int main(int argc, char **argv)
{
int expected_size = 0;
unsigned int transfer_size = 0;
enum mode mode = MODE_NONE;
struct dfu_status status;
libusb_context *ctx;
struct dfu_file file;
char *end;
int final_reset = 0;
int detach_unsupported = 0;
int ret;
int dfuse_device = 0;
int fd;
const char *dfuse_options = NULL;
int detach_delay = 5;
uint16_t runtime_vendor;
uint16_t runtime_product;
memset(&file, 0, sizeof(file));
/* make sure all prints are flushed */
setvbuf(stdout, NULL, _IONBF, 0);
while (1) {
int c, option_index = 0;
c = getopt_long(argc, argv, "hVvlenE:d:p:c:i:a:S:t:U:D:Rs:Z:", opts,
&option_index);
if (c == -1)
break;
switch (c) {
case 'h':
help();
break;
case 'V':
mode = MODE_VERSION;
break;
case 'v':
verbose++;
break;
case 'l':
mode = MODE_LIST;
break;
case 'e':
mode = MODE_DETACH;
match_iface_alt_index = 0;
match_iface_index = 0;
break;
case 'E':
detach_delay = atoi(optarg);
break;
case 'n':
detach_unsupported = 1;
break;
case 'd':
parse_vendprod(optarg);
break;
case 'p':
/* Parse device path */
ret = resolve_device_path(optarg);
if (ret < 0)
errx(EX_SOFTWARE, "Unable to parse '%s'", optarg);
if (!ret)
errx(EX_SOFTWARE, "Cannot find '%s'", optarg);
break;
case 'c':
/* Configuration */
match_config_index = atoi(optarg);
break;
case 'i':
/* Interface */
match_iface_index = atoi(optarg);
break;
case 'a':
/* Interface Alternate Setting */
match_iface_alt_index = strtoul(optarg, &end, 0);
if (*end) {
match_iface_alt_name = optarg;
match_iface_alt_index = -1;
}
break;
case 'S':
parse_serial(optarg);
break;
case 't':
transfer_size = atoi(optarg);
break;
case 'U':
mode = MODE_UPLOAD;
file.name = optarg;
break;
case 'Z':
expected_size = atoi(optarg);
break;
case 'D':
mode = MODE_DOWNLOAD;
file.name = optarg;
break;
case 'R':
final_reset = 1;
break;
case 's':
dfuse_options = optarg;
break;
default:
help();
break;
}
}
print_version();
if (mode == MODE_VERSION) {
exit(0);
}
if (mode == MODE_NONE) {
fprintf(stderr, "You need to specify one of -D or -U\n");
help();
}
if (match_config_index == 0) {
/* Handle "-c 0" (unconfigured device) as don't care */
match_config_index = -1;
}
if (mode == MODE_DOWNLOAD) {
dfu_load_file(&file, MAYBE_SUFFIX, MAYBE_PREFIX);
/* If the user didn't specify product and/or vendor IDs to match,
* use any IDs from the file suffix for device matching */
if (match_vendor < 0 && file.idVendor != 0xffff) {
match_vendor = file.idVendor;
printf("Match vendor ID from file: %04x\n", match_vendor);
}
if (match_product < 0 && file.idProduct != 0xffff) {
match_product = file.idProduct;
printf("Match product ID from file: %04x\n", match_product);
}
}
ret = libusb_init(&ctx);
if (ret)
errx(EX_IOERR, "unable to initialize libusb: %i", ret);
if (verbose > 2) {
libusb_set_debug(ctx, 255);
}
probe_devices(ctx);
if (mode == MODE_LIST) {
list_dfu_interfaces();
exit(0);
}
if (dfu_root == NULL) {
errx(EX_IOERR, "No DFU capable USB device available");
} else if (dfu_root->next != NULL) {
/* We cannot safely support more than one DFU capable device
* with same vendor/product ID, since during DFU we need to do
* a USB bus reset, after which the target device will get a
* new address */
errx(EX_IOERR, "More than one DFU capable USB device found! "
"Try `--list' and specify the serial number "
"or disconnect all but one device\n");
}
/* We have exactly one device. Its libusb_device is now in dfu_root->dev */
printf("Opening DFU capable USB device...\n");
ret = libusb_open(dfu_root->dev, &dfu_root->dev_handle);
if (ret || !dfu_root->dev_handle)
errx(EX_IOERR, "Cannot open device");
printf("ID %04x:%04x\n", dfu_root->vendor, dfu_root->product);
printf("Run-time device DFU version %04x\n",
libusb_le16_to_cpu(dfu_root->func_dfu.bcdDFUVersion));
/* Transition from run-Time mode to DFU mode */
if (!(dfu_root->flags & DFU_IFF_DFU)) {
int err;
/* In the 'first round' during runtime mode, there can only be one
* DFU Interface descriptor according to the DFU Spec. */
/* FIXME: check if the selected device really has only one */
runtime_vendor = dfu_root->vendor;
runtime_product = dfu_root->product;
printf("Claiming USB DFU Runtime Interface...\n");
if (libusb_claim_interface(dfu_root->dev_handle, dfu_root->interface) < 0) {
errx(EX_IOERR, "Cannot claim interface %d",
dfu_root->interface);
}
if (libusb_set_interface_alt_setting(dfu_root->dev_handle, dfu_root->interface, 0) < 0) {
errx(EX_IOERR, "Cannot set alt interface zero");
}
printf("Determining device status: ");
err = dfu_get_status(dfu_root, &status);
if (err == LIBUSB_ERROR_PIPE) {
printf("Device does not implement get_status, assuming appIDLE\n");
status.bStatus = DFU_STATUS_OK;
status.bwPollTimeout = 0;
status.bState = DFU_STATE_appIDLE;
status.iString = 0;
} else if (err < 0) {
errx(EX_IOERR, "error get_status");
} else {
printf("state = %s, status = %d\n",
dfu_state_to_string(status.bState), status.bStatus);
}
milli_sleep(status.bwPollTimeout);
switch (status.bState) {
case DFU_STATE_appIDLE:
case DFU_STATE_appDETACH:
if (!detach_unsupported) {
printf("Device really in Runtime Mode, send DFU "
"detach request...\n");
if (dfu_detach(dfu_root->dev_handle,
dfu_root->interface, 1000) < 0) {
warnx("error detaching");
}
}
if (dfu_root->func_dfu.bmAttributes & USB_DFU_WILL_DETACH) {
printf("Device will detach and reattach...\n");
} else {
printf("Resetting USB...\n");
ret = libusb_reset_device(dfu_root->dev_handle);
if (ret < 0 && ret != LIBUSB_ERROR_NOT_FOUND)
errx(EX_IOERR, "error resetting "
"after detach");
}
break;
case DFU_STATE_dfuERROR:
printf("dfuERROR, clearing status\n");
if (dfu_clear_status(dfu_root->dev_handle,
dfu_root->interface) < 0) {
errx(EX_IOERR, "error clear_status");
}
/* fall through */
default:
warnx("WARNING: Runtime device already in DFU state ?!?");
libusb_release_interface(dfu_root->dev_handle,
dfu_root->interface);
goto dfustate;
}
libusb_release_interface(dfu_root->dev_handle,
dfu_root->interface);
libusb_close(dfu_root->dev_handle);
dfu_root->dev_handle = NULL;
if (mode == MODE_DETACH) {
libusb_exit(ctx);
exit(0);
}
/* keeping handles open might prevent re-enumeration */
disconnect_devices();
milli_sleep(detach_delay * 1000);
/* Change match vendor and product to impossible values to force
* only DFU mode matches in the following probe */
match_vendor = match_product = 0x10000;
probe_devices(ctx);
if (dfu_root == NULL) {
errx(EX_IOERR, "Lost device after RESET?");
} else if (dfu_root->next != NULL) {
errx(EX_IOERR, "More than one DFU capable USB device found! "
"Try `--list' and specify the serial number "
"or disconnect all but one device");
}
/* Check for DFU mode device */
if (!(dfu_root->flags | DFU_IFF_DFU))
errx(EX_SOFTWARE, "Device is not in DFU mode");
printf("Opening DFU USB Device...\n");
ret = libusb_open(dfu_root->dev, &dfu_root->dev_handle);
if (ret || !dfu_root->dev_handle) {
errx(EX_IOERR, "Cannot open device");
}
} else {
/* we're already in DFU mode, so we can skip the detach/reset
* procedure */
/* If a match vendor/product was specified, use that as the runtime
* vendor/product, otherwise use the DFU mode vendor/product */
runtime_vendor = match_vendor < 0 ? dfu_root->vendor : match_vendor;
runtime_product = match_product < 0 ? dfu_root->product : match_product;
}
dfustate:
#if 0
printf("Setting Configuration %u...\n", dfu_root->configuration);
if (libusb_set_configuration(dfu_root->dev_handle, dfu_root->configuration) < 0) {
errx(EX_IOERR, "Cannot set configuration");
}
#endif
printf("Claiming USB DFU Interface...\n");
if (libusb_claim_interface(dfu_root->dev_handle, dfu_root->interface) < 0) {
errx(EX_IOERR, "Cannot claim interface");
}
printf("Setting Alternate Setting #%d ...\n", dfu_root->altsetting);
if (libusb_set_interface_alt_setting(dfu_root->dev_handle, dfu_root->interface, dfu_root->altsetting) < 0) {
errx(EX_IOERR, "Cannot set alternate interface");
}
status_again:
printf("Determining device status: ");
if (dfu_get_status(dfu_root, &status ) < 0) {
errx(EX_IOERR, "error get_status");
}
printf("state = %s, status = %d\n",
dfu_state_to_string(status.bState), status.bStatus);
milli_sleep(status.bwPollTimeout);
switch (status.bState) {
case DFU_STATE_appIDLE:
case DFU_STATE_appDETACH:
errx(EX_IOERR, "Device still in Runtime Mode!");
break;
case DFU_STATE_dfuERROR:
printf("dfuERROR, clearing status\n");
if (dfu_clear_status(dfu_root->dev_handle, dfu_root->interface) < 0) {
errx(EX_IOERR, "error clear_status");
}
goto status_again;
break;
case DFU_STATE_dfuDNLOAD_IDLE:
case DFU_STATE_dfuUPLOAD_IDLE:
printf("aborting previous incomplete transfer\n");
if (dfu_abort(dfu_root->dev_handle, dfu_root->interface) < 0) {
errx(EX_IOERR, "can't send DFU_ABORT");
}
goto status_again;
break;
case DFU_STATE_dfuIDLE:
printf("dfuIDLE, continuing\n");
break;
default:
break;
}
if (DFU_STATUS_OK != status.bStatus ) {
printf("WARNING: DFU Status: '%s'\n",
dfu_status_to_string(status.bStatus));
/* Clear our status & try again. */
if (dfu_clear_status(dfu_root->dev_handle, dfu_root->interface) < 0)
errx(EX_IOERR, "USB communication error");
if (dfu_get_status(dfu_root, &status) < 0)
errx(EX_IOERR, "USB communication error");
if (DFU_STATUS_OK != status.bStatus)
errx(EX_SOFTWARE, "Status is not OK: %d", status.bStatus);
milli_sleep(status.bwPollTimeout);
}
printf("DFU mode device DFU version %04x\n",
libusb_le16_to_cpu(dfu_root->func_dfu.bcdDFUVersion));
if (dfu_root->func_dfu.bcdDFUVersion == libusb_cpu_to_le16(0x11a))
dfuse_device = 1;
/* If not overridden by the user */
if (!transfer_size) {
transfer_size = libusb_le16_to_cpu(
dfu_root->func_dfu.wTransferSize);
if (transfer_size) {
printf("Device returned transfer size %i\n",
transfer_size);
} else {
errx(EX_IOERR, "Transfer size must be specified");
}
}
#ifdef HAVE_GETPAGESIZE
/* autotools lie when cross-compiling for Windows using mingw32/64 */
#ifndef __MINGW32__
/* limitation of Linux usbdevio */
if ((int)transfer_size > getpagesize()) {
transfer_size = getpagesize();
printf("Limited transfer size to %i\n", transfer_size);
}
#endif /* __MINGW32__ */
#endif /* HAVE_GETPAGESIZE */
if (transfer_size < dfu_root->bMaxPacketSize0) {
transfer_size = dfu_root->bMaxPacketSize0;
printf("Adjusted transfer size to %i\n", transfer_size);
}
switch (mode) {
case MODE_UPLOAD:
/* open for "exclusive" writing */
fd = open(file.name, O_WRONLY | O_BINARY | O_CREAT | O_EXCL | O_TRUNC, 0666);
if (fd < 0)
err(EX_IOERR, "Cannot open file %s for writing", file.name);
if (dfuse_device || dfuse_options) {
if (dfuse_do_upload(dfu_root, transfer_size, fd,
dfuse_options) < 0)
exit(1);
} else {
if (dfuload_do_upload(dfu_root, transfer_size,
expected_size, fd) < 0) {
exit(1);
}
}
close(fd);
break;
case MODE_DOWNLOAD:
if (((file.idVendor != 0xffff && file.idVendor != runtime_vendor) ||
(file.idProduct != 0xffff && file.idProduct != runtime_product)) &&
((file.idVendor != 0xffff && file.idVendor != dfu_root->vendor) ||
(file.idProduct != 0xffff && file.idProduct != dfu_root->product))) {
errx(EX_IOERR, "Error: File ID %04x:%04x does "
"not match device (%04x:%04x or %04x:%04x)",
file.idVendor, file.idProduct,
runtime_vendor, runtime_product,
dfu_root->vendor, dfu_root->product);
}
if (dfuse_device || dfuse_options || file.bcdDFU == 0x11a) {
if (dfuse_do_dnload(dfu_root, transfer_size, &file,
dfuse_options) < 0)
exit(1);
} else {
if (dfuload_do_dnload(dfu_root, transfer_size, &file) < 0)
exit(1);
}
break;
case MODE_DETACH:
if (detach_unsupported)
break;
ret = dfu_detach(dfu_root->dev_handle, dfu_root->interface, 1000);
if (ret < 0) {
warnx("can't detach");
}
break;
default:
errx(EX_IOERR, "Unsupported mode: %u", mode);
break;
}
if (final_reset) {
if (detach_unsupported) {
// STM32 DFU devices dont support DFU_DETACH
// Instead, force the device into STATE_DFU_MANIFEST_WAIT_RESET
// by sending a download request of size 0 and checking the state
if (dfu_download(dfu_root->dev_handle, dfu_root->interface, 0x0, 0x0, NULL)) {
warnx("Failure forcing a manifest");
} else {
if (dfu_get_status(dfu_root, &status) < 0) {
warnx("Unable to check status after manifest");
} else {
printf("state = %s, status = %d\n",
dfu_state_to_string(status.bState), status.bStatus);
if (status.bState != STATE_DFU_MANIFEST) {
warnx("Device should be in manifest state");
}
}
}
} else {
if (dfu_detach(dfu_root->dev_handle, dfu_root->interface, 1000) < 0) {
/* Even if detach failed, just carry on to leave the
device in a known state */
warnx("can't detach");
}
}
printf("Resetting USB to switch back to runtime mode\n");
ret = libusb_reset_device(dfu_root->dev_handle);
if (ret < 0 && ret != LIBUSB_ERROR_NOT_FOUND) {
errx(EX_IOERR, "error resetting after download");
}
}
libusb_close(dfu_root->dev_handle);
dfu_root->dev_handle = NULL;
libusb_exit(ctx);
return (0);
}
int Dfu::download(const QString &filename)
{
int bytes_sent = 0;
unsigned char *buf;
struct dfu_status dst;
int ret;
int fsize;
unsigned int bytes_left;
int chunk_size;
const char *exception = NULL;
FILE *filep = fopen(filename.toUtf8(), "rb");
if (filep == NULL)
throw std::runtime_error("Cannot open file.");
buf = (unsigned char *)malloc(m_transfer_size);
fseek(filep, 0, SEEK_END);
fsize = ftell(filep);
rewind(filep);
while (bytes_sent < fsize)
{
bytes_left = fsize - bytes_sent;
if (bytes_left < m_transfer_size)
chunk_size = bytes_left;
else
chunk_size = m_transfer_size;
ret = fread(buf, 1, chunk_size, filep);
if (ret < 0)
{
exception = "Error while reading file.";
goto exit;
}
ret = dfu_download(m_dif.dev_handle, m_dif.interface, ret, ret ? buf : NULL);
if (ret < 0)
{
exception = "Error while downloading DFU file.";
goto exit;
}
bytes_sent += ret;
do {
ret = dfu_get_status(m_dif.dev_handle, m_dif.interface, &dst);
if (ret < 0)
{
exception = "Error while getting status.";
goto exit;
}
if (dst.bState == DFU_STATE_dfuDNLOAD_IDLE ||
dst.bState == DFU_STATE_dfuERROR)
break;
milli_sleep(dst.bwPollTimeout);
} while (1);
if (dst.bStatus != DFU_STATUS_OK)
{
exception = "Bad status during DFU download.";
goto exit;
}
}
/* send one zero sized download request to signalize end */
ret = dfu_download(m_dif.dev_handle, m_dif.interface, 0, NULL);
if (ret < 0)
{
exception = "Error while downloading DFU file.";
goto exit;
}
/* Transition to MANIFEST_SYNC state */
ret = dfu_get_status(m_dif.dev_handle, m_dif.interface, &dst);
exit:
free(buf);
fclose(filep);
if (exception)
throw std::runtime_error(exception);
return bytes_sent;
}
bool uploadFirmware(IOUSBDeviceInterface300** device)
{
IOUSBInterfaceInterface300** interface = getDFUInterface(device);
if (interface != NULL)
{
IOUSBDFUDescriptor* descriptor = getDFUDescriptor(interface);
if (descriptor != NULL)
{
if (descriptor->bmAttributes & USB_DFU_CAN_DOWNLOAD)
{
(*interface)->USBInterfaceOpen(interface);
unsigned char intfIndex;
(*interface)->GetInterfaceNumber(interface, &intfIndex);
struct dfu_status status;
int firmware_size = firmware.size.total - firmware.size.suffix;
int remaining = firmware_size;
unsigned short transaction = 1;
int sent = 0;
printf("[i] Initiating firmware upload (%d bytes, %d bytes transfer size).\n", remaining, descriptor->wTransferSize);
while (remaining > 0)
{
int size = descriptor->wTransferSize < remaining ? descriptor->wTransferSize : remaining;
printf("[i] Downloading firmware: Chunk %d (%d bytes) - %d / %d bytes.\n", transaction, size, sent, firmware_size);
if (dfu_download(interface,
intfIndex,
size,
transaction,
firmware.firmware + sent) != kIOReturnSuccess)
break;
sent += size;
remaining -= size;
// Wrap transaction around if required
transaction++;
transaction %= USHRT_MAX;
if (dfu_get_status(interface, intfIndex, &status) != kIOReturnSuccess)
break;
if (status.bStatus != DFU_STATUS_OK)
{
fprintf(stderr, "[!] Firmware download aborting (state %s, status %s).\n",
dfu_state_to_string(status.bState),
dfu_status_to_string(status.bStatus));
break;
}
}
dfu_get_status(interface, intfIndex, &status);
printf("[i] Device State %s, Status %s, String %d\n", dfu_state_to_string(status.bState), dfu_status_to_string(status.bStatus), status.iString);
usleep(status.bwPollTimeout * 1000);
// Signal firmware upload finished
dfu_download(interface, intfIndex, 0, transaction, NULL);
dfu_get_status(interface, intfIndex, &status);
printf("[i] Device State %s, Status %s, String %d\n", dfu_state_to_string(status.bState), dfu_status_to_string(status.bStatus), status.iString);
// Firmware upload done resetting device
if (remaining > 0)
fprintf(stderr, "[!] Error while flashing: \"%s\", %d / %d bytes remaining.\n",
dfu_status_to_string(status.bStatus), remaining, firmware_size);
else if (status.bStatus != DFU_STATUS_OK)
fprintf(stderr, "[!] Error while flashing, %s.\n", dfu_status_to_string(status.bStatus));
else
{
printf("[i] Firmware upload complete, resetting device.\n");
(*device)->ResetDevice(device);
(*interface)->USBInterfaceClose(interface);
(*interface)->Release(interface);
(*device)->USBDeviceClose(device);
return true;
}
(*interface)->USBInterfaceClose(interface);
}
else
fprintf(stderr, "[!] Device is not capable to download firmware.\n");
}
else
fprintf(stderr, "[!] Failed to locate DFU descriptor for interface.\n");
(*interface)->Release(interface);
}
else
fprintf(stderr, "[!] Failed to locate DFU interface.\n");
(*device)->USBDeviceClose(device);
return false;
}
int dfuload_do_dnload(struct dfu_if *dif, int xfer_size, struct dfu_file *file)
{
int bytes_sent;
int expected_size;
unsigned char *buf;
unsigned short transaction = 0;
struct dfu_status dst;
int ret;
printf("Copying data from PC to DFU device\n");
buf = file->firmware;
expected_size = file->size.total - file->size.suffix;
bytes_sent = 0;
dfu_progress_bar("Download", 0, 1);
while (bytes_sent < expected_size) {
int bytes_left;
int chunk_size;
bytes_left = expected_size - bytes_sent;
if (bytes_left < xfer_size)
chunk_size = bytes_left;
else
chunk_size = xfer_size;
ret = dfu_download(dif->dev_handle, dif->interface,
chunk_size, transaction++, chunk_size ? buf : NULL);
if (ret < 0) {
warnx("Error during download");
goto out;
}
bytes_sent += chunk_size;
buf += chunk_size;
do {
ret = dfu_get_status(dif, &dst);
if (ret < 0) {
errx(EX_IOERR, "Error during download get_status");
goto out;
}
if (dst.bState == DFU_STATE_dfuDNLOAD_IDLE ||
dst.bState == DFU_STATE_dfuERROR)
break;
/* Wait while device executes flashing */
milli_sleep(dst.bwPollTimeout);
} while (1);
if (dst.bStatus != DFU_STATUS_OK) {
printf(" failed!\n");
printf("state(%u) = %s, status(%u) = %s\n", dst.bState,
dfu_state_to_string(dst.bState), dst.bStatus,
dfu_status_to_string(dst.bStatus));
ret = -1;
goto out;
}
dfu_progress_bar("Download", bytes_sent, bytes_sent + bytes_left);
}
/* send one zero sized download request to signalize end */
ret = dfu_download(dif->dev_handle, dif->interface,
0, transaction, NULL);
if (ret < 0) {
errx(EX_IOERR, "Error sending completion packet");
goto out;
}
dfu_progress_bar("Download", bytes_sent, bytes_sent);
if (verbose)
printf("Sent a total of %i bytes\n", bytes_sent);
get_status:
/* Transition to MANIFEST_SYNC state */
ret = dfu_get_status(dif, &dst);
if (ret < 0) {
warnx("unable to read DFU status after completion");
goto out;
}
printf("state(%u) = %s, status(%u) = %s\n", dst.bState,
dfu_state_to_string(dst.bState), dst.bStatus,
dfu_status_to_string(dst.bStatus));
milli_sleep(dst.bwPollTimeout);
/* FIXME: deal correctly with ManifestationTolerant=0 / WillDetach bits */
switch (dst.bState) {
case DFU_STATE_dfuMANIFEST_SYNC:
case DFU_STATE_dfuMANIFEST:
/* some devices (e.g. TAS1020b) need some time before we
* can obtain the status */
milli_sleep(1000);
goto get_status;
break;
case DFU_STATE_dfuIDLE:
break;
}
printf("Done!\n");
out:
return bytes_sent;
}
