[flashkit-mdc.git] / flashkit.c

/*
 * Tool for USB serial communication with Krikzz's FlashKit-MD
 * Copyright (c) 2017 notaz
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be 
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <arpa/inet.h> // hton
#include <termios.h>
#include <unistd.h>

#ifndef min
#define min(x, y) ((x) < (y) ? (x) : (y))
#define max(x, y) ((x) > (y) ? (x) : (y))
#endif

enum dev_cmd {
	CMD_ADDR = 0,
        CMD_LEN = 1,
        CMD_RD = 2,
        CMD_WR = 3,
        CMD_RY = 4,
        CMD_DELAY = 5,
};
#define PAR_MODE8  (1 << 4)
#define PAR_DEV_ID (1 << 5)
#define PAR_SINGE  (1 << 6)
#define PAR_INC    (1 << 7)

static int setup(int fd)
{
	struct termios tty;
	int ret;

	memset(&tty, 0, sizeof(tty));

	ret = tcgetattr(fd, &tty);
	if (ret != 0)
	{
		perror("tcgetattr");
		return 1;
	}

	tty.c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP
			| INLCR | IGNCR | ICRNL | IXON);
	tty.c_oflag &= ~OPOST;
	tty.c_lflag &= ~(ECHO | ECHONL | ICANON | ISIG | IEXTEN);
	tty.c_cflag &= ~(CSIZE | PARENB);
	tty.c_cflag |= CS8;

	//tty.c_cc[VMIN] = 1;
	//tty.c_cc[VTIME] = 5;            // 0.5 seconds read timeout

	ret = tcsetattr(fd, TCSANOW, &tty);
	if (ret != 0) {
		perror("tcsetattr");
		return ret;
	}

	return 0;
}

static int write_serial(int fd, const void *data, size_t size)
{
	int ret;

	ret = write(fd, data, size);
	if (ret != size) {
		fprintf(stderr, "write %d/%zd: ", ret, size);
		perror("");
		exit(1);
	}

	return 0;
}

static int read_serial(int fd, void *data, size_t size)
{
	size_t got = 0;
	int ret;

	while (got < size) {
		ret = read(fd, (char *)data + got, size - got);
		if (ret <= 0) {
			fprintf(stderr, "read %d %zd/%zd: ",
				ret, got, size);
			perror("");
			exit(1);
		}
		got += ret;
	}

	return 0;
}

static void set_addr(int fd, uint32_t addr)
{
	uint8_t cmd[6] = {
		CMD_ADDR, addr >> 17,
		CMD_ADDR, addr >> 9,
		CMD_ADDR, addr >> 1
	};
	write_serial(fd, cmd, sizeof(cmd));
}

static uint16_t read_word(int fd, uint32_t addr)
{
	uint8_t cmd[7] = {
		CMD_ADDR, addr >> 17,
		CMD_ADDR, addr >> 9,
		CMD_ADDR, addr >> 1,
		CMD_RD | PAR_SINGE
	};
	uint16_t r;

	write_serial(fd, cmd, sizeof(cmd));
	read_serial(fd, &r, sizeof(r));
	return ntohs(r);
}

static void write_word(int fd, uint32_t addr, uint16_t d)
{
	uint8_t cmd[9] = {
		CMD_ADDR, addr >> 17,
		CMD_ADDR, addr >> 9,
		CMD_ADDR, addr >> 1,
		CMD_WR | PAR_SINGE,
		d >> 8, d
	};

	write_serial(fd, cmd, sizeof(cmd));
}

static void read_block(int fd, void *dst, uint32_t size)
{
	uint8_t cmd[5] = {
		CMD_LEN, size >> 9,
		CMD_LEN, size >> 1,
		CMD_RD | PAR_INC
	};

	assert(size <= 0x10000);
	write_serial(fd, cmd, sizeof(cmd));
	read_serial(fd, dst, size);
}

static uint16_t flash_seq_r(int fd, uint8_t cmd, uint32_t addr)
{
	// unlock
	write_word(fd, 0xaaa, 0xaa);
	write_word(fd, 0x555, 0x55);

	write_word(fd, 0xaaa, cmd);
	return read_word(fd, addr);
}

static void flash_seq_erase(int fd, uint32_t addr)
{
	// printf("erase %06x\n", addr);
	write_word(fd, 0xaaa, 0xaa);
	write_word(fd, 0x555, 0x55);
	write_word(fd, 0xaaa, 0x80);

	write_word(fd, 0xaaa, 0xaa);
	write_word(fd, 0x555, 0x55);
	write_word(fd, addr, 0x30);
}

static void flash_seq_write(int fd, uint32_t addr, uint8_t *d)
{
	uint8_t cmd[] = {
		// unlock
		CMD_ADDR, 0,
		CMD_ADDR, 0x05,
		CMD_ADDR, 0x55,
		CMD_WR | PAR_SINGE | PAR_MODE8, 0xaa,
		CMD_ADDR, 0,
		CMD_ADDR, 0x02,
		CMD_ADDR, 0xaa,
		CMD_WR | PAR_SINGE | PAR_MODE8, 0x55,
		// program setup
		CMD_ADDR, 0,
		CMD_ADDR, 0x05,
		CMD_ADDR, 0x55,
		CMD_WR | PAR_SINGE | PAR_MODE8, 0xa0,
		// program data
		CMD_ADDR, addr >> 17,
		CMD_ADDR, addr >> 9,
		CMD_ADDR, addr >> 1,
		CMD_WR | PAR_SINGE, d[0], d[1],
		CMD_RY
	};

	write_serial(fd, cmd, sizeof(cmd));
}

// status wait + dummy read to cause a wait?
static uint16_t ry_read(int fd)
{
	uint8_t cmd[2] = { CMD_RY, CMD_RD | PAR_SINGE };
	uint16_t rv = 0;

	write_serial(fd, cmd, sizeof(cmd));
	read_serial(fd, &rv, sizeof(rv));
	return ntohs(rv);
}

static void set_delay(int fd, uint8_t delay)
{
	uint8_t cmd[2] = { CMD_DELAY, delay };

	write_serial(fd, cmd, sizeof(cmd));
}

static struct flash_info {
	uint16_t mid;
	uint16_t did;
	uint32_t size;
	uint16_t region_cnt;
	struct {
		uint32_t block_size;
		uint32_t block_count;
		uint32_t start;
		uint32_t size;
	} region[4];
} info;

static void read_info(int fd)
{
	static const uint16_t qry[3] = { 'Q', 'R', 'Y' };
	uint32_t total = 0;
	uint16_t resp[3];
	uint32_t i, a;

	info.mid = flash_seq_r(fd, 0x90, 0); // autoselect
	info.did = read_word(fd, 2);

	// could enter CFI directly, but there seems to be a "stack"
	// of modes, so 2 exits would be needed
	write_word(fd, 0, 0xf0);

	write_word(fd, 0xaa, 0x98); // CFI Query
	resp[0] = read_word(fd, 0x20);
	resp[1] = read_word(fd, 0x22);
	resp[2] = read_word(fd, 0x24);
	if (memcmp(resp, qry, sizeof(resp))) {
		fprintf(stderr, "unexpected CFI response: %04x %04x %04x\n",
			resp[0], resp[1], resp[2]);
		exit(1);
	}
	info.size = 1u << read_word(fd, 0x4e);
	info.region_cnt = read_word(fd, 0x58);
	assert(0 < info.region_cnt && info.region_cnt <= 4);
	for (i = 0, a = 0x5a; i < info.region_cnt; i++, a += 8) {
		info.region[i].block_count = read_word(fd, a + 0) + 1;
		info.region[i].block_count += read_word(fd, a + 2) << 8;
		info.region[i].block_size = read_word(fd, a + 4) << 8;
		info.region[i].block_size |= read_word(fd, a + 6) << 16;
		info.region[i].start = total;
		info.region[i].size =
			info.region[i].block_size * info.region[i].block_count;
		assert(info.region[i].size);
		total += info.region[i].size;
	}

	write_word(fd, 0, 0xf0); // flash reset

	printf("Flash info:\n");
	printf("Manufacturer ID: %04x\n", info.mid);
	printf("Device ID: %04x\n", info.did);
	printf("size: %u\n", info.size);
	printf("Erase Block Regions: %u\n", info.region_cnt);
	for (i = 0; i < info.region_cnt; i++)
		printf("  %5u x %u\n", info.region[i].block_size,
			info.region[i].block_count);
	if (info.size != total)
		fprintf(stderr, "warning: total is %u, bad CFI?\n", total);
}

static uint32_t get_block_addr(uint32_t addr, uint32_t blk_offset)
{
	uint32_t i;

	assert(info.region_cnt);
	for (i = 0; i < info.region_cnt; i++) {
		if (info.region[i].start <= addr
		    && addr < info.region[i].start + info.region[i].size)
		{
			uint32_t blk = (addr - info.region[i].start)
					/ info.region[i].block_size
					+ blk_offset;
			return info.region[i].start
				+ blk * info.region[i].block_size;
		}
	}

	fprintf(stderr, "\naddress out of range: 0x%x\n", addr);
	exit(1);
}

static void print_progress(uint32_t done, uint32_t total)
{
	int i, step;

	printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
	printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); /* 20 */
	printf("\b\b\b\b\b\b");
	printf("%06x/%06x |", done, total);

	step = (total + 19) / 20;
	for (i = step; i <= total; i += step)
		fputc(done >= i ? '=' : '-', stdout);
	printf("| %3d%%", done * 100 / total);
	fflush(stdout);
	if (done >= total)
		fputc('\n', stdout);
}

static void usage(const char *argv0)
{
	printf("usage:\n"
		"%s [options]\n"
		"  -d <ttydevice>      (default /dev/ttyUSB0)\n"
		"  -r <file> [size]    dump the cart (default 4MB)\n"
		"  -w <file> [size]    flash the cart (file size)\n"
		"  -e <size>           erase (rounds to block size)\n"
		"  -a <start_address>  cart start address (default 0)\n"
		"  -v                  verify written data\n"
		"  -i                  get info about the flash chip\n"
		, argv0);
	exit(1);
}

static void invarg(int argc, char *argv[], int arg)
{
	if (arg < argc)
		fprintf(stderr, "invalid arg %d: \"%s\"\n", arg, argv[arg]);
	else
		fprintf(stderr, "missing required argument %d\n", arg);
	exit(1);
}

static void *getarg(int argc, char *argv[], int arg)
{
	if (arg >= argc)
		invarg(argc, argv, arg);
	return argv[arg];
}

static uint8_t g_block[0x10000];
static uint8_t g_block2[0x10000];

int main(int argc, char *argv[])
{
	const char *portname = "/dev/ttyUSB0";
	const char *fname_w = NULL;
	const char *fname_r = NULL;
	long size_w = 0;
	long size_r = 0;
	long size_e = 0;
	long size_v = 0;
	long len, address_in = 0;
	long a, a_blk, end;
	int do_info = 0;
	int do_verify = 0;
	FILE *f_w = NULL;
	FILE *f_r = NULL;
	uint8_t id[2] = { 0, 0 };
	uint8_t cmd;
	uint16_t rv;
	int arg = 1;
	int fd;

	if (argc < 2 || !strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))
		usage(argv[0]);

	for (arg = 1; arg < argc; arg++) {
		if (!strcmp(argv[arg], "-d")) {
			portname = getarg(argc, argv, ++arg);
			continue;
		}
		if (!strcmp(argv[arg], "-r")) {
			fname_r = getarg(argc, argv, ++arg);
			if (arg + 1 < argc && argv[arg + 1][0] != '-') {
				size_r = strtol(argv[++arg], NULL, 0);
				if (size_r <= 0)
					invarg(argc, argv, arg);
			}
			continue;
		}
		if (!strcmp(argv[arg], "-w")) {
			fname_w = getarg(argc, argv, ++arg);
			if (arg + 1 < argc && argv[arg + 1][0] != '-') {
				size_w = strtol(argv[++arg], NULL, 0);
				if (size_w <= 0)
					invarg(argc, argv, arg);
			}
			continue;
		}
		if (!strcmp(argv[arg], "-a")) {
			address_in = strtol(getarg(argc, argv, ++arg), NULL, 0);
			if (address_in < 0 || (address_in & 1))
				invarg(argc, argv, arg);
			continue;
		}
		if (!strcmp(argv[arg], "-e")) {
			size_e = strtol(getarg(argc, argv, ++arg), NULL, 0);
			if (size_e <= 0)
				invarg(argc, argv, arg);
			continue;
		}
		if (!strcmp(argv[arg], "-v")) {
			do_verify = 1;
			continue;
		}
		if (!strcmp(argv[arg], "-i")) {
			do_info = 1;
			continue;
		}
		invarg(argc, argv, arg);
	}

	if (fname_r && size_r == 0)
		size_r = 0x400000;

	if (fname_w) {
		f_w = fopen(fname_w, "rb");
		if (!f_w) {
			fprintf(stderr, "fopen %s: ", fname_w);
			perror("");
			return 1;
		}
		if (size_w <= 0) {
			fseek(f_w, 0, SEEK_END);
			size_w = ftell(f_w);
			fseek(f_w, 0, SEEK_SET);
		}
		if (size_w <= 0) {
			fprintf(stderr, "size of %s is %ld\n",
				fname_w, size_w);
			return 1;
		}
		if (size_e < size_w)
			size_e = size_w;
		if (do_verify)
			size_v = size_w;
	}

	fd = open(portname, O_RDWR | O_NOCTTY | O_SYNC);
	if (fd < 0) {
		fprintf(stderr, "open %s: ", portname);
		perror("");
		return 1;
	}

	setup(fd);

	cmd = CMD_RD | PAR_SINGE | PAR_DEV_ID;
	write_serial(fd, &cmd, sizeof(cmd));
	read_serial(fd, id, sizeof(id));
	if (id[0] != id[1] || id[0] == 0) {
		fprintf(stderr, "unexpected id: %02x %02x\n", id[0], id[1]);
		return 1;
	}
	printf("flashkit id: %02x\n", id[0]);

	set_delay(fd, 1);
	write_word(fd, 0, 0xf0); // flash reset

	if (do_info || size_e)
		read_info(fd);

	if (size_e) {
		// set_delay(fd, 0); // ?
		a_blk = get_block_addr(address_in, 0);
		end = address_in + size_e;

		printf("erasing %ld bytes:\n", size_e);
		print_progress(0, size_e);
		for (a = address_in; a < end; ) {
			flash_seq_erase(fd, a_blk);
			rv = ry_read(fd);
			if (rv != 0xffff) {
				fprintf(stderr, "\nerase error: %lx %04x\n",
					a_blk, rv);
			}

			a_blk = get_block_addr(a_blk, 1);
			a += a_blk - a;
			print_progress(a - address_in, size_e);
		}
	}
	if (f_w != NULL) {
		uint8_t b[2];
		set_delay(fd, 0);
		printf("writing %ld bytes:\n", size_w);
		for (a = 0; a < size_w; a += 2) {
			ssize_t r;

			b[1] = 0xff;
			len = min(size_w - a, 2);
			r = fread(b, 1, len, f_w);
			if (r != len) {
				perror("\nfread");
				return 1;
			}
			flash_seq_write(fd, address_in + a, b);

			if (!(a & 0x3fe))
				print_progress(a, size_w);
		}
		print_progress(a, size_w);
		rv = ry_read(fd);
		if (rv != ((b[0] << 8) | b[1]))
			fprintf(stderr, "warning: last bytes: %04x %02x%02x\n",
				rv, b[0], b[1]);
		rewind(f_w);
		set_delay(fd, 1);
	}

	if (fname_r || size_v) {
		long blks, blks_v, done, verify_diff = 0;

		blks = (size_r + sizeof(g_block) - 1) / sizeof(g_block);
		blks_v = (size_v + sizeof(g_block) - 1) / sizeof(g_block);
		blks = max(blks, blks_v);
		if (fname_r) {
			f_r = fopen(fname_r, "wb");
			if (!f_r) {
				fprintf(stderr, "fopen %s: ", fname_r);
				perror("");
				return 1;
			}
		}

		printf("reading %ld bytes:\n", max(size_r, size_v));
		print_progress(0, blks * sizeof(g_block));
		set_addr(fd, address_in);
		for (done = 0; done < size_r || done < size_v; ) {
			read_block(fd, g_block, sizeof(g_block));
			if (f_r && done < size_r) {
				len = min(size_r - done, sizeof(g_block));
				if (fwrite(g_block, 1, len, f_r) != len) {
					perror("fwrite");
					return 1;
				}
			}
			if (done < size_v) {
				len = min(size_v - done, sizeof(g_block));
				if (fread(g_block2, 1, len, f_w) != len) {
					perror("fread");
					return 1;
				}
				verify_diff |= memcmp(g_block, g_block2, len);
			}
			done += sizeof(g_block);
			print_progress(done, blks * sizeof(g_block));
		}
		if (verify_diff) {
			fprintf(stderr, "verify FAILED\n");
			return 1;
		}
	}
	if (f_r)
		fclose(f_r);
	if (f_w)
		fclose(f_w);

	return 0;
}
Commit	Line	Data
d9502b8d	1	/*
	2	* Tool for USB serial communication with Krikzz's FlashKit-MD
	3	* Copyright (c) 2017 notaz
	4	*
	5	* Permission is hereby granted, free of charge, to any person obtaining
	6	* a copy of this software and associated documentation files (the
	7	* "Software"), to deal in the Software without restriction, including
	8	* without limitation the rights to use, copy, modify, merge, publish,
	9	* distribute, sublicense, and/or sell copies of the Software, and to
	10	* permit persons to whom the Software is furnished to do so, subject to
	11	* the following conditions:
	12	*
	13	* The above copyright notice and this permission notice shall be
	14	* included in all copies or substantial portions of the Software.
	15	*
	16	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	17	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	18	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	19	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
	20	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
	21	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	22	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	23	* SOFTWARE.
	24	*/
	25
	26	#include <stdio.h>
	27	#include <string.h>
	28	#include <stdlib.h>
	29	#include <stdint.h>
	30	#include <assert.h>
	31	#include <sys/types.h>
	32	#include <sys/stat.h>
	33	#include <fcntl.h>
	34	#include <arpa/inet.h> // hton
	35	#include <termios.h>
	36	#include <unistd.h>
	37
	38	#ifndef min
	39	#define min(x, y) ((x) < (y) ? (x) : (y))
	40	#define max(x, y) ((x) > (y) ? (x) : (y))
	41	#endif
	42
	43	enum dev_cmd {
	44	CMD_ADDR = 0,
	45	CMD_LEN = 1,
	46	CMD_RD = 2,
	47	CMD_WR = 3,
	48	CMD_RY = 4,
	49	CMD_DELAY = 5,
	50	};
	51	#define PAR_MODE8 (1 << 4)
	52	#define PAR_DEV_ID (1 << 5)
	53	#define PAR_SINGE (1 << 6)
	54	#define PAR_INC (1 << 7)
	55
	56	static int setup(int fd)
	57	{
	58	struct termios tty;
	59	int ret;
	60
	61	memset(&tty, 0, sizeof(tty));
	62
	63	ret = tcgetattr(fd, &tty);
	64	if (ret != 0)
65	{
66	perror("tcgetattr");
67	return 1;
68	}
69
70	tty.c_iflag &= ~(IGNBRK \| BRKINT \| PARMRK \| ISTRIP
71	\| INLCR \| IGNCR \| ICRNL \| IXON);
72	tty.c_oflag &= ~OPOST;
73	tty.c_lflag &= ~(ECHO \| ECHONL \| ICANON \| ISIG \| IEXTEN);
74	tty.c_cflag &= ~(CSIZE \| PARENB);
75	tty.c_cflag \|= CS8;
76
77	//tty.c_cc[VMIN] = 1;
78	//tty.c_cc[VTIME] = 5; // 0.5 seconds read timeout
79
80	ret = tcsetattr(fd, TCSANOW, &tty);
81	if (ret != 0) {
82	perror("tcsetattr");
83	return ret;
84	}
85
86	return 0;
87	}
88
89	static int write_serial(int fd, const void *data, size_t size)
90	{
91	int ret;
92
93	ret = write(fd, data, size);
94	if (ret != size) {
95	fprintf(stderr, "write %d/%zd: ", ret, size);
96	perror("");
97	exit(1);
98	}
99
100	return 0;
101	}
102
103	static int read_serial(int fd, void *data, size_t size)
104	{
105	size_t got = 0;
106	int ret;
107
108	while (got < size) {
109	ret = read(fd, (char *)data + got, size - got);
110	if (ret <= 0) {
111	fprintf(stderr, "read %d %zd/%zd: ",
112	ret, got, size);
113	perror("");
114	exit(1);
115	}
116	got += ret;
117	}
118
119	return 0;
120	}
121
122	static void set_addr(int fd, uint32_t addr)
123	{
124	uint8_t cmd[6] = {
125	CMD_ADDR, addr >> 17,
126	CMD_ADDR, addr >> 9,
127	CMD_ADDR, addr >> 1
128	};
129	write_serial(fd, cmd, sizeof(cmd));
130	}
131
132	static uint16_t read_word(int fd, uint32_t addr)
133	{
134	uint8_t cmd[7] = {
135	CMD_ADDR, addr >> 17,
136	CMD_ADDR, addr >> 9,
137	CMD_ADDR, addr >> 1,
138	CMD_RD \| PAR_SINGE
139	};
140	uint16_t r;
141
142	write_serial(fd, cmd, sizeof(cmd));
143	read_serial(fd, &r, sizeof(r));
144	return ntohs(r);
145	}
146
147	static void write_word(int fd, uint32_t addr, uint16_t d)
148	{
149	uint8_t cmd[9] = {
150	CMD_ADDR, addr >> 17,
151	CMD_ADDR, addr >> 9,
152	CMD_ADDR, addr >> 1,
153	CMD_WR \| PAR_SINGE,
154	d >> 8, d
155	};
156
157	write_serial(fd, cmd, sizeof(cmd));
158	}
159
160	static void read_block(int fd, void *dst, uint32_t size)
161	{
162	uint8_t cmd[5] = {
163	CMD_LEN, size >> 9,
164	CMD_LEN, size >> 1,
165	CMD_RD \| PAR_INC
166	};
167
168	assert(size <= 0x10000);
169	write_serial(fd, cmd, sizeof(cmd));
170	read_serial(fd, dst, size);
171	}
172
173	static uint16_t flash_seq_r(int fd, uint8_t cmd, uint32_t addr)
174	{
175	// unlock
176	write_word(fd, 0xaaa, 0xaa);
177	write_word(fd, 0x555, 0x55);
178
179	write_word(fd, 0xaaa, cmd);
180	return read_word(fd, addr);
181	}
182
183	static void flash_seq_erase(int fd, uint32_t addr)
184	{
185	// printf("erase %06x\n", addr);
186	write_word(fd, 0xaaa, 0xaa);
187	write_word(fd, 0x555, 0x55);
188	write_word(fd, 0xaaa, 0x80);
189
190	write_word(fd, 0xaaa, 0xaa);
191	write_word(fd, 0x555, 0x55);
192	write_word(fd, addr, 0x30);
193	}
194
195	static void flash_seq_write(int fd, uint32_t addr, uint8_t *d)
196	{
197	uint8_t cmd[] = {
198	// unlock
199	CMD_ADDR, 0,
200	CMD_ADDR, 0x05,
201	CMD_ADDR, 0x55,
202	CMD_WR \| PAR_SINGE \| PAR_MODE8, 0xaa,
203	CMD_ADDR, 0,
204	CMD_ADDR, 0x02,
205	CMD_ADDR, 0xaa,
206	CMD_WR \| PAR_SINGE \| PAR_MODE8, 0x55,
207	// program setup
208	CMD_ADDR, 0,
209	CMD_ADDR, 0x05,
210	CMD_ADDR, 0x55,
211	CMD_WR \| PAR_SINGE \| PAR_MODE8, 0xa0,
212	// program data
213	CMD_ADDR, addr >> 17,
214	CMD_ADDR, addr >> 9,
215	CMD_ADDR, addr >> 1,
216	CMD_WR \| PAR_SINGE, d[0], d[1],
217	CMD_RY
218	};
219
220	write_serial(fd, cmd, sizeof(cmd));
221	}
222
223	// status wait + dummy read to cause a wait?
224	static uint16_t ry_read(int fd)
225	{
226	uint8_t cmd[2] = { CMD_RY, CMD_RD \| PAR_SINGE };
227	uint16_t rv = 0;
228
229	write_serial(fd, cmd, sizeof(cmd));
230	read_serial(fd, &rv, sizeof(rv));
231	return ntohs(rv);
232	}
233
234	static void set_delay(int fd, uint8_t delay)
235	{
236	uint8_t cmd[2] = { CMD_DELAY, delay };
237
238	write_serial(fd, cmd, sizeof(cmd));
239	}
240
241	static struct flash_info {
242	uint16_t mid;
243	uint16_t did;
244	uint32_t size;
245	uint16_t region_cnt;
246	struct {
247	uint32_t block_size;
248	uint32_t block_count;
249	uint32_t start;
250	uint32_t size;
251	} region[4];
252	} info;
253
254	static void read_info(int fd)
255	{
256	static const uint16_t qry[3] = { 'Q', 'R', 'Y' };
257	uint32_t total = 0;
258	uint16_t resp[3];
259	uint32_t i, a;
260
261	info.mid = flash_seq_r(fd, 0x90, 0); // autoselect
262	info.did = read_word(fd, 2);
263
264	// could enter CFI directly, but there seems to be a "stack"
265	// of modes, so 2 exits would be needed
266	write_word(fd, 0, 0xf0);
267
268	write_word(fd, 0xaa, 0x98); // CFI Query
269	resp[0] = read_word(fd, 0x20);
270	resp[1] = read_word(fd, 0x22);
271	resp[2] = read_word(fd, 0x24);
272	if (memcmp(resp, qry, sizeof(resp))) {
273	fprintf(stderr, "unexpected CFI response: %04x %04x %04x\n",
274	resp[0], resp[1], resp[2]);
275	exit(1);
276	}
277	info.size = 1u << read_word(fd, 0x4e);
278	info.region_cnt = read_word(fd, 0x58);
279	assert(0 < info.region_cnt && info.region_cnt <= 4);
280	for (i = 0, a = 0x5a; i < info.region_cnt; i++, a += 8) {
281	info.region[i].block_count = read_word(fd, a + 0) + 1;
282	info.region[i].block_count += read_word(fd, a + 2) << 8;
283	info.region[i].block_size = read_word(fd, a + 4) << 8;
284	info.region[i].block_size \|= read_word(fd, a + 6) << 16;
285	info.region[i].start = total;
286	info.region[i].size =
287	info.region[i].block_size * info.region[i].block_count;
288	assert(info.region[i].size);
289	total += info.region[i].size;
290	}
291
292	write_word(fd, 0, 0xf0); // flash reset
293
294	printf("Flash info:\n");
295	printf("Manufacturer ID: %04x\n", info.mid);
296	printf("Device ID: %04x\n", info.did);
297	printf("size: %u\n", info.size);
298	printf("Erase Block Regions: %u\n", info.region_cnt);
299	for (i = 0; i < info.region_cnt; i++)
300	printf(" %5u x %u\n", info.region[i].block_size,
301	info.region[i].block_count);
302	if (info.size != total)
303	fprintf(stderr, "warning: total is %u, bad CFI?\n", total);
304	}
305
306	static uint32_t get_block_addr(uint32_t addr, uint32_t blk_offset)
307	{
308	uint32_t i;
309
310	assert(info.region_cnt);
311	for (i = 0; i < info.region_cnt; i++) {
312	if (info.region[i].start <= addr
313	&& addr < info.region[i].start + info.region[i].size)
314	{
315	uint32_t blk = (addr - info.region[i].start)
316	/ info.region[i].block_size
317	+ blk_offset;
318	return info.region[i].start
319	+ blk * info.region[i].block_size;
320	}
321	}
322
323	fprintf(stderr, "\naddress out of range: 0x%x\n", addr);
324	exit(1);
325	}
326
327	static void print_progress(uint32_t done, uint32_t total)
328	{
329	int i, step;
330
331	printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
332	printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); /* 20 */
333	printf("\b\b\b\b\b\b");
334	printf("%06x/%06x \|", done, total);
335
336	step = (total + 19) / 20;
337	for (i = step; i <= total; i += step)
338	fputc(done >= i ? '=' : '-', stdout);
339	printf("\| %3d%%", done * 100 / total);
340	fflush(stdout);
341	if (done >= total)
342	fputc('\n', stdout);
343	}
344
345	static void usage(const char *argv0)
346	{
347	printf("usage:\n"
348	"%s [options]\n"
349	" -d <ttydevice> (default /dev/ttyUSB0)\n"
350	" -r <file> [size] dump the cart (default 4MB)\n"
351	" -w <file> [size] flash the cart (file size)\n"
352	" -e <size> erase (rounds to block size)\n"
353	" -a <start_address> cart start address (default 0)\n"
354	" -v verify written data\n"
355	" -i get info about the flash chip\n"
356	, argv0);
357	exit(1);
358	}
359
360	static void invarg(int argc, char *argv[], int arg)
361	{
362	if (arg < argc)
363	fprintf(stderr, "invalid arg %d: \"%s\"\n", arg, argv[arg]);
364	else
365	fprintf(stderr, "missing required argument %d\n", arg);
366	exit(1);
367	}
368
369	static void getarg(int argc, char argv[], int arg)
370	{
371	if (arg >= argc)
372	invarg(argc, argv, arg);
373	return argv[arg];
374	}
375
376	static uint8_t g_block[0x10000];
377	static uint8_t g_block2[0x10000];
378
379	int main(int argc, char *argv[])
380	{
381	const char *portname = "/dev/ttyUSB0";
382	const char *fname_w = NULL;
383	const char *fname_r = NULL;
384	long size_w = 0;
385	long size_r = 0;
386	long size_e = 0;
387	long size_v = 0;
388	long len, address_in = 0;
389	long a, a_blk, end;
390	int do_info = 0;
391	int do_verify = 0;
392	FILE *f_w = NULL;
393	FILE *f_r = NULL;
394	uint8_t id[2] = { 0, 0 };
395	uint8_t cmd;
396	uint16_t rv;
397	int arg = 1;
398	int fd;
399
400	if (argc < 2 \|\| !strcmp(argv[1], "-h") \|\| !strcmp(argv[1], "--help"))
401	usage(argv[0]);
402
403	for (arg = 1; arg < argc; arg++) {
404	if (!strcmp(argv[arg], "-d")) {
405	portname = getarg(argc, argv, ++arg);
406	continue;
407	}
408	if (!strcmp(argv[arg], "-r")) {
409	fname_r = getarg(argc, argv, ++arg);
410	if (arg + 1 < argc && argv[arg + 1][0] != '-') {
411	size_r = strtol(argv[++arg], NULL, 0);
412	if (size_r <= 0)
413	invarg(argc, argv, arg);
414	}
415	continue;
416	}
417	if (!strcmp(argv[arg], "-w")) {
418	fname_w = getarg(argc, argv, ++arg);
419	if (arg + 1 < argc && argv[arg + 1][0] != '-') {
420	size_w = strtol(argv[++arg], NULL, 0);
421	if (size_w <= 0)
422	invarg(argc, argv, arg);
423	}
424	continue;
425	}
426	if (!strcmp(argv[arg], "-a")) {
427	address_in = strtol(getarg(argc, argv, ++arg), NULL, 0);
428	if (address_in < 0 \|\| (address_in & 1))
429	invarg(argc, argv, arg);
430	continue;
431	}
432	if (!strcmp(argv[arg], "-e")) {
433	size_e = strtol(getarg(argc, argv, ++arg), NULL, 0);
434	if (size_e <= 0)
435	invarg(argc, argv, arg);
436	continue;
437	}
438	if (!strcmp(argv[arg], "-v")) {
439	do_verify = 1;
440	continue;
441	}
442	if (!strcmp(argv[arg], "-i")) {
443	do_info = 1;
444	continue;
445	}
446	invarg(argc, argv, arg);
447	}
448
449	if (fname_r && size_r == 0)
450	size_r = 0x400000;
451
452	if (fname_w) {
453	f_w = fopen(fname_w, "rb");
454	if (!f_w) {
455	fprintf(stderr, "fopen %s: ", fname_w);
456	perror("");
457	return 1;
458	}
459	if (size_w <= 0) {
460	fseek(f_w, 0, SEEK_END);
461	size_w = ftell(f_w);
462	fseek(f_w, 0, SEEK_SET);
463	}
464	if (size_w <= 0) {
465	fprintf(stderr, "size of %s is %ld\n",
466	fname_w, size_w);
467	return 1;
468	}
469	if (size_e < size_w)
470	size_e = size_w;
471	if (do_verify)
472	size_v = size_w;
473	}
474
475	fd = open(portname, O_RDWR \| O_NOCTTY \| O_SYNC);
476	if (fd < 0) {
477	fprintf(stderr, "open %s: ", portname);
478	perror("");
479	return 1;
480	}
481
482	setup(fd);
483
484	cmd = CMD_RD \| PAR_SINGE \| PAR_DEV_ID;
485	write_serial(fd, &cmd, sizeof(cmd));
486	read_serial(fd, id, sizeof(id));
487	if (id[0] != id[1] \|\| id[0] == 0) {
488	fprintf(stderr, "unexpected id: %02x %02x\n", id[0], id[1]);
489	return 1;
490	}
491	printf("flashkit id: %02x\n", id[0]);
492
493	set_delay(fd, 1);
494	write_word(fd, 0, 0xf0); // flash reset
495
496	if (do_info \|\| size_e)
497	read_info(fd);
498
499	if (size_e) {
500	// set_delay(fd, 0); // ?
501	a_blk = get_block_addr(address_in, 0);
502	end = address_in + size_e;
503
504	printf("erasing %ld bytes:\n", size_e);
505	print_progress(0, size_e);
506	for (a = address_in; a < end; ) {
507	flash_seq_erase(fd, a_blk);
508	rv = ry_read(fd);
509	if (rv != 0xffff) {
510	fprintf(stderr, "\nerase error: %lx %04x\n",
511	a_blk, rv);
512	}
513
514	a_blk = get_block_addr(a_blk, 1);
515	a += a_blk - a;
516	print_progress(a - address_in, size_e);
517	}
518	}
519	if (f_w != NULL) {
520	uint8_t b[2];
521	set_delay(fd, 0);
522	printf("writing %ld bytes:\n", size_w);
523	for (a = 0; a < size_w; a += 2) {
524	ssize_t r;
525
526	b[1] = 0xff;
527	len = min(size_w - a, 2);
528	r = fread(b, 1, len, f_w);
529	if (r != len) {
530	perror("\nfread");
531	return 1;
532	}
533	flash_seq_write(fd, address_in + a, b);
534
535	if (!(a & 0x3fe))
536	print_progress(a, size_w);
537	}
538	print_progress(a, size_w);
539	rv = ry_read(fd);
540	if (rv != ((b[0] << 8) \| b[1]))
541	fprintf(stderr, "warning: last bytes: %04x %02x%02x\n",
542	rv, b[0], b[1]);
543	rewind(f_w);
544	set_delay(fd, 1);
545	}
546
547	if (fname_r \|\| size_v) {
548	long blks, blks_v, done, verify_diff = 0;
549
550	blks = (size_r + sizeof(g_block) - 1) / sizeof(g_block);
551	blks_v = (size_v + sizeof(g_block) - 1) / sizeof(g_block);
552	blks = max(blks, blks_v);
553	if (fname_r) {
554	f_r = fopen(fname_r, "wb");
555	if (!f_r) {
556	fprintf(stderr, "fopen %s: ", fname_r);
557	perror("");
558	return 1;
559	}
560	}
561
562	printf("reading %ld bytes:\n", max(size_r, size_v));
563	print_progress(0, blks * sizeof(g_block));
564	set_addr(fd, address_in);
565	for (done = 0; done < size_r \|\| done < size_v; ) {
566	read_block(fd, g_block, sizeof(g_block));
567	if (f_r && done < size_r) {
568	len = min(size_r - done, sizeof(g_block));
569	if (fwrite(g_block, 1, len, f_r) != len) {
570	perror("fwrite");
571	return 1;
572	}
573	}
574	if (done < size_v) {
575	len = min(size_v - done, sizeof(g_block));
576	if (fread(g_block2, 1, len, f_w) != len) {
577	perror("fread");
578	return 1;
579	}
580	verify_diff \|= memcmp(g_block, g_block2, len);
581	}
582	done += sizeof(g_block);
583	print_progress(done, blks * sizeof(g_block));
584	}
585	if (verify_diff) {
586	fprintf(stderr, "verify FAILED\n");
587	return 1;
588	}
589	}
590	if (f_r)
591	fclose(f_r);
592	if (f_w)
593	fclose(f_w);
594
595	return 0;
596	}