Dynamic report of the chipID for flashing purposes

2025-03-03 11:36:34 +08:00 · 2019-07-10 18:41:42 +02:00 · 2019-07-10 18:41:42 +02:00 · 4727ab96d7
commit 4727ab96d7
parent fce082db56
5 changed files with 64 additions and 5 deletions
--- a/bootrom/bootrom.c
+++ b/bootrom/bootrom.c
@ -122,8 +122,10 @@ void UsbPacketReceived(uint8_t *packet, int len) {
    switch (c->cmd) {
        case CMD_DEVICE_INFO: {
            dont_ack = 1;
-            arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM |
-                   DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH;
+            arg0 = DEVICE_INFO_FLAG_BOOTROM_PRESENT | 
+                   DEVICE_INFO_FLAG_CURRENT_MODE_BOOTROM |
+                   DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH |
+                   DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO;
            if (common_area.flags.osimage_present)
                arg0 |= DEVICE_INFO_FLAG_OSIMAGE_PRESENT;

@ -131,6 +133,13 @@ void UsbPacketReceived(uint8_t *packet, int len) {
        }
        break;

+        case CMD_CHIP_INFO: {
+            dont_ack = 1;
+            arg0 = *(AT91C_DBGU_CIDR);
+            reply_old(CMD_CHIP_INFO, arg0, 0, 0, 0, 0);
+        }
+        break;
+
        case CMD_SETUP_WRITE: {
            /* The temporary write buffer of the embedded flash controller is mapped to the
            * whole memory region, only the last 8 bits are decoded.
--- a/client/flash.c
+++ b/client/flash.c
@ -347,7 +347,7 @@ static int wait_for_ack(PacketResponseNG *ack) {
 }

 // Go into flashing mode
-int flash_start_flashing(int enable_bl_writes, char *serial_port_name) {
+int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t * chipinfo) {
    uint32_t state;

    if (enter_bootloader(serial_port_name) < 0)
@ -356,6 +356,13 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name) {
    if (get_proxmark_state(&state) < 0)
        return -1;

+    if (state & DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO) {
+        SendCommandBL(CMD_CHIP_INFO, 0, 0, 0, NULL, 0);
+        PacketResponseNG resp;
+        WaitForResponse(CMD_CHIP_INFO, &resp);
+        *chipinfo = resp.oldarg[0];
+    }
+
    if (state & DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH) {
        // This command is stupid. Why the heck does it care which area we're
        // flashing, as long as it's not the bootloader area? The mind boggles.
--- a/client/flash.h
+++ b/client/flash.h
@ -38,7 +38,7 @@ typedef struct {
 } flash_file_t;

 int flash_load(flash_file_t *ctx, const char *name, int can_write_bl);
-int flash_start_flashing(int enable_bl_writes, char *serial_port_name);
+int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t *chipid);
 int flash_write(flash_file_t *ctx);
 void flash_free(flash_file_t *ctx);
 int flash_stop_flashing(void);
--- a/client/flasher.c
+++ b/client/flasher.c
@ -35,6 +35,42 @@ static void usage(char *argv0) {
 #endif
 }

+int chipid_to_mem_avail(uint32_t iChipID) {
+    int mem_avail = 0;
+    switch ((iChipID & 0xF00) >> 8) {
+        case 0:
+            mem_avail = 0;
+            break;
+        case 1:
+            mem_avail = 8;
+            break;
+        case 2:
+            mem_avail = 16;
+            break;
+        case 3:
+            mem_avail = 32;
+            break;
+        case 5:
+            mem_avail = 64;
+            break;
+        case 7:
+            mem_avail = 128;
+            break;
+        case 9:
+            mem_avail = 256;
+            break;
+        case 10:
+            mem_avail = 512;
+            break;
+        case 12:
+            mem_avail = 1024;
+            break;
+        case 14:
+            mem_avail = 2048;
+    }
+    return mem_avail;
+}
+
 int main(int argc, char **argv) {
    int can_write_bl = 0;
    int num_files = 0;
@ -84,10 +120,13 @@ int main(int argc, char **argv) {
        return -1;
    }

-    res = flash_start_flashing(can_write_bl, serial_port_name);
+    uint32_t chipid = 0;
+    res = flash_start_flashing(can_write_bl, serial_port_name, &chipid);
    if (res < 0)
        return -1;

+    PrintAndLogEx(NORMAL, "Available memory on this board: 0x%08x\n", chipid_to_mem_avail(chipid));
+
    PrintAndLogEx(SUCCESS, "\n" _BLUE_("Flashing..."));

    for (int i = 0; i < num_files; i++) {
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@ -216,6 +216,7 @@ typedef struct {
 #define CMD_FINISH_WRITE                                                  0x0003
 #define CMD_HARDWARE_RESET                                                0x0004
 #define CMD_START_FLASH                                                   0x0005
+#define CMD_CHIP_INFO                                                     0x0006
 #define CMD_NACK                                                          0x00fe
 #define CMD_ACK                                                           0x00ff

@ -541,6 +542,9 @@ typedef struct {
 /* Set if this device understands the extend start flash command */
 #define DEVICE_INFO_FLAG_UNDERSTANDS_START_FLASH     (1<<4)

+/* Set if this device understands the extend start flash command */
+#define DEVICE_INFO_FLAG_UNDERSTANDS_CHIP_INFO       (1<<5)
+
 /* CMD_START_FLASH may have three arguments: start of area to flash,
   end of area to flash, optional magic.
   The bootrom will not allow to overwrite itself unless this magic