2 * Tool for USB serial communication with Krikzz's FlashKit-MD
3 * Copyright (c) 2017 notaz
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 #include <sys/types.h>
34 #include <arpa/inet.h> // hton
39 #define min(x, y) ((x) < (y) ? (x) : (y))
40 #define max(x, y) ((x) > (y) ? (x) : (y))
51 #define PAR_MODE8 (1 << 4) /* but still drives noth LWR and UWR */
52 #define PAR_DEV_ID (1 << 5)
53 #define PAR_SINGE (1 << 6)
54 #define PAR_INC (1 << 7)
56 static int setup(int fd)
61 memset(&tty, 0, sizeof(tty));
63 ret = tcgetattr(fd, &tty);
70 tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
71 | INLCR | IGNCR | ICRNL | IXON);
72 tty.c_oflag &= ~OPOST;
73 tty.c_lflag &= ~(ECHO | ECHONL | ICANON | ISIG | IEXTEN);
74 tty.c_cflag &= ~(CSIZE | PARENB);
78 //tty.c_cc[VTIME] = 5; // 0.5 seconds read timeout
80 ret = tcsetattr(fd, TCSANOW, &tty);
89 static int write_serial(int fd, const void *data, size_t size)
93 ret = write(fd, data, size);
95 fprintf(stderr, "write %d/%zd: ", ret, size);
103 static int read_serial(int fd, void *data, size_t size)
109 ret = read(fd, (char *)data + got, size - got);
111 fprintf(stderr, "read %d %zd/%zd: ",
122 /* addr arg is always byte address */
123 static void set_addr8(int fd, uint32_t addr)
126 CMD_ADDR, addr >> 16,
130 write_serial(fd, cmd, sizeof(cmd));
133 static void set_addr16(int fd, uint32_t addr)
135 set_addr8(fd, addr >> 1);
138 static uint16_t read_bus8(int fd, uint32_t addr)
141 CMD_ADDR, addr >> 16,
144 CMD_RD | PAR_SINGE | PAR_MODE8
148 write_serial(fd, cmd, sizeof(cmd));
149 read_serial(fd, &r, sizeof(r));
153 static uint16_t read_bus16(int fd, uint32_t addr)
156 CMD_ADDR, addr >> 17,
163 write_serial(fd, cmd, sizeof(cmd));
164 read_serial(fd, &r, sizeof(r));
168 static void write_bus8(int fd, uint32_t addr, uint16_t d)
171 CMD_ADDR, addr >> 16,
174 CMD_WR | PAR_SINGE | PAR_MODE8,
178 write_serial(fd, cmd, sizeof(cmd));
181 static void write_bus16(int fd, uint32_t addr, uint16_t d)
184 CMD_ADDR, addr >> 17,
191 write_serial(fd, cmd, sizeof(cmd));
194 static void read_block8(int fd, void *dst, uint32_t size)
196 // PAR_MODE8 does not work, so read as 16bit and throw away MSB
197 uint8_t tmp[0x10000], *d8 = dst;
205 assert(size <= 0x10000);
206 write_serial(fd, cmd, sizeof(cmd));
207 read_serial(fd, dst, size);
208 read_serial(fd, tmp, size);
210 for (i = 0; i < size / 2; i++)
211 d8[i] = d8[i * 2 + 1];
213 for (i = 0; i < size / 2; i++)
214 d8[i] = tmp[i * 2 + 1];
217 static void read_block16(int fd, void *dst, uint32_t size)
225 assert(size <= 0x10000);
226 write_serial(fd, cmd, sizeof(cmd));
227 read_serial(fd, dst, size);
230 static void flash_seq_write8(int fd, uint32_t addr, const uint8_t *d)
237 CMD_WR | PAR_SINGE | PAR_MODE8, 0xaa,
241 CMD_WR | PAR_SINGE | PAR_MODE8, 0x55,
246 CMD_WR | PAR_SINGE | PAR_MODE8, 0xa0,
248 CMD_ADDR, addr >> 16,
251 CMD_WR | PAR_SINGE | PAR_MODE8, *d,
255 write_serial(fd, cmd, sizeof(cmd));
258 static void flash_seq_write16(int fd, uint32_t addr, const uint8_t *d)
265 CMD_WR | PAR_SINGE | PAR_MODE8, 0xaa,
269 CMD_WR | PAR_SINGE | PAR_MODE8, 0x55,
274 CMD_WR | PAR_SINGE | PAR_MODE8, 0xa0,
276 CMD_ADDR, addr >> 17,
279 CMD_WR | PAR_SINGE, d[0], d[1],
283 write_serial(fd, cmd, sizeof(cmd));
288 static uint32_t lorom_rom_addr(uint32_t a)
290 return ((a & 0x7f8000) << 1) | 0x8000 | (a & 0x7fff);
293 static void set_addr8l(int fd, uint32_t a)
295 set_addr8(fd, lorom_rom_addr(a));
298 static uint16_t read_bus8l(int fd, uint32_t a)
300 return read_bus8(fd, lorom_rom_addr(a));
303 static void write_bus8l(int fd, uint32_t a, uint16_t d)
305 write_bus8(fd, lorom_rom_addr(a), d);
308 static void flash_seq_write8l(int fd, uint32_t a, const uint8_t *d)
310 a = lorom_rom_addr(a);
316 CMD_WR | PAR_SINGE | PAR_MODE8, 0xaa,
320 CMD_WR | PAR_SINGE | PAR_MODE8, 0x55,
325 CMD_WR | PAR_SINGE | PAR_MODE8, 0xa0,
330 CMD_WR | PAR_SINGE | PAR_MODE8, *d,
334 write_serial(fd, cmd, sizeof(cmd));
337 // -- 8bit+LoROM+adapter --
339 static uint32_t do_flipflops(int fd, uint32_t a)
341 static uint32_t abits_now = ~0u; // A23, A22, A21
342 uint32_t abits = (a >> 21) & 7;
344 if (abits != abits_now) {
345 // printf("flipflops: %x->%x\n", abits_now, abits);
346 write_bus16(fd, 0xa13000, abits);
352 static void set_addr8la(int fd, uint32_t a)
354 set_addr8(fd, do_flipflops(fd, lorom_rom_addr(a)));
357 static uint16_t read_bus8la(int fd, uint32_t a)
359 return read_bus8(fd, do_flipflops(fd, lorom_rom_addr(a)));
362 static void write_bus8la(int fd, uint32_t a, uint16_t d)
364 write_bus8(fd, do_flipflops(fd, lorom_rom_addr(a)), d);
367 static void flash_seq_write8la(int fd, uint32_t a, const uint8_t *d)
369 // we should clear flipflops for the flash commands, but this
370 // doesn't seem to be necessary as the flash chip seems to
371 // ignore the upper bits when looking for commands, and this
372 // extra clearing would slow things down
373 a = do_flipflops(fd, lorom_rom_addr(a));
379 CMD_WR | PAR_SINGE | PAR_MODE8, 0xaa,
383 CMD_WR | PAR_SINGE | PAR_MODE8, 0x55,
388 CMD_WR | PAR_SINGE | PAR_MODE8, 0xa0,
393 CMD_WR | PAR_SINGE | PAR_MODE8, *d,
397 write_serial(fd, cmd, sizeof(cmd));
400 // -- 8bit+LoROM+adapter+sram --
402 static uint32_t lorom_sram_addr(uint32_t a)
407 static void set_addr8las(int fd, uint32_t a)
409 set_addr8(fd, do_flipflops(fd, lorom_sram_addr(a)));
412 static uint16_t read_bus8las(int fd, uint32_t a)
414 return read_bus8(fd, do_flipflops(fd, lorom_sram_addr(a)));
417 static void write_bus8las(int fd, uint32_t a, uint16_t d)
419 write_bus8(fd, do_flipflops(fd, lorom_sram_addr(a)), d);
422 static void flash_seq_write8las(int fd, uint32_t a, const uint8_t *d)
428 #define N2 "8bit+LoROM"
429 #define N3 "8bit+LoROM+adapter"
430 #define N4 "8bit+LoROM+adapter+sram"
431 static const struct iof
435 void (*set_addr)(int fd, uint32_t addr);
436 uint16_t (*read_bus)(int fd, uint32_t addr);
437 void (*write_bus)(int fd, uint32_t addr, uint16_t d);
438 void (*read_block)(int fd, void *dst, uint32_t size);
439 void (*flash_seq_write)(int fd, uint32_t addr, const uint8_t *d);
443 { N0, 0, set_addr16, read_bus16, write_bus16, read_block16, flash_seq_write16 },
444 { N1, 0, set_addr8, read_bus8, write_bus8, read_block8, flash_seq_write8 },
445 { N2, 1, set_addr8l, read_bus8l, write_bus8l, read_block8, flash_seq_write8l },
446 { N3, 1, set_addr8la, read_bus8la, write_bus8la, read_block8, flash_seq_write8la },
447 { N4, 0, set_addr8las, read_bus8las, write_bus8las, read_block8, flash_seq_write8las },
450 static const struct iof *io = &io_ops[0];
452 static uint16_t flash_seq_r(int fd, uint8_t cmd, uint32_t addr)
455 io->write_bus(fd, 0xaaa, 0xaa);
456 io->write_bus(fd, 0x555, 0x55);
458 io->write_bus(fd, 0xaaa, cmd);
459 return io->read_bus(fd, addr);
462 static void flash_seq_erase_d(int fd, uint32_t addr, uint8_t d)
464 // printf("erase %06x\n", addr);
465 io->write_bus(fd, 0xaaa, 0xaa);
466 io->write_bus(fd, 0x555, 0x55);
467 io->write_bus(fd, 0xaaa, 0x80);
469 io->write_bus(fd, 0xaaa, 0xaa);
470 io->write_bus(fd, 0x555, 0x55);
471 io->write_bus(fd, addr, d);
474 static void flash_seq_erase(int fd, uint32_t addr)
476 flash_seq_erase_d(fd, addr, 0x30);
479 static void flash_seq_erase_full(int fd)
481 flash_seq_erase_d(fd, 0xaaa, 0x10);
484 // status wait + dummy read to cause a wait?
485 static uint16_t ry_read(int fd)
487 uint8_t cmd[2] = { CMD_RY, CMD_RD | PAR_SINGE };
490 write_serial(fd, cmd, sizeof(cmd));
491 read_serial(fd, &rv, sizeof(rv));
495 static void set_delay(int fd, uint8_t delay)
497 uint8_t cmd[2] = { CMD_DELAY, delay };
499 write_serial(fd, cmd, sizeof(cmd));
502 static struct flash_info {
509 uint32_t block_count;
515 static void read_info(int fd)
517 static const uint16_t qry[3] = { 'Q', 'R', 'Y' };
522 info.mid = flash_seq_r(fd, 0x90, 0); // autoselect
523 info.did = io->read_bus(fd, 2);
525 // could enter CFI directly, but there seems to be a "stack"
526 // of modes, so 2 exits would be needed
527 io->write_bus(fd, 0, 0xf0);
529 io->write_bus(fd, 0xaa, 0x98); // CFI Query
530 resp[0] = io->read_bus(fd, 0x20);
531 resp[1] = io->read_bus(fd, 0x22);
532 resp[2] = io->read_bus(fd, 0x24);
533 if (memcmp(resp, qry, sizeof(resp))) {
534 fprintf(stderr, "unexpected CFI response: %04x %04x %04x\n",
535 resp[0], resp[1], resp[2]);
538 info.size = 1u << io->read_bus(fd, 0x4e);
539 info.region_cnt = io->read_bus(fd, 0x58);
540 assert(0 < info.region_cnt && info.region_cnt <= 4);
541 for (i = 0, a = 0x5a; i < info.region_cnt; i++, a += 8) {
542 info.region[i].block_count = io->read_bus(fd, a + 0) + 1;
543 info.region[i].block_count += io->read_bus(fd, a + 2) << 8;
544 info.region[i].block_size = io->read_bus(fd, a + 4) << 8;
545 info.region[i].block_size |= io->read_bus(fd, a + 6) << 16;
546 info.region[i].start = total;
547 info.region[i].size =
548 info.region[i].block_size * info.region[i].block_count;
549 assert(info.region[i].size);
550 total += info.region[i].size;
553 io->write_bus(fd, 0, 0xf0); // flash reset
555 printf("Flash info:\n");
556 printf("Manufacturer ID: %04x\n", info.mid);
557 printf("Device ID: %04x\n", info.did);
558 printf("size: %u\n", info.size);
559 printf("Erase Block Regions: %u\n", info.region_cnt);
560 for (i = 0; i < info.region_cnt; i++)
561 printf(" %5u x %u\n", info.region[i].block_size,
562 info.region[i].block_count);
563 if (info.size != total)
564 fprintf(stderr, "warning: total is %u, bad CFI?\n", total);
567 static uint32_t get_block_addr(uint32_t addr, uint32_t blk_offset)
569 uint32_t i, base, faddr;
571 assert(info.region_cnt);
574 // get a flash address to allow mapper hardware
575 faddr = addr & (info.size - 1);
576 base = addr & ~(info.size - 1);
578 for (i = 0; i < info.region_cnt; i++) {
579 if (info.region[i].start <= faddr
580 && faddr < info.region[i].start + info.region[i].size)
582 uint32_t blk = (faddr - info.region[i].start)
583 / info.region[i].block_size
585 return base + info.region[i].start
586 + blk * info.region[i].block_size;
590 fprintf(stderr, "\naddress out of range: 0x%x\n", addr);
594 static void print_progress(uint32_t done, uint32_t total)
598 printf("\r%06x/%06x |", done, total);
600 step = (total + 19) / 20;
601 for (i = step; i <= total; i += step)
602 fputc(done >= i ? '=' : '-', stdout);
603 printf("| %3d%%", done * 100 / total);
609 static FILE *open_prep_read(const char *fname, long *size)
611 FILE *f = fopen(fname, "rb");
613 fprintf(stderr, "fopen %s: ", fname);
618 fseek(f, 0, SEEK_END);
620 fseek(f, 0, SEEK_SET);
623 fprintf(stderr, "size of %s is %ld\n", fname, *size);
629 static const char *portname =
631 "/dev/cu.usbserial-AL0254JM";
636 static void usage(const char *argv0)
642 " -d <ttydevice> (default %s)\n"
643 " -r <file> [size] dump the cart (default 4MB)\n"
644 " -w <file> [size] program the flash (def. file size)\n"
645 " -s <file> [size] simple write (SRAM, etc, def. file size)\n"
646 " -e <size> erase (rounds to block size); can specify 'full'\n"
647 " -a <start_address> read/write start address (default 0)\n"
648 " -m <n> use an address mapper n, one of:\n"
650 for (i = 1; i < sizeof(io_ops) / sizeof(io_ops[0]); i++)
652 " %zd: %s\n", i, io_ops[i].name);
653 printf( " -v verify written data\n"
654 " -i get info about the flash chip\n");
658 static void invarg(int argc, char *argv[], int arg)
661 fprintf(stderr, "invalid arg %d: \"%s\"\n", arg, argv[arg]);
663 fprintf(stderr, "missing required argument %d\n", arg);
667 static void *getarg(int argc, char *argv[], int arg)
670 invarg(argc, argv, arg);
674 static long getarg_l(int argc, char *argv[], int arg)
680 invarg(argc, argv, arg);
681 r = strtol(argv[arg], &endp, 0);
682 if (endp == NULL || *endp != 0)
683 invarg(argc, argv, arg);
687 // 32K to easily handle SNES LoROM
688 static uint8_t g_block[0x8000];
689 static uint8_t g_block2[sizeof(g_block)];
691 int main(int argc, char *argv[])
693 const char *fname_w = NULL;
694 const char *fname_r = NULL;
695 const char *fname_ws = NULL;
701 long len, address_in = 0;
709 uint8_t id[2] = { 0, 0 };
715 if (argc < 2 || !strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))
718 for (arg = 1; arg < argc; arg++) {
719 if (!strcmp(argv[arg], "-d")) {
720 portname = getarg(argc, argv, ++arg);
723 if (!strcmp(argv[arg], "-r")) {
724 fname_r = getarg(argc, argv, ++arg);
725 if (arg + 1 < argc && argv[arg + 1][0] != '-') {
726 size_r = getarg_l(argc, argv, ++arg);
728 invarg(argc, argv, arg);
732 if (!strcmp(argv[arg], "-w")) {
733 fname_w = getarg(argc, argv, ++arg);
734 if (arg + 1 < argc && argv[arg + 1][0] != '-') {
735 size_w = getarg_l(argc, argv, ++arg);
737 invarg(argc, argv, arg);
741 if (!strcmp(argv[arg], "-s")) {
742 fname_ws = getarg(argc, argv, ++arg);
743 if (arg + 1 < argc && argv[arg + 1][0] != '-') {
744 size_ws = getarg_l(argc, argv, ++arg);
746 invarg(argc, argv, arg);
750 if (!strcmp(argv[arg], "-a")) {
751 address_in = getarg_l(argc, argv, ++arg);
753 invarg(argc, argv, arg);
756 if (!strcmp(argv[arg], "-e")) {
758 if (!strcmp(getarg(argc, argv, arg), "full"))
761 size_e = getarg_l(argc, argv, arg);
763 invarg(argc, argv, arg);
767 if (!strcmp(argv[arg], "-m")) {
768 long v = getarg_l(argc, argv, ++arg);
769 if ((size_t)v >= sizeof(io_ops) / sizeof(io_ops[0]))
770 invarg(argc, argv, arg);
776 if (!strcmp(argv[arg], "-v")) {
780 if (!strcmp(argv[arg], "-i")) {
784 invarg(argc, argv, arg);
787 if (fname_r && size_r == 0)
791 f_w = open_prep_read(fname_w, &size_w);
792 if (size_e == 0 && io->addrs_remapped)
794 if (size_e != -1 && size_e < size_w)
800 fd = open(portname, O_RDWR | O_NOCTTY | O_SYNC);
802 fprintf(stderr, "open %s: ", portname);
808 f_ws = open_prep_read(fname_ws, &size_ws);
812 cmd = CMD_RD | PAR_SINGE | PAR_DEV_ID;
813 write_serial(fd, &cmd, sizeof(cmd));
814 read_serial(fd, id, sizeof(id));
815 if (id[0] != id[1] || id[0] == 0) {
816 fprintf(stderr, "unexpected id: %02x %02x\n", id[0], id[1]);
819 printf("flashkit id: %02x\n", id[0]);
823 if (do_info || size_e || f_w)
824 io->write_bus(fd, 0, 0xf0); // flash reset
826 if (do_info || size_e)
830 printf("performing full erase..."); fflush(stdout);
831 flash_seq_erase_full(fd);
834 fprintf(stderr, "\nerase error: %04x\n", rv);
840 // set_delay(fd, 0); // ?
841 a_blk = get_block_addr(address_in, 0);
842 end = address_in + size_e;
844 printf("erasing %ld bytes:\n", size_e);
845 print_progress(0, size_e);
846 for (a = address_in; a < end; ) {
847 flash_seq_erase(fd, a_blk);
850 fprintf(stderr, "\nerase error: %lx %04x\n",
855 a_blk = get_block_addr(a_blk, 1);
857 print_progress(a - address_in, size_e);
863 printf("flashing %ld bytes:\n", size_w);
864 for (a = 0; a < size_w; a += write_step) {
868 len = min(size_w - a, write_step);
869 r = fread(b, 1, len, f_w);
874 io->flash_seq_write(fd, address_in + a, b);
877 print_progress(a, size_w);
879 print_progress(a, size_w);
881 if (write_step == 2 && rv != ((b[0] << 8) | b[1]))
882 fprintf(stderr, "warning: last bytes: %04x %02x%02x\n",
888 printf("writing %ld bytes:\n", size_ws);
889 for (a = 0; a < size_ws; a += write_step) {
893 len = min(size_ws - a, write_step);
894 r = fread(&b, 1, len, f_ws);
901 io->write_bus(fd, address_in + a, b);
904 print_progress(a, size_ws);
906 print_progress(a, size_ws);
909 if (fname_r || size_v) {
910 long blks, blks_v, done, verify_diff = 0;
912 blks = (size_r + sizeof(g_block) - 1) / sizeof(g_block);
913 blks_v = (size_v + sizeof(g_block) - 1) / sizeof(g_block);
914 blks = max(blks, blks_v);
916 f_r = fopen(fname_r, "wb");
918 fprintf(stderr, "fopen %s: ", fname_r);
924 printf("reading %ld bytes:\n", max(size_r, size_v));
925 print_progress(0, blks * sizeof(g_block));
926 io->set_addr(fd, address_in);
927 for (done = 0; done < size_r || done < size_v; ) {
928 if (io->addrs_remapped)
929 io->set_addr(fd, address_in + done);
930 io->read_block(fd, g_block, sizeof(g_block));
931 if (f_r && done < size_r) {
932 len = min(size_r - done, sizeof(g_block));
933 if (fwrite(g_block, 1, len, f_r) != len) {
939 len = min(size_v - done, sizeof(g_block));
940 if (fread(g_block2, 1, len, f_w) != len) {
944 verify_diff |= memcmp(g_block, g_block2, len);
946 done += sizeof(g_block);
947 print_progress(done, blks * sizeof(g_block));
950 fprintf(stderr, "verify FAILED\n");