktn_str( ), caplen, len(packet) return if args.verbose: print 'Len: %d' % len(packet) dbg("Length %u" % (len(packet), )) if len(packet) < usb_urb_sz: hexdump(packet) raise ValueError("Packet size %d is not min size %d" % (len(packet), usb_urb_sz)) # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] self.device_keep = max(self.device_keep, self.urb.device)
def processControlSubmit(self, dat_cur): pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb if args.verbose: print 'Remaining data: %d' % (len(dat_cur)) print 'ctrlrequest: %d' % (len(urb.ctrlrequest)) ctrl = usb_ctrlrequest(self.urb.ctrlrequest[0:usb_ctrlrequest_sz]) if args.verbose: print "Packet %s control submit (control info size %lu)" % (self.pktn_str(), 666) print " bRequestType: %s (0x%02X)" % (request_type2str(ctrl.bRequestType), ctrl.bRequestType) #print " bRequest: %s (0x%02X)" % (request2str(ctrl), ctrl.bRequest) print " wValue: 0x%04X" % (ctrl.wValue) print " wIndex: 0x%04X" % (ctrl.wIndex) print " wLength: 0x%04X" % (ctrl.wLength) if (ctrl.bRequestType & URB_TRANSFER_IN) == URB_TRANSFER_IN: dbg("%d: IN" % (self.g_cur_packet)) else: dbg("%d: OUT" % (self.g_cur_packet)) if len(dat_cur) != self.urb.data_length: comment("WARNING: remaining bytes %d != expected payload out bytes %d" % (len(dat_cur), self.urb.data_length)) hexdump(dat_cur, " ") #raise Exception('See above') pending.m_data_out = str(dat_cur) pending.m_ctrl = ctrl pending.packet_number = self.pktn_str() if args.verbose: print 'Added pending control URB %s' % self.urb.id g_pending[self.urb.id] = pending
def sm_insert(dev): buff = sm_r(dev, 0x10, 0x1F) hexdump(buff, label="sm_insert", indent=' ') SM2_FMT = '<HHHH24s' SM2 = namedtuple('sm', ('ins_all', 'unk1', 'ins_last', 'unk2', 'res')) sm = SM2(*struct.unpack(SM2_FMT, buff)) # Auto increments during some operation print ' Insertions (all): %d' % sm.ins_all print ' Insertions (since last): %d' % sm.ins_last return sm
def parse(buff, convert=True, crc=True, verbose=False): pos = 0 ret = {} if len(buff) != PKT_SZ: if verbose: print 'Dump' hexdump(buff) raise ValueError("Bad buffer size") if ord(buff[0]) != 0x00: raise ValueError("Bad prefix") pos += 1 ret['seq'] = ord(buff[1]) pos += 1 ret['seqn'] = ord(buff[2]) pos += 1 seqx = ret['seq'] ^ ret['seqn'] if seqx != 0xFF: raise ValueError("Unexpected seq 0x%02X w/ seqn 0x%02X => 0x%02X" % (ret['seq'], ret['seqn'], seqx)) for field in fields.split('\n'): field = field.strip() v = struct.unpack('<H', buff[pos:pos + 2])[0] if convert: if field in ('Operation Mode[1]', 'Operation Mode[2]'): v = opr_i2s[v] elif field in ('Operation Status[1]', 'Operation Status[2]'): v = stat_i2so[v] ret[field] = v pos += 2 if pos != PKT_SZ: raise ValueError('Expected parse %d bytes but got %d' % (PKT_SZ, pos)) if ret['res1'] != 0x0118: raise ValueError("Unexpected res1: 0x%04X" % ret['res1']) if ret['res2'] != 0x0100: raise ValueError("Unexpected res2: 0x%04X" % ret['res2']) if crc: buffc = buff[3:-2] check = crcf(buffc) if check != ret['crc']: raise CRCBad('CRC fail: given 0x%04X, calc 0x%04X' % (ret['crc'], check)) return ret
def parse(buff, convert=True, crc=True, verbose=False): pos = 0 ret = {} if len(buff) != PKT_SZ: if verbose: print 'Dump' hexdump(buff) raise ValueError("Bad buffer size") if ord(buff[0]) != 0x00: raise ValueError("Bad prefix") pos += 1 ret['seq'] = ord(buff[1]) pos += 1 ret['seqn'] = ord(buff[2]) pos += 1 seqx = ret['seq'] ^ ret['seqn'] if seqx != 0xFF: raise ValueError("Unexpected seq 0x%02X w/ seqn 0x%02X => 0x%02X" % (ret['seq'], ret['seqn'], seqx)) for field in fields.split('\n'): field = field.strip() v = struct.unpack('<H', buff[pos:pos+2])[0] if convert: if field in ('Operation Mode[1]', 'Operation Mode[2]'): v = opr_i2s[v] elif field in ('Operation Status[1]', 'Operation Status[2]'): v = stat_i2so[v] ret[field] = v pos += 2 if pos != PKT_SZ: raise ValueError('Expected parse %d bytes but got %d' % (PKT_SZ, pos)) if ret['res1'] != 0x0118: raise ValueError("Unexpected res1: 0x%04X" % ret['res1']) if ret['res2'] != 0x0100: raise ValueError("Unexpected res2: 0x%04X" % ret['res2']) if crc: buffc = buff[3:-2] check = crcf(buffc) if check != ret['crc']: raise CRCBad('CRC fail: given 0x%04X, calc 0x%04X' % (ret['crc'], check)) return ret
def sm_info10(dev): # Generated from packet 35/36 buff = sm_r(dev, 0x10, 0x13) ''' something caused fields to update Expected; 8 "\x32\x01\x00\x00\x93\x00\x00\x00" 00000000 32 01 00 00 93 00 00 00 |2....... | Actual; 8 "\x3A\x01\x00\x00\x9B\x00\x00\x00" 00000000 3A 01 00 00 9B 00 00 00 |:....... | ''' hexdump(buff, label="sm_info10", indent=' ') SM3_FMT = '<HHHH' SM3 = namedtuple('sm3', ('ins_all', 'unk1', 'ins_last', 'unk2')) sm = SM3(*struct.unpack(SM3_FMT, buff)) print ' Insertions (all): %d' % sm.ins_all print ' Insertions (since last): %d' % sm.ins_last
def dump_loop(dev, req, max_read, dump_addr, dump_len, do_hexdump=True): bin = '' to_dump = dump_len addr_cur = dump_addr while to_dump > 0: l_this = max(to_dump, to_dump - max_read) l_this = min(l_this, max_read) print print 'Addr 0x%04X, len 0x%04X' % (addr_cur, l_this) # controlRead(self, request_type, request, value, index, length, res = dev.controlRead(0xC0, 0xB0, req, addr_cur, l_this, timeout=1000) bin += res if do_hexdump: hexdump(res) if len(res) != l_this: print "WARNING: wanted 0x%04X bytes but got 0x%04X" % (dump_len, len(res),) to_dump -= l_this addr_cur += l_this return bin
def cmd_01(dev): import inspect if 1: return cmd_01r(dev) buff = cmd_01r(dev, validate=False) if 0: where(2) hexdump(buff, indent=' ') else: print 'cmd_01' state = ord(buff[0x13]) print ' State: 0x%02X' % state print ' 0x15: 0x%02X' % ord(buff[0x15]) print ' 0x16: 0x%02X' % ord(buff[0x16]) print ' 0x17: 0x%02X' % ord(buff[0x17]) return buff
def nxt_buff(): if dbg: print ' nxt_buff: reading' p = bulkRead(0x86, 0x0200) if dbg: hexdump(p, label=' nxt_buff', indent=' ') #print str2hex(p) prefix_this = ord(p[0]) size = (ord(p[-1]) << 8) | ord(p[-2]) ''' if size != len(p) - 3: if truncate and size < len(p) - 3: return prefix_this, p[1:1 + size], suffix_this else: print 'Truncate: %s' % truncate print size, len(p) - 3, len(p) hexdump(p) raise Exception("Bad length (enable truncation?)") return prefix_this, p[1:-2], suffix_this ''' # No harm seen in always truncating return prefix_this, p[1:1 + size]
def loop_cb_devmax(self, caplen, packet, ts): self.g_cur_packet += 1 if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print "# Skipping packet %d" % (self.g_cur_packet) return if caplen != len(packet): print "packet %s: malformed, caplen %d != len %d", self.pktn_str(), caplen, len(packet) return if args.verbose: print 'Len: %d' % len(packet) dbg("Length %u" % (len(packet),)) if len(packet) < usb_urb_sz: hexdump(packet) raise ValueError("Packet size %d is not min size %d" % (len(packet), usb_urb_sz)) # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] self.device_keep = max(self.device_keep, self.urb.device)
def processControlSubmit(self, dat_cur): pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb if args.verbose: print 'Remaining data: %d' % (len(dat_cur)) print 'ctrlrequest: %d' % (len(urb.ctrlrequest)) ctrl = usb_ctrlrequest(self.urb.ctrlrequest[0:usb_ctrlrequest_sz]) if args.verbose: print "Packet %s control submit (control info size %lu)" % ( self.pktn_str(), 666) print " bRequestType: %s (0x%02X)" % (request_type2str( ctrl.bRequestType), ctrl.bRequestType) #print " bRequest: %s (0x%02X)" % (request2str(ctrl), ctrl.bRequest) print " wValue: 0x%04X" % (ctrl.wValue) print " wIndex: 0x%04X" % (ctrl.wIndex) print " wLength: 0x%04X" % (ctrl.wLength) if (ctrl.bRequestType & URB_TRANSFER_IN) == URB_TRANSFER_IN: dbg("%d: IN" % (self.g_cur_packet)) else: dbg("%d: OUT" % (self.g_cur_packet)) if len(dat_cur) != self.urb.data_length: comment( "WARNING: remaining bytes %d != expected payload out bytes %d" % (len(dat_cur), self.urb.data_length)) hexdump(dat_cur, " ") #raise Exception('See above') pending.m_data_out = str(dat_cur) pending.m_ctrl = ctrl pending.packet_number = self.pktn_str() if args.verbose: print 'Added pending control URB %s' % self.urb.id g_pending[self.urb.id] = pending
print i, good, bad try: startup.replay(dev) good += 1 except Exception: print 'Error' bad += 1 raise i += 1 #dev.resetDevice() startup.replay(dev) print hexdump(startup.ta_r(dev, 0x00, 0x3F), label="TA", indent=' ') if startup.gpio_readi(dev) & startup.GPIO_SM == 0: print 'Socket module: yes' hexdump(startup.sm_r(dev, 0x00, 0x3F), label="SM", indent=' ') else: print 'Socket module: no' if 0: for i in xrange(3): startup.led_mask(dev, 7) time.sleep(0.2) startup.led_mask(dev, 0) time.sleep(0.2) # Done!
def cmp_mask(exp, mask, act): if len(exp) != len(act): hexdump(exp, indent=' ', label='expected') hexdump(act, indent=' ', label='actual') raise CmpFail("Exp: %d, act: %d" % (len(exp), len(act))) if len(exp) != len(mask): hexdump(exp, indent=' ', label='expected') hexdump(act, indent=' ', label='mask') raise CmpFail("Exp: %d, mask: %d" % (len(exp), len(mask))) for expc, actc in zip(exp, act): if mask == '\xFF' and expc != actc: hexdump(exp, indent=' ', label='expected') hexdump(act, indent=' ', label='actual') raise CmpFail("Exp: 0x%02X, act: 0x%02X" % (ord(exp), ord(actc)))
def loop_cb(self, caplen, packet, ts): self.g_cur_packet += 1 if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print "# Skipping packet %d" % (self.g_cur_packet) return if args.verbose: print print print print 'PACKET %s' % (self.g_cur_packet,) if caplen != len(packet): print "packet %s: malformed, caplen %d != len %d", self.pktn_str(), caplen, len(packet) return if args.verbose: print 'Len: %d' % len(packet) dbg("Length %u" % (len(packet),)) if len(packet) < usb_urb_sz: hexdump(packet) raise ValueError("Packet size %d is not min size %d" % (len(packet), usb_urb_sz)) # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] # Main packet filtering # Drop if not specified device if args.device is not None and self.urb.device != args.device: return # Drop if is generic device management traffic if not args.setup and self.urb.transfer_type == URB_CONTROL: ctrl = usb_ctrlrequest(self.urb.ctrlrequest[0:usb_ctrlrequest_sz]) reqst = req2s(ctrl) if reqst in setup_reqs or reqst == "GET_STATUS" and self.urb.type == URB_SUBMIT: g_pending[self.urb.id] = None self.submit = None self.urb = None return self.rel_pkt += 1 if args.verbose: print "Header size: %lu" % (usb_urb_sz,) print_urb(urb) if self.urb.type == URB_ERROR: print "oh noes!" if args.halt: sys.exit(1) if self.urb.type == URB_COMPLETE: if args.verbose: print 'Pending (%d):' % (len(g_pending),) for k in g_pending: print ' %s' % (k,) # for some reason usbmon will occasionally give packets out of order if not self.urb.id in g_pending: #raise Exception("Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) comment("WARNING: Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) self.pending_complete[self.urb.id] = (self.urb, dat_cur) else: self.process_complete(dat_cur) elif self.urb.type == URB_SUBMIT: # Find the matching submit request if self.urb.transfer_type == URB_CONTROL: self.processControlSubmit(dat_cur) elif self.urb.transfer_type == URB_BULK: self.processBulkSubmit(dat_cur) elif self.urb.transfer_type == URB_INTERRUPT: pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb pending.packet_number = self.pktn_str() if args.verbose: print 'Added pending bulk URB %s' % self.urb.id g_pending[self.urb.id] = pending if self.urb.id in self.pending_complete: # oh snap solved a temporal anomaly urb_submit = self.urb (urb_complete, dat_cur) = self.pending_complete[self.urb.id] del self.pending_complete[self.urb.id] self.urb = urb_complete self.process_complete(dat_cur) self.submit = None self.urb = None
verbose = False if __name__ == "__main__": parser = argparse.ArgumentParser(description='Replay captured USB packets') parser.add_argument('--verbose', '-v', action='store_true', help='verbose') parser.add_argument('fout', nargs='?', default=None, help='File out') args = parser.parse_args() usbcontext = usb1.USBContext() dev = open_dev(usbcontext) gxs = gxs700.GXS700(usbcontext, dev, verbose=args.verbose) print print 'Reading memory' # The FX2 has eight kbytes of internal program/data RAM, # Only the internal eight kbytes and scratch pad 0.5 kbytes RAM spaces have the following access: ''' The available RAM spaces are 8 kbytes from 0x0000-0x1FFF (code/data) and 512 bytes from 0xE000-0xE1FF (scratch pad RAM). ''' r = ram_r(dev, 0x0000, 0x2000) if args.fout: if args.fout.find('.hex') >= 0: pass else: open(args.fout, 'w').write(r) else: hexdump(r)
def replay(dev, fw, cont=True, blank=True): bulkRead, bulkWrite, controlRead, controlWrite = usb_wraps(dev) # Generated by uvusbreplay 0.1 # uvusbreplay copyright 2011 John McMaster <*****@*****.**> # cmd: /home/mcmaster/bin/usbrply --packet-numbers --no-setup --comment --fx2 --packet-numbers -j cap/2015-10-11/i87c51_13_write_cont_id_blank_v2_ff.cap # FIXME: size? read.replay1(dev, cont) # Generated from packet 363/364 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 367/368 cmd_50(dev, "\x18\x00") # Generated from packet 369/370 buff = bulk2(dev, "\x66\xB8\x01\x2D\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8F\x00", buff, "packet W: 369/370, R: 371/372") # Generated from packet 373/374 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x90\x00\xB0\x5D\x09\x00", buff, "packet W: 373/374, R: 375/376") # Generated from packet 377/378 buff = bulk2(dev, "\x57\x8F\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 377/378, R: 379/380") # Generated from packet 381/382 cmd_50(dev, "\x0A\x06") # Generated from packet 383/384 buff = bulk2(dev, write_fw.p383, target=0x02) validate_read("\x90\x00", buff, "packet W: 383/384, R: 385/386") # Generated from packet 387/388 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x91\x00\xC0\x63\x09\x00", buff, "packet W: 387/388, R: 389/390") # Generated from packet 391/392 if blank: print 'Blank checking' tstart = time.time() buff = bulk2(dev, "\x08\x00\x57\x90\x00", target=0x02) tend = time.time() print 'Blank test took %0.3f sec' % (tend - tstart,) if buff == "\x00\x00": print 'Blank: pass' elif buff == "\x01\x00": raise NotBlank('Blank: fail') else: hexdump(buff) raise Exception("Unknown blank status") # Generated from packet 395/396 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 399/400 cmd_50(dev, "\x18\x00") # Generated from packet 401/402 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x91\x00", buff, "packet W: 401/402, R: 403/404") # Generated from packet 405/406 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x92\x00\xE0\x63\x09\x00", buff, "packet W: 405/406, R: 407/408") # Generated from packet 409/410 buff = bulk2(dev, "\x57\x91\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 409/410, R: 411/412") # Generated from packet 413/414 cmd_50(dev, "\x9F\x09") # Generated from packet 415/416 buff = bulk2(dev, write_fw.p415, target=0x02) validate_read("\x92\x00", buff, "packet W: 415/416, R: 417/418") # Generated from packet 419/420 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x93\x00\x80\x6D\x09\x00", buff, "packet W: 419/420, R: 421/422") # Generated from packet 423/424 buff = bulk2(dev, "\x57\x92\x00", target=0x01) validate_read("\x62", buff, "packet W: 423/424, R: 425/426") # Generated from packet 427/428 # NOTE: prefix 0x18 buff = bulk86(dev, target=0x01, prefix=0x18) validate_read("\x0B", buff, "packet 427/428") # Generated from packet 429/430 fw_w(dev, fw, verbose=True) # Generated from packet 513/514 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 517/518 cmd_50(dev, "\x18\x00") # Generated from packet 519/520 buff = bulk2(dev, "\x66\xB8\x01\x2D\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x93\x00", buff, "packet W: 519/520, R: 521/522") # Generated from packet 523/524 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x94\x00\xA0\x6D\x09\x00", buff, "packet W: 523/524, R: 525/526") # Generated from packet 527/528 buff = bulk2(dev, "\x57\x93\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 527/528, R: 529/530") # Generated from packet 531/532 cmd_50(dev, "\xE0\x08") # Generated from packet 533/534 buff = bulk2(dev, write_fw.p533, target=0x02) validate_read("\x94\x00", buff, "packet W: 533/534, R: 535/536") # Generated from packet 537/538 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x95\x00\x80\x76\x09\x00", buff, "packet W: 537/538, R: 539/540") # Generated from packet 541/542 cmd_57_94(dev) # Generated from packet 547/548 fw_w(dev, fw) # Generated from packet 631/632 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 635/636 cmd_50(dev, "\x18\x00") # Generated from packet 637/638 buff = bulk2(dev, "\x66\xB8\x01\x37\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x95\x00", buff, "packet W: 637/638, R: 639/640") # Generated from packet 641/642 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x96\x00\xA0\x76\x09\x00", buff, "packet W: 641/642, R: 643/644") # Generated from packet 645/646 buff = bulk2(dev, "\x57\x95\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 645/646, R: 647/648") # Generated from packet 649/650 cmd_57_94(dev) # Generated from packet 655/656 fw_w(dev, fw) # Generated from packet 739/740 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 743/744 cmd_50(dev, "\x0D\x00") # Generated from packet 745/746 buff = bulk2(dev, "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00", target=0x02) validate_read("\x96\x00", buff, "packet W: 745/746, R: 747/748") # Generated from packet 749/750 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x97\x00\xB0\x76\x09\x00", buff, "packet W: 749/750, R: 751/752") # Generated from packet 753/754 cmd_57_50(dev, "\x96", "\x1A\x00") # Generated from packet 755/756 buff = bulk2(dev, "\x66\xB9\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00\x66\xB9\x00" \ "\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x97\x00", buff, "packet W: 755/756, R: 757/758") # Generated from packet 759/760 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x98\x00\xD0\x76\x09\x00", buff, "packet W: 759/760, R: 761/762") # Generated from packet 763/764 buff = bulk2(dev, "\x57\x97\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 763/764, R: 765/766") # Generated from packet 767/768 led_mask_30(dev, "pass") # Generated from packet 771/772 gpio_readi(dev) # Generated from packet 775/776 gpio_readi(dev) # Generated from packet 779/780 sm_info22(dev) # Generated from packet 783/784 sm_info24(dev) # Generated from packet 787/788 sm_read(dev) # Generated from packet 791/792 cmd_49(dev) # Generated from packet 795/796 sm_read(dev) # Generated from packet 799/800 sm_insert(dev) # Generated from packet 803/804 sm_info10(dev)
def replay(dev, fw, cont=True, blank=True): bulkRead, bulkWrite, controlRead, controlWrite = usb_wraps(dev) # Generated by uvusbreplay 0.1 # uvusbreplay copyright 2011 John McMaster <*****@*****.**> # cmd: /home/mcmaster/bin/usbrply --packet-numbers --no-setup --comment --fx2 --packet-numbers -j cap/2015-10-11/i87c51_13_write_cont_id_blank_v2_ff.cap # FIXME: size? read.replay1(dev, cont) # Generated from packet 363/364 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 367/368 cmd_50(dev, "\x18\x00") # Generated from packet 369/370 buff = bulk2(dev, "\x66\xB8\x01\x2D\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8F\x00", buff, "packet W: 369/370, R: 371/372") # Generated from packet 373/374 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x90\x00\xB0\x5D\x09\x00", buff, "packet W: 373/374, R: 375/376") # Generated from packet 377/378 buff = bulk2(dev, "\x57\x8F\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 377/378, R: 379/380") # Generated from packet 381/382 cmd_50(dev, "\x0A\x06") # Generated from packet 383/384 buff = bulk2(dev, write_fw.p383, target=0x02) validate_read("\x90\x00", buff, "packet W: 383/384, R: 385/386") # Generated from packet 387/388 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x91\x00\xC0\x63\x09\x00", buff, "packet W: 387/388, R: 389/390") # Generated from packet 391/392 if blank: print 'Blank checking' tstart = time.time() buff = bulk2(dev, "\x08\x00\x57\x90\x00", target=0x02) tend = time.time() print 'Blank test took %0.3f sec' % (tend - tstart, ) if buff == "\x00\x00": print 'Blank: pass' elif buff == "\x01\x00": raise NotBlank('Blank: fail') else: hexdump(buff) raise Exception("Unknown blank status") # Generated from packet 395/396 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 399/400 cmd_50(dev, "\x18\x00") # Generated from packet 401/402 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x91\x00", buff, "packet W: 401/402, R: 403/404") # Generated from packet 405/406 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x92\x00\xE0\x63\x09\x00", buff, "packet W: 405/406, R: 407/408") # Generated from packet 409/410 buff = bulk2(dev, "\x57\x91\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 409/410, R: 411/412") # Generated from packet 413/414 cmd_50(dev, "\x9F\x09") # Generated from packet 415/416 buff = bulk2(dev, write_fw.p415, target=0x02) validate_read("\x92\x00", buff, "packet W: 415/416, R: 417/418") # Generated from packet 419/420 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x93\x00\x80\x6D\x09\x00", buff, "packet W: 419/420, R: 421/422") # Generated from packet 423/424 buff = bulk2(dev, "\x57\x92\x00", target=0x01) validate_read("\x62", buff, "packet W: 423/424, R: 425/426") # Generated from packet 427/428 # NOTE: prefix 0x18 buff = bulk86(dev, target=0x01, prefix=0x18) validate_read("\x0B", buff, "packet 427/428") # Generated from packet 429/430 fw_w(dev, fw, verbose=True) # Generated from packet 513/514 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 517/518 cmd_50(dev, "\x18\x00") # Generated from packet 519/520 buff = bulk2(dev, "\x66\xB8\x01\x2D\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x93\x00", buff, "packet W: 519/520, R: 521/522") # Generated from packet 523/524 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x94\x00\xA0\x6D\x09\x00", buff, "packet W: 523/524, R: 525/526") # Generated from packet 527/528 buff = bulk2(dev, "\x57\x93\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 527/528, R: 529/530") # Generated from packet 531/532 cmd_50(dev, "\xE0\x08") # Generated from packet 533/534 buff = bulk2(dev, write_fw.p533, target=0x02) validate_read("\x94\x00", buff, "packet W: 533/534, R: 535/536") # Generated from packet 537/538 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x95\x00\x80\x76\x09\x00", buff, "packet W: 537/538, R: 539/540") # Generated from packet 541/542 cmd_57_94(dev) # Generated from packet 547/548 fw_w(dev, fw) # Generated from packet 631/632 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 635/636 cmd_50(dev, "\x18\x00") # Generated from packet 637/638 buff = bulk2(dev, "\x66\xB8\x01\x37\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x95\x00", buff, "packet W: 637/638, R: 639/640") # Generated from packet 641/642 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x96\x00\xA0\x76\x09\x00", buff, "packet W: 641/642, R: 643/644") # Generated from packet 645/646 buff = bulk2(dev, "\x57\x95\x00\x57\x89\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 645/646, R: 647/648") # Generated from packet 649/650 cmd_57_94(dev) # Generated from packet 655/656 fw_w(dev, fw) # Generated from packet 739/740 cmd_57s(dev, '\x8C', "\x00\x00") # Generated from packet 743/744 cmd_50(dev, "\x0D\x00") # Generated from packet 745/746 buff = bulk2(dev, "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00", target=0x02) validate_read("\x96\x00", buff, "packet W: 745/746, R: 747/748") # Generated from packet 749/750 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x97\x00\xB0\x76\x09\x00", buff, "packet W: 749/750, R: 751/752") # Generated from packet 753/754 cmd_57_50(dev, "\x96", "\x1A\x00") # Generated from packet 755/756 buff = bulk2(dev, "\x66\xB9\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00\x66\xB9\x00" \ "\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x97\x00", buff, "packet W: 755/756, R: 757/758") # Generated from packet 759/760 buff = bulk2(dev, "\x02", target=0x06) validate_read("\x98\x00\xD0\x76\x09\x00", buff, "packet W: 759/760, R: 761/762") # Generated from packet 763/764 buff = bulk2(dev, "\x57\x97\x00", target=0x02) validate_read("\x00\x00", buff, "packet W: 763/764, R: 765/766") # Generated from packet 767/768 led_mask_30(dev, "pass") # Generated from packet 771/772 gpio_readi(dev) # Generated from packet 775/776 gpio_readi(dev) # Generated from packet 779/780 sm_info22(dev) # Generated from packet 783/784 sm_info24(dev) # Generated from packet 787/788 sm_read(dev) # Generated from packet 791/792 cmd_49(dev) # Generated from packet 795/796 sm_read(dev) # Generated from packet 799/800 sm_insert(dev) # Generated from packet 803/804 sm_info10(dev)
def hexdump(*args): try: from uvscada.util import hexdump hexdump(*args) except: comment('hexdump broken')
bin = dump_loop(dev, 0x0010, EEPROM_RMAX, dump_addr, dump_len, do_hexdump=(not args.fn)) if args.fn: open(args.fn, 'w').write(bin) if 0: print print 'Reading flash' dump_addr = 0 dump_len = 0x800 dump_loop(dev, 0x0010, EEPROM_RMAX, dump_addr, dump_len, do_hexdump=(not args.fn)) if 0: print print 'replay' # Generated from packet 443/444 buff = dev.controlRead(0xC0, 0xB0, 0x0010, 0x0000, 256) hexdump(buff) if 0: ''' gendex bad 00000000 41 41 41 41 41 41 41 41 49 41 41 00 00 00 00 00 |AAAAAAAAIAA.....| 00000010 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA| 00000020 32 30 31 35 2F 30 33 2F 31 39 2D 32 31 3A 34 34 |2015/03/19-21:44| 00000030 3A 34 33 3A 30 38 37 41 41 41 41 41 41 41 41 41 |:43:087AAAAAAAAA| 00000040 32 31 30 33 32 33 31 36 36 33 00 FF FF 00 74 E2 |2103231663....t.| 00000050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................| 00000060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................| 00000070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................| dexis good 00000000 C0 28 53 09 20 00 00 01 54 00 00 00 54 00 00 00 |.(S. ...T...T...|
def replay1(dev, cont=True): _bulkRead, bulkWrite, controlRead, controlWrite = usb_wraps(dev) # Atomic # Generated from packet 11/12 buff = controlRead(0xC0, 0xB0, 0x0000, 0x0000, 4096) # Req: 4096, got: 3 validate_read("\x00\x00\x00", buff, "packet 11/12") # Generated from packet 13/14 buff = bulk86(dev, target=0x01) validate_read("\x16", buff, "packet 13/14") # Generated from packet 15/16 cmd_01(dev) # NOTE:: req max 512 but got 136 # Generated from packet 19/20 buff = bulk2(dev, "\x43\x19\x10\x00\x00\x3B\x7E\x25\x00\x00\xFE\xFF\x3B\x7C\x25\x00" \ "\x00\xFE\xFF\x00" , target=0x02) validate_read("\xA4\x06", buff, "packet W: 19/20, R: 21/22") # Generated from packet 23/24 cmd_01(dev) # Generated from packet 27/28 sn_read(dev) # NOTE:: req max 512 but got 35 # Generated from packet 31/32 buff = bulk2(dev, "\x14\x38\x25\x00\x00\x04\x00\x90\x32\x90\x00\xA7\x02\x1F\x00\x14" \ "\x40\x25\x00\x00\x01\x00\x3C\x36\x0E\x01" , target=0x20) validate_read( "\x14\x00\x54\x41\x38\x34\x56\x4C\x56\x5F\x46\x58\x34\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x2C" , buff, "packet W: 31/32, R: 33/34") sm_info1(dev) # Generated from packet 55/56 cmd_01(dev) # NOTE:: req max 512 but got 136 # Generated from packet 59/60 cmd_43(dev, "\x10") # Generated from packet 61/62 bulkWrite(0x02, cmd_20_mk() + cmd_0C_mk()) # Generated from packet 63/64 cmd_41(dev) # Generated from packet 65/66 cmd_10(dev) sm_read(dev) ''' validate_read( "\x11\x00\x53\x4D\x34\x38\x44\x00\x00\x00\x00\x00\x00\x00\x5D\xF4" \ "\x39\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6C" , buff, "packet W: 69/70, R: 71/72") ''' sm_insert(dev) # Generated from packet 77/78 cmd_45(dev) # Generated from packet 81/82 cmd_49(dev) sm_info1(dev) sm_insert(dev) # Generated from packet 117/118 sm_info10(dev) # Generated from packet 121/122 cmd_3B(dev) cmd_4A(dev) # NOTE:: req max 512 but got 5 # Generated from packet 127/128 cmd_4C(dev) # Generated from packet 129/130 # None (0xB2) buff = controlWrite(0x40, 0xB2, 0x0000, 0x0000, "") # Atomic # Generated from packet 131/132 cmd_50(dev, "\x5D\x00") # Generated from packet 133/134 buff = bulk2(dev, "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x01\x10" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x01\x80" \ "\xE9\x02\x00\x00\x00\x90\x00\xE9\x04\x00\x00\x00\x00\x00\x00\x00" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x00\x00" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x00\x00" \ "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x80\x00", buff, "packet W: 133/134, R: 135/136") # Generated from packet 137/138 cmd_02(dev, "\x81\x00\x60\x00\x09\x00", "packet W: 137/138, R: 139/140") # Atomic # Generated from packet 141/142 cmd_50(dev, "\xC0\x00") # Generated from packet 143/144 buff = bulk2(dev, "\x66\xB8\x01\x2D\x81\xE3\xFF\xFF\x00\x00\x66\xBB\x18\x00\x66\xC7" \ "\x05\x30\x40\x00\xC0\xF0\xFF\x89\xD9\xC1\xE1\x02\x66\xC7\x81\x02" \ "\x00\x00\x00\xF0\xFF\x66\x03\x05\xE4\x46\x00\x00\x66\x89\x05\x90" \ "\x40\x00\xC0\x89\xDA\x81\xCA\x00\x80\x00\x00\x66\x89\x15\x50\x40" \ "\x00\xC0\xC6\x05\x14\x22\x00\xC0\x7B\x81\xCA\x00\x40\x00\x00\x66" \ "\x89\x15\x50\x40\x00\xC0\x89\xD9\x66\xC1\xE1\x02\x66\x89\x81\x00" \ "\x00\x00\x00\x66\x2B\x05\xE4\x46\x00\x00\xC6\x05\x14\x22\x00\xC0" \ "\xBB\x81\xCB\x00\x80\x00\x00\x66\x89\x1D\x50\x40\x00\xC0\x89\xC2" \ "\x81\xE2\x07\x00\x00\x00\x03\xD2\x81\xCA\x01\x00\x00\x00\x89\xD9" \ "\x81\xE1\x03\x00\x00\x00\xD3\xE2\xD3\xE2\xD3\xE2\xD3\xE2\xD3\xE2" \ "\xC1\xE2\x0A\x89\xD9\x81\xE1\xFC\x03\x00\x00\x09\xCA\x88\x82\x00" \ "\x00\x00\x40\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x81\x00", buff, "packet W: 143/144, R: 145/146") # Generated from packet 147/148 cmd_02(dev, "\x82\x00\x20\x01\x09\x00", "packet W: 147/148, R: 149/150") # Generated from packet 151/152 cmd_09(dev) # Generated from packet 153/154 cmd_02(dev, "\x82\x00\x20\x01\x09\x00", "packet W: 153/154, R: 155/156") # added sm_insert(dev) print 'Going active' led_mask_30(dev, 'active') # Atomic # Generated from packet 161/162 cmd_50(dev, "\x18\x00") # Generated from packet 163/164 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x82\x00", buff, "packet W: 163/164, R: 165/166") # Generated from packet 167/168 cmd_02(dev, "\x83\x00\x40\x01\x09\x00", "packet W: 167/168, R: 169/170") # Generated from packet 171/172 buff = bulk2(dev, "\x57\x82\x00\x20\x01\x00\x2B\x3B\x0C\x22\x00\xC0\x40\x00\x3B\x0E" \ "\x22\x00\xC0\x00\x00\x3B\x1A\x22\x00\xC0\x18\x00\x0E\x01" , target=0x20) validate_read( "\x14\x00\x54\x41\x38\x34\x56\x4C\x56\x5F\x46\x58\x34\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x2C" , buff, "packet W: 171/172, R: 173/174") sm_info0(dev) # Generated from packet 195/196 buff = bulk2(dev, "\x48\x00\x10\x82\x02", target=0x06) validate_read("\x82\x00\x20\x01\x09\x00", buff, "packet W: 195/196, R: 197/198") # Generated from packet 199/200 bulkWrite(0x02, cmd_20_mk() + cmd_50_mk("\x7D\x02")) # Generated from packet 201/202 buff = bulk2(dev, read_fw.p201, target=0x02) validate_read("\x82\x00", buff, "packet W: 201/202, R: 203/204") # Generated from packet 205/206 cmd_02(dev, "\x83\x00\xA0\x03\x09\x00", "packet W: 205/206, R: 207/208") # Atomic # Generated from packet 209/210 cmd_57_50(dev, "\x82", "\x1D\x00") # Generated from packet 211/212 buff = bulk2(dev, "\xC7\x05\x74\x46\x00\x00\x0B\x00\x00\x00\xFF\x15\x38\x11\x00\x00" \ "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x83\x00", buff, "packet W: 211/212, R: 213/214") # Generated from packet 215/216 cmd_02(dev, "\x84\x00\xC0\x03\x09\x00", "packet W: 215/216, R: 217/218") # Atomic ''' Seems these must be done together Increments socket insertion count ''' # Generated from packet 219/220 cmd_57_50(dev, "\x83", "\x18\x3A") # p221.bin: DOS executable (COM) # Generated from packet 221/222 buff = bulk2(dev, read_fw.p221, target=0x02) validate_read("\x84\x00", buff, "packet W: 221/222, R: 223/224") # Generated from packet 225/226 cmd_02(dev, "\x85\x00\xE0\x3D\x09\x00", "packet W: 225/226, R: 227/228") # Generated from packet 229/230 bulkWrite(0x02, "\x57\x84\x00\xF0\xFF\xFF\x0F\xF0\xFF\xFF\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\xF0\x0F\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" \ "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" ) # Atomic # Generated from packet 231/232 cmd_50(dev, "\xDE\x03") # Generated from packet 233/234 buff = bulk2(dev, read_fw.p233, target=0x02) validate_read("\x85\x00", buff, "packet W: 233/234, R: 235/236") # Generated from packet 237/238 cmd_02(dev, "\x86\x00\xC0\x41\x09\x00", "packet W: 237/238, R: 239/240") # The actual continuity check if cont: # Generated from packet 241/242 # Takes about 0.05 sec on pass but 0.52 sec on fail tstart = time.time() buff = cmd_57s(dev, "\x85", None, "cmd_57") tend = time.time() print 'Continuity test took %0.3f sec' % (tend - tstart,) hexdump(buff, label='Continuity', indent=' ') # Chip inserted if buff == "\x01": print 'Continuity OK' # Chip removed elif buff == ("\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"): raise ContFail('Continuity complete failure (part not inserted?)') # Inserting chip while running # I'm guessing its telling me which pins failed # Lets bend a pin and verify else: raise ContFail('Continuity partial failure (dirty contacts? Inserted wrong?)') # Atomic with following operation # Generated from packet 245/246 cmd_50(dev, "\x62\x00") # Generated from packet 247/248 buff = bulk2(dev, "\x00\x00\x3C\x00\x38\x00\x34\x00\x30\x00\x3D\x00\x39\x00\x35\x00" \ "\x31\x00\x3E\x00\x3A\x00\x36\x00\x32\x00\x3F\x00\x3B\x00\x37\x00" \ "\x33\x00\x1E\x00\x1A\x00\x16\x00\x00\x00\x02\x00\x06\x00\x0A\x00" \ "\x0E\x00\x23\x00\x27\x00\x2B\x00\x2F\x00\x22\x00\x26\x00\x2A\x00" \ "\x2E\x00\x21\x00\x25\x00\x29\x00\x2D\x00\x20\x00\x24\x00\x28\x00" \ "\x1C\x00\x00\x00\x04\x00\x08\x00\x0C\x00\x10\x00\x14\x00\x18\x00" \ "\x1C\x00" , target=0x02) validate_read("\x86\x00", buff, "packet W: 247/248, R: 249/250") # Generated from packet 251/252 cmd_02(dev, "\x87\x00\x30\x42\x09\x00", "packet W: 251/252, R: 253/254") # Atomic with next # Generated from packet 255/256 bulkWrite(0x02, "\x1D\xC0\x41\x09\x00\x28\x00\x15\x60\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x01\x00\x00\x00\x1C\x30\x00\x00\x00\x08\x00\x00\x00\x48" \ "\x00\x50\x71\x09\x00\x00") # Generated from packet 257/258 buff = bulk2(dev, read_fw.p257, target=0x02) validate_read("\x87\x00", buff, "packet W: 257/258, R: 259/260") # Generated from packet 261/262 cmd_02(dev, "\x88\x00\xB0\x4B\x09\x00", "packet W: 261/262, R: 263/264") # Generated from packet 265/266 cmd_57s(dev, "\x87", "\x00\x00", "cmd_57") # Atomic # Generated from packet 269/270 cmd_50(dev, "\x17\x00") # Generated from packet 271/272 buff = bulk2(dev, "\xC7\x05\x2C\x00\x09\x00\x24\x04\x00\x00\x66\xB9\x00\x00\xB2\x00" \ "\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x88\x00", buff, "packet W: 271/272, R: 273/274") # Generated from packet 275/276 cmd_02(dev, "\x89\x00\xD0\x4B\x09\x00", "packet W: 275/276, R: 277/278") # Atomic # Generated from packet 279/280 cmd_57_50(dev, "\x88", "\x32\x07") # Generated from packet 281/282 buff = bulk2(dev, read_fw.p281, target=0x02) validate_read("\x89\x00", buff, "packet W: 281/282, R: 283/284") # Generated from packet 285/286 cmd_02(dev, "\x8A\x00\x10\x53\x09\x00", "packet W: 285/286, R: 287/288") # Generated from packet 289/290 cmd_57s(dev, '\x89', "\x00\x00") # Atomic # Generated from packet 293/294 cmd_50(dev, "\x3D\x03") # Generated from packet 295/296 buff = bulk2(dev, read_fw.p295, target=0x02) validate_read("\x8A\x00", buff, "packet W: 295/296, R: 297/298") # Generated from packet 299/300 cmd_02(dev, "\x8B\x00\x50\x56\x09\x00", "packet W: 299/300, R: 301/302") # Generated from packet 303/304 cmd_57s(dev, "\x8A", "\x89\x00") # Atomic # Generated from packet 307/308 cmd_50(dev, "\x1D\x00") # Generated from packet 309/310 buff = bulk2(dev, "\x66\x8B\x0D\x1A\x24\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" \ "\x66\xB9\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8B\x00", buff, "packet W: 309/310, R: 311/312") # Generated from packet 313/314 cmd_02(dev, "\x8C\x00\x70\x56\x09\x00", "packet W: 313/314, R: 315/316") # Generated from packet 317/318 # Bad part returns \x59\x00 but otherwise can be read # (with partially corrupt bit pattern) if cont: buff = cmd_57s(dev, "\x8B", None) if buff == "\x59\x00": raise Exception("Failed 0x8B health check") else: validate_read("\x58\x00", buff, "") # Atomic # Generated from packet 321/322 cmd_50(dev, "\xF8\x04") # Generated from packet 323/324 buff = bulk2(dev, read_fw.p323, target=0x02) validate_read("\x8C\x00", buff, "packet W: 323/324, R: 325/326") # Generated from packet 327/328 cmd_02(dev, "\x8D\x00\x70\x5B\x09\x00", "packet W: 327/328, R: 329/330") # Generated from packet 331/332 cmd_57s(dev, '\x8C', "\x00\x00") # Atomic # Generated from packet 335/336 cmd_50(dev, "\x18\x00") # Generated from packet 337/338 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8D\x00", buff, "packet W: 337/338, R: 339/340") # Generated from packet 341/342 cmd_02(dev, "\x8E\x00\x90\x5B\x09\x00", "packet W: 341/342, R: 343/344") # Generated from packet 345/346 cmd_57s(dev, "\x8D\x89", "\x00\x00") # Atomic # Generated from packet 349/350 cmd_50(dev, "\xFA\x01") # Generated from packet 351/352 buff = bulk2(dev, read_fw.p351, target=0x02) validate_read("\x8E\x00", buff, "packet W: 351/352, R: 353/354") # Generated from packet 355/356 cmd_02(dev, "\x8F\x00\x90\x5D\x09\x00", "packet W: 355/356, R: 357/358") # Generated from packet 323/324 cmd_08(dev, "\x8E") # Generated from packet 363/364 cmd_57s(dev, '\x8C', "\x00\x00")
def loop_cb(self, caplen, packet, ts): try: self.g_cur_packet += 1 #if self.g_cur_packet >= 871: # args.verbose = True if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print("# Skipping packet %d" % (self.g_cur_packet)) return if args.verbose: print("") print("") print("") print('PACKET %s' % (self.g_cur_packet, )) if caplen != len(packet): print("packet %s: malformed, caplen %d != len %d", self.pktn_str(), caplen, len(packet)) return if args.verbose: # print('Len: %d' % len(packet)) hexdump(packet) #print(ts) print('Pending: %d' % len(g_pending)) dbg("Length %u" % (len(packet), )) if len(packet) < usb_urb_sz: msg = "Packet %s: size %d is not min size %d" % ( self.pktn_str(), len(packet), usb_urb_sz) self.errors += 1 if args.halt: hexdump(packet) raise ValueError(msg) if args.verbose: print(msg) hexdump(packet) return # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] printv('ID %s, %s post-urb bytes' % (urb_id_str(self.urb.id), len(dat_cur))) # Main packet filtering # Drop if not specified device #print(self.pktn_str(), self.urb.device, args.device) if args.device is not None and self.urb.device != args.device: return # FIXME: hack to only process control for now if 0 and self.urb.transfer_type != URB_CONTROL: warning('packet %s: drop packet type %s' % (self.pktn_str(), transfer2str_safe(self.urb.transfer_type))) return # FIXME: hack to only process control for now if self.urb.transfer_type == URB_INTERRUPT: # warning('packet %s: drop packet type %s' % (self.pktn_str(), transfer2str_safe(self.urb.transfer_type))) return # Drop status packets if self.urb.transfer_type == URB_CONTROL: # Control transfer stage # 1: data # 2: status # 'xfer_stage', xfer_stage = ord(dat_cur[0]) #print('xfer_stage: %d' % xfer_stage) if xfer_stage == XFER_STATUS: printv('drop xfer_status') return # Drop if generic device management traffic if not args.setup and self.urb.transfer_type == URB_CONTROL: def skip(): # Was the submit marked for ignore? # For some reason these don't have status packets if self.urb.id in g_pending and g_pending[ self.urb.id] is None: return True # Keep any other pending packets if self.urb.id in g_pending: return False # If not already submitted, must be a submit then # but we could have started a capture before submit if self.urb.irp_info & 1 == INFO_PDO2FDO and self.urb.transfer_type == URB_CONTROL: # Skip xfer_stage buf = dat_cur[1:usb_ctrlrequest_sz + 1] ctrl = usb_ctrlrequest(buf) reqst = req2s(ctrl, fx2=args.fx2) return (reqst in setup_reqs) or ( reqst == "GET_STATUS" and (self.urb.endpoint & URB_TRANSFER_IN) == URB_TRANSFER_IN) if skip(): print('Drop setup packet %s' % self.pktn_str()) g_pending[self.urb.id] = None self.submit = None self.urb = None return self.rel_pkt += 1 if args.verbose: # print("Header size: %lu" % (usb_urb_sz,)) print_urb(self.urb) if urb_error(self.urb): self.errors + 1 if args.halt: print("oh noes!") sys.exit(1) # Complete? if self.urb.irp_info & 1 == INFO_PDO2FDO: if args.verbose: print('Pending (%d):' % (len(g_pending), )) for k in g_pending: print(' %s' % (urb_id_str(k), )) # for some reason usbmon will occasionally give packets out of order if not self.urb.id in g_pending: #raise Exception("Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) comment( "WARNING: Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) self.pending_complete[self.urb.id] = (self.urb, dat_cur) else: self.process_complete(dat_cur) # Oterhwise submit else: # Find the matching submit request if self.urb.transfer_type == URB_CONTROL: self.processControlSubmit(dat_cur) elif self.urb.transfer_type == URB_BULK: self.processBulkSubmit(dat_cur) elif self.urb.transfer_type == URB_INTERRUPT: pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb pending.packet_number = self.pktn_str() g_pending[self.urb.id] = pending printv('Added pending bulk URB %s' % self.urb.id) self.submit = None self.urb = None except: print('ERROR: packet %s' % self.pktn_str()) raise
def replay1(dev, cont=True): _bulkRead, bulkWrite, controlRead, controlWrite = usb_wraps(dev) # Atomic # Generated from packet 11/12 buff = controlRead(0xC0, 0xB0, 0x0000, 0x0000, 4096) # Req: 4096, got: 3 validate_read("\x00\x00\x00", buff, "packet 11/12") # Generated from packet 13/14 buff = bulk86(dev, target=0x01) validate_read("\x16", buff, "packet 13/14") # Generated from packet 15/16 cmd_01(dev) # NOTE:: req max 512 but got 136 # Generated from packet 19/20 buff = bulk2(dev, "\x43\x19\x10\x00\x00\x3B\x7E\x25\x00\x00\xFE\xFF\x3B\x7C\x25\x00" \ "\x00\xFE\xFF\x00" , target=0x02) validate_read("\xA4\x06", buff, "packet W: 19/20, R: 21/22") # Generated from packet 23/24 cmd_01(dev) # Generated from packet 27/28 sn_read(dev) # NOTE:: req max 512 but got 35 # Generated from packet 31/32 buff = bulk2(dev, "\x14\x38\x25\x00\x00\x04\x00\x90\x32\x90\x00\xA7\x02\x1F\x00\x14" \ "\x40\x25\x00\x00\x01\x00\x3C\x36\x0E\x01" , target=0x20) validate_read( "\x14\x00\x54\x41\x38\x34\x56\x4C\x56\x5F\x46\x58\x34\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x2C" , buff, "packet W: 31/32, R: 33/34") sm_info1(dev) # Generated from packet 55/56 cmd_01(dev) # NOTE:: req max 512 but got 136 # Generated from packet 59/60 cmd_43(dev, "\x10") # Generated from packet 61/62 bulkWrite(0x02, cmd_20_mk() + cmd_0C_mk()) # Generated from packet 63/64 cmd_41(dev) # Generated from packet 65/66 cmd_10(dev) sm_read(dev) ''' validate_read( "\x11\x00\x53\x4D\x34\x38\x44\x00\x00\x00\x00\x00\x00\x00\x5D\xF4" \ "\x39\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6C" , buff, "packet W: 69/70, R: 71/72") ''' sm_insert(dev) # Generated from packet 77/78 cmd_45(dev) # Generated from packet 81/82 cmd_49(dev) sm_info1(dev) sm_insert(dev) # Generated from packet 117/118 sm_info10(dev) # Generated from packet 121/122 cmd_3B(dev) cmd_4A(dev) # NOTE:: req max 512 but got 5 # Generated from packet 127/128 cmd_4C(dev) # Generated from packet 129/130 # None (0xB2) buff = controlWrite(0x40, 0xB2, 0x0000, 0x0000, "") # Atomic # Generated from packet 131/132 cmd_50(dev, "\x5D\x00") # Generated from packet 133/134 buff = bulk2(dev, "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x01\x10" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x01\x80" \ "\xE9\x02\x00\x00\x00\x90\x00\xE9\x04\x00\x00\x00\x00\x00\x00\x00" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x00\x00" \ "\xE9\x03\x00\x00\x00\x90\x00\x00\xE9\x03\x00\x00\x00\x90\x00\x00" \ "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x80\x00", buff, "packet W: 133/134, R: 135/136") # Generated from packet 137/138 cmd_02(dev, "\x81\x00\x60\x00\x09\x00", "packet W: 137/138, R: 139/140") # Atomic # Generated from packet 141/142 cmd_50(dev, "\xC0\x00") # Generated from packet 143/144 buff = bulk2(dev, "\x66\xB8\x01\x2D\x81\xE3\xFF\xFF\x00\x00\x66\xBB\x18\x00\x66\xC7" \ "\x05\x30\x40\x00\xC0\xF0\xFF\x89\xD9\xC1\xE1\x02\x66\xC7\x81\x02" \ "\x00\x00\x00\xF0\xFF\x66\x03\x05\xE4\x46\x00\x00\x66\x89\x05\x90" \ "\x40\x00\xC0\x89\xDA\x81\xCA\x00\x80\x00\x00\x66\x89\x15\x50\x40" \ "\x00\xC0\xC6\x05\x14\x22\x00\xC0\x7B\x81\xCA\x00\x40\x00\x00\x66" \ "\x89\x15\x50\x40\x00\xC0\x89\xD9\x66\xC1\xE1\x02\x66\x89\x81\x00" \ "\x00\x00\x00\x66\x2B\x05\xE4\x46\x00\x00\xC6\x05\x14\x22\x00\xC0" \ "\xBB\x81\xCB\x00\x80\x00\x00\x66\x89\x1D\x50\x40\x00\xC0\x89\xC2" \ "\x81\xE2\x07\x00\x00\x00\x03\xD2\x81\xCA\x01\x00\x00\x00\x89\xD9" \ "\x81\xE1\x03\x00\x00\x00\xD3\xE2\xD3\xE2\xD3\xE2\xD3\xE2\xD3\xE2" \ "\xC1\xE2\x0A\x89\xD9\x81\xE1\xFC\x03\x00\x00\x09\xCA\x88\x82\x00" \ "\x00\x00\x40\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x81\x00", buff, "packet W: 143/144, R: 145/146") # Generated from packet 147/148 cmd_02(dev, "\x82\x00\x20\x01\x09\x00", "packet W: 147/148, R: 149/150") # Generated from packet 151/152 cmd_09(dev) # Generated from packet 153/154 cmd_02(dev, "\x82\x00\x20\x01\x09\x00", "packet W: 153/154, R: 155/156") # added sm_insert(dev) print 'Going active' led_mask_30(dev, 'active') # Atomic # Generated from packet 161/162 cmd_50(dev, "\x18\x00") # Generated from packet 163/164 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x82\x00", buff, "packet W: 163/164, R: 165/166") # Generated from packet 167/168 cmd_02(dev, "\x83\x00\x40\x01\x09\x00", "packet W: 167/168, R: 169/170") # Generated from packet 171/172 buff = bulk2(dev, "\x57\x82\x00\x20\x01\x00\x2B\x3B\x0C\x22\x00\xC0\x40\x00\x3B\x0E" \ "\x22\x00\xC0\x00\x00\x3B\x1A\x22\x00\xC0\x18\x00\x0E\x01" , target=0x20) validate_read( "\x14\x00\x54\x41\x38\x34\x56\x4C\x56\x5F\x46\x58\x34\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x2C" , buff, "packet W: 171/172, R: 173/174") sm_info0(dev) # Generated from packet 195/196 buff = bulk2(dev, "\x48\x00\x10\x82\x02", target=0x06) validate_read("\x82\x00\x20\x01\x09\x00", buff, "packet W: 195/196, R: 197/198") # Generated from packet 199/200 bulkWrite(0x02, cmd_20_mk() + cmd_50_mk("\x7D\x02")) # Generated from packet 201/202 buff = bulk2(dev, read_fw.p201, target=0x02) validate_read("\x82\x00", buff, "packet W: 201/202, R: 203/204") # Generated from packet 205/206 cmd_02(dev, "\x83\x00\xA0\x03\x09\x00", "packet W: 205/206, R: 207/208") # Atomic # Generated from packet 209/210 cmd_57_50(dev, "\x82", "\x1D\x00") # Generated from packet 211/212 buff = bulk2(dev, "\xC7\x05\x74\x46\x00\x00\x0B\x00\x00\x00\xFF\x15\x38\x11\x00\x00" \ "\x66\xB9\x00\x00\xB2\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x83\x00", buff, "packet W: 211/212, R: 213/214") # Generated from packet 215/216 cmd_02(dev, "\x84\x00\xC0\x03\x09\x00", "packet W: 215/216, R: 217/218") # Atomic ''' Seems these must be done together Increments socket insertion count ''' # Generated from packet 219/220 cmd_57_50(dev, "\x83", "\x18\x3A") # p221.bin: DOS executable (COM) # Generated from packet 221/222 buff = bulk2(dev, read_fw.p221, target=0x02) validate_read("\x84\x00", buff, "packet W: 221/222, R: 223/224") # Generated from packet 225/226 cmd_02(dev, "\x85\x00\xE0\x3D\x09\x00", "packet W: 225/226, R: 227/228") # Generated from packet 229/230 bulkWrite(0x02, "\x57\x84\x00\xF0\xFF\xFF\x0F\xF0\xFF\xFF\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\xF0\x0F\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" \ "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" ) # Atomic # Generated from packet 231/232 cmd_50(dev, "\xDE\x03") # Generated from packet 233/234 buff = bulk2(dev, read_fw.p233, target=0x02) validate_read("\x85\x00", buff, "packet W: 233/234, R: 235/236") # Generated from packet 237/238 cmd_02(dev, "\x86\x00\xC0\x41\x09\x00", "packet W: 237/238, R: 239/240") # The actual continuity check if cont: # Generated from packet 241/242 # Takes about 0.05 sec on pass but 0.52 sec on fail tstart = time.time() buff = cmd_57s(dev, "\x85", None, "cmd_57") tend = time.time() print 'Continuity test took %0.3f sec' % (tend - tstart, ) hexdump(buff, label='Continuity', indent=' ') # Chip inserted if buff == "\x01": print 'Continuity OK' # Chip removed elif buff == ("\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"): raise ContFail('Continuity complete failure (part not inserted?)') # Inserting chip while running # I'm guessing its telling me which pins failed # Lets bend a pin and verify else: raise ContFail( 'Continuity partial failure (dirty contacts? Inserted wrong?)' ) # Atomic with following operation # Generated from packet 245/246 cmd_50(dev, "\x62\x00") # Generated from packet 247/248 buff = bulk2(dev, "\x00\x00\x3C\x00\x38\x00\x34\x00\x30\x00\x3D\x00\x39\x00\x35\x00" \ "\x31\x00\x3E\x00\x3A\x00\x36\x00\x32\x00\x3F\x00\x3B\x00\x37\x00" \ "\x33\x00\x1E\x00\x1A\x00\x16\x00\x00\x00\x02\x00\x06\x00\x0A\x00" \ "\x0E\x00\x23\x00\x27\x00\x2B\x00\x2F\x00\x22\x00\x26\x00\x2A\x00" \ "\x2E\x00\x21\x00\x25\x00\x29\x00\x2D\x00\x20\x00\x24\x00\x28\x00" \ "\x1C\x00\x00\x00\x04\x00\x08\x00\x0C\x00\x10\x00\x14\x00\x18\x00" \ "\x1C\x00" , target=0x02) validate_read("\x86\x00", buff, "packet W: 247/248, R: 249/250") # Generated from packet 251/252 cmd_02(dev, "\x87\x00\x30\x42\x09\x00", "packet W: 251/252, R: 253/254") # Atomic with next # Generated from packet 255/256 bulkWrite(0x02, "\x1D\xC0\x41\x09\x00\x28\x00\x15\x60\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x00\x01\x00\x00\x00\x1C\x30\x00\x00\x00\x08\x00\x00\x00\x48" \ "\x00\x50\x71\x09\x00\x00") # Generated from packet 257/258 buff = bulk2(dev, read_fw.p257, target=0x02) validate_read("\x87\x00", buff, "packet W: 257/258, R: 259/260") # Generated from packet 261/262 cmd_02(dev, "\x88\x00\xB0\x4B\x09\x00", "packet W: 261/262, R: 263/264") # Generated from packet 265/266 cmd_57s(dev, "\x87", "\x00\x00", "cmd_57") # Atomic # Generated from packet 269/270 cmd_50(dev, "\x17\x00") # Generated from packet 271/272 buff = bulk2(dev, "\xC7\x05\x2C\x00\x09\x00\x24\x04\x00\x00\x66\xB9\x00\x00\xB2\x00" \ "\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x88\x00", buff, "packet W: 271/272, R: 273/274") # Generated from packet 275/276 cmd_02(dev, "\x89\x00\xD0\x4B\x09\x00", "packet W: 275/276, R: 277/278") # Atomic # Generated from packet 279/280 cmd_57_50(dev, "\x88", "\x32\x07") # Generated from packet 281/282 buff = bulk2(dev, read_fw.p281, target=0x02) validate_read("\x89\x00", buff, "packet W: 281/282, R: 283/284") # Generated from packet 285/286 cmd_02(dev, "\x8A\x00\x10\x53\x09\x00", "packet W: 285/286, R: 287/288") # Generated from packet 289/290 cmd_57s(dev, '\x89', "\x00\x00") # Atomic # Generated from packet 293/294 cmd_50(dev, "\x3D\x03") # Generated from packet 295/296 buff = bulk2(dev, read_fw.p295, target=0x02) validate_read("\x8A\x00", buff, "packet W: 295/296, R: 297/298") # Generated from packet 299/300 cmd_02(dev, "\x8B\x00\x50\x56\x09\x00", "packet W: 299/300, R: 301/302") # Generated from packet 303/304 cmd_57s(dev, "\x8A", "\x89\x00") # Atomic # Generated from packet 307/308 cmd_50(dev, "\x1D\x00") # Generated from packet 309/310 buff = bulk2(dev, "\x66\x8B\x0D\x1A\x24\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" \ "\x66\xB9\x00\x00\xB2\x02\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8B\x00", buff, "packet W: 309/310, R: 311/312") # Generated from packet 313/314 cmd_02(dev, "\x8C\x00\x70\x56\x09\x00", "packet W: 313/314, R: 315/316") # Generated from packet 317/318 # Bad part returns \x59\x00 but otherwise can be read # (with partially corrupt bit pattern) if cont: buff = cmd_57s(dev, "\x8B", None) if buff == "\x59\x00": raise Exception("Failed 0x8B health check") else: validate_read("\x58\x00", buff, "") # Atomic # Generated from packet 321/322 cmd_50(dev, "\xF8\x04") # Generated from packet 323/324 buff = bulk2(dev, read_fw.p323, target=0x02) validate_read("\x8C\x00", buff, "packet W: 323/324, R: 325/326") # Generated from packet 327/328 cmd_02(dev, "\x8D\x00\x70\x5B\x09\x00", "packet W: 327/328, R: 329/330") # Generated from packet 331/332 cmd_57s(dev, '\x8C', "\x00\x00") # Atomic # Generated from packet 335/336 cmd_50(dev, "\x18\x00") # Generated from packet 337/338 buff = bulk2(dev, "\x66\xB8\x01\x32\x66\x89\x05\x06\x00\x09\x00\x66\xB9\x00\x00\xB2" \ "\x00\xFB\xFF\x25\x44\x11\x00\x00" , target=0x02) validate_read("\x8D\x00", buff, "packet W: 337/338, R: 339/340") # Generated from packet 341/342 cmd_02(dev, "\x8E\x00\x90\x5B\x09\x00", "packet W: 341/342, R: 343/344") # Generated from packet 345/346 cmd_57s(dev, "\x8D\x89", "\x00\x00") # Atomic # Generated from packet 349/350 cmd_50(dev, "\xFA\x01") # Generated from packet 351/352 buff = bulk2(dev, read_fw.p351, target=0x02) validate_read("\x8E\x00", buff, "packet W: 351/352, R: 353/354") # Generated from packet 355/356 cmd_02(dev, "\x8F\x00\x90\x5D\x09\x00", "packet W: 355/356, R: 357/358") # Generated from packet 323/324 cmd_08(dev, "\x8E") # Generated from packet 363/364 cmd_57s(dev, '\x8C', "\x00\x00")
def periph_dump(dev): print 'Peripheral memory' hexdump(ta_r(dev, 0x00, 0x3F), label="TA", indent=' ') hexdump(sm_r(dev, 0x00, 0x3F), label="SM", indent=' ') import sys; sys.exit(1)
def bulk86(dev, target=None, donef=None, prefix=None): bulkRead, _bulkWrite, _controlRead, _controlWrite = usb_wraps(dev) dbg = bulk86_dbg if dbg: print print 'bulk86' where(2) try: where(3) except IndexError: pass # AFAIK certain packets have no way of knowing done # other than knowing in advance how many bytes you should expect # Strange since there are continue markers if donef is None and target is not None: def donef(buff): return len(buff) == target ''' Ex: need to read 4096 bytes Max buffer packet size is 512 bytes but for some reason only uses up to 256 bytes of real data + 3 framing bytes and 0 fills the rest to form 512 byte transfer So to transfer the data ''' def nxt_buff(): if dbg: print ' nxt_buff: reading' p = bulkRead(0x86, 0x0200) if dbg: hexdump(p, label=' nxt_buff', indent=' ') #print str2hex(p) prefix_this = ord(p[0]) size = (ord(p[-1]) << 8) | ord(p[-2]) ''' if size != len(p) - 3: if truncate and size < len(p) - 3: return prefix_this, p[1:1 + size], suffix_this else: print 'Truncate: %s' % truncate print size, len(p) - 3, len(p) hexdump(p) raise Exception("Bad length (enable truncation?)") return prefix_this, p[1:-2], suffix_this ''' # No harm seen in always truncating return prefix_this, p[1:1 + size] buff = '' while True: if donef and donef(buff): break # Test on "packet 152/153" (0x64 byte response) # gave 19/1010 splits => 1.9% of split # Ran some torture tests looping on this to verify this logic is okay if dbg and buff: print ' NOTE: split packet. Have %d / %s bytes' % (len(buff), target) hexdump(buff, indent=' ') splits[0] += 1 try: # Ignore suffix continue until we have a reason to care if dbg: tstart = time.time() prefix_this, buff_this = nxt_buff() if dbg: tend = time.time() print ' time: %0.3f' % (tend - tstart,) buff += buff_this if prefix is not None: if prefix != prefix_this: hexdump(buff_this) raise BadPrefix('Wanted prefix 0x%02X, got 0x%02X' % (prefix, prefix_this)) elif prefix_this == 0x08: pass else: raise BadPrefix('Unknown prefix 0x%02X' % prefix_this) if donef and not donef(buff): if dbg: print ' continue: not done' continue if dbg: print ' break: no special markers' break # FIXME: temp except libusb1.USBError: #if prefix is None: # return buff raise #print 'Done w/ buff len %d' % len(buff) if target is not None and len(buff) != target: hexdump(buff, label='Wrong size', indent=' ') prefix_this, buff_this = nxt_buff() raise Exception('Target len: buff %d != target %d' % (len(buff), target)) if dbg: hexdump(buff, label=' ret', indent=' ') print return buff
parser = argparse.ArgumentParser(description='Replay captured USB packets') add_bool_arg(parser, '--cycle', default=False, help='') add_bool_arg(parser, '--cont', default=True, help='Continuity check') add_bool_arg(parser, '--freq', default=False, help='Byte frequency distribution') parser.add_argument('fout', nargs='?', help='Output file') args = parser.parse_args() if args.cycle: startup.cycle() dev, usbcontext = startup.get() fw_in = replay(dev, cont=args.cont) if args.fout: print 'Writing to %s' % args.fout open(args.fout, 'w').write(fw_in) else: hexdump(fw_in, indent=' ', label='Read data') print 'Bytes: %d 0x%04X' % (len(fw_in), len(fw_in)) if args.freq: freqs = {} for b in fw_in: freqs[b] = freqs.get(b, 0) + 1 print 'Freq' for k, v in freqs.iteritems(): print ' 0x%02X: 0x%04X' % (ord(k), v) print 'Complete'
def loop_cb(self, caplen, packet, ts): try: self.g_cur_packet += 1 if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print "# Skipping packet %d" % (self.g_cur_packet) return if args.verbose: print print print print 'PACKET %s' % (self.g_cur_packet,) if caplen != len(packet): print "packet %s: malformed, caplen %d != len %d", self.pktn_str(), caplen, len(packet) return if args.verbose: print 'Len: %d' % len(packet) hexdump(packet) #print ts print 'Pending: %d' % len(g_pending) dbg("Length %u" % (len(packet),)) if len(packet) < usb_urb_sz: msg = "Packet %s: size %d is not min size %d" % (self.pktn_str(), len(packet), usb_urb_sz) self.errors += 1 if args.halt: hexdump(packet) raise ValueError(msg) if args.verbose: print msg hexdump(packet) return # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] printv('ID %s' % (urb_id_str(self.urb.id),)) # Main packet filtering # Drop if not specified device #print self.pktn_str(), self.urb.device, args.device if args.device is not None and self.urb.device != args.device: return # FIXME: hack to only process control for now if self.urb.transfer_type != URB_CONTROL: comment('WARNING: packet %s: drop packet type %s' % (self.pktn_str(), transfer2str[self.urb.transfer_type])) return # Drop status packets if MODE == 'win' and self.urb.transfer_type == URB_CONTROL: # Control transfer stage # 1: data # 2: status # 'xfer_stage', xfer_stage = ord(dat_cur[0]) #print 'xfer_stage: %d' % xfer_stage if xfer_stage == XFER_STATUS: printv('drop xfer_status') return # Drop if generic device management traffic if not args.setup and self.urb.transfer_type == URB_CONTROL: def skip(): if MODE == 'win': # FIXME: broken # Doesn't seem to be hurting downstream tools, don't worry about for now return False # Was the submit marked for ignore? # For some reason these don't have status packets if self.urb.id in g_pending and g_pending[self.urb.id] is None: return True # Submit then # Skip xfer_stage ctrl = usb_ctrlrequest(dat_cur[1:]) else: ctrl = usb_ctrlrequest(self.urb.ctrlrequest[0:usb_ctrlrequest_sz]) reqst = req2s(ctrl) return reqst in setup_reqs or reqst == "GET_STATUS" and self.urb.type == URB_SUBMIT if skip(): print 'Drop setup packet %s' % self.pktn_str() g_pending[self.urb.id] = None self.submit = None self.urb = None return self.rel_pkt += 1 #if args.verbose: # print "Header size: %lu" % (usb_urb_sz,) # print_urb(urb) if urb_error(self.urb): self.erros + 1 if args.halt: print "oh noes!" sys.exit(1) if is_urb_complete(self.urb): if args.verbose: print 'Pending (%d):' % (len(g_pending),) for k in g_pending: print ' %s' % (urb_id_str(k),) # for some reason usbmon will occasionally give packets out of order if not self.urb.id in g_pending: #raise Exception("Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) comment("WARNING: Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) self.pending_complete[self.urb.id] = (self.urb, dat_cur) else: self.process_complete(dat_cur) elif is_urb_submit(self.urb): # Find the matching submit request if self.urb.transfer_type == URB_CONTROL: self.processControlSubmit(dat_cur) elif self.urb.transfer_type == URB_BULK: self.processBulkSubmit(dat_cur) elif self.urb.transfer_type == URB_INTERRUPT: pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb pending.packet_number = self.pktn_str() g_pending[self.urb.id] = pending printv('Added pending bulk URB %s' % self.urb.id) if MODE == 'lin' and self.urb.id in self.pending_complete: # oh snap solved a temporal anomaly urb_submit = self.urb (urb_complete, dat_cur) = self.pending_complete[self.urb.id] del self.pending_complete[self.urb.id] self.urb = urb_complete self.process_complete(dat_cur) self.submit = None self.urb = None except: print 'ERROR: packet %s' % self.pktn_str() raise
print 'Dumping RAM' ''' The FX2 has eight kbytes of internal program/data RAM, Only the internal eight kbytes and scratch pad 0.5 kbytes RAM spaces have the following access: The available RAM spaces are 8 kbytes from 0x0000-0x1FFF (code/data) and 512 bytes from 0xE000-0xE1FF (scratch pad RAM). ''' ram = gxs700_util.ram_r(dev, 0x0000, 0x10000) open(os.path.join(args.dout, 'ram.bin'), 'w').write(ram) if alll or args.eeprom: print 'Dumping EEPROM' eeprom = gxs.eeprom_r() if args.hexdump: util.hexdump(eeprom) else: open(os.path.join(args.dout, 'eeprom.bin'), 'w').write(eeprom) if alll or args.flash: print 'Dumping flash' flash = gxs.flash_r() if args.hexdump: util.hexdump(flash) else: open(os.path.join(args.dout, 'flash.bin'), 'w').write(flash) if alll: print 'Dumping register space' f = open(os.path.join(args.dout, 'regs.csv'), 'w') f.write('reg,val\n')
add_bool_arg(parser, '--cont', default=True, help='Continuity check') add_bool_arg(parser, '--freq', default=False, help='Byte frequency distribution') parser.add_argument('fout', nargs='?', help='Output file') args = parser.parse_args() if args.cycle: startup.cycle() dev, usbcontext = startup.get() fw_in = replay(dev, cont=args.cont) if args.fout: print 'Writing to %s' % args.fout open(args.fout, 'w').write(fw_in) else: hexdump(fw_in, indent=' ', label='Read data') print 'Bytes: %d 0x%04X' % (len(fw_in), len(fw_in)) if args.freq: freqs = {} for b in fw_in: freqs[b] = freqs.get(b, 0) + 1 print 'Freq' for k, v in freqs.iteritems(): print ' 0x%02X: 0x%04X' % (ord(k), v) print 'Complete'
def loop_cb(self, caplen, packet, ts): self.g_cur_packet += 1 if self.g_cur_packet < g_min_packet or self.g_cur_packet > g_max_packet: # print "# Skipping packet %d" % (self.g_cur_packet) return if args.verbose: print print print print 'PACKET %s' % (self.g_cur_packet, ) if caplen != len(packet): print "packet %s: malformed, caplen %d != len %d", self.pktn_str( ), caplen, len(packet) return if args.verbose: print 'Len: %d' % len(packet) dbg("Length %u" % (len(packet), )) if len(packet) < usb_urb_sz: hexdump(packet) raise ValueError("Packet size %d is not min size %d" % (len(packet), usb_urb_sz)) # caplen is actual length, len is reported self.urb_raw = packet self.urb = usb_urb(packet[0:usb_urb_sz]) dat_cur = packet[usb_urb_sz:] # Main packet filtering # Drop if not specified device if self.device_keep is not None and self.urb.device != self.device_keep: return # Drop if is generic device management traffic if not args.setup and self.urb.transfer_type == URB_CONTROL: ctrl = usb_ctrlrequest(self.urb.ctrlrequest[0:usb_ctrlrequest_sz]) reqst = req2s(ctrl) if reqst in setup_reqs or reqst == "GET_STATUS" and self.urb.type == URB_SUBMIT: g_pending[self.urb.id] = None self.submit = None self.urb = None return self.rel_pkt += 1 if args.verbose: print "Header size: %lu" % (usb_urb_sz, ) print_urb(urb) if self.urb.type == URB_ERROR: print "oh noes!" if args.halt: sys.exit(1) if self.urb.type == URB_COMPLETE: if args.verbose: print 'Pending (%d):' % (len(g_pending), ) for k in g_pending: print ' %s' % (k, ) # for some reason usbmon will occasionally give packets out of order if not self.urb.id in g_pending: #raise Exception("Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) comment( "WARNING: Packet %s missing submit. URB ID: 0x%016lX" % (self.pktn_str(), self.urb.id)) self.pending_complete[self.urb.id] = (self.urb, dat_cur) else: self.process_complete(dat_cur) elif self.urb.type == URB_SUBMIT: # Find the matching submit request if self.urb.transfer_type == URB_CONTROL: self.processControlSubmit(dat_cur) elif self.urb.transfer_type == URB_BULK: self.processBulkSubmit(dat_cur) elif self.urb.transfer_type == URB_INTERRUPT: pending = PendingRX() pending.raw = self.urb_raw pending.m_urb = self.urb pending.packet_number = self.pktn_str() if args.verbose: print 'Added pending bulk URB %s' % self.urb.id g_pending[self.urb.id] = pending if self.urb.id in self.pending_complete: # oh snap solved a temporal anomaly urb_submit = self.urb (urb_complete, dat_cur) = self.pending_complete[self.urb.id] del self.pending_complete[self.urb.id] self.urb = urb_complete self.process_complete(dat_cur) self.submit = None self.urb = None
WRITE: 0x00 READ: 0x10 0x00 0x00 ... 0x55 0x55 0x55 1-WIRE>? ''' self.snd('{ 0xCC 0xF0 0x00 0x00 r:512') self.e.expect_exact('BUS RESET OK') self.e.expect_exact('READ: ') self.e.expect_exact('1-WIRE>') before = self.e.before.strip() ret = bytearray([int(x, 0) for x in before.split()]) return ret if __name__ == '__main__': parser = argparse.ArgumentParser(description='Dump SHP380 iButton using BusPirate') parser.add_argument('fn_out', default=None, nargs='?', help='') args = parser.parse_args() owire = BPSPI() rom = owire.r_all() mn = rom[6:16].replace('\x00', '') print 'P/N: %s' % mn sn = struct.unpack('>H', rom[3:5])[0] print 'S/N: %s' % sn if args.fn_out: open(args.fn_out, 'w').write(rom) else: print hexdump(rom)