SIMtrace Firmware » History » Version 27
laforge, 10/06/2019 03:22 PM
1 | 27 | laforge | **%{background:yellow}WARNING: this project only applies to the first generation SIMtrace hardware, which uses the Atmel AT91SAM7S micro-controller. This project is not supported anymore. The hardware and software are still working, but won't get updates. This project is now replaced by project:simtrace2, which uses the SAM3S replacement micro-controller. Patches to add support for the Atmel AT91SAM7S in the simtrace2 software are welcome.%** |
---|---|---|---|
2 | 1 | laforge | |
3 | 22 | laforge | h1. SIMtrace Firmware |
4 | |||
5 | |||
6 | The Firmware for the AT91SAM7S device was written by reusing a lot of the code for the "OpenPCD":http://www.openpcd.org/ |
||
7 | 1 | laforge | RFID reader. |
8 | 21 | laforge | |
9 | 23 | laforge | There is a simtrace Makefile target in the @git://git.osmocom.org/openpcd.git@ repository containing the latest firmware code. |
10 | 1 | laforge | |
11 | 22 | laforge | Eventually, the OS part of [[OpenPCD]]/OpenPICC/SIMtrace will be separated. At that point, the firmware source can become |
12 | 1 | laforge | part of simtrace.git |
13 | |||
14 | 4 | laforge | |
15 | 22 | laforge | h2. Building the firmware |
16 | 4 | laforge | |
17 | 22 | laforge | |
18 | 26 | zecke | Precondition: You need to set your PATH in a way that contains an arm-elf-gcc toolchain. |
19 | 22 | laforge | |
20 | <pre> |
||
21 | 1 | laforge | git clone git://git.osmocom.org/openpcd.git |
22 | cd openpcd/firmware |
||
23 | make -f Makefile.dfu BOARD=SIMTRACE |
||
24 | make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace |
||
25 | 4 | laforge | cat dfu.bin main_simtrace.bin > main_simtrace.samba |
26 | 1 | laforge | cd ../.. |
27 | 22 | laforge | </pre> |
28 | 1 | laforge | |
29 | |||
30 | 22 | laforge | h3. Firmware parts |
31 | |||
32 | |||
33 | 1 | laforge | The firmware build process creates two images: |
34 | 22 | laforge | * dfu.bin -- the sam7dfu 2nd level bootloader. It implements the USB DFU (Device Firmware Upgrade) profile. |
35 | * main_simtrace.bin -- the actual simtrace program. To be loaded via DFU, using "dfu-util":http://dfu-util.gnumonks.org/. |
||
36 | * main_simtrace.samba -- "sam7dfu":http://www.openpcd.org/Sam7dfu + simtrace image. to be loaded via SAM-BA, using sam7utils (see below). |
||
37 | 16 | tsaitgaist | |
38 | 1 | laforge | |
39 | 22 | laforge | h2. Flashing the firmware |
40 | |||
41 | |||
42 | 1 | laforge | There are two ways to flash the firmware: |
43 | 22 | laforge | * DFU: over USB and simple. |
44 | * SAM-BA: for AT91SAM7S without DFU installed, or when DFU fails. |
||
45 | 1 | laforge | |
46 | 16 | tsaitgaist | |
47 | 22 | laforge | h3. DFU |
48 | |||
49 | |||
50 | 16 | tsaitgaist | SIMtrace comes with the Device Firmware Upgrade (DFU) already installed. |
51 | To install it on a new AT91SAM7S, use the SAM-BA procedure below. |
||
52 | DFU can be used to replace the SIMtrace payload. |
||
53 | |||
54 | 1 | laforge | To get dfu-util: |
55 | 22 | laforge | <pre> |
56 | 1 | laforge | sudo apt-get install dfu-util |
57 | 22 | laforge | </pre> |
58 | 16 | tsaitgaist | |
59 | To flash the firmware: |
||
60 | 22 | laforge | <pre> |
61 | 1 | laforge | sudo dfu-util -d 16c0:0762 -a0 -D ./main_simtrace.bin -R |
62 | 22 | laforge | </pre> |
63 | 17 | tsaitgaist | |
64 | dfu-util should reset the board and use the DFU bootloader. |
||
65 | Try the command a second time if it did not work at first. |
||
66 | 22 | laforge | If this still does not work, power up the board while pressing the *BOOTLOADER* button. |
67 | 9 | laforge | |
68 | 1 | laforge | |
69 | 22 | laforge | h3. SAM-BA |
70 | |||
71 | |||
72 | 1 | laforge | The SAM-BA mode is provided by the AT91SAM7S. |
73 | This can be used at any time, even if the firmware bricks the device. |
||
74 | To flash the new firmware, sam7utils is used. |
||
75 | |||
76 | |||
77 | 22 | laforge | h4. sam7utils |
78 | |||
79 | |||
80 | 1 | laforge | SAM-BA images contain a full NOR flash image. They can be used in case the sam7dfu bootloader was corrupted, |
81 | 22 | laforge | and can be installed either using the *sam7* program released by Atmel, or via JTAG based flashing. |
82 | 1 | laforge | |
83 | 15 | tsaitgaist | Installing firmware using SAM-BA is a bit cumbersome and requires strict adherence to a sequence of USB cable |
84 | 1 | laforge | plugging/unplugging and jumper setting, waiting, jumper removal, etc. |
85 | |||
86 | |||
87 | 22 | laforge | sam7utils will be used to flash the *main_simtrace.samba* image over SAM-BA. |
88 | <pre> |
||
89 | 1 | laforge | sudo aptitude install libreadline-dev libusb-dev |
90 | 17 | tsaitgaist | wget http://www.openpcd.org/dl/sam7utils-0.2.1-bm.tar.bz2 |
91 | 12 | laforge | tar xf sam7utils-*.tar.bz2 |
92 | cd sam7utils |
||
93 | 1 | laforge | ./configure --prefix=/usr/local |
94 | make AM_CFLAGS="" |
||
95 | 22 | laforge | </pre> |
96 | 12 | laforge | |
97 | |||
98 | 22 | laforge | h4. Entering the SAM-BA mode |
99 | |||
100 | |||
101 | 14 | laforge | The first time you flash the device, you will have to use the SAM-BA method using the main_simtrace.samba image. |
102 | 1 | laforge | |
103 | To put the board into SAM-BA mode, use the following steps: |
||
104 | |||
105 | 22 | laforge | * unplug the board |
106 | * short TEST to VCC (3.3V) pin using a jumper. leave PA0,PA1,PA2 unconnected. |
||
107 | * power up the board |
||
108 | * wait 20s |
||
109 | * unplug board |
||
110 | * remove jumper |
||
111 | 12 | laforge | |
112 | 23 | laforge | !shortTEST.jpg! |
113 | 1 | laforge | |
114 | Now when the board is attached to USB, lsusb should show : |
||
115 | 22 | laforge | <pre> |
116 | 1 | laforge | Bus 002 Device 015: ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader |
117 | 22 | laforge | </pre> |
118 | 1 | laforge | |
119 | 22 | laforge | *note*: sometimes switching to SAM-BA mode is not working. |
120 | 1 | laforge | This is the case if the 2 LEDs are on when powering up the board while VCC and TEST is shorted. |
121 | 20 | tsaitgaist | This is because PA0 should be pulled up to enter the SAM-BE mode, but the internal pull-up does not seem to be used. |
122 | 1 | laforge | There are several methods to correct this: |
123 | 20 | tsaitgaist | |
124 | 22 | laforge | * press the RESET button while powering up |
125 | * touch PA0 (pin 48, on the right upper corner) with a piece of metal |
||
126 | * short PA0 and PA1 (pin 48 and 47, next to each other on the right upper corner) |
||
127 | 1 | laforge | |
128 | As soon as the LEDs go off, the SAM-BA mode is working. |
||
129 | |||
130 | 22 | laforge | *note for SIMtace v1.3 boards*: Because of a [[SIMtraceHardware#v13|hardware design bug] if you produced the board yourself you have to cut a path on the board and write the board version on flash the first time you install the firmware Follow the detailed [wikiProductionFlashingV13 instructions]]. |
131 | 1 | laforge | |
132 | For more information about SAM-BA, please refer to the Atmel documentation on the AT91SAM7S component. |
||
133 | |||
134 | |||
135 | 22 | laforge | h4. Flashing the firmware with sam7 |
136 | |||
137 | |||
138 | 1 | laforge | You can flash with sam7utils using libusb or POSIX. |
139 | 17 | tsaitgaist | |
140 | 1 | laforge | It may happen that sam7 loads a sam_ba module at the end. |
141 | 17 | tsaitgaist | If you want to use sam7 multiple times, remove the loaded module after each run: |
142 | 22 | laforge | <pre> |
143 | 17 | tsaitgaist | sudo rmmod sam_ba |
144 | 22 | laforge | </pre> |
145 | 1 | laforge | |
146 | 17 | tsaitgaist | |
147 | 22 | laforge | h5. flashing using libusb |
148 | |||
149 | |||
150 | 17 | tsaitgaist | sam7utils tries to compile with libusb, so to access the device directly. |
151 | If libusb is not present, you must flash using serial. |
||
152 | |||
153 | On ubuntu the usb device 03eb:6124 is mapped on /dev/ttyACMx using the cdc_cam module. |
||
154 | Remove it while the board is plugged, so sam7utils is able to communicate with it. |
||
155 | 22 | laforge | <pre> |
156 | 1 | laforge | sudo rmmod cdc_acm |
157 | 22 | laforge | </pre> |
158 | 11 | laforge | |
159 | to flash the samba image using libusb : |
||
160 | 22 | laforge | <pre> |
161 | 1 | laforge | sudo ./sam7 --exec set_clock --exec unlock_regions --exec "flash ../openpcd/firmware/main_simtrace.samba" |
162 | 22 | laforge | </pre> |
163 | 9 | laforge | |
164 | 6 | laforge | |
165 | 22 | laforge | h5. using POSIX |
166 | |||
167 | |||
168 | 6 | laforge | If libusb is not present, sam7utils will be compiled to communicate with the board using POSIX. |
169 | 17 | tsaitgaist | |
170 | 1 | laforge | If the device is not mapped to a node, use usbserial : |
171 | 22 | laforge | <pre> |
172 | 15 | tsaitgaist | sudo rmmod usbserial |
173 | 1 | laforge | sudo modprobe usbserial vendor=0x03EB product=0x6124 |
174 | 22 | laforge | </pre> |
175 | 17 | tsaitgaist | |
176 | 2 | laforge | to flash the samba image using serial : |
177 | 22 | laforge | <pre> |
178 | 2 | laforge | sudo ./sam7 -l /dev/ttyUSB0 --exec set_clock --exec unlock_regions --exec "flash ../openpcd/firmware/main_simtrace.samba" |
179 | 22 | laforge | </pre> |
180 | 19 | laforge | |
181 | |||
182 | 22 | laforge | h2. Serial |
183 | |||
184 | |||
185 | 9 | laforge | The debug serial is available with 115200 baud and 8n1 with no flow control |
186 | 19 | laforge | |
187 | 10 | laforge | |
188 | 22 | laforge | h2. Bugs |
189 | |||
190 | |||
191 | 18 | laforge | With high speed SIM cards some bytes inside an APDU can be skipped. This is more likely to happen in a virtualized environment. The workaround is to decrease the buffer size inside the firmware. |
192 | 1 | laforge | |
193 | 22 | laforge | |
194 | h2. Version History |
||
195 | |||
196 | * v0.2 Fixes ATR handling for older SIMcards. |
||
197 | * v0.4 fixes wrong Fi/Di computation in some cases |
||
198 | * v0.5 fixes SIMtrace crashes, lost bytes, WDT expiration and many other issues |