mirror of
https://github.com/dragonpilot/dragonpilot.git
synced 2026-02-20 17:13:54 +08:00
098e304118
67d5208 fix signedness issue in toyota safety fe15d3f bump pandacan 11c2b08 add fault invalid 2c26e45 add sleep 27c7637 forgot the counter 3a6d7db don't hang bfa7d2e canloader works b259e2a can flasher is close to working 83f2edf isotp can support in softloader 7ae7c79 typo e85cc47 forgot the selfs 190b4f6 start work on canflasher 5c655c9 add recover support ae3457f usbflash is reliable f7a0ab0 pedal usbflash works 585d0f9 add way to call isotp be82899 despite it being bad code, move isotp 000715b start work on pedal canloader 626e312 pedal has a bootstub now 3662d1e redundant check 81e6b0d fix bug 083cd12 should have bounty to refactor that ish b65d30c bad asserts b2e6c3f isotp untested support for subaddr 30fd66a Merge pull request #93 from vntarasov/volt 06f5109 Merge pull request #94 from gregjhogan/can-printer-hex c7d098c Merge pull request #95 from gregjhogan/setup-script 22fe250 Merge pull request #99 from gregjhogan/bit-transition-example ba16ba3 Merge pull request #100 from gregjhogan/j2534-troubleshooting-instructions ad08ea4 Merge pull request #90 from gregjhogan/can-forwarding f3b6f5d added j2534 troubleshooting instructions 858d150 added script to find bits that transition from 0 to 1 c6acac8 added checking pedal interceptor message length f7226ff added brake safety checks d0c2634 added gas safety checks d378e4a removed bosch safety forwarding restriction on 29 bit addresses 5c7ef9e added bosch safety hooks and forwarding 90c64b6 add note 23de8d4 Merge pull request #97 from commaai/pedal_improvements 0261641 added missing python packages b92b235 fix bytearray encode issue 2434f1c Tweak Volt's brake pedal stickiness e2f73d2 enable has a whole byte to itself d5a9e1e correct checksum f8ed9fa better names 986a14c don't alias pointers 9b8472e add watchdog support 8f0add9 handle faults 1d917f8 split gas set into 2 values, and have a fault state 1b77026 j2534 isn't alpha anymore fbcc872 Merge pull request #92 from commaai/pedal 8a6f44b pedal is sending messages 08f464c python 3 bro is bad bro 9390961 kline checksum algo was broken... 3b7c33b add kline debug support aa622bc init values 631ea9f better refactor eb1fd75 add PEDAL adc sets ccaa310 don't build with usb 8d4d763 debug console works bd09883 comma pedal is building 75a29d5 Merge pull request #84 from gregjhogan/j2534-hds eece37d only the panda has gmlan 9f43abe Merge pull request #89 from vntarasov/volt 5364d43 Merge pull request #88 from vntarasov/smaller-firmware 377a1ec bump version for descriptor fix 4fabdf0 Merge pull request #87 from gregjhogan/usb-multi-packet-control 8580773 fix sending WinUSB Extended Properties Feature Descriptor 6908feb Chevy Volt safety 786a004 Enable optimization to reduce firmware size d70f43b hack to fix thinkpad 95ab1ae fixed flow control message padding bbd04d1 updated installer 62216d0 single standalone DLL for J2534 driver 5c9138d fixed 11 bit address issue f3b0ad2 fix LOOPBACK getting set when DATA_RATE is set b750d36 updated README a9a097f lowered CPU utilization 7c26a70 TIS needs unsupported protocols to return an error 42692b4 TIS doesn't like ChannelID being zero cf126bb SET_CONFIG return error for reserved parameters 2e99dbf fix HDS issues 8203cc8 add is_grey e946a54 add insecure_okay flag 4363b3e check webpage 4f59ded add secure mode note 6b11fb5 add autosecuring to tests b27d185 Merge pull request #86 from commaai/better_pairing 4b53b42 elm wifi isn't an automated test 99f85cb Merge pull request #85 from gregjhogan/usb-wcid 0d38060 auto-install WinUSB device driver c6653ca from python import 38cc0ee add wifi_secure_mode, boots in insecure mode git-subtree-dir: panda git-subtree-split: 67d52089a1300b86800d897f2b271e0a24cf6dd6
382 lines
12 KiB
C
382 lines
12 KiB
C
#include "stdlib.h"
|
|
#include "ets_sys.h"
|
|
#include "osapi.h"
|
|
#include "gpio.h"
|
|
#include "mem.h"
|
|
#include "os_type.h"
|
|
#include "user_interface.h"
|
|
#include "espconn.h"
|
|
#include "upgrade.h"
|
|
|
|
#include "crypto/rsa.h"
|
|
#include "crypto/sha.h"
|
|
|
|
#include "obj/gitversion.h"
|
|
#include "obj/cert.h"
|
|
|
|
#define max(a,b) ((a) > (b) ? (a) : (b))
|
|
#define min(a,b) ((a) < (b) ? (a) : (b))
|
|
#define espconn_send_string(conn, x) espconn_send(conn, x, strlen(x))
|
|
|
|
#define MAX_RESP 0x800
|
|
char resp[MAX_RESP];
|
|
char pageheader[] = "HTTP/1.0 200 OK\nContent-Type: text/html\n\n"
|
|
"<!DOCTYPE html>\n"
|
|
"<html>\n"
|
|
"<head>\n"
|
|
"<title>Panda</title>\n"
|
|
"</head>\n"
|
|
"<body>\n"
|
|
"<pre>This is your comma.ai panda\n\n"
|
|
"It's open source. Find the code <a href=\"https://github.com/commaai/panda\">here</a>\n"
|
|
"Designed to work with our dashcam, <a href=\"http://chffr.comma.ai\">chffr</a>\n";
|
|
|
|
char pagefooter[] = "</pre>\n"
|
|
"</body>\n"
|
|
"</html>\n";
|
|
|
|
char OK_header[] = "HTTP/1.0 200 OK\nContent-Type: text/html\n\n";
|
|
|
|
static struct espconn web_conn;
|
|
static esp_tcp web_proto;
|
|
extern char ssid[];
|
|
extern int wifi_secure_mode;
|
|
|
|
char *st_firmware;
|
|
int real_content_length, content_length = 0;
|
|
char *st_firmware_ptr;
|
|
LOCAL os_timer_t ota_reboot_timer;
|
|
|
|
#define FIRMWARE_SIZE 503808
|
|
|
|
typedef struct {
|
|
uint16_t ep;
|
|
uint16_t extra_len;
|
|
union {
|
|
struct {
|
|
uint8_t request_type;
|
|
uint8_t request;
|
|
uint16_t value;
|
|
uint16_t index;
|
|
uint16_t length;
|
|
} control;
|
|
uint8_t data[0x10];
|
|
} u;
|
|
} usb_msg;
|
|
|
|
int ICACHE_FLASH_ATTR usb_cmd(int ep, int len, int request,
|
|
int value, int index, char *data) {
|
|
usb_msg usb = {0};
|
|
|
|
usb.ep = ep;
|
|
usb.extra_len = (ep == 0) ? 0 : len;
|
|
if (ep == 0) {
|
|
usb.u.control.request_type = 0xc0;
|
|
usb.u.control.request = request;
|
|
usb.u.control.value = value;
|
|
usb.u.control.index = index;
|
|
} else {
|
|
memcpy(&usb.u.data, data, usb.extra_len);
|
|
}
|
|
|
|
uint32_t recv[0x44/4];
|
|
spi_comm(&usb, sizeof(usb), recv, 0x40);
|
|
|
|
return recv[0];
|
|
}
|
|
|
|
|
|
void ICACHE_FLASH_ATTR st_flash() {
|
|
if (st_firmware != NULL) {
|
|
// boot mode
|
|
os_printf("st_flash: enter boot mode\n");
|
|
st_set_boot_mode(1);
|
|
|
|
// echo
|
|
os_printf("st_flash: wait for echo\n");
|
|
for (int i = 0; i < 10; i++) {
|
|
os_printf(" attempt: %d\n", i);
|
|
if (usb_cmd(0, 0, 0xb0, 0, 0, NULL) > 0) break;
|
|
}
|
|
|
|
// unlock flash
|
|
os_printf("st_flash: unlock flash\n");
|
|
usb_cmd(0, 0, 0xb1, 0, 0, NULL);
|
|
|
|
// erase sector 1
|
|
os_printf("st_flash: erase sector 1\n");
|
|
usb_cmd(0, 0, 0xb2, 1, 0, NULL);
|
|
|
|
if (real_content_length >= 16384) {
|
|
// erase sector 2
|
|
os_printf("st_flash: erase sector 2\n");
|
|
usb_cmd(0, 0, 0xb2, 2, 0, NULL);
|
|
}
|
|
|
|
// real content length will always be 0x10 aligned
|
|
os_printf("st_flash: flashing\n");
|
|
for (int i = 0; i < real_content_length; i += 0x10) {
|
|
int rl = min(0x10, real_content_length-i);
|
|
usb_cmd(2, rl, 0, 0, 0, &st_firmware[i]);
|
|
system_soft_wdt_feed();
|
|
}
|
|
|
|
// reboot into normal mode
|
|
os_printf("st_flash: rebooting\n");
|
|
usb_cmd(0, 0, 0xd8, 0, 0, NULL);
|
|
|
|
// done with this
|
|
os_free(st_firmware);
|
|
st_firmware = NULL;
|
|
}
|
|
}
|
|
|
|
typedef enum {
|
|
NOT_STARTED,
|
|
CONNECTION_ESTABLISHED,
|
|
RECEIVING_HEADER,
|
|
RECEIVING_ST_FIRMWARE,
|
|
RECEIVING_ESP_FIRMWARE,
|
|
REBOOTING,
|
|
ERROR
|
|
} web_state_t;
|
|
|
|
web_state_t state = NOT_STARTED;
|
|
int esp_address, esp_address_erase_limit, start_address;
|
|
|
|
void ICACHE_FLASH_ATTR hexdump(char *data, int len) {
|
|
int i;
|
|
for (i=0;i<len;i++) {
|
|
if (i!=0 && (i%0x10)==0) os_printf("\n");
|
|
os_printf("%02X ", data[i]);
|
|
}
|
|
os_printf("\n");
|
|
}
|
|
|
|
void ICACHE_FLASH_ATTR st_reset() {
|
|
// reset the ST
|
|
gpio16_output_conf();
|
|
gpio16_output_set(0);
|
|
os_delay_us(1000);
|
|
gpio16_output_set(1);
|
|
os_delay_us(10000);
|
|
}
|
|
|
|
void ICACHE_FLASH_ATTR st_set_boot_mode(int boot_mode) {
|
|
if (boot_mode) {
|
|
// boot mode (pull low)
|
|
gpio_output_set(0, (1 << 4), (1 << 4), 0);
|
|
st_reset();
|
|
} else {
|
|
// no boot mode (pull high)
|
|
gpio_output_set((1 << 4), 0, (1 << 4), 0);
|
|
st_reset();
|
|
}
|
|
|
|
// float boot pin
|
|
gpio_output_set(0, 0, 0, (1 << 4));
|
|
}
|
|
|
|
static void ICACHE_FLASH_ATTR web_rx_cb(void *arg, char *data, uint16_t len) {
|
|
int i;
|
|
struct espconn *conn = (struct espconn *)arg;
|
|
if (state == CONNECTION_ESTABLISHED) {
|
|
state = RECEIVING_HEADER;
|
|
os_printf("%s %d\n", data, len);
|
|
|
|
// index
|
|
if (memcmp(data, "GET / ", 6) == 0) {
|
|
memset(resp, 0, MAX_RESP);
|
|
|
|
strcpy(resp, pageheader);
|
|
ets_strcat(resp, "\nssid: ");
|
|
ets_strcat(resp, ssid);
|
|
ets_strcat(resp, "\n");
|
|
|
|
ets_strcat(resp, "\nst version: ");
|
|
uint32_t recvData[0x11];
|
|
int len = spi_comm("\x00\x00\x00\x00\x40\xD6\x00\x00\x00\x00\x40\x00", 0xC, recvData, 0x40);
|
|
ets_memcpy(resp+strlen(resp), recvData+1, len);
|
|
|
|
ets_strcat(resp, "\nesp version: ");
|
|
ets_strcat(resp, gitversion);
|
|
uint8_t current = system_upgrade_userbin_check();
|
|
if (current == UPGRADE_FW_BIN1) {
|
|
ets_strcat(resp, "\nesp flash file: user2.bin");
|
|
} else {
|
|
ets_strcat(resp, "\nesp flash file: user1.bin");
|
|
}
|
|
|
|
if (wifi_secure_mode) {
|
|
ets_strcat(resp, "\nin secure mode");
|
|
} else {
|
|
ets_strcat(resp, "\nin INSECURE mode...<a href=\"/secure\">secure it</a>");
|
|
}
|
|
|
|
ets_strcat(resp,"\nSet USB Mode:"
|
|
"<button onclick=\"var xhr = new XMLHttpRequest(); xhr.open('GET', 'set_property?usb_mode=0'); xhr.send()\" type='button'>Client</button>"
|
|
"<button onclick=\"var xhr = new XMLHttpRequest(); xhr.open('GET', 'set_property?usb_mode=1'); xhr.send()\" type='button'>CDP</button>"
|
|
"<button onclick=\"var xhr = new XMLHttpRequest(); xhr.open('GET', 'set_property?usb_mode=2'); xhr.send()\" type='button'>DCP</button>\n");
|
|
|
|
ets_strcat(resp, pagefooter);
|
|
|
|
espconn_send_string(&web_conn, resp);
|
|
espconn_disconnect(conn);
|
|
} else if (memcmp(data, "GET /secure", 11) == 0 && !wifi_secure_mode) {
|
|
wifi_configure(1);
|
|
} else if (memcmp(data, "GET /set_property?usb_mode=", 27) == 0 && wifi_secure_mode) {
|
|
char mode_value = data[27] - '0';
|
|
if (mode_value >= '\x00' && mode_value <= '\x02') {
|
|
memset(resp, 0, MAX_RESP);
|
|
char set_usb_mode_packet[] = "\x00\x00\x00\x00\x40\xE6\x00\x00\x00\x00\x40\x00";
|
|
set_usb_mode_packet[6] = mode_value;
|
|
uint32_t recvData[1];
|
|
spi_comm(set_usb_mode_packet, 0xC, recvData, 0);
|
|
os_sprintf(resp, "%sUSB Mode set to %02x\n\n", OK_header, mode_value);
|
|
espconn_send_string(&web_conn, resp);
|
|
espconn_disconnect(conn);
|
|
}
|
|
} else if (memcmp(data, "PUT /stupdate ", 14) == 0 && wifi_secure_mode) {
|
|
os_printf("init st firmware\n");
|
|
char *cl = strstr(data, "Content-Length: ");
|
|
if (cl != NULL) {
|
|
// get content length
|
|
cl += strlen("Content-Length: ");
|
|
content_length = skip_atoi(&cl);
|
|
os_printf("with content length %d\n", content_length);
|
|
|
|
// should be small enough to fit in RAM
|
|
real_content_length = (content_length+0xF)&(~0xF);
|
|
st_firmware_ptr = st_firmware = os_malloc(real_content_length);
|
|
memset(st_firmware, 0, real_content_length);
|
|
state = RECEIVING_ST_FIRMWARE;
|
|
}
|
|
|
|
} else if (((memcmp(data, "PUT /espupdate1 ", 16) == 0) ||
|
|
(memcmp(data, "PUT /espupdate2 ", 16) == 0)) && wifi_secure_mode) {
|
|
// 0x1000 = user1.bin
|
|
// 0x81000 = user2.bin
|
|
// 0x3FE000 = blank.bin
|
|
os_printf("init esp firmware\n");
|
|
char *cl = strstr(data, "Content-Length: ");
|
|
if (cl != NULL) {
|
|
// get content length
|
|
cl += strlen("Content-Length: ");
|
|
content_length = skip_atoi(&cl);
|
|
os_printf("with content length %d\n", content_length);
|
|
|
|
// setup flashing
|
|
uint8_t current = system_upgrade_userbin_check();
|
|
if (data[14] == '2' && current == UPGRADE_FW_BIN1) {
|
|
os_printf("flashing boot2.bin\n");
|
|
state = RECEIVING_ESP_FIRMWARE;
|
|
esp_address = 4*1024 + FIRMWARE_SIZE + 16*1024 + 4*1024;
|
|
} else if (data[14] == '1' && current == UPGRADE_FW_BIN2) {
|
|
os_printf("flashing boot1.bin\n");
|
|
state = RECEIVING_ESP_FIRMWARE;
|
|
esp_address = 4*1024;
|
|
} else {
|
|
espconn_send_string(&web_conn, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\nwrong!\n");
|
|
espconn_disconnect(conn);
|
|
}
|
|
esp_address_erase_limit = esp_address;
|
|
start_address = esp_address;
|
|
}
|
|
} else {
|
|
espconn_send_string(&web_conn, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n404 Not Found!\n");
|
|
espconn_disconnect(conn);
|
|
}
|
|
} else if (state == RECEIVING_ST_FIRMWARE) {
|
|
os_printf("receiving st firmware: %d/%d\n", len, content_length);
|
|
memcpy(st_firmware_ptr, data, min(content_length, len));
|
|
st_firmware_ptr += len;
|
|
content_length -= len;
|
|
|
|
if (content_length <= 0 && real_content_length > 1000) {
|
|
state = NOT_STARTED;
|
|
os_printf("done!\n");
|
|
espconn_send_string(&web_conn, "HTTP/1.0 200 OK\nContent-Type: text/html\n\nsuccess!\n");
|
|
espconn_disconnect(conn);
|
|
|
|
// reboot
|
|
os_printf("Scheduling st_flash in 100ms.\n");
|
|
os_timer_disarm(&ota_reboot_timer);
|
|
os_timer_setfn(&ota_reboot_timer, (os_timer_func_t *)st_flash, NULL);
|
|
os_timer_arm(&ota_reboot_timer, 100, 0);
|
|
}
|
|
} else if (state == RECEIVING_ESP_FIRMWARE) {
|
|
if ((esp_address+len) < (start_address + FIRMWARE_SIZE)) {
|
|
os_printf("receiving esp firmware: %d/%d -- 0x%x - 0x%x\n", len, content_length,
|
|
esp_address, esp_address_erase_limit);
|
|
content_length -= len;
|
|
while (esp_address_erase_limit < (esp_address + len)) {
|
|
os_printf("erasing 0x%X\n", esp_address_erase_limit);
|
|
spi_flash_erase_sector(esp_address_erase_limit / SPI_FLASH_SEC_SIZE);
|
|
esp_address_erase_limit += SPI_FLASH_SEC_SIZE;
|
|
}
|
|
SpiFlashOpResult res = spi_flash_write(esp_address, data, len);
|
|
if (res != SPI_FLASH_RESULT_OK) {
|
|
os_printf("flash fail @ 0x%x\n", esp_address);
|
|
}
|
|
esp_address += len;
|
|
|
|
if (content_length == 0) {
|
|
|
|
char digest[SHA_DIGEST_SIZE];
|
|
uint32_t rsa[RSANUMBYTES/4];
|
|
uint32_t dat[0x80/4];
|
|
int ll;
|
|
spi_flash_read(esp_address-RSANUMBYTES, rsa, RSANUMBYTES);
|
|
|
|
// 32-bit aligned accesses only
|
|
SHA_CTX ctx;
|
|
SHA_init(&ctx);
|
|
for (ll = start_address; ll < esp_address-RSANUMBYTES; ll += 0x80) {
|
|
spi_flash_read(ll, dat, 0x80);
|
|
SHA_update(&ctx, dat, min((esp_address-RSANUMBYTES)-ll, 0x80));
|
|
}
|
|
memcpy(digest, SHA_final(&ctx), SHA_DIGEST_SIZE);
|
|
|
|
if (RSA_verify(&releaseesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE) ||
|
|
#ifdef ALLOW_DEBUG
|
|
RSA_verify(&debugesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE)
|
|
#else
|
|
false
|
|
#endif
|
|
) {
|
|
os_printf("RSA verify success!\n");
|
|
espconn_send_string(&web_conn, "HTTP/1.0 200 OK\nContent-Type: text/html\n\nsuccess!\n");
|
|
system_upgrade_flag_set(UPGRADE_FLAG_FINISH);
|
|
|
|
// reboot
|
|
os_printf("Scheduling reboot.\n");
|
|
os_timer_disarm(&ota_reboot_timer);
|
|
os_timer_setfn(&ota_reboot_timer, (os_timer_func_t *)system_upgrade_reboot, NULL);
|
|
os_timer_arm(&ota_reboot_timer, 2000, 0);
|
|
} else {
|
|
os_printf("RSA verify FAILURE\n");
|
|
espconn_send_string(&web_conn, "HTTP/1.0 500 Internal Server Error\nContent-Type: text/html\n\nrsa verify fail\n");
|
|
}
|
|
espconn_disconnect(conn);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
void ICACHE_FLASH_ATTR web_tcp_connect_cb(void *arg) {
|
|
state = CONNECTION_ESTABLISHED;
|
|
struct espconn *conn = (struct espconn *)arg;
|
|
espconn_set_opt(&web_conn, ESPCONN_NODELAY);
|
|
espconn_regist_recvcb(conn, web_rx_cb);
|
|
}
|
|
|
|
void ICACHE_FLASH_ATTR web_init() {
|
|
web_proto.local_port = 80;
|
|
web_conn.type = ESPCONN_TCP;
|
|
web_conn.state = ESPCONN_NONE;
|
|
web_conn.proto.tcp = &web_proto;
|
|
espconn_regist_connectcb(&web_conn, web_tcp_connect_cb);
|
|
espconn_accept(&web_conn);
|
|
}
|
|
|