search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fuzev2: prevent button light flickering when accessing µSD
[kugel-rb.git] / utils / meizu_dfu / meizu_dfu.c
blob1658c4d1e8a5051e8b99fc02efe4246739b3bdf7
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * $Id$
9 *
10 * Copyright (C) 2008 by William Poetra Yoga Hadisoeseno and Frank Gevaerts
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
16 *
17 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
18 * KIND, either express or implied.
19 *
20 ****************************************************************************/
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <stdint.h>
24 #include <string.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <fcntl.h>
28 #include <unistd.h>
29 #include <libgen.h>
30 #include <arpa/inet.h>
31
32 #include <usb.h>
33
34 #define bswap_16(value) \
35 ((((value) & 0xff) << 8) | ((value) >> 8))
36
37 #define bswap_32(value) \
38 (((uint32_t)bswap_16((uint16_t)((value) & 0xffff)) << 16) | \
39 (uint32_t)bswap_16((uint16_t)((value) >> 16)))
40
41 #define host_to_le32(_x) bswap_32(htonl(_x))
42 #define host_to_le16(_x) bswap_16(htons(_x))
43
44 void usage()
45 {
46 fprintf(stderr, "usage: meizu_dfu m3 <SST39VF800.dfu> <M3.EBN>\n");
47 fprintf(stderr, " meizu_dfu m6 <SST39VF800.dfu> <M6.EBN>\n");
48 fprintf(stderr, " meizu_dfu m6sl <updateNAND_BE_070831.dfu> <M6SL.EBN>\n");
49 exit(1);
50 }
51
52 uint32_t crc32(char *data, int len, uint32_t poly, uint32_t init)
53 {
54 uint32_t crc_table[256];
55 uint32_t crc, t;
56 int i, j;
57
58 // generate the table
59 for (i = 0; i < 256; ++i) {
60 t = i;
61 for (j = 0; j < 8; ++j)
62 if (t & 1)
63 t = (t >> 1) ^ poly;
64 else
65 t >>= 1;
66 crc_table[i] = t;
67 }
68
69 // calculate the crc
70 crc = init;
71 for (i = 0; i < len; ++i)
72 crc = (crc >> 8) ^ crc_table[(crc^data[i]) & 0xff];
73
74 return crc;
75 }
76
77 typedef struct {
78 char *name;
79 char *data;
80 int len;
81 } image_data_t;
82
83 typedef struct {
84 int delay;
85 int pre_off;
86 uint32_t pre_sig;
87 uint16_t suf_dev;
88 uint16_t suf_prod;
89 uint16_t suf_ven;
90 uint16_t suf_dfu;
91 char suf_sig[3];
92 uint8_t suf_len;
93 } image_attr_t;
94
95 #define BLOCK_SIZE 2048
96 #define DFU_TIMEOUT 0xa000
97 #define DFU_CRC_POLY 0xedb88320
98 #define DFU_INIT_CRC 0xffffffff
99
100 #define USB_VID_SAMSUNG 0x0419
101 #define USB_PID_M6SL 0x0145
102 #define USB_PID_M3_M6 0x0141
103
104 void init_img(image_data_t *img, const char *filename, image_attr_t *attr)
105 {
106 int fd, len, i, readlen;
107 struct stat statbuf;
108 char buf[BLOCK_SIZE];
109 uint32_t dfu_crc;
110 uint32_t le_len;
111
112 printf("Reading %s...", filename);
113
114 if (stat(filename, &statbuf) < 0) {
115 printf("\nCould not stat file, exiting.\n");
116 exit(1);
117 }
118 len = statbuf.st_size;
119
120 img->name = basename(strdup(filename));
121 img->data = malloc(len + 16);
122 img->len = len + 16;
123
124 fd = open(filename, O_RDONLY);
125 for (i = 0; i < len; i += BLOCK_SIZE) {
126 readlen = ((len - i) < BLOCK_SIZE) ? (len - i) : BLOCK_SIZE;
127 read(fd, buf, readlen);
128 memcpy(img->data + i, buf, readlen);
129 }
130 close(fd);
131
132 le_len = host_to_le32(img->len);
133 // patch the data size in after the signature
134 memcpy(img->data + attr->pre_off + 4, &le_len, 4);
135
136 /* convert to little endian */
137 attr->suf_dev = host_to_le16(attr->suf_dev);
138 attr->suf_prod = host_to_le16(attr->suf_prod);
139 attr->suf_ven = host_to_le16(attr->suf_ven);
140 attr->suf_dfu = host_to_le16(attr->suf_dfu);
141
142 // append the suffix (excluding the checksum)
143 memcpy(img->data + len, &attr->suf_dev, 2);
144 memcpy(img->data + len + 2, &attr->suf_prod, 2);
145 memcpy(img->data + len + 4, &attr->suf_ven, 2);
146 memcpy(img->data + len + 6, &attr->suf_dfu, 2);
147 memcpy(img->data + len + 8, &attr->suf_sig, 3);
148 memcpy(img->data + len + 11, &attr->suf_len, 1);
149
150 dfu_crc = host_to_le32(crc32(img->data, len + 12, DFU_CRC_POLY, DFU_INIT_CRC));
151 memcpy(img->data + len + 12, &dfu_crc, 4);
152
153 #if 0
154 FILE *f = fopen(img->name, "w");
155 fwrite(img->data, len + 16, 1, f);
156 fclose(f);
157 #endif
158
159 printf("OK\n");
160 }
161
162 usb_dev_handle *usb_dev_open(uint16_t dfu_vid, uint16_t dfu_pid)
163 {
164 struct usb_bus *bus;
165 struct usb_device *dev;
166 usb_dev_handle *device;
167
168 printf("USB initialization...");
169
170 usb_init();
171 usb_find_busses();
172 usb_find_devices();
173
174 for (bus = usb_get_busses(); bus != NULL; bus = bus->next)
175 for (dev = bus->devices; dev != NULL; dev = dev->next)
176 if (dev->descriptor.idVendor == dfu_vid
177 && dev->descriptor.idProduct == dfu_pid)
178 goto found;
179
180 printf("\nNo device found, exiting.\n");
181 exit(1);
182
183 found:
184 printf(" Device found.\n");
185 device = usb_open(dev);
186 usb_claim_interface(device, 0);
187 return device;
188 }
189
190 void usb_mimic_windows(usb_dev_handle *device)
191 {
192 char data[1024];
193
194 usb_control_msg(device, 0x80, 0x06, 0x0100, 0x0000, data, 0x0012, DFU_TIMEOUT);
195 usb_control_msg(device, 0x80, 0x06, 0x0200, 0x0000, data, 0x0009, DFU_TIMEOUT);
196 usb_control_msg(device, 0x80, 0x06, 0x0200, 0x0000, data, 0x001b, DFU_TIMEOUT);
197 usb_control_msg(device, 0x80, 0x06, 0x0100, 0x0000, data, 0x0040, DFU_TIMEOUT);
198 usb_control_msg(device, 0x80, 0x06, 0x0100, 0x0000, data, 0x0012, DFU_TIMEOUT);
199 usb_control_msg(device, 0x80, 0x06, 0x0200, 0x0000, data, 0x0009, DFU_TIMEOUT);
200 usb_control_msg(device, 0x80, 0x06, 0x0300, 0x0000, data, 0x00ff, DFU_TIMEOUT);
201 usb_control_msg(device, 0x80, 0x06, 0x0303, 0x0409, data, 0x00ff, DFU_TIMEOUT);
202 usb_control_msg(device, 0x80, 0x06, 0x0200, 0x0000, data, 0x00ff, DFU_TIMEOUT);
203 usb_control_msg(device, 0x80, 0x06, 0x0300, 0x0000, data, 0x00ff, DFU_TIMEOUT);
204 usb_control_msg(device, 0x80, 0x06, 0x0302, 0x0409, data, 0x00ff, DFU_TIMEOUT);
205 usb_control_msg(device, 0x80, 0x06, 0x0300, 0x0000, data, 0x00ff, DFU_TIMEOUT);
206 usb_control_msg(device, 0x80, 0x06, 0x0302, 0x0409, data, 0x00ff, DFU_TIMEOUT);
207 usb_control_msg(device, 0x80, 0x06, 0x0100, 0x0000, data, 0x0012, DFU_TIMEOUT);
208 usb_control_msg(device, 0x80, 0x06, 0x0200, 0x0000, data, 0x0209, DFU_TIMEOUT);
209 }
210
211 void usb_dev_close(usb_dev_handle *device)
212 {
213 printf("Releasing interface...");
214
215 usb_release_interface(device, 0);
216
217 printf(" OK\n");
218 }
219
220 enum DFU_REQUEST {
221 DFU_DETACH = 0,
222 DFU_DOWNLOAD,
223 DFU_UPLOAD,
224 DFU_GETSTATUS,
225 DFU_CLRSTATUS,
226 DFU_GETSTATE,
227 DFU_ABORT
228 };
229
230 void get_cpu(usb_dev_handle *device)
231 {
232 char data[64];
233 int req_out_if = USB_ENDPOINT_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
234 int len;
235
236 printf("GET CPU");
237
238 // check for "S5L8700 Rev.1"
239 len = usb_control_msg(device, req_out_if, 0xff, 0x0002, 0, data, 0x003f, DFU_TIMEOUT);
240 if (len < 0) {
241 printf("\nError trying to get CPU model, exiting.\n");
242 exit(1);
243 }
244
245 memset(data + len, 0, 64 - len);
246 printf(", got: %s\n", data);
247 }
248
249 void send_file(usb_dev_handle *device, image_data_t *img)
250 {
251 char dfu_ret[6];
252 char *data;
253 int req_out_if = USB_ENDPOINT_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
254 int req_in_if = USB_ENDPOINT_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
255 int len, idx, writelen, i;
256
257 printf("Sending %s... ", img->name);
258
259 len = img->len;
260 data = img->data;
261
262 // loop for the file
263 for (i = 0, idx = 0; i < len; i += BLOCK_SIZE, ++idx) {
264 writelen = ((len - i) < BLOCK_SIZE) ? (len - i) : BLOCK_SIZE;
265 usb_control_msg(device, req_out_if, DFU_DOWNLOAD, idx, 0, data + i, writelen, DFU_TIMEOUT);
266 dfu_ret[4] = 0x00;
267 while (dfu_ret[4] != 0x05)
268 usb_control_msg(device, req_in_if, DFU_GETSTATUS, 0, 0, dfu_ret, 6, DFU_TIMEOUT);
269 printf("#");
270 }
271
272 usb_control_msg(device, req_out_if, DFU_DOWNLOAD, idx, 0, NULL, 0, DFU_TIMEOUT);
273 dfu_ret[4] = 0x00;
274 while (dfu_ret[4] != 0x07)
275 usb_control_msg(device, req_in_if, DFU_GETSTATUS, 0, 0, dfu_ret, 6, DFU_TIMEOUT);
276
277 printf(" OK\n");
278 }
279
280 void clear_status(usb_dev_handle *device)
281 {
282 char dfu_ret[6];
283 int usb_in_if = USB_ENDPOINT_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
284 int usb_out_if = USB_ENDPOINT_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE;
285
286 printf("Clearing status...");
287
288 dfu_ret[4] = 0x00;
289 while (dfu_ret[4] != 0x08)
290 usb_control_msg(device, usb_in_if, DFU_GETSTATUS, 0, 0, dfu_ret, 6, DFU_TIMEOUT);
291 usb_control_msg(device, usb_out_if, DFU_CLRSTATUS, 0, 0, NULL, 0, DFU_TIMEOUT);
292
293 printf(" OK\n");
294 }
295
296 void dfu_detach(usb_dev_handle *device)
297 {
298 char usb_ret[4];
299 int usb_in_oth = USB_ENDPOINT_IN | USB_TYPE_CLASS | USB_RECIP_OTHER;
300 int usb_out_oth = USB_ENDPOINT_OUT | USB_TYPE_CLASS | USB_RECIP_OTHER;
301
302 printf("Detaching...");
303
304 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
305 usb_control_msg(device, usb_out_oth, DFU_DOWNLOAD, 0x0010, 3, NULL, 0, DFU_TIMEOUT);
306 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
307 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
308 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
309 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
310 usb_control_msg(device, usb_in_oth, DFU_DETACH, 0x0000, 3, usb_ret, 4, DFU_TIMEOUT);
311
312 printf(" OK\n");
313 }
314
315 void dfu_m3_m6(char *file1, char *file2)
316 {
317 image_data_t img1, img2;
318 image_attr_t attr1, attr2;
319 usb_dev_handle *device;
320
321 attr1.delay = 1000;
322 attr1.pre_off = 0x20;
323 attr1.pre_sig = 0x44465543;
324 attr1.suf_dev = 0x0100;
325 attr1.suf_prod = 0x0140;
326 attr1.suf_ven = 0x0419;
327 attr1.suf_dfu = 0x0100;
328 memcpy(attr1.suf_sig, "RON", 3);
329 attr1.suf_len = 0x10;
330
331 attr2.delay = 1000;
332 attr2.pre_off = 0x20;
333 attr2.pre_sig = 0x44465543;
334 attr2.suf_dev = 0x0100;
335 attr2.suf_prod = 0x0140;
336 attr2.suf_ven = 0x0419;
337 attr2.suf_dfu = 0x0100;
338 memcpy(attr2.suf_sig, "UFD", 3);
339 attr2.suf_len = 0x10;
340
341 init_img(&img1, file1, &attr1);
342 init_img(&img2, file2, &attr2);
343
344 device = usb_dev_open(USB_VID_SAMSUNG, USB_PID_M3_M6);
345 // usb_mimic_windows();
346 get_cpu(device);
347 get_cpu(device);
348 send_file(device, &img1);
349
350 printf("Wait a sec (literally)...");
351 sleep(1);
352 printf(" OK\n");
353
354 clear_status(device);
355 get_cpu(device);
356 send_file(device, &img2);
357 dfu_detach(device);
358 usb_dev_close(device);
359 }
360
361 void dfu_m6sl(char *file1, char *file2)
362 {
363 image_data_t img1, img2;
364 image_attr_t attr1, attr2;
365 usb_dev_handle *device;
366
367 attr1.delay = 1000;
368 attr1.pre_off = 0x20;
369 attr1.pre_sig = 0x44465543;
370 attr1.suf_dev = 0x0100;
371 attr1.suf_prod = 0x0140;
372 attr1.suf_ven = 0x0419;
373 attr1.suf_dfu = 0x0100;
374 memcpy(attr1.suf_sig, "UFD", 3);
375 attr1.suf_len = 0x10;
376
377 attr2.delay = 1000;
378 attr2.pre_off = 0x20;
379 attr2.pre_sig = 0x44465543;
380 attr2.suf_dev = 0x0100;
381 attr2.suf_prod = 0x0140;
382 attr2.suf_ven = 0x0419;
383 attr2.suf_dfu = 0x0100;
384 memcpy(attr2.suf_sig, "UFD", 3);
385 attr2.suf_len = 0x10;
386
387 init_img(&img1, file1, &attr1);
388 init_img(&img2, file2, &attr2);
389
390 device = usb_dev_open(USB_VID_SAMSUNG, USB_PID_M6SL);
391 get_cpu(device);
392 get_cpu(device);
393 send_file(device, &img1);
394
395 printf("Wait a sec (literally)...");
396 sleep(1);
397 printf(" OK\n");
398 usb_dev_close(device);
399
400 device = usb_dev_open(USB_VID_SAMSUNG, USB_PID_M6SL);
401 get_cpu(device);
402 get_cpu(device);
403 send_file(device, &img2);
404 dfu_detach(device);
405 usb_dev_close(device);
406 }
407
408
409 int main(int argc, char **argv)
410 {
411 if (argc != 4)
412 usage();
413
414 setvbuf(stdout, NULL, _IONBF, 0);
415
416 if (!strcmp(argv[1], "m3"))
417 dfu_m3_m6(argv[2], argv[3]);
418 else if (!strcmp(argv[1], "m6"))
419 dfu_m3_m6(argv[2], argv[3]);
420 else if (!strcmp(argv[1], "m6sl"))
421 dfu_m6sl(argv[2], argv[3]);
422 else
423 usage();
424
425 return 0;
426 }
427
My public Rockbox git repo