main.c

zd1211memtool-0.1無線網卡專用

/* zd1211memtool: ZD1211 memory tool
 *
 * Copyright (C) 2007 Daniel Drake <dsd@gentoo.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#define _XOPEN_SOURCE 500
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <usb.h>
#include <stdint.h>
#include <unistd.h>
#include <getopt.h>

static int is_zd1211b = 0;
static char *action = NULL;
static int user_is_an_idiot = 1;
static uint16_t usbvid = 0;
static uint16_t usbpid = 0;

static int want_modify_vid = 0;
static uint16_t modify_vid = 0;
static int want_modify_pid = 0;
static uint16_t modify_pid = 0;

static char *outputfile = NULL;

#define FIRMWARE_ZD1211 "/lib/firmware/zd1211/zd1211_uphr"
#define FIRMWARE_ZD1211B "/lib/firmware/zd1211/zd1211b_uphr"
#define FIRMWARE_TRANSFER_SIZE 4096
#define FIRMWARE_SIZE 5120

#define     ZD1211_CLOCK_CTRL       0x8540

#define USB_MAX_EP_INT_BUFFER 64

/* Address space */
enum {
	/* CONTROL REGISTERS */
	CR_START			= 0x9000,


	/* FIRMWARE */
	FW_START			= 0xee00,


	/* EEPROM */
	E2P_START			= 0xf800,
	E2P_LEN				= 0x800,

	/* EEPROM layout */
	E2P_LOAD_CODE_LEN		= 0xe,		/* base 0xf800 */
	E2P_LOAD_VECT_LEN		= 0x9,		/* base 0xf80e */
	/* E2P_DATA indexes into this */
	E2P_DATA_LEN			= 0x7e,		/* base 0xf817 */
	E2P_BOOT_CODE_LEN		= 0x760,	/* base 0xf895 */
	E2P_INTR_VECT_LEN		= 0xb,		/* base 0xfff5 */

	/* Some precomputed offsets into the EEPROM */
	E2P_DATA_OFFSET			= E2P_LOAD_CODE_LEN + E2P_LOAD_VECT_LEN,
	E2P_BOOT_CODE_OFFSET		= E2P_DATA_OFFSET + E2P_DATA_LEN,
};

#define E2P_DATA(offset) (E2P_START + E2P_DATA_OFFSET + (offset))
#define E2P_USBVID E2P_DATA(0x1e)
#define E2P_USBPID E2P_DATA(0x1f)

enum {
	USB_REQ_WRITE_REGS = 0x21,
	USB_REQ_READ_REGS = 0x22,
	USB_REQ_FIRMWARE_DOWNLOAD = 0x30,
	USB_REQ_FIRMWARE_CONFIRM = 0x31,
	USB_REQ_FIRMWARE_READ_DATA = 0x32,
};

enum {
	EP_INT_IN = 3,
	EP_REGS_OUT = 4,
};

struct usb_req_read_reg {
	uint16_t id;
	uint16_t addr;
} __attribute__((packed));

struct usb_req_write_reg {
	uint16_t id;
	uint16_t addr;
	uint16_t data;
} __attribute__((packed));

struct usb_regs_response {
	uint8_t type;
	uint8_t id;
	uint16_t addr;
	uint16_t data;
} __attribute__((packed));

/* Write a register using standard interface */
static int reg_read(usb_dev_handle *uh, uint16_t addr, uint16_t *data)
{
	struct usb_req_read_reg req;
	struct usb_regs_response *response;
	unsigned char buf[USB_MAX_EP_INT_BUFFER];
	int r;

	req.id = USB_REQ_READ_REGS;
	req.addr = addr;

	printf("reg read 0x%04x\n", addr);

	r = usb_bulk_write(uh, EP_REGS_OUT,
		         (unsigned char *) &req, sizeof(req), 1000 /* ms */);
	if (r < 0) {
		printf("bulk write error\n");
		return r;
	} else if (r < sizeof(req)) {
		printf("short write\n");
		return -1;
	}
	r = usb_bulk_read(uh, EP_INT_IN, buf, USB_MAX_EP_INT_BUFFER, 1000);
	if (r < 0) {
		printf("error on bulk read\n");
		return r;
	}
	response = (struct usb_regs_response *) buf;
	printf("addr 0x%04x value 0x%x\n", response->addr, response->data);
	if (data)
		*data = response->data;
	return 0;
}

/* Write a register using the standard interface */
/* FIXME: doesn't seem to be reliable */
static int reg_write(usb_dev_handle *uh, uint16_t addr, uint16_t data)
{
	struct usb_req_write_reg req;
	int r;

	req.id = USB_REQ_WRITE_REGS;
	req.addr = addr;
	req.data = data;

	printf("reg write 0x%04x = 0x%x\n", addr, data);

	r = usb_bulk_write(uh, EP_REGS_OUT,
		         (unsigned char *) &req, sizeof(req), 1000 /* ms */);
	if (r < 0) {
		printf("bulk write error\n");
		return r;
	} else if (r < sizeof(req)) {
		printf("short write\n");
		return -1;
	}
	return 0;
}

/* Read register using pre-firmware interface */
static int reg_read_fw(usb_dev_handle *uh, uint16_t addr, unsigned char *data, int len)
{
	int r;
	r = usb_control_msg(uh, USB_ENDPOINT_IN | 0x40, USB_REQ_FIRMWARE_READ_DATA,
		addr, 0, data, len, 5000);
	if (r < 0) {
		printf("control msg fail\n");
		return r;
	} else if (r < len) {
		printf("short ctrl read\n");
		return -1;
	}

	return r;
}

/* Write registers using pre-firmare interface. I don't think this works. */
static int reg_write_fw(usb_dev_handle *uh, uint16_t addr, unsigned char *data, int len)
{
	int r;

	r = usb_control_msg(uh, USB_ENDPOINT_OUT | 0x40, USB_REQ_FIRMWARE_DOWNLOAD,
		addr, 0, data, len, 5000);
	if (r < 0) {
		printf("control msg fail\n");
		return r;
	} else if (r < len) {
		printf("short ctrl write\n");
		return -1;
	}

	return r;
}

/* Read entire EEPROM from device RAM into newly allocated buffer. */
static int action_e2pdump(usb_dev_handle *uh)
{
	unsigned char *buf;
	FILE *fd;
	int r;
	
	if (outputfile == NULL) {
		fprintf(stderr, "No output file specified.\n");
		return -1;
	}

	fd = fopen(outputfile, "w");
	if (!fd) {
		perror("fopen");
		return -1;
	}

	buf = malloc(E2P_LEN);
	if (!buf) {
		perror("malloc");
		return -1;
	}

	r = reg_read_fw(uh, E2P_START, buf, E2P_LEN);
	if (r < 0) {
		fprintf(stderr, "read failed with error %d\n", r);
		free(buf);
		return r;
	} else if (r < E2P_LEN) {
		fprintf(stderr, "read was short (%d)\n", r);
		free(buf);
		return -1;
	}

	r = fwrite(buf, 1, r, fd);
	free(buf);
	if (r < 0) {
		perror("fwrite");
		return r;
	}

	printf("EEPROM dumped to %s\n", outputfile);
	return 0;
}

static int action_e2pmodify(usb_dev_handle *uh)
{
	uint16_t clock;
	int failed = 1;
	int r;

	if (!want_modify_vid && !want_modify_pid) {
		fprintf(stderr, "No modifications specified, aborting.\n");
		return -1;
	}

	printf("You have requested the following EEPROM modifications:\n");
	if (want_modify_vid)
		printf(" - Set USB Vendor ID to %04x\n", modify_vid);
	if (want_modify_pid)
		printf(" - Set USB Product ID to %04x\n", modify_pid);
	if (user_is_an_idiot) {
		printf("Are you really sure you want to be doing this?\n");
		printf("You have 10 seconds to hit Ctrl+C if not.\n");
		printf("Use the --i-am-not-an-idiot option to avoid this pause in "
			"future.\n");
		sleep(10);
	}

	if (want_modify_vid) {
		r = reg_write_fw(uh, E2P_USBVID, (unsigned char *) &modify_vid,
			sizeof(modify_vid));
		if (r < 0) {
			fprintf(stderr, "failed to write new VID\n");
			return r;
		}
	}

	if (want_modify_pid) {
		r = reg_write_fw(uh, E2P_USBPID, (unsigned char *) &modify_pid,
			sizeof(modify_pid));
		if (r < 0) {
			fprintf(stderr, "failed to write new PID\n");
			return r;
		}
	}

	/* We now mess with the EEPROM clock, and DMA the modified EEPROM from
	 * device RAM to EEPROM. */

	r = reg_read(uh, ZD1211_CLOCK_CTRL, &clock);
	if (r < 0) {
		fprintf(stderr, "failed to read CLOCK_CTRL\n");
		return r;
	}

	r = reg_write(uh, ZD1211_CLOCK_CTRL, clock | 1);
	if (r < 0) {
		fprintf(stderr, "failed to modify CLOCK_CTRL\n");
		return r;
	}

	if (is_zd1211b) {
		r = reg_write(uh, 0x863a, 0x55aa);
		if (r < 0) {
			fprintf(stderr, "zd1211b write failed\n");
			goto fix_clock;
		}

		r = reg_write(uh, 0x8685, 0x44bb);
		if (r < 0) {
			fprintf(stderr, "zd1211b write failed\n");
			goto fix_clock;
		}

		r = reg_write(uh, 0x861b, 0x33cc);
		if (r < 0) {
			fprintf(stderr, "zd1211b write failed\n");
			goto fix_clock;
		}

		r = reg_write(uh, 0x8666, 0x22dd);
		if (r < 0) {
			fprintf(stderr, "zd1211b write failed\n");
			goto fix_clock;
		}

		usleep(5000);
	}

	r = reg_write(uh, 0x862a, E2P_DATA_OFFSET); /* ROM addr */
	if (r < 0) {
		fprintf(stderr, "failed to write ROM address.\n");
		goto fix_clock;
	}

	r = reg_write(uh, 0x862b, E2P_DATA(0)); /* RAM addr */
	if (r < 0) {
		fprintf(stderr, "failed to write RAM addr\n");
		goto fix_clock;
	}

    r = reg_write(uh, 0x862c, E2P_DATA_LEN | (1 << 15)); /* 1<<15 is write */
	if (r < 0) {
		fprintf(stderr, "failed to write transfer length\n");
		goto fix_clock;
	}

	failed = 0;
	usleep(5000);

fix_clock:

	r = reg_write(uh, ZD1211_CLOCK_CTRL, clock & ~1);
	if (r < 0) {
		fprintf(stderr, "Failed to fixup clock\n");
		return r;
	}
	if (failed)
		return -1;

	printf("EEPROM updated successfully! Replug device now.\n");
	return 0;
}


static int upload_firmware(usb_dev_handle *uh)
{
	unsigned char *p;
	uint8_t ret;
	int r;
	uint16_t code_offset = FW_START;
	FILE *fd;
	size_t size;


	fd = fopen(is_zd1211b ? FIRMWARE_ZD1211B : FIRMWARE_ZD1211, "r");
	if (!fd) {
		perror("fopen");
		return -1;
	}

	p = malloc(FIRMWARE_TRANSFER_SIZE);
	if (!p) {
		perror("malloc");
		return -1;
	}

	size = FIRMWARE_SIZE;
	while (size > 0) {
		size_t transfer_size = size <= FIRMWARE_TRANSFER_SIZE ?
			size : FIRMWARE_TRANSFER_SIZE;

		fread(p, 1, transfer_size, fd);
		r = usb_control_msg(uh, USB_ENDPOINT_OUT | USB_TYPE_VENDOR,
			USB_REQ_FIRMWARE_DOWNLOAD,
			code_offset, 0, p, transfer_size, 1000 /* ms */);
		if (r < 0) {
			printf("firmware upload ctrl failed\n");
			return -1;
		}
		transfer_size = r & ~1;

		size -= transfer_size;
		code_offset += transfer_size/sizeof(uint16_t);
	}

	r = usb_control_msg(uh, USB_ENDPOINT_IN | USB_TYPE_VENDOR,
		USB_REQ_FIRMWARE_CONFIRM,
		0, 0, &ret, sizeof(ret), 5000 /* ms */);
	if (r != sizeof(ret)) {
		printf("firmware confirm value failed\n");
		return -1;
	}
	if (ret & 0x80) {
		printf("internal error on confirm\n");
		return -1;
	}
	printf("firmware confirm val %x\n", ret);

	return 0;
}


static usb_dev_handle *find_and_open_usbdev()
{
	struct usb_bus *bus, *busses;
	struct usb_device *udev = NULL;
	usb_dev_handle *uh;

	usb_find_busses();
	usb_find_devices();
	busses = usb_get_busses();

	for (bus = busses; bus; bus = bus->next) {
		struct usb_device *dev;
		for (dev = bus->devices; dev; dev = dev->next)
			if (dev->descriptor.idProduct == usbpid &&
					dev->descriptor.idVendor == usbvid)
				udev = dev;
	}

	if (!udev) {
		fprintf(stderr, "Can't find device %04x:%04x\n", usbvid, usbpid);
		return NULL;
	}

	uh = usb_open(udev);
	if (!uh) {
		fprintf(stderr, "error opening device\n");
	}

	return uh;
}

enum {
	MODIFY_VID_VAL = 256,
	MODIFY_PID_VAL = 257,
};

static struct option long_options[] = {
	{ "action", required_argument, NULL, 'a', },
	{ "usbvid", required_argument, NULL, 'v', },
	{ "usbpid", required_argument, NULL, 'p', },
	{ "device-type", required_argument, NULL, 'd' },
	{ "i-am-not-an-idiot", no_argument, &user_is_an_idiot, 0, },

	/* e2pmodify options */
	{ "modify-vid", required_argument, NULL, MODIFY_VID_VAL, },
	{ "modify-pid", required_argument, NULL, MODIFY_PID_VAL, },

	/* e2pdump options */
	{ "output", required_argument, NULL, 'o', },

	{ NULL, 0, NULL, 0, },
};

int main(int argc, char **argv)
{
	usb_dev_handle *uh;
	unsigned char *e2pdata;
	int option_index;
	int c;
	int r;
	FILE *fd;
	int ids_set = 0;
	int type_specified = 0;
	int ret = 1;

	usb_init();

	while (1) {
		c = getopt_long(argc, argv, "a:p:v:", long_options, &option_index);
		if (c == -1)
			break;

		switch (c) {
		case 0:
			break;
		case 'a':
			action = strdup(optarg);
			break;
		case 'p':
			sscanf(optarg, "%x", &usbpid);
			ids_set++;
			break;
		case 'v':
			sscanf(optarg, "%x", &usbvid);
			ids_set++;
			break;
		case 'd':
			if (strcasecmp(optarg, "zd1211b") == 0) {
				is_zd1211b = 1;
			} else if (strcasecmp(optarg, "zd1211")) {
				fprintf(stderr, "Unrecognised device type: %s\n", optarg);
				exit(1);
			}
			type_specified = 1;
			break;
		case 'o':
			outputfile = strdup(optarg);
			break;
		case MODIFY_VID_VAL:
			sscanf(optarg, "%x", &modify_vid);
			want_modify_vid = 1;
			break;
		case MODIFY_PID_VAL:
			sscanf(optarg, "%x", &modify_pid);
			want_modify_pid = 1;
			break;
		default:
			fprintf(stderr, "Unrecognised option '%c'\n", c);
			exit(1);
		}
	}

	if (action == NULL) {
		fprintf(stderr, "No action specified.\n");
		exit(1);
	}

	if (!type_specified) {
		fprintf(stderr, "No device type specified.\n");
		exit(1);
	}

	if (ids_set != 2) {
		fprintf(stderr, "You must specify both USB product and vendor ID\n");
		exit(1);
	}

	uh = find_and_open_usbdev();
	if (!uh)
		exit(1);

	printf("Found device, resetting...\n");

	if (usb_reset(uh) < 0) {
		fprintf(stderr, "Error resetting device.\n");
		goto exit_close;
	}

	uh = find_and_open_usbdev();
	if (!uh)
		exit(1);

	r = usb_claim_interface(uh, 0);
	if (r < 0) {
		fprintf(stderr, "Error claiming interface: %d %s\n", r, strerror(-r));
		goto exit_close;
	}

	usb_set_configuration(uh, 0);

	/* EEPROM dump should be done without firmware */
	if (strcasecmp(action, "e2pdump") == 0) {
		ret = action_e2pdump(uh);
		goto exit;
	}

	printf("Uploading firmware...\n");
	if (upload_firmware(uh) < 0) {
		fprintf(stderr, "Error uploading firmware.\n");
		goto exit;
	}

	usb_set_configuration(uh, 0);

	if (strcasecmp(action, "e2pmodify") == 0) {
		ret = action_e2pmodify(uh);
	} else {
		fprintf(stderr, "Unknown action: %s\n", action);
		goto exit;
	}

	ret = 0;

exit:
	usb_release_interface(uh, 0);
exit_close:
	usb_close(uh);
	exit(ret);
}