int usb_dnld_hook(){
/* These are global buffers to the packet data, its length, and the
block address that it runs to. The stock firmware has a bug
in that it assumes the packet size is always 2048 bytes.
*/
static char *packet=(char*) 0x200199f0;//2.032
static int *packetlen=(int*) 0x2001d20c;//2.032
static int *blockadr=(int*) 0x2001d208;//2.032
static char *dfu_state=(char*) 0x2001d405;//2.032
static char **dfu_target_adr=(char**) 0x2000112c; //2.032
//Don't know what these do.
//char *thingy=(char*) 0x2001d276;
char *thingy2=(char*) 0x2001d041;
int state;
/* DFU transfers begin at block 2, and special commands hook block
0. We'll use block 1, because it handily fits in the gap without
breaking backward compatibility with the older code.
*/
if(*blockadr==1){
switch(packet[0]){
//Memory commands
case TDFU_DMESG:
//The DMESG buffer might move, so this command
//sets the target address to the DMESG buffer.
*dfu_target_adr=dmesg_start;
break;
//SPI-FLASH commands
case TDFU_SPIFLASHGETID:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
get_spi_flash_type((void *) dmesg_tx_buf); // 0x00aabbcc aa=MANUFACTURER ID, bb,cc Device Identification
break;
case TDFU_SPIFLASHREAD:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
uint32_t adr= *((uint32_t*)(packet+1));
printf("Dumping %d bytes from 0x%08x in SPI Flash\n",
DMESG_SIZE, adr);
md380_spiflash_read(dmesg_tx_buf,
adr,
DMESG_SIZE);
break;
case TDFU_SPIFLASHWRITE:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
adr = *((uint32_t*)(packet+1));
uint32_t size = *((uint32_t*)(packet+5));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_type()) {
printf ("TDFU_SPIFLASHWRITE %x %d %x\n", adr, size, packet+9);
md380_spiflash_write(packet+9, adr, size);
}
break;
case TDFU_SPIFLASHERASE64K: // experimental
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
adr= *((uint32_t*)(packet+1));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_type()) {
printf ("TDFU_SPIFLASHERASE64K %x \n", adr);
// spiflash_wait();
// spiflash_block_erase64k(adr);
md380_spiflash_enable();
md380_spi_sendrecv(0x6);
md380_spiflash_disable();
md380_spiflash_enable();
md380_spi_sendrecv(0xd8);
md380_spi_sendrecv((adr>> 16) & 0xff);
md380_spi_sendrecv((adr>> 8) & 0xff);
md380_spi_sendrecv(adr & 0xff);
md380_spiflash_disable();
}
// md380_spiflash_wait(); // this is the problem :(
// must be polled via dfu commenad?
break;
case TDFU_SPIFLASHWRITE_NEW: // not working, this is not the problem
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
adr = *((uint32_t*)(packet+1));
size = *((uint32_t*)(packet+5));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_type()) {
printf ("DFU_SPIFLASHWRITE_new %x %d %x\n", adr, size, packet+9);
// enable write
for (int i=0;i<size;i=i+256) {
int page_adr;
page_adr=adr+i;
printf("%d %x\n",i,page_adr);
md380_spiflash_wait();
md380_spiflash_enable();
md380_spi_sendrecv(0x6);
md380_spiflash_disable();
md380_spiflash_enable();
md380_spi_sendrecv(0x2);
printf("%x ", ((page_adr>> 16) & 0xff));
md380_spi_sendrecv((page_adr>> 16) & 0xff);
printf("%x ", ((page_adr>> 8) & 0xff));
md380_spi_sendrecv((page_adr>> 8) & 0xff);
printf("%x ", (page_adr & 0xff));
md380_spi_sendrecv(page_adr & 0xff);
for (int ii=0; ii < 256; ii++) {
md380_spi_sendrecv(packet[9+ii+i]);
}
md380_spiflash_disable();
md380_spiflash_wait();
printf("\n");
}
}
break;
case TDFU_SPIFLASHSECURITYREGREAD:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
printf("Dumping %d bytes from adr 0 SPI Flash security_registers\n",
DMESG_SIZE);
md380_spiflash_security_registers_read(dmesg_tx_buf,
0,
3*256);
break;
//Radio Commands
case TDFU_C5000_READREG:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
memset(dmesg_tx_buf,0,DMESG_SIZE);
state=OS_ENTER_CRITICAL();
c5000_spi0_readreg(packet[1],dmesg_tx_buf);
OS_EXIT_CRITICAL(state);
break;
case TDFU_C5000_WRITEREG:
//Re-uses the dmesg transmit buffer.
*dfu_target_adr=dmesg_tx_buf;
memset(dmesg_tx_buf,0,DMESG_SIZE);
state=OS_ENTER_CRITICAL();
c5000_spi0_writereg(packet[1],packet[2]);
OS_EXIT_CRITICAL(state);
break;
//Graphics commands.
case TDFU_PRINT: // 0x80, u8 x, u8 y, u8 str[].
drawtext((wchar_t *) (packet+3),
packet[1],packet[2]);
break;
case TDFU_BOX:
default:
printf("Unhandled DFU packet type 0x%02x.\n",packet[0]);
}
thingy2[0]=0;
thingy2[1]=0;
thingy2[2]=0;
thingy2[3]=3;
*dfu_state=3;
*blockadr=0;
*packetlen=0;
return 0;
}else{
/* For all other blocks, we default to the internal handler.
*/
return usb_dnld_handle();
int usb_dnld_hook(){
/* These are global buffers to the packet data, its length, and the
block address that it runs to. The stock firmware has a bug
in that it assumes the packet size is always 2048 bytes.
*/
int state;
/* DFU transfers begin at block 2, and special commands hook block
0. We'll use block 1, because it handily fits in the gap without
breaking backward compatibility with the older code.
*/
if(*md380_blockadr==1){
switch(md380_packet[0]){
//Memory commands
case TDFU_DMESG:
//The DMESG buffer might move, so this command
//sets the target address to the DMESG buffer.
*md380_dfu_target_adr=dmesg_start;
break;
//SPI-FLASH commands
#ifdef CONFIG_SPIFLASH
case TDFU_SPIFLASHGETID:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
get_spi_flash_type((void *) dmesg_tx_buf); // 0x00aabbcc aa=MANUFACTURER ID, bb,cc Device Identification
break;
case TDFU_SPIFLASHREAD:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
uint32_t adr= *((uint32_t*)(md380_packet+1));
printf("Dumping %d bytes from 0x%08x in SPI Flash\n",
DMESG_SIZE, adr);
md380_spiflash_read(dmesg_tx_buf,
adr,
DMESG_SIZE);
break;
case TDFU_SPIFLASHWRITE:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
adr = *((uint32_t*)(md380_packet+1));
uint32_t size = *((uint32_t*)(md380_packet+5));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_size()>adr) {
printf ("TDFU_SPIFLASHWRITE %x %d %x\n", adr, size, md380_packet+9);
md380_spiflash_write(md380_packet+9, adr, size);
}
break;
case TDFU_SPIFLASHERASE64K: // experimental
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
adr= *((uint32_t*)(md380_packet+1));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_size()>adr) {
printf ("TDFU_SPIFLASHERASE64K %x \n", adr);
// spiflash_wait();
// spiflash_block_erase64k(adr);
md380_spiflash_enable();
md380_spi_sendrecv(0x6);
md380_spiflash_disable();
md380_spiflash_enable();
md380_spi_sendrecv(0xd8);
md380_spi_sendrecv((adr>> 16) & 0xff);
md380_spi_sendrecv((adr>> 8) & 0xff);
md380_spi_sendrecv(adr & 0xff);
md380_spiflash_disable();
}
// md380_spiflash_wait(); // this is the problem :(
// must be polled via dfu commenad?
break;
case TDFU_SPIFLASHWRITE_NEW: // not working, this is not the problem
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
adr = *((uint32_t*)(md380_packet+1));
size = *((uint32_t*)(md380_packet+5));
memset(dmesg_tx_buf,0,DMESG_SIZE);
if (check_spi_flash_size()>adr) {
printf ("DFU_CONFIG_SPIFLASHWRITE_new %x %d %x\n", adr, size, md380_packet+9);
// enable write
for (int i=0;i<size;i=i+256) {
int page_adr;
page_adr=adr+i;
printf("%d %x\n",i,page_adr);
md380_spiflash_wait();
md380_spiflash_enable();
md380_spi_sendrecv(0x6);
md380_spiflash_disable();
md380_spiflash_enable();
md380_spi_sendrecv(0x2);
printf("%x ", ((page_adr>> 16) & 0xff));
md380_spi_sendrecv((page_adr>> 16) & 0xff);
printf("%x ", ((page_adr>> 8) & 0xff));
md380_spi_sendrecv((page_adr>> 8) & 0xff);
printf("%x ", (page_adr & 0xff));
md380_spi_sendrecv(page_adr & 0xff);
for (int ii=0; ii < 256; ii++) {
md380_spi_sendrecv(md380_packet[9+ii+i]);
}
md380_spiflash_disable();
md380_spiflash_wait();
printf("\n");
}
}
break;
case TDFU_SPIFLASHSECURITYREGREAD:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
printf("Dumping %d bytes from adr 0 SPI Flash security_registers\n",
DMESG_SIZE);
md380_spiflash_security_registers_read(dmesg_tx_buf,
0,
3*256);
break;
#endif //CONFIG_SPIFLASH
#ifdef CONFIG_SPIC5000
//Radio Commands
case TDFU_C5000_READREG:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
memset(dmesg_tx_buf,0,DMESG_SIZE);
state=OS_ENTER_CRITICAL();
c5000_spi0_readreg(md380_packet[1],dmesg_tx_buf);
OS_EXIT_CRITICAL(state);
break;
case TDFU_C5000_WRITEREG:
//Re-uses the dmesg transmit buffer.
*md380_dfu_target_adr=dmesg_tx_buf;
memset(dmesg_tx_buf,0,DMESG_SIZE);
state=OS_ENTER_CRITICAL();
c5000_spi0_writereg(md380_packet[1],md380_packet[2]);
OS_EXIT_CRITICAL(state);
break;
#endif //CONFIG_SPIC5000
#ifdef CONFIG_GRAPHICS
//Graphics commands.
case TDFU_PRINT: // 0x80, u8 x, u8 y, u8 str[].
drawtext((wchar_t *) (md380_packet+3),
md380_packet[1],md380_packet[2]);
break;
case TDFU_BOX:
break;
#endif //CONFIG_GRAPHICS
case TDFU_SYSLOG:
syslog_dump_dmesg();
break;
default:
printf("Unhandled DFU packet type 0x%02x.\n",md380_packet[0]);
}