github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Dynamic report of the chipID for flashing purposes

Browse source
This commit is contained in:
slurdge 2019-07-10 18:41:42 +02:00 committed by Philippe Teuwen
commit 4727ab96d7
5 changed files with 64 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
bootrom/bootrom.c
View file

@ -122,8 +122,10 @@ void UsbPacketReceived(uint8_t *packet, int len) {
switch (c->cmd) { switch (c->cmd) {
case CMD_DEVICE_INFO: { case CMD_DEVICE_INFO: {
dont_ack = 1; dont_ack = 1;
arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM | arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT |
DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH; DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM |
DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH |
DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO;
if (common_area.flags.osimage_present) if (common_area.flags.osimage_present)
arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT; arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT;
@ -131,6 +133,13 @@ void UsbPacketReceived(uint8_t *packet, int len) {
} }
break; break;
case CMD_CHIP_INFO: {
dont_ack = 1;
arg0 = *(AT91C_DBGU_CIDR);
reply_old(CMD_CHIP_INFO, arg0, 0, 0, 0, 0);
}
break;
case CMD_SETUP_WRITE: { case CMD_SETUP_WRITE: {
/* The temporary write buffer of the embedded flash controller is mapped to the /* The temporary write buffer of the embedded flash controller is mapped to the
* whole memory region, only the last 8 bits are decoded. * whole memory region, only the last 8 bits are decoded.

9
client/flash.c
View file

@ -347,7 +347,7 @@ static int wait_for_ack(PacketResponseNG *ack) {
} }
// Go into flashing mode // Go into flashing mode
int flash_start_flashing(int enable_bl_writes, char *serial_port_name) { int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t * chipinfo) {
uint32_t state; uint32_t state;
if (enter_bootloader(serial_port_name) < 0) if (enter_bootloader(serial_port_name) < 0)
@ -356,6 +356,13 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name) {
if (get_proxmark_state(&state) < 0) if (get_proxmark_state(&state) < 0)
return -1; return -1;
if (state & DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO) {
SendCommandBL(CMD_CHIP_INFO, 0, 0, 0, NULL, 0);
PacketResponseNG resp;
WaitForResponse(CMD_CHIP_INFO, &resp);
*chipinfo = resp.oldarg[0];
}
if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) { if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) {
// This command is stupid. Why the heck does it care which area we're // This command is stupid. Why the heck does it care which area we're
// flashing, as long as it's not the bootloader area? The mind boggles. // flashing, as long as it's not the bootloader area? The mind boggles.

2
client/flash.h
View file

@ -38,7 +38,7 @@ typedef struct {
} flash_file_t; } flash_file_t;
int flash_load(flash_file_t *ctx, const char *name, int can_write_bl); int flash_load(flash_file_t *ctx, const char *name, int can_write_bl);
int flash_start_flashing(int enable_bl_writes, char *serial_port_name); int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t *chipid);
int flash_write(flash_file_t *ctx); int flash_write(flash_file_t *ctx);
void flash_free(flash_file_t *ctx); void flash_free(flash_file_t *ctx);
int flash_stop_flashing(void); int flash_stop_flashing(void);

41
client/flasher.c
View file

@ -35,6 +35,42 @@ static void usage(char *argv0) {
#endif #endif
} }
int chipid_to_mem_avail(uint32_t iChipID) {
int mem_avail = 0;
switch ((iChipID & 0xF00) >> 8) {
case 0:
mem_avail = 0;
break;
case 1:
mem_avail = 8;
break;
case 2:
mem_avail = 16;
break;
case 3:
mem_avail = 32;
break;
case 5:
mem_avail = 64;
break;
case 7:
mem_avail = 128;
break;
case 9:
mem_avail = 256;
break;
case 10:
mem_avail = 512;
break;
case 12:
mem_avail = 1024;
break;
case 14:
mem_avail = 2048;
}
return mem_avail;
}
int main(int argc, char **argv) { int main(int argc, char **argv) {
int can_write_bl = 0; int can_write_bl = 0;
int num_files = 0; int num_files = 0;
@ -84,10 +120,13 @@ int main(int argc, char **argv) {
return -1; return -1;
} }
res = flash_start_flashing(can_write_bl, serial_port_name); uint32_t chipid = 0;
res = flash_start_flashing(can_write_bl, serial_port_name, &chipid);
if (res < 0) if (res < 0)
return -1; return -1;
PrintAndLogEx(NORMAL, "Available memory on this board: 0x%08x\n", chipid_to_mem_avail(chipid));
PrintAndLogEx(SUCCESS, "\n" _BLUE_("Flashing...")); PrintAndLogEx(SUCCESS, "\n" _BLUE_("Flashing..."));
for (int i = 0; i < num_files; i++) { for (int i = 0; i < num_files; i++) {

4
include/pm3_cmd.h
View file

@ -216,6 +216,7 @@ typedef struct {
#define CMD_FINISH_WRITE 0x0003 #define CMD_FINISH_WRITE 0x0003
#define CMD_HARDWARE_RESET 0x0004 #define CMD_HARDWARE_RESET 0x0004
#define CMD_START_FLASH 0x0005 #define CMD_START_FLASH 0x0005
#define CMD_CHIP_INFO 0x0006
#define CMD_NACK 0x00fe #define CMD_NACK 0x00fe
#define CMD_ACK 0x00ff #define CMD_ACK 0x00ff
@ -541,6 +542,9 @@ typedef struct {
/* Set if this device understands the extend start flash command */ /* Set if this device understands the extend start flash command */
#define DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH (1<<4) #define DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH (1<<4)
/* Set if this device understands the extend start flash command */
#define DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO (1<<5)
/* CMD_START_FLASH may have three arguments: start of area to flash, /* CMD_START_FLASH may have three arguments: start of area to flash,
end of area to flash, optional magic. end of area to flash, optional magic.
The bootrom will not allow to overwrite itself unless this magic The bootrom will not allow to overwrite itself unless this magic