/*
*
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2012 Intel Corporation. All rights reserved.
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <ctype.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <getopt.h>
#include <sys/stat.h>
#include <sys/param.h>
#include "monitor/bt.h"
#include "src/shared/mainloop.h"
#include "src/shared/util.h"
#include "src/shared/hci.h"
#define CMD_RESET 0xfc01
struct cmd_reset {
uint8_t reset_type;
uint8_t patch_enable;
uint8_t otp_ddc_reload;
uint8_t boot_option;
uint32_t boot_addr;
} __attribute__ ((packed));
#define CMD_NO_OPERATION 0xfc02
#define CMD_READ_VERSION 0xfc05
struct rsp_read_version {
uint8_t status;
uint8_t hw_platform;
uint8_t hw_variant;
uint8_t hw_revision;
uint8_t fw_variant;
uint8_t fw_revision;
uint8_t fw_build_nn;
uint8_t fw_build_cw;
uint8_t fw_build_yy;
uint8_t fw_patch;
} __attribute__ ((packed));
#define CMD_READ_BOOT_PARAMS 0xfc0d
struct rsp_read_boot_params {
uint8_t status;
uint8_t otp_format;
uint8_t otp_content;
uint8_t otp_patch;
uint16_t dev_revid;
uint8_t secure_boot;
uint8_t key_from_hdr;
uint8_t key_type;
uint8_t otp_lock;
uint8_t api_lock;
uint8_t debug_lock;
uint8_t otp_bdaddr[6];
uint8_t min_fw_build_nn;
uint8_t min_fw_build_cw;
uint8_t min_fw_build_yy;
uint8_t limited_cce;
uint8_t unlocked_state;
} __attribute__ ((packed));
#define CMD_WRITE_BOOT_PARAMS 0xfc0e
struct cmd_write_boot_params {
uint32_t boot_addr;
uint8_t fw_build_nn;
uint8_t fw_build_cw;
uint8_t fw_build_yy;
} __attribute__ ((packed));
#define CMD_MANUFACTURER_MODE 0xfc11
struct cmd_manufacturer_mode {
uint8_t mode_switch;
uint8_t reset;
} __attribute__ ((packed));
#define CMD_WRITE_BD_DATA 0xfc2f
struct cmd_write_bd_data {
uint8_t bdaddr[6];
uint8_t reserved1[6];
uint8_t features[8];
uint8_t le_features;
uint8_t reserved2[32];
uint8_t lmp_version;
uint8_t reserved3[26];
} __attribute__ ((packed));
#define CMD_READ_BD_DATA 0xfc30
struct rsp_read_bd_data {
uint8_t status;
uint8_t bdaddr[6];
uint8_t reserved1[6];
uint8_t features[8];
uint8_t le_features;
uint8_t reserved2[32];
uint8_t lmp_version;
uint8_t reserved3[26];
} __attribute__ ((packed));
#define CMD_WRITE_BD_ADDRESS 0xfc31
struct cmd_write_bd_address {
uint8_t bdaddr[6];
} __attribute__ ((packed));
#define CMD_ACT_DEACT_TRACES 0xfc43
struct cmd_act_deact_traces {
uint8_t tx_trace;
uint8_t tx_arq;
uint8_t rx_trace;
} __attribute__ ((packed));
#define CMD_TRIGGER_EXCEPTION 0xfc4d
struct cmd_trigger_exception {
uint8_t type;
} __attribute__ ((packed));
#define CMD_MEMORY_WRITE 0xfc8e
static struct bt_hci *hci_dev;
static uint16_t hci_index = 0;
#define FIRMWARE_BASE_PATH "/lib/firmware"
static bool set_bdaddr = false;
static const char *set_bdaddr_value = NULL;
static bool get_bddata = false;
static bool load_firmware = false;
static const char *load_firmware_value = NULL;
static uint8_t *firmware_data = NULL;
static size_t firmware_size = 0;
static size_t firmware_offset = 0;
static bool check_firmware = false;
static const char *check_firmware_value = NULL;
uint8_t manufacturer_mode_reset = 0x00;
static bool use_manufacturer_mode = false;
static bool set_traces = false;
static bool set_exception = false;
static bool reset_on_exit = false;
static bool cold_boot = false;
static void reset_complete(const void *data, uint8_t size, void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to reset (0x%02x)\n", status);
mainloop_quit();
return;
}
mainloop_quit();
}
static void cold_boot_complete(const void *data, uint8_t size, void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to cold boot (0x%02x)\n", status);
mainloop_quit();
return;
}
if (reset_on_exit) {
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
reset_complete, NULL, NULL);
return;
}
mainloop_quit();
}
static void leave_manufacturer_mode_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to leave manufacturer mode (0x%02x)\n",
status);
mainloop_quit();
return;
}
if (reset_on_exit) {
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
reset_complete, NULL, NULL);
return;
}
mainloop_quit();
}
static void shutdown_device(void)
{
bt_hci_flush(hci_dev);
free(firmware_data);
if (use_manufacturer_mode) {
struct cmd_manufacturer_mode cmd;
cmd.mode_switch = 0x00;
cmd.reset = manufacturer_mode_reset;
bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
leave_manufacturer_mode_complete, NULL, NULL);
return;
}
if (reset_on_exit) {
bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
reset_complete, NULL, NULL);
return;
}
mainloop_quit();
}
static void write_bd_address_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to write address (0x%02x)\n", status);
mainloop_quit();
return;
}
shutdown_device();
}
static void read_bd_addr_complete(const void *data, uint8_t size,
void *user_data)
{
const struct bt_hci_rsp_read_bd_addr *rsp = data;
struct cmd_write_bd_address cmd;
if (rsp->status) {
fprintf(stderr, "Failed to read address (0x%02x)\n",
rsp->status);
mainloop_quit();
shutdown_device();
return;
}
if (set_bdaddr_value) {
fprintf(stderr, "Setting address is not supported\n");
mainloop_quit();
return;
}
printf("Controller Address\n");
printf("\tOld BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
rsp->bdaddr[5], rsp->bdaddr[4],
rsp->bdaddr[3], rsp->bdaddr[2],
rsp->bdaddr[1], rsp->bdaddr[0]);
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
cmd.bdaddr[0] = (hci_index & 0xff);
printf("\tNew BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
cmd.bdaddr[5], cmd.bdaddr[4],
cmd.bdaddr[3], cmd.bdaddr[2],
cmd.bdaddr[1], cmd.bdaddr[0]);
bt_hci_send(hci_dev, CMD_WRITE_BD_ADDRESS, &cmd, sizeof(cmd),
write_bd_address_complete, NULL, NULL);
}
static void act_deact_traces_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to activate traces (0x%02x)\n", status);
shutdown_device();
return;
}
shutdown_device();
}
static void act_deact_traces(void)
{
struct cmd_act_deact_traces cmd;
cmd.tx_trace = 0x03;
cmd.tx_arq = 0x03;
cmd.rx_trace = 0x03;
bt_hci_send(hci_dev, CMD_ACT_DEACT_TRACES, &cmd, sizeof(cmd),
act_deact_traces_complete, NULL, NULL);
}
static void trigger_exception(void)
{
struct cmd_trigger_exception cmd;
cmd.type = 0x00;
bt_hci_send(hci_dev, CMD_TRIGGER_EXCEPTION, &cmd, sizeof(cmd),
NULL, NULL, NULL);
shutdown_device();
}
static void write_bd_data_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to write data (0x%02x)\n", status);
shutdown_device();
return;
}
if (set_traces) {
act_deact_traces();
return;
}
shutdown_device();
}
static void read_bd_data_complete(const void *data, uint8_t size,
void *user_data)
{
const struct rsp_read_bd_data *rsp = data;
if (rsp->status) {
fprintf(stderr, "Failed to read data (0x%02x)\n", rsp->status);
shutdown_device();
return;
}
printf("Controller Data\n");
printf("\tBD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
rsp->bdaddr[5], rsp->bdaddr[4],
rsp->bdaddr[3], rsp->bdaddr[2],
rsp->bdaddr[1], rsp->bdaddr[0]);
printf("\tLMP Version: %u\n", rsp->lmp_version);
printf("\tLMP Features: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x"
" 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
rsp->features[0], rsp->features[1],
rsp->features[2], rsp->features[3],
rsp->features[4], rsp->features[5],
rsp->features[6], rsp->features[7]);
printf("\tLE Features: 0x%2.2x\n", rsp->le_features);
if (set_bdaddr) {
struct cmd_write_bd_data cmd;
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
cmd.bdaddr[0] = (hci_index & 0xff);
cmd.lmp_version = 0x07;
memcpy(cmd.features, rsp->features, 8);
cmd.le_features = rsp->le_features;
cmd.le_features |= 0x1e;
memcpy(cmd.reserved1, rsp->reserved1, sizeof(cmd.reserved1));
memcpy(cmd.reserved2, rsp->reserved2, sizeof(cmd.reserved2));
memcpy(cmd.reserved3, rsp->reserved3, sizeof(cmd.reserved3));
bt_hci_send(hci_dev, CMD_WRITE_BD_DATA, &cmd, sizeof(cmd),
write_bd_data_complete, NULL, NULL);
return;
}
shutdown_device();
}
static void firmware_command_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to load firmware (0x%02x)\n", status);
manufacturer_mode_reset = 0x01;
shutdown_device();
return;
}
if (firmware_offset >= firmware_size) {
printf("Activating firmware\n");
manufacturer_mode_reset = 0x02;
shutdown_device();
return;
}
if (firmware_data[firmware_offset] == 0x01) {
uint16_t opcode;
uint8_t dlen;
opcode = firmware_data[firmware_offset + 2] << 8 |
firmware_data[firmware_offset + 1];
dlen = firmware_data[firmware_offset + 3];
bt_hci_send(hci_dev, opcode, firmware_data +
firmware_offset + 4, dlen,
firmware_command_complete, NULL, NULL);
firmware_offset += dlen + 4;
if (firmware_data[firmware_offset] == 0x02) {
dlen = firmware_data[firmware_offset + 2];
firmware_offset += dlen + 3;
}
} else {
fprintf(stderr, "Invalid packet in firmware\n");
manufacturer_mode_reset = 0x01;
shutdown_device();
}
}
static void enter_manufacturer_mode_complete(const void *data, uint8_t size,
void *user_data)
{
uint8_t status = *((uint8_t *) data);
if (status) {
fprintf(stderr, "Failed to enter manufacturer mode (0x%02x)\n",
status);
mainloop_quit();
return;
}
if (load_firmware) {
uint8_t status = BT_HCI_ERR_SUCCESS;
firmware_command_complete(&status, sizeof(status), NULL);
return;
}
if (get_bddata || set_bdaddr) {
bt_hci_send(hci_dev, CMD_READ_BD_DATA, NULL, 0,
read_bd_data_complete, NULL, NULL);
return;
}
if (set_traces) {
act_deact_traces();
return;
}
if (set_exception) {
trigger_exception();
return;
}
shutdown_device();
}
static void request_firmware(const char *path)
{
unsigned int cmd_num = 0;
unsigned int evt_num = 0;
struct stat st;
ssize_t len;
int fd;
fd = open(path, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Failed to open firmware %s\n", path);
shutdown_device();
return;
}
if (fstat(fd, &st) < 0) {
fprintf(stderr, "Failed to get firmware size\n");
close(fd);
shutdown_device();
return;
}
firmware_data = malloc(st.st_size);
if (!firmware_data) {
fprintf(stderr, "Failed to allocate firmware buffer\n");
close(fd);
shutdown_device();
return;
}
len = read(fd, firmware_data, st.st_size);
if (len < 0) {
fprintf(stderr, "Failed to read firmware file\n");
close(fd);
shutdown_device();
return;
}
close(fd);
if (len < st.st_size) {
fprintf(stderr, "Firmware size does not match buffer\n");
shutdown_device();
return;
}
firmware_size = len;
if (firmware_data[0] == 0xff)
firmware_offset = 1;
while (firmware_offset < firmware_size) {
uint16_t opcode;
uint8_t evt, dlen;
switch (firmware_data[firmware_offset]) {
case 0x01:
opcode = firmware_data[firmware_offset + 2] << 8 |
firmware_data[firmware_offset + 1];
dlen = firmware_data[firmware_offset + 3];
if (opcode != CMD_MEMORY_WRITE)
printf("Unexpected opcode 0x%02x\n", opcode);
firmware_offset += dlen + 4;
cmd_num++;
break;
case 0x02:
evt = firmware_data[firmware_offset + 1];
dlen = firmware_data[firmware_offset + 2];
if (evt != BT_HCI_EVT_CMD_COMPLETE)
printf("Unexpected event 0x%02x\n", evt);
firmware_offset += dlen + 3;
evt_num++;
break;
default:
fprintf(stderr, "Invalid firmware file\n");
shutdown_device();
return;
}
}
printf("Firmware with %u commands and %u events\n", cmd_num, evt_num);
if (firmware_data[0] == 0xff)
firmware_offset = 1;
}
static void read_boot_params_complete(const void *data, uint8_t size,
void *user_data)
{
const struct rsp_read_boot_params *rsp = data;
if (rsp->status) {
fprintf(stderr, "Failed to read boot params (0x%02x)\n",
rsp->status);
mainloop_quit();
return;
}
if (size != sizeof(*rsp)) {
fprintf(stderr, "Size mismatch for read boot params\n");
mainloop_quit();
return;
}
printf("Secure Boot Parameters\n");
printf("\tOTP Format Version:\t%u\n", rsp->otp_format);
printf("\tOTP Content Version:\t%u\n", rsp->otp_content);
printf("\tOTP ROM Patch Version:\t%u\n", rsp->otp_patch);
printf("\tDevice Revision ID:\t%u\n", le16_to_cpu(rsp->dev_revid));
printf("\tSecure Boot Enable:\t%u\n", rsp->secure_boot);
printf("\tTake Key From Header:\t%u\n", rsp->key_from_hdr);
printf("\tRSA Key Type:\t\t%u\n", rsp->key_type);
printf("\tOTP Lock:\t\t%u\n", rsp->otp_lock);
printf("\tAPI Lock:\t\t%u\n", rsp->api_lock);
printf("\tDebug Lock:\t\t%u\n", rsp->debug_lock);
printf("\tMin FW Build Number:\t%u-%u.%u\n", rsp->min_fw_build_nn,
rsp->min_fw_build_cw, 2000 + rsp->min_fw_build_yy);
printf("\tLimited CCE to ISSC:\t%u\n", rsp->limited_cce);
printf("\tUnlocked State:\t\t%u\n", rsp->unlocked_state);
mainloop_quit();
}
static const struct {
uint8_t val;
const char *str;
} hw_variant_table[] = {
{ 0x06, "iBT 1.1 (XG223)" },
{ 0x07, "iBT 2.0 (WP)" },
{ 0x08, "iBT 2.5 (StP)" },
{ 0x09, "iBT 1.5 (AG610)" },
{ 0x0a, "iBT 2.1 (AG620)" },
{ 0x0b, "iBT 3.0 (LnP)" },
{ 0x0c, "iBT 3.0 (WsP)" },
{ 0x12, "iBT 3.5 (ThP)" },
{ }
};
static const struct {
uint8_t val;
const char *str;
} fw_variant_table[] = {
{ 0x01, "iBT 1.0 - iBT 2.5" },
{ 0x06, "iBT Bootloader" },
{ 0x23, "iBT 3.x Bluetooth FW" },
{ }
};
static void read_version_complete(const void *data, uint8_t size,
void *user_data)
{
const struct rsp_read_version *rsp = data;
const char *str;
int i;
if (rsp->status) {
fprintf(stderr, "Failed to read version (0x%02x)\n",
rsp->status);
mainloop_quit();
return;
}
if (size != sizeof(*rsp)) {
fprintf(stderr, "Size mismatch for read version response\n");
mainloop_quit();
return;
}
if (cold_boot) {
struct cmd_reset cmd;
cmd.reset_type = 0x01;
cmd.patch_enable = 0x00;
cmd.otp_ddc_reload = 0x01;
cmd.boot_option = 0x00;
cmd.boot_addr = cpu_to_le32(0x00000000);
bt_hci_send(hci_dev, CMD_RESET, &cmd, sizeof(cmd),
cold_boot_complete, NULL, NULL);
return;
}
if (load_firmware) {
if (load_firmware_value) {
printf("Firmware: %s\n", load_firmware_value);
request_firmware(load_firmware_value);
} else {
char fw_name[PATH_MAX];
snprintf(fw_name, sizeof(fw_name),
"%s/%s/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
FIRMWARE_BASE_PATH, "intel",
rsp->hw_platform, rsp->hw_variant,
rsp->hw_revision, rsp->fw_variant,
rsp->fw_revision, rsp->fw_build_nn,
rsp->fw_build_cw, rsp->fw_build_yy);
printf("Firmware: %s\n", fw_name);
printf("Patch level: %d\n", rsp->fw_patch);
request_firmware(fw_name);
}
}
if (use_manufacturer_mode) {
struct cmd_manufacturer_mode cmd;
cmd.mode_switch = 0x01;
cmd.reset = 0x00;
bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
enter_manufacturer_mode_complete, NULL, NULL);
return;
}
if (set_bdaddr) {
bt_hci_send(hci_dev, BT_HCI_CMD_READ_BD_ADDR, NULL, 0,
read_bd_addr_complete, NULL, NULL);
return;
}
printf("Controller Version Information\n");
printf("\tHardware Platform:\t%u\n", rsp->hw_platform);
str = "Reserved";
for (i = 0; hw_variant_table[i].str; i++) {
if (hw_variant_table[i].val == rsp->hw_variant) {
str = hw_variant_table[i].str;
break;
}
}
printf("\tHardware Variant:\t%s (0x%02x)\n", str, rsp->hw_variant);
printf("\tHardware Revision:\t%u.%u\n", rsp->hw_revision >> 4,
rsp->hw_revision & 0x0f);
str = "Reserved";
for (i = 0; fw_variant_table[i].str; i++) {
if (fw_variant_table[i].val == rsp->fw_variant) {
str = fw_variant_table[i].str;
break;
}
}
printf("\tFirmware Variant:\t%s (0x%02x)\n", str, rsp->fw_variant);
printf("\tFirmware Revision:\t%u.%u\n", rsp->fw_revision >> 4,
rsp->fw_revision & 0x0f);
printf("\tFirmware Build Number:\t%u-%u.%u\n", rsp->fw_build_nn,
rsp->fw_build_cw, 2000 + rsp->fw_build_yy);
printf("\tFirmware Patch Number:\t%u\n", rsp->fw_patch);
if (rsp->hw_variant == 0x0b && rsp->fw_variant == 0x06) {
bt_hci_send(hci_dev, CMD_READ_BOOT_PARAMS, NULL, 0,
read_boot_params_complete, NULL, NULL);
return;
}
mainloop_quit();
}
struct css_hdr {
uint32_t module_type;
uint32_t header_len;
uint32_t header_version;
uint32_t module_id;
uint32_t module_vendor;
uint32_t date;
uint32_t size;
uint32_t key_size;
uint32_t modulus_size;
uint32_t exponent_size;
uint8_t reserved[88];
} __attribute__ ((packed));
static void analyze_firmware(const char *path)
{
unsigned int cmd_num = 0;
struct css_hdr *css;
struct stat st;
ssize_t len;
int fd;
fd = open(path, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Failed to open firmware %s\n", path);
return;
}
if (fstat(fd, &st) < 0) {
fprintf(stderr, "Failed to get firmware size\n");
close(fd);
return;
}
firmware_data = malloc(st.st_size);
if (!firmware_data) {
fprintf(stderr, "Failed to allocate firmware buffer\n");
close(fd);
return;
}
len = read(fd, firmware_data, st.st_size);
if (len < 0) {
fprintf(stderr, "Failed to read firmware file\n");
close(fd);
goto done;
}
close(fd);
if (len != st.st_size) {
fprintf(stderr, "Failed to read complete firmware file\n");
goto done;
}
if ((size_t) len < sizeof(*css)) {
fprintf(stderr, "Firmware file is too short\n");
goto done;
}
css = (void *) firmware_data;
printf("Module type:\t%u\n", le32_to_cpu(css->module_type));
printf("Header len:\t%u DWORDs / %u bytes\n",
le32_to_cpu(css->header_len),
le32_to_cpu(css->header_len) * 4);
printf("Header version:\t%u.%u\n",
le32_to_cpu(css->header_version) >> 16,
le32_to_cpu(css->header_version) & 0xffff);
printf("Module ID:\t%u\n", le32_to_cpu(css->module_id));
printf("Module vendor:\t%u\n", le32_to_cpu(css->module_vendor));
printf("Date:\t\t%u\n", le32_to_cpu(css->date));
printf("Size:\t\t%u DWORDs / %u bytes\n", le32_to_cpu(css->size),
le32_to_cpu(css->size) * 4);
printf("Key size:\t%u DWORDs / %u bytes\n",
le32_to_cpu(css->key_size),
le32_to_cpu(css->key_size) * 4);
printf("Modulus size:\t%u DWORDs / %u bytes\n",
le32_to_cpu(css->modulus_size),
le32_to_cpu(css->modulus_size) * 4);
printf("Exponent size:\t%u DWORDs / %u bytes\n",
le32_to_cpu(css->exponent_size),
le32_to_cpu(css->exponent_size) * 4);
printf("\n");
if ((size_t) len != le32_to_cpu(css->size) * 4) {
fprintf(stderr, "CSS.size does not match file length\n");
goto done;
}
if (le32_to_cpu(css->header_len) != (sizeof(*css) / 4) +
le32_to_cpu(css->key_size) +
le32_to_cpu(css->modulus_size) +
le32_to_cpu(css->exponent_size)) {
fprintf(stderr, "CSS.headerLen does not match data sizes\n");
goto done;
}
firmware_size = le32_to_cpu(css->size) * 4;
firmware_offset = le32_to_cpu(css->header_len) * 4;
while (firmware_offset < firmware_size) {
uint16_t opcode;
uint8_t dlen;
opcode = get_le16(firmware_data + firmware_offset);
dlen = firmware_data[firmware_offset + 2];
switch (opcode) {
case CMD_NO_OPERATION:
case CMD_WRITE_BOOT_PARAMS:
case CMD_MEMORY_WRITE:
break;
default:
printf("Unexpected opcode 0x%02x\n", opcode);
break;
}
firmware_offset += dlen + 3;
cmd_num++;
}
printf("Firmware with %u commands\n", cmd_num);
done:
free(firmware_data);
}
static void signal_callback(int signum, void *user_data)
{
switch (signum) {
case SIGINT:
case SIGTERM:
mainloop_quit();
break;
}
}
static void usage(void)
{
printf("bluemoon - Bluemoon configuration utility\n"
"Usage:\n");
printf("\tbluemoon [options]\n");
printf("Options:\n"
"\t-A, --bdaddr [addr] Set Bluetooth address\n"
"\t-F, --firmware [file] Load firmware\n"
"\t-C, --check <file> Check firmware image\n"
"\t-R, --reset Reset controller\n"
"\t-B, --coldboot Cold boot controller\n"
"\t-E, --exception Trigger exception\n"
"\t-i, --index <num> Use specified controller\n"
"\t-h, --help Show help options\n");
}
static const struct option main_options[] = {
{ "bdaddr", optional_argument, NULL, 'A' },
{ "bddata", no_argument, NULL, 'D' },
{ "firmware", optional_argument, NULL, 'F' },
{ "check", required_argument, NULL, 'C' },
{ "traces", no_argument, NULL, 'T' },
{ "reset", no_argument, NULL, 'R' },
{ "coldboot", no_argument, NULL, 'B' },
{ "exception",no_argument, NULL, 'E' },
{ "index", required_argument, NULL, 'i' },
{ "raw", no_argument, NULL, 'r' },
{ "version", no_argument, NULL, 'v' },
{ "help", no_argument, NULL, 'h' },
{ }
};
int main(int argc, char *argv[])
{
const char *str;
bool use_raw = false;
int exit_status;
for (;;) {
int opt;
opt = getopt_long(argc, argv, "A::DF::C:TRBEi:rvh",
main_options, NULL);
if (opt < 0)
break;
switch (opt) {
case 'A':
if (optarg)
set_bdaddr_value = optarg;
set_bdaddr = true;
break;
case 'D':
use_manufacturer_mode = true;
get_bddata = true;
break;
case 'F':
use_manufacturer_mode = true;
if (optarg)
load_firmware_value = optarg;
load_firmware = true;
break;
case 'C':
check_firmware_value = optarg;
check_firmware = true;
break;
case 'E':
use_manufacturer_mode = true;
set_exception = true;
break;
case 'T':
use_manufacturer_mode = true;
set_traces = true;
break;
case 'R':
reset_on_exit = true;
break;
case 'B':
cold_boot = true;
break;
case 'i':
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
str = optarg + 3;
else
str = optarg;
if (!isdigit(*str)) {
usage();
return EXIT_FAILURE;
}
hci_index = atoi(str);
break;
case 'r':
use_raw = true;
break;
case 'v':
printf("%s\n", VERSION);
return EXIT_SUCCESS;
case 'h':
usage();
return EXIT_SUCCESS;
default:
return EXIT_FAILURE;
}
}
if (argc - optind > 0) {
fprintf(stderr, "Invalid command line parameters\n");
return EXIT_FAILURE;
}
mainloop_init();
printf("Bluemoon configuration utility ver %s\n", VERSION);
if (check_firmware) {
analyze_firmware(check_firmware_value);
return EXIT_SUCCESS;
}
if (use_raw) {
hci_dev = bt_hci_new_raw_device(hci_index);
if (!hci_dev) {
fprintf(stderr, "Failed to open HCI raw device\n");
return EXIT_FAILURE;
}
} else {
hci_dev = bt_hci_new_user_channel(hci_index);
if (!hci_dev) {
fprintf(stderr, "Failed to open HCI user channel\n");
return EXIT_FAILURE;
}
}
bt_hci_send(hci_dev, CMD_READ_VERSION, NULL, 0,
read_version_complete, NULL, NULL);
exit_status = mainloop_run_with_signal(signal_callback, NULL);
bt_hci_unref(hci_dev);
return exit_status;
}