Exemplo n.º 1
0
 /// <summary>
 /// Compare the two operating system IDs, report on the ramifications, set a flag if the write should be halted.
 /// </summary>
 public static void ReportIpcOperatingSystems(UInt32 fileOs, UInt32 pcmOs, WriteTypeIpc writeTypeIpc, ILogger logger, out bool shouldHalt)
 {
     shouldHalt = false;
     if (fileOs == pcmOs)
     {
         logger.AddUserMessage("PCM and image file are both operating system " + fileOs);
     }
     else
     {
         if ((writeTypeIpc == WriteTypeIpc.OsPlusCalibrationPlusBoot) || (writeTypeIpc == WriteTypeIpc.Full))
         {
             logger.AddUserMessage("Changing PCM to operating system " + fileOs);
         }
         else if (writeTypeIpc == WriteTypeIpc.TestWrite)
         {
             logger.AddUserMessage("PCM and image file are different operating systems.");
             logger.AddUserMessage("But we'll ignore that because this is just a test write.");
         }
         else
         {
             logger.AddUserMessage("Flashing this file could render your PCM unusable.");
             shouldHalt = true;
         }
     }
 }
Exemplo n.º 2
0
        /// <summary>
        /// Writes a block of data to the PCM
        /// Requires an unlocked PCM
        /// </summary>
        private async Task <Response <bool> > WriteBlock(byte block, byte[] data)
        {
            Message m;
            Message ok = new Message(new byte[] { 0x6C, DeviceId.Tool, DeviceId.Pcm, 0x7B, block });

            switch (data.Length)
            {
            case 6:
                m = new Message(new byte[] { 0x6C, DeviceId.Pcm, DeviceId.Tool, 0x3B, block, data[0], data[1], data[2], data[3], data[4], data[5] });
                break;

            default:
                logger.AddDebugMessage("Cant write block size " + data.Length);
                return(Response.Create(ResponseStatus.Error, false));
            }

            if (!await this.device.SendMessage(m))
            {
                logger.AddUserMessage("Failed to write block " + block + ", communications failure");
                return(Response.Create(ResponseStatus.Error, false));
            }

            logger.AddDebugMessage("Successful write to block " + block);
            return(Response.Create(ResponseStatus.Success, true));
        }
Exemplo n.º 3
0
        /// <summary>
        /// Writes a block of data to the PCM
        /// Requires an unlocked PCM
        /// </summary>
        public async Task <Response <bool> > WriteBlock(byte block, byte[] data)
        {
            Message tx;
            Message ok = new Message(new byte[] { 0x6C, DeviceId.Tool, DeviceId.Pcm, 0x7B, block });

            switch (data.Length)
            {
            case 6:
                tx = new Message(new byte[] { 0x6C, DeviceId.Pcm, DeviceId.Tool, 0x3B, block, data[0], data[1], data[2], data[3], data[4], data[5] });
                break;

            default:
                logger.AddDebugMessage("Cant write block size " + data.Length);
                return(Response.Create(ResponseStatus.Error, false));
            }

            Response <Message> rx = await this.device.SendRequest(tx);

            if (rx.Status != ResponseStatus.Success)
            {
                logger.AddUserMessage("Failed to write block " + block + ", communications failure");
                return(Response.Create(ResponseStatus.Error, false));
            }

            if (!Utility.CompareArrays(rx.Value.GetBytes(), ok.GetBytes()))
            {
                logger.AddUserMessage("Failed to write block " + block + ", PCM rejected attempt");
                return(Response.Create(ResponseStatus.Error, false));
            }

            logger.AddDebugMessage("Successful write to block " + block);
            return(Response.Create(ResponseStatus.Success, true));
        }
Exemplo n.º 4
0
        public static Device CreateSerialDevice(string serialPortName, string serialPortDeviceType, ILogger logger)
        {
            try
            {
                IPort port;
                if (string.Equals(MockPort.PortName, serialPortName))
                {
                    port = new MockPort(logger);
                }
                else if (string.Equals(HttpPort.PortName, serialPortName))
                {
                    port = new HttpPort(logger);
                }
                else
                {
                    port = new StandardPort(serialPortName);
                }

                Device device;
                switch (serialPortDeviceType)
                {
                case OBDXProDevice.DeviceType:
                    device = new OBDXProDevice(port, logger);
                    break;

                case AvtDevice.DeviceType:
                    device = new AvtDevice(port, logger);
                    break;

                case AvtDevice2.DeviceType:
                    device = new AvtDevice2(port, logger);
                    break;

                case MockDevice.DeviceType:
                    device = new MockDevice(port, logger);
                    break;

                case ElmDevice.DeviceType:
                    device = new ElmDevice(port, logger);
                    break;

                default:
                    device = null;
                    break;
                }

                if (device == null)
                {
                    return(null);
                }

                return(device);
            }
            catch (Exception exception)
            {
                logger.AddUserMessage($"Unable to create {serialPortDeviceType} on {serialPortName}.");
                logger.AddDebugMessage(exception.ToString());
                return(null);
            }
        }
Exemplo n.º 5
0
        /// <summary>
        /// Print out the number of retries, and beg the user to share.
        /// </summary>
        public static void ReportRetryCount(string operation, int retryCount, UInt32 flashChipSize, ILogger logger)
        {
            if (retryCount == 0)
            {
                logger.AddUserMessage("All " + operation.ToLower() + "-request messages succeeded on the first try. You have an excellent connection to the PCM.");
            }
            else if (retryCount < 3)
            {
                logger.AddUserMessage(operation + "-request messages had to be re-sent " + (retryCount == 1 ? "once." : "twice."));
            }
            else
            {
                logger.AddUserMessage(operation + "-request messages had to be re-sent " + retryCount + " times.");
            }

            logger.AddUserMessage("We're not sure how much retrying is normal for a " + operation.ToLower() + " operation on a " + (flashChipSize / 1024).ToString() + "kb PCM.");
            logger.AddUserMessage("Please help by sharing your results in the PCM Hammer thread at pcmhacking.net.");
        }
Exemplo n.º 6
0
        /// <summary>
        /// Read the full contents of the PCM.
        /// Assumes the PCM is unlocked and we're ready to go.
        /// </summary>
        public async Task <Response <Stream> > ReadContents(CancellationToken cancellationToken)
        {
            try
            {
                // Start with known state.
                await this.vehicle.ForceSendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();

                // Switch to 4x, if possible. But continue either way.
                if (Configuration.Enable4xReadWrite)
                {
                    // if the vehicle bus switches but the device does not, the bus will need to time out to revert back to 1x, and the next steps will fail.
                    if (!await this.vehicle.VehicleSetVPW4x(VpwSpeed.FourX))
                    {
                        this.logger.AddUserMessage("Stopping here because we were unable to switch to 4X.");
                        return(Response.Create(ResponseStatus.Error, (Stream)null));
                    }
                }
                else
                {
                    this.logger.AddUserMessage("4X communications disabled by configuration.");
                }

                await this.vehicle.SendToolPresentNotification();

                // execute read kernel
                Response <byte[]> response = await vehicle.LoadKernelFromFile("kernel.bin");

                if (response.Status != ResponseStatus.Success)
                {
                    logger.AddUserMessage("Failed to load kernel from file.");
                    return(new Response <Stream>(response.Status, null));
                }

                if (cancellationToken.IsCancellationRequested)
                {
                    return(Response.Create(ResponseStatus.Cancelled, (Stream)null));
                }

                await this.vehicle.SendToolPresentNotification();

                // TODO: instead of this hard-coded 0xFF9150, get the base address from the PcmInfo object.
                // TODO: choose kernel at run time? Because now it's FF8000...
                if (!await this.vehicle.PCMExecute(response.Value, 0xFF8000, cancellationToken))
                {
                    logger.AddUserMessage("Failed to upload kernel to PCM");

                    return(new Response <Stream>(
                               cancellationToken.IsCancellationRequested ? ResponseStatus.Cancelled : ResponseStatus.Error,
                               null));
                }

                logger.AddUserMessage("kernel uploaded to PCM succesfully. Requesting data...");

                // Which flash chip?
                await this.vehicle.SendToolPresentNotification();

                UInt32 chipId = await this.vehicle.QueryFlashChipId(cancellationToken);

                FlashChip flashChip = FlashChip.Create(chipId, this.logger);
                logger.AddUserMessage("Flash chip: " + flashChip.ToString());

                await this.vehicle.SetDeviceTimeout(TimeoutScenario.ReadMemoryBlock);

                this.logger.AddUserMessage("Address\t% Done\tTime Remaining");

                byte[] image          = new byte[flashChip.Size];
                int    retryCount     = 0;
                int    startAddress   = 0;
                int    endAddress     = (int)flashChip.Size;
                int    bytesRemaining = (int)flashChip.Size;
                int    blockSize      = this.vehicle.DeviceMaxReceiveSize - 10 - 2; // allow space for the header and block checksum

                DateTime startTime = DateTime.MaxValue;
                while (startAddress < endAddress)
                {
                    if (cancellationToken.IsCancellationRequested)
                    {
                        return(Response.Create(ResponseStatus.Cancelled, (Stream)null));
                    }

                    // The read kernel needs a short message here for reasons unknown. Without it, it will RX 2 messages then drop one.
                    await this.vehicle.ForceSendToolPresentNotification();

                    if (startAddress + blockSize > endAddress)
                    {
                        blockSize = endAddress - startAddress;
                    }

                    if (blockSize < 1)
                    {
                        this.logger.AddUserMessage("Image download complete");
                        break;
                    }

                    if (startTime == DateTime.MaxValue)
                    {
                        startTime = DateTime.Now;
                    }

                    Response <bool> readResponse = await TryReadBlock(
                        image,
                        blockSize,
                        startAddress,
                        startTime,
                        cancellationToken);

                    if (readResponse.Status != ResponseStatus.Success)
                    {
                        this.logger.AddUserMessage(
                            string.Format(
                                "Unable to read block from {0} to {1}",
                                startAddress,
                                (startAddress + blockSize) - 1));
                        return(new Response <Stream>(ResponseStatus.Error, null));
                    }

                    startAddress += blockSize;
                    retryCount   += readResponse.RetryCount;
                }

                logger.AddUserMessage("Read complete.");
                Utility.ReportRetryCount("Read", retryCount, flashChip.Size, this.logger);
                logger.AddUserMessage("Starting verification...");

                CKernelVerifier verifier = new CKernelVerifier(
                    image,
                    flashChip.MemoryRanges,
                    this.vehicle,
                    this.protocol,
                    this.logger);

                if (await verifier.CompareRanges(
                        image,
                        BlockType.All,
                        cancellationToken))
                {
                    logger.AddUserMessage("The contents of the file match the contents of the PCM.");
                }
                else
                {
                    logger.AddUserMessage("##############################################################################");
                    logger.AddUserMessage("There are errors in the data that was read from the PCM. Do not use this file.");
                    logger.AddUserMessage("##############################################################################");
                }

                await this.vehicle.Cleanup(); // Not sure why this does not get called in the finally block on successfull read?

                MemoryStream stream = new MemoryStream(image);
                return(new Response <Stream>(ResponseStatus.Success, stream));
            }
            catch (Exception exception)
            {
                this.logger.AddUserMessage("Something went wrong. " + exception.Message);
                this.logger.AddDebugMessage(exception.ToString());
                return(new Response <Stream>(ResponseStatus.Error, null));
            }
            finally
            {
                // Sending the exit command at both speeds and revert to 1x.
                await this.vehicle.Cleanup();
            }
        }
Exemplo n.º 7
0
        /// <summary>
        /// Write changes to the PCM's flash memory, or just test writing (Without
        /// making changes) to evaluate the connection quality.
        /// </summary>
        public async Task <bool> Write(
            byte[] image,
            UInt32 kernelVersion,
            FileValidator validator,
            bool needToCheckOperatingSystem,
            CancellationToken cancellationToken)
        {
            bool success = false;

            try
            {
                // Start with known state.
                await this.vehicle.ForceSendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();

                // TODO: install newer version if available.
                if (kernelVersion == 0)
                {
                    // Switch to 4x, if possible. But continue either way.
                    if (Configuration.Enable4xReadWrite)
                    {
                        // if the vehicle bus switches but the device does not, the bus will need to time out to revert back to 1x, and the next steps will fail.
                        if (!await this.vehicle.VehicleSetVPW4x(VpwSpeed.FourX))
                        {
                            this.logger.AddUserMessage("Stopping here because we were unable to switch to 4X.");
                            return(false);
                        }
                    }
                    else
                    {
                        this.logger.AddUserMessage("4X communications disabled by configuration.");
                    }

                    Response <byte[]> response = await this.vehicle.LoadKernelFromFile("kernel.bin");

                    if (response.Status != ResponseStatus.Success)
                    {
                        logger.AddUserMessage("Failed to load kernel from file.");
                        return(false);
                    }

                    if (cancellationToken.IsCancellationRequested)
                    {
                        return(false);
                    }

                    // TODO: instead of this hard-coded address, get the base address from the PcmInfo object.
                    if (!await this.vehicle.PCMExecute(response.Value, 0xFF8000, cancellationToken))
                    {
                        logger.AddUserMessage("Failed to upload kernel to PCM");

                        return(false);
                    }

                    logger.AddUserMessage("Kernel uploaded to PCM succesfully.");
                }

                // Confirm operating system match
                await this.vehicle.SendToolPresentNotification();

                await this.vehicle.SetDeviceTimeout(TimeoutScenario.ReadProperty);

                Response <UInt32> osidResponse = await this.vehicle.QueryOperatingSystemIdFromKernel(cancellationToken);

                if (needToCheckOperatingSystem && (osidResponse.Status != ResponseStatus.Success))
                {
                    // The kernel seems broken. This shouldn't happen, but if it does, halt.
                    this.logger.AddUserMessage("The kernel did not respond to operating system ID query.");
                    return(false);
                }

                bool shouldHalt;
                Utility.ReportOperatingSystems(validator.GetOsidFromImage(), osidResponse.Value, this.writeType, this.logger, out shouldHalt);
                if (needToCheckOperatingSystem && shouldHalt)
                {
                    return(false);
                }

                success = await this.Write(cancellationToken, image);

                // We only do cleanup after a successful write.
                // If the kernel remains running, the user can try to flash again without rebooting and reloading.
                // TODO: kernel version should be stored at a fixed location in the bin file.
                // TODO: app should check kernel version (not just "is present") and reload only if version is lower than version in kernel file.
                if (success)
                {
                    await this.vehicle.Cleanup();
                }

                return(success);
            }
            catch (Exception exception)
            {
                if (!success)
                {
                    switch (this.writeType)
                    {
                    case WriteType.None:
                    case WriteType.Compare:
                    case WriteType.TestWrite:
                        await this.vehicle.Cleanup();

                        this.logger.AddUserMessage("Something has gone wrong. Please report this error.");
                        this.logger.AddUserMessage("Errors during comparisons or test writes indicate a");
                        this.logger.AddUserMessage("problem with the PCM, interface, cable, or app. Don't");
                        this.logger.AddUserMessage("try to do any actual writing until you are certain that");
                        this.logger.AddUserMessage("the underlying problem has been completely corrected.");
                        break;

                    default:
                        this.logger.AddUserMessage("Something went wrong. " + exception.Message);
                        this.logger.AddUserMessage("Do not power off the PCM! Do not exit this program!");
                        this.logger.AddUserMessage("Try flashing again. If errors continue, seek help online.");
                        break;
                    }

                    this.logger.AddUserMessage("https://pcmhacking.net/forums/viewtopic.php?f=42&t=6080");
                    this.logger.AddUserMessage(string.Empty);
                    this.logger.AddUserMessage(exception.ToString());
                }

                return(success);
            }
        }
Exemplo n.º 8
0
        /// <summary>
        /// Write changes to the IPC's flash memory, or just test writing (Without
        /// making changes) to evaluate the connection quality.
        /// </summary>
        public async Task <bool> Write(
            byte[] image,
            UInt32 kernelVersion,
            FileValidator validator,
            bool needToCheckOperatingSystem,
            CancellationToken cancellationToken)
        {
            bool success = false;

            try
            {
                // Start with known state.
                await this.vehicle.ForceSendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();

                // TODO: install newer version if available.
                if (kernelVersion == 0)
                {
                    // Switch to 4x, if possible. But continue either way.
                    if (Configuration.Enable4xReadWrite)
                    {
                        // if the vehicle bus switches but the device does not, the bus will need to time out to revert back to 1x, and the next steps will fail.
                        if (!await this.vehicle.VehicleSetVPW4x(VpwSpeed.FourX))
                        {
                            this.logger.AddUserMessage("Stopping here because we were unable to switch to 4X.");
                            return(false);
                        }
                    }
                    else
                    {
                        this.logger.AddUserMessage("4X communications disabled by configuration.");
                    }
                }
                ///var sweepResponse = await this.vehicle.startProgram();

                // TODO: instead of this hard-coded address, get the base address from the PcmInfo object.
                int address1     = 0x020000;
                int claimedSize1 = 0x000002;
                if (!await this.vehicle.PCMStartProgram(address1, claimedSize1, cancellationToken))
                {
                    logger.AddUserMessage("Start Program to IPC denied");

                    return(false);
                }

                logger.AddUserMessage("Start Program to IPC allowed.");

                /// var modeResponse = await this.vehicle.requestmode34();
                // TODO: instead of this hard-coded address, get the base address from the PcmInfo object.
                int address     = 0x00E000;
                int claimedSize = 0x0400;
                if (!await this.vehicle.PCMExecute1(address, claimedSize, cancellationToken))
                {
                    logger.AddUserMessage("Upload to IPC denied");

                    return(false);
                }

                logger.AddUserMessage("Upload to IPC allowed.");

                success = await this.Write(cancellationToken, image);

                // We only do cleanup after a successful write.
                // If the kernel remains running, the user can try to flash again without rebooting and reloading.
                // TODO: kernel version should be stored at a fixed location in the bin file.
                // TODO: app should check kernel version (not just "is present") and reload only if version is lower than version in kernel file.
                if (success)
                {
                    await this.vehicle.Cleanup();
                }

                return(success);
            }
            catch (Exception exception)
            {
                if (!success)
                {
                    switch (this.writeTypeIpc)
                    {
                    case WriteTypeIpc.None:
                    case WriteTypeIpc.Compare:
                    case WriteTypeIpc.TestWrite:
                        await this.vehicle.Cleanup();

                        this.logger.AddUserMessage("Something has gone wrong. Please report this error.");
                        this.logger.AddUserMessage("Errors during comparisons or test writes indicate a");
                        this.logger.AddUserMessage("problem with the PCM, interface, cable, or app. Don't");
                        this.logger.AddUserMessage("try to do any actual writing until you are certain that");
                        this.logger.AddUserMessage("the underlying problem has been completely corrected.");
                        break;

                    default:
                        this.logger.AddUserMessage("Something went wrong. " + exception.Message);
                        this.logger.AddUserMessage("Do not power off the PCM! Do not exit this program!");
                        this.logger.AddUserMessage("Try flashing again. If errors continue, seek help online.");
                        break;
                    }

                    ///this.logger.AddUserMessage("https://pcmhacking.net/forums/viewtopic.php?f=42&t=6080");
                    this.logger.AddUserMessage(string.Empty);
                    this.logger.AddUserMessage(exception.ToString());
                }

                return(success);
            }
        }
Exemplo n.º 9
0
        /// <summary>
        /// Compare CRCs from the file to CRCs from the PCM.
        /// </summary>
        public async Task <bool> CompareRanges(
            IList <MemoryRange> ranges,
            byte[] image,
            BlockType blockTypes,
            CancellationToken cancellationToken)
        {
            logger.AddUserMessage("Calculating CRCs from file...");
            this.GetCrcFromImage();

            logger.AddUserMessage("Requesting CRCs from PCM...");
            await this.vehicle.SendToolPresentNotification();

            // The kernel will remember (and return) the CRC value of the last block it
            // was asked about, which leads to misleading results if you only rewrite
            // a single block. So we send a a bogus query to reset the last-used CRC
            // value in the kernel.
            Query <UInt32> crcReset = this.vehicle.CreateQuery <uint>(
                () => this.protocol.CreateCrcQuery(0, 0),
                (message) => this.protocol.ParseCrc(message, 0, 0),
                cancellationToken);
            await crcReset.Execute();

            await this.vehicle.SetDeviceTimeout(TimeoutScenario.ReadCrc);

            bool successForAllRanges = true;

            logger.AddUserMessage("\tRange\t\tFile CRC\t\tPCM CRC\tVerdict\tPurpose");
            foreach (MemoryRange range in ranges)
            {
                string formatString = "{0:X6}-{1:X6}\t{2:X8}\t{3:X8}\t{4}\t{5}";

                if ((range.Type & blockTypes) == 0)
                {
                    this.logger.AddUserMessage(
                        string.Format(
                            formatString,
                            range.Address,
                            range.Address + (range.Size - 1),
                            "not needed",
                            "not needed",
                            "n/a",
                            range.Type));
                    continue;
                }

                await this.vehicle.SendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();
                bool   success = false;
                UInt32 crc     = 0;

                // You might think that a shorter retry delay would speed things up,
                // but 1500ms delay gets CRC results in about 3.5 seconds.
                // A 1000ms delay resulted in 4+ second CRC responses, and a 750ms
                // delay resulted in 5 second CRC responses. The PCM needs to spend
                // its time caculating CRCs rather than responding to messages.
                int     retryDelay = 1500;
                Message query      = this.protocol.CreateCrcQuery(range.Address, range.Size);
                for (int attempts = 0; attempts < 10; attempts++)
                {
                    if (cancellationToken.IsCancellationRequested)
                    {
                        break;
                    }

                    await this.vehicle.SendToolPresentNotification();

                    if (!await this.vehicle.SendMessage(query))
                    {
                        // This delay is fast because we're waiting for the bus to be available,
                        // rather than waiting for the PCM's CPU to finish computing the CRC as
                        // with the other two delays below.
                        await Task.Delay(100);

                        continue;
                    }

                    Message response = await this.vehicle.ReceiveMessage();

                    if (response == null)
                    {
                        await Task.Delay(retryDelay);

                        continue;
                    }

                    Response <UInt32> crcResponse = this.protocol.ParseCrc(response, range.Address, range.Size);
                    if (crcResponse.Status != ResponseStatus.Success)
                    {
                        await Task.Delay(retryDelay);

                        continue;
                    }

                    success = true;
                    crc     = crcResponse.Value;
                    break;
                }

                this.vehicle.ClearDeviceMessageQueue();

                if (!success)
                {
                    this.logger.AddUserMessage("Unable to get CRC for memory range " + range.Address.ToString("X8") + " / " + range.Size.ToString("X8"));
                    successForAllRanges = false;
                    continue;
                }

                range.ActualCrc = crc;

                this.logger.AddUserMessage(
                    string.Format(
                        formatString,
                        range.Address,
                        range.Address + (range.Size - 1),
                        range.DesiredCrc,
                        range.ActualCrc,
                        range.DesiredCrc == range.ActualCrc ? "Same" : "Different",
                        range.Type));
            }

            await this.vehicle.SendToolPresentNotification();

            foreach (MemoryRange range in ranges)
            {
                if ((range.Type & blockTypes) == 0)
                {
                    continue;
                }

                if (range.ActualCrc != range.DesiredCrc)
                {
                    return(false);
                }
            }

            this.vehicle.ClearDeviceMessageQueue();

            return(successForAllRanges);
        }
Exemplo n.º 10
0
        /// <summary>
        /// Read the full contents of the PCM.
        /// Assumes the PCM is unlocked an were ready to go
        /// </summary>
        public async Task <Response <Stream> > ReadContents(PcmInfo info, CancellationToken cancellationToken)
        {
            try
            {
                await this.vehicle.SendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();

                // switch to 4x, if possible. But continue either way.
                // if the vehicle bus switches but the device does not, the bus will need to time out to revert back to 1x, and the next steps will fail.
                if (!await this.vehicle.VehicleSetVPW4x(VpwSpeed.FourX))
                {
                    this.logger.AddUserMessage("Stopping here because we were unable to switch to 4X.");
                    return(Response.Create(ResponseStatus.Error, (Stream)null));
                }

                await this.vehicle.SendToolPresentNotification();

                // execute read kernel
                Response <byte[]> response = await vehicle.LoadKernelFromFile("read-kernel.bin");

                if (response.Status != ResponseStatus.Success)
                {
                    logger.AddUserMessage("Failed to load kernel from file.");
                    return(new Response <Stream>(response.Status, null));
                }

                if (cancellationToken.IsCancellationRequested)
                {
                    return(Response.Create(ResponseStatus.Cancelled, (Stream)null));
                }

                await this.vehicle.SendToolPresentNotification();

                // TODO: instead of this hard-coded 0xFF9150, get the base address from the PcmInfo object.
                // TODO: choose kernel at run time? Because now it's FF8000...
                if (!await this.vehicle.PCMExecute(response.Value, 0xFF8000, cancellationToken))
                {
                    logger.AddUserMessage("Failed to upload kernel to PCM");

                    return(new Response <Stream>(
                               cancellationToken.IsCancellationRequested ? ResponseStatus.Cancelled : ResponseStatus.Error,
                               null));
                }

                logger.AddUserMessage("kernel uploaded to PCM succesfully. Requesting data...");

                await this.vehicle.SetDeviceTimeout(TimeoutScenario.ReadMemoryBlock);

                int startAddress   = info.ImageBaseAddress;
                int endAddress     = info.ImageBaseAddress + info.ImageSize;
                int bytesRemaining = info.ImageSize;
                int blockSize      = this.vehicle.DeviceMaxReceiveSize - 10 - 2; // allow space for the header and block checksum

                byte[] image = new byte[info.ImageSize];

                while (startAddress < endAddress)
                {
                    if (cancellationToken.IsCancellationRequested)
                    {
                        return(Response.Create(ResponseStatus.Cancelled, (Stream)null));
                    }

                    // The read kernel needs a short message here for reasons unknown. Without it, it will RX 2 messages then drop one.
                    await this.vehicle.ForceSendToolPresentNotification();

                    if (startAddress + blockSize > endAddress)
                    {
                        blockSize = endAddress - startAddress;
                    }

                    if (blockSize < 1)
                    {
                        this.logger.AddUserMessage("Image download complete");
                        break;
                    }

                    if (!await TryReadBlock(image, blockSize, startAddress, cancellationToken))
                    {
                        this.logger.AddUserMessage(
                            string.Format(
                                "Unable to read block from {0} to {1}",
                                startAddress,
                                (startAddress + blockSize) - 1));
                        return(new Response <Stream>(ResponseStatus.Error, null));
                    }

                    startAddress += blockSize;
                }

                await this.vehicle.Cleanup(); // Not sure why this does not get called in the finally block on successfull read?

                MemoryStream stream = new MemoryStream(image);
                return(new Response <Stream>(ResponseStatus.Success, stream));
            }
            catch (Exception exception)
            {
                this.logger.AddUserMessage("Something went wrong. " + exception.Message);
                this.logger.AddDebugMessage(exception.ToString());
                return(new Response <Stream>(ResponseStatus.Error, null));
            }
            finally
            {
                // Sending the exit command at both speeds and revert to 1x.
                await this.vehicle.Cleanup();
            }
        }
Exemplo n.º 11
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="chipId"></param>
        /// <returns></returns>
        public static IList <MemoryRange> GetMemoryRanges(UInt32 chipId, ILogger logger)
        {
            IList <MemoryRange> result = null;

            switch (chipId)
            {
            // This is only here as a warning to anyone adding ranges for another chip.
            // Please read the comments carefully. See case 0x00894471 for the real deal.
            case 0xFFFF4471:
                var unused = new MemoryRange[]
                {
                    // These numbers and descriptions are straight from the intel 28F400B data sheet.
                    // Notice that if you convert the 16 bit word sizes to decimal, they're all
                    // half as big as the description here, in bytes, indicates.
                    new MemoryRange(0x30000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x10000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x04000, 0x0C000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x03000, 0x01000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x02000, 0x01000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x02000, BlockType.Boot),            //  16kb boot block
                };
                return(null);

            // Intel 28F800B
            case 0x0089889D:
                result = new MemoryRange[]
                {
                    // These addresses are for a bottom fill chip (B) in byte mode (not word)
                    new MemoryRange(0xE0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0xC0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0xA0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x80000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x60000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x40000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x08000, 0x18000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            // Intel 28F400B
            case 0x00894471:
                result = new MemoryRange[]
                {
                    // These addresses are for a bottom fill chip (B) in byte mode (not word)
                    new MemoryRange(0x60000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x40000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x08000, 0x18000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            case 0x00012258:
                result = new MemoryRange[]
                {
                    new MemoryRange(0xF0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xE0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xD0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xC0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xB0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xA0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x90000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x80000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x70000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x60000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x50000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x40000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x30000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x20000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x10000, 0x10000, BlockType.Calibration),     //  64kb calibration block
                    new MemoryRange(0x08000, 0x08000, BlockType.Calibration),     //  32kb calibration block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //  8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //  8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            default:
                logger.AddUserMessage(
                    "Unsupported flash chip ID " + chipId.ToString("X8") + ". " +
                    Environment.NewLine +
                    "The flash memory in this PCM is not supported by this version of PCM Hammer." +
                    Environment.NewLine +
                    "Please look for a thread about this at pcmhacking.net, or create one if necessary." +
                    Environment.NewLine +
                    "We do aim to support for all flash chips over time.");
                return(null);
            }

            // Sanity check the memory ranges
            UInt32 lastStart = UInt32.MaxValue;

            for (int index = 0; index < result.Count; index++)
            {
                if (index == 0)
                {
                    UInt32 top = result[index].Address + result[index].Size;
                    if ((top != 512 * 1024) && (top != 1024 * 1024))
                    {
                        throw new InvalidOperationException("Upper end of memory range must be 512k or 1024k.");
                    }
                }

                if (index == result.Count - 1)
                {
                    if (result[index].Address != 0)
                    {
                        throw new InvalidOperationException("Memory ranges must start at zero.");
                    }
                }

                if (lastStart != UInt32.MaxValue)
                {
                    if (lastStart != result[index].Address + result[index].Size)
                    {
                        throw new InvalidDataException("Top of this range must match base of range above.");
                    }
                }

                lastStart = result[index].Address;
            }

            return(result);
        }
Exemplo n.º 12
0
        /// <summary>
        /// Factory method. Selects the memory configuration, size, and description.
        /// </summary>
        public static FlashChip Create(UInt32 chipId, ILogger logger)
        {
            IList <MemoryRange> memoryRanges = null;
            string description;
            UInt32 size;

            switch (chipId)
            {
            // This is only here as a warning to anyone adding ranges for another chip.
            // Please read the comments carefully. See case 0x00894471 for the real data.
            case 0xFFFF4471:
                var unused = new MemoryRange[]
                {
                    // These numbers and descriptions are straight from the intel 28F400B data sheet.
                    // Notice that if you convert the 16 bit word sizes to decimal, they're all
                    // half as big as the description here, in bytes, indicates.
                    new MemoryRange(0x30000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x10000, 0x10000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x04000, 0x0C000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x03000, 0x01000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x02000, 0x01000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x02000, BlockType.Boot),            //  16kb boot block
                };
                throw new InvalidOperationException("This flash chip ID was not supposed to exist in the wild.");

            // Intel 28F800B
            case 0x0089889D:
                size         = 1024 * 1024;
                description  = "Intel 28F800B, 1mb";
                memoryRanges = new MemoryRange[]
                {
                    // These addresses are for a bottom fill chip (B) in byte mode (not word)
                    new MemoryRange(0xE0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0xC0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0xA0000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x80000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x60000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x40000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x08000, 0x18000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            // Intel 28F400B
            case 0x00894471:
                size         = 512 * 1024;
                description  = "Intel 28F400B, 512kb";
                memoryRanges = new MemoryRange[]
                {
                    // These addresses are for a bottom fill chip (B) in byte mode (not word)
                    new MemoryRange(0x60000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x40000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x20000, 0x20000, BlockType.OperatingSystem), // 128kb main block
                    new MemoryRange(0x08000, 0x18000, BlockType.Calibration),     //  96kb main block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //   8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            // AM29F800BB
            case 0x00012258:
                size         = 1024 * 1024;
                description  = "AMD AM29F800BB, 1mb";
                memoryRanges = new MemoryRange[]
                {
                    new MemoryRange(0xF0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xE0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xD0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xC0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xB0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0xA0000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x90000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x80000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x70000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x60000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x50000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x40000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x30000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x20000, 0x10000, BlockType.OperatingSystem), //  64kb main block
                    new MemoryRange(0x10000, 0x10000, BlockType.Calibration),     //  64kb calibration block
                    new MemoryRange(0x08000, 0x08000, BlockType.Calibration),     //  32kb calibration block
                    new MemoryRange(0x06000, 0x02000, BlockType.Parameter),       //  8kb parameter block
                    new MemoryRange(0x04000, 0x02000, BlockType.Parameter),       //  8kb parameter block
                    new MemoryRange(0x00000, 0x04000, BlockType.Boot),            //  16kb boot block
                };
                break;

            // IPC
            case 0x4D696B65:
                size         = 16 * 1024;
                description  = "IPC Calibration";
                memoryRanges = new MemoryRange[]
                {
                    // These addresses are for a bottom fill chip (B) in byte mode (not word)
                    new MemoryRange(0x00000, 0x04000, BlockType.OperatingSystem),     // 128kb main block
                };
                break;

            // IPC1
            case 0x6D696B65:
                size         = 112 * 1024;
                description  = "IPC OS + Calibration";
                memoryRanges = new MemoryRange[]
                {
                    new MemoryRange(0x00000, 0x1C000, BlockType.OperatingSystem),
                };
                break;


            // Both of these have eight 8kb blocks at the low end, the rest are
            // 64kb. Not sure if they're actually used in any PCMs though.
            case 0x00898893:     // Intel 2F008B3
            case 0x008988C1:     // Intel 2F800C3
            default:
                string manufacturer;

                switch ((chipId >> 16))
                {
                case 0x0001:
                    manufacturer = "AMD";
                    break;

                case 0x0089:
                    manufacturer = "Intel";
                    break;

                default:
                    manufacturer = "Unknown";
                    break;
                }

                logger.AddUserMessage(
                    "Unsupported flash chip ID " + chipId.ToString("X8") + ". Manufacturer: " + manufacturer +
                    Environment.NewLine +
                    "The flash memory in this PCM is not supported by this version of PCM Hammer." +
                    Environment.NewLine +
                    "Please look for a thread about this at pcmhacking.net, or create one if necessary." +
                    Environment.NewLine +
                    "We do aim to add support for all flash chips eventually.");
                throw new ApplicationException();
            }

            // Sanity check the memory ranges;
            UInt32 lastStart    = UInt32.MaxValue;
            string chipIdString = chipId.ToString("X8");

            for (int index = 0; index < memoryRanges.Count; index++)
            {
                if (index == 0)
                {
                    UInt32 top = memoryRanges[index].Address + memoryRanges[index].Size;
                    if ((top != 16 * 1024) && (top != 112 * 1024) && (top != 512 * 1024) && (top != 1024 * 1024))
                    {
                        throw new InvalidOperationException(chipIdString + " - Upper end of memory range must be 512k or 1024k, is " + top.ToString("X8"));
                    }

                    if (size != top)
                    {
                        throw new InvalidOperationException(chipIdString + " - Size does not match upper memory block.");
                    }
                }

                if (index == memoryRanges.Count - 1)
                {
                    if (memoryRanges[index].Address != 0)
                    {
                        throw new InvalidOperationException(chipIdString + " - Memory ranges must start at zero.");
                    }
                }

                if (lastStart != UInt32.MaxValue)
                {
                    if (lastStart != memoryRanges[index].Address + memoryRanges[index].Size)
                    {
                        throw new InvalidDataException(chipIdString + " - Top of range " + index + " must match base of range above.");
                    }
                }

                lastStart = memoryRanges[index].Address;
            }

            return(new FlashChip(chipId, description, size, memoryRanges));
        }
Exemplo n.º 13
0
        /// <summary>
        /// Compare CRCs from the file to CRCs from the PCM.
        /// </summary>
        public async Task <bool> CompareRanges(
            byte[] image,
            BlockType blockTypes,
            CancellationToken cancellationToken)
        {
            logger.AddUserMessage("Calculating CRCs from file...");
            this.GetCrcFromImage();

            logger.AddUserMessage("Requesting CRCs from PCM...");
            await this.vehicle.SendToolPresentNotification();

            // The kernel will remember (and return) the CRC value of the last block it
            // was asked about, which leads to misleading results if you only rewrite
            // a single block. So we send a a bogus query to reset the last-used CRC
            // value in the kernel.
            Query <UInt32> crcReset = this.vehicle.CreateQuery <uint>(
                () => this.protocol.CreateCrcQuery(0, 0),
                (message) => this.protocol.ParseCrc(message, 0, 0),
                cancellationToken);
            await crcReset.Execute();

            await this.vehicle.SetDeviceTimeout(TimeoutScenario.ReadCrc);

            bool successForAllRanges = true;

            logger.AddUserMessage("\tRange\t\tFile CRC\t\tPCM CRC\tVerdict\tPurpose");
            foreach (MemoryRange range in this.ranges)
            {
                string formatString = "{0:X6}-{1:X6}\t{2:X8}\t{3:X8}\t{4}\t{5}";

                if ((range.Type & blockTypes) == 0)
                {
                    this.logger.AddUserMessage(
                        string.Format(
                            formatString,
                            range.Address,
                            range.Address + (range.Size - 1),
                            "not needed",
                            "not needed",
                            "n/a",
                            range.Type));
                    continue;
                }

                await this.vehicle.SendToolPresentNotification();

                this.vehicle.ClearDeviceMessageQueue();
                bool   success = false;
                UInt32 crc     = 0;

                // Each poll of the pcm causes it to CRC 16kb of segment data.
                // When the segment sum is available it is returned.
                int     retryDelay = 50;
                Message query      = this.protocol.CreateCrcQuery(range.Address, range.Size);
                for (int attempts = 0; attempts < 20; attempts++)
                {
                    if (cancellationToken.IsCancellationRequested)
                    {
                        break;
                    }

                    await this.vehicle.SendToolPresentNotification();

                    if (!await this.vehicle.SendMessage(query))
                    {
                        continue;
                    }

                    Message response = await this.vehicle.ReceiveMessage();

                    if (response == null)
                    {
                        await Task.Delay(retryDelay);

                        continue;
                    }

                    Response <UInt32> crcResponse = this.protocol.ParseCrc(response, range.Address, range.Size);
                    if (crcResponse.Status != ResponseStatus.Success)
                    {
                        await Task.Delay(retryDelay);

                        continue;
                    }

                    success = true;
                    crc     = crcResponse.Value;
                    break;
                }

                this.vehicle.ClearDeviceMessageQueue();

                if (!success)
                {
                    this.logger.AddUserMessage("Unable to get CRC for memory range " + range.Address.ToString("X8") + " / " + range.Size.ToString("X8"));
                    successForAllRanges = false;
                    continue;
                }

                range.ActualCrc = crc;

                this.logger.AddUserMessage(
                    string.Format(
                        formatString,
                        range.Address,
                        range.Address + (range.Size - 1),
                        range.DesiredCrc,
                        range.ActualCrc,
                        range.DesiredCrc == range.ActualCrc ? "Same" : "Different",
                        range.Type));
            }

            await this.vehicle.SendToolPresentNotification();

            foreach (MemoryRange range in this.ranges)
            {
                if ((range.Type & blockTypes) == 0)
                {
                    continue;
                }

                if (range.ActualCrc != range.DesiredCrc)
                {
                    return(false);
                }
            }

            this.vehicle.ClearDeviceMessageQueue();

            return(successForAllRanges);
        }