Today there was a weird power supply bug while trying to glitch hack an SLE4442 card. There are two ways we disable the power supply:
Use the DAC (PWM) to set 0volts, 0mA current at the VREG
Use a 595 pin CURRENT_EN to override the current limit output
What I noticed is that CURRENT_EN wasn’t working on its own. That led to a half day dig into the code and hardware. It turns out to be some absolutely bizarre repeatable missing bit error due to the speed we run the shift registers AND the temperature in my workshop (freezing today!). So, I fixed that.
While in there, I tried to raise the SPI speed for the LCD and flash to full speed. The NAND does not like that at all. It should work to 100MHz, so my guess is some setup or between frame delay requirements are not being met at 62.5MHz.
I’m going to increase the display speed to full, and shift down to 31.25MHz for the NAND for now. This only applies to REV10+, REV8 has to stay <20MHz to avoid de-configuring the SD card.
Also @grymoire: There should be a fix for that spurious over current error. I could reproduce it at low currents, and now it seems to be fixed. Thank you so much!
Fixed a bug in SLE4442 smart card set new password where the successful change was register as an error.
flash read -o -b <bytes> -f <file>
Added a force/override to flash reads on unknown chips:
-o override when init fails (unknown chip)
-b <bytes> specify how many bytes to read
If the chip can’t be identified, the flash command uses the most common 0x03 read command and a three byte start address of 0x00 0x00 0x00, then dumps <bytes> bytes to <file>.
Just to chime in on the hardware revisions, I think it makes sense to push the rev8 firmware into a sub-directory of the auto build zip file so that the user is only presented with a single .uf2 by default.
I don’t personally have an issue with the current arrangement. But as more people get their hands on the BP5, it’s inevitable that it’s going to become one of those gotchas that is going to keep coming up.
HUGE bug fix in SPI. It seems like I probably typed something in the wrong window and deleted the return value on reads. Not sure when that happened, I’ve been working with it non-stop and it was going fine.
Available mode commands are now printed in the global help output. I wanted a “single source of truth” without hiding stuff in lower mode layers. They are still included in the help mode mode specific help.
AND… I just noticed that the gps and bridge have the wrong help. I’ll push a fix.
I don’t know if this thread is the right place for this, but I have two small feature requests:
add a display mode that shows a user defined text on the display
add a command that waits for a button press with a user definable timeout. Maybe output the button hold time to allow the script to differentiate between short press and long press (after debounce)
The idea behind this is to use the BusPirate in some basic process automation without needing a dedicated monitor on the PC. A script on the PC decides to show some message to the user. Afterwards sends the “wait for button” command with a 0.5s timeout. On timeout it repeats the button check command. When the user doesn’t press the button, the program can still interact with the BusPirate every 0.5s and also react in a timely manner to the button press.
It was strangely easy to add scripting. The latest build has two new commands: script and tutorial. Both are based on the same scripting system.
# This is a sample tutorial!
# Welcome!
# This is some syntax, hit enter to execute it!
[0x00 0xff r:2]
# This is a comment! It's not executed!
# Here's a full on command!
# Hit enter to execute it!
pause
# Did it pause?
Very simple text format for tutorials and scripts.
Lines with # are comments and will (optionally) be printed in the terminal.
Anything else is shoved into the command prompt to be executed
Options:
-p pause at each command prompt and wait for<enter> key
tutorial is just an alias of script with fixed settings & a first-prompt tip to hit enter.
There’s a new git repo for scripts, tutorials, macros, datasources, etc. Feel free to make pull requests, please include some kind of name/handle and license. Eventually there will be a second download of datasources to copy to the flash drive, in addition to the firmware.
Scripting is recursive, and may need to move to the main loop statemachine…
There are also some minor updates to the user defined macro mode.
It’s been a bit of a catch up week. Moving forward, these are my debugging priorities:
Boards with broken LEDs and boot issues (an old firmware may work, and contain the solution)
Boards the freeze on flash dump
Confirm flash command is read/writing properly. Could be an issue in the Universal Flash Driver library or it’s implementation on the Bus Pirate.
Freezing in the script/tutorials when opening a second file from the script
It feels like we have a critical mass of people needed to define the binary mode and how it should work. I’m looking forward to getting that added in the next week or two.
The various little 8 pin flash chip adapters went to production last week. I feel like they’ll be assembled Tuesday. New week I’ll cover the flash adapters sourcing ‘story’ on social media, which you may have already seen here. It would be really nice to conclude that with getting //some kind// of SPI flash read/writer PC software going.
The latest firmware as a Digital Input Output mode. A simple way to control all 8 IOs without any pins dedicated to a protocol.
A few housekeeping items:
Sorry about the lack of notification emails. Evidently we outgrew our mailjet plan. That should be fixed.
it appears the auto build server is “doing something” that hits a corner case in some Bus Pirates. I setup a second build server yesterday and will start a new thread for it and push a bunch of tests here shortly.
The latest firmware sets individual identifiers for the USB CDC ports, which should make them more obvious on some operating systems. Thanks @alexhude!
The latest builds now place the rev8 firmware in an /attic/ folder, since almost everyone should be using rev10.
It appears Windows compiles work fine, with no specific changes needed.
It appears the Linux auto-builds cause boot failure/flakiness in at least one confirmed board where the Windows build does not.
The build server was running the latest version of arm-gcc
The PICO SDK installer (Windows) uses 10.3 (deprecated) specifically
I brought up a new build server and installed arm-gcc 10.3, which fixed a compiler warning that recently cropped up in the make.log files.
Firmware compiled on the new server with 10.3 does not fix the bug
As a temporary work around, I will post manual compiles occasionally. Tonight I will looks for a Windows laptop or surface pro to use as a build server until I figure out the issue.
The big update for today is that we appear to have solved the boot up corner case that seems to be cause by not giving the oscillator enough time to settle.
There’s also an update from @phdussud to improve handling of the NAND flash sharing between the host OS and the Bus Pirate FatFS access to the disk. That should be worked out in the next day or so.
Please check out the unnamed reverse engineering podcast to hear about my stupid side quests in Shenzhen
There is a new transparent UART bridge command in half duplex UART mode. It attempts to catch the RTS flow control command from the PC side and maps it to IO2. With the proper setup, this bridge should support pySIM, a set of tools for working with SIM cards.
Flash stuff was delayed a week because the manufacturing was a bit slow.Monday I’ll start documenting the flash adapter design considerations and by Friday hardware should be available. I’d really like to have a working binary mode by the end of the week to support external flash read/write.
Located and removed source of stack overflows that were causing a bunch of crashes and bugs
The Bus Pirate internal flash disk reconnects after file changes so the host operating system consistently sees the changes. When a terminal is connected the internal drive is read-only on the host OS
There is a new ‘test’ branch and forum thread tracking it. This is for staging big changes before they’re pushed to main.
Stack guard & debug are enabled on the test branch so issues can be investigated with GDB
A new button command configures the script file to run with the button is pressed. It has similar options as the script command: -d to hide comments, -e to exit on error.
By default the button command looks for button.scr.
With a little tweaking the button and script engine can be merged I think.
Last week I didn’t get much of anything done. I was involved in an altercation with a deranged man and have several bruised ribs. Sitting at my desk was super painful. I’m doing much better, and look forward to pushing a bunch of stuff this week.
A few tweaks for the button command are ready to push.
A first stab at binary mode is on the binmode branch, it just needs to bit of cleanup and should be ready for the test branch with a day’s work.
The Smart Card/SIM card adapter was finished last week and pre-orders should have shipped. I’ll do the write-up for the docs this week.
There’s a few contributions on the test branch that should be ready to go live on main.
@cra0 sent the guts of a shopping trolley wheel lock system that I’m super excited to mess around with a bit
It turned out I had some broken/fractured ribs, so I was out a bit longer than expected. Feeling ok now, and happy to be back. Will take some time to work through the backlog. Thank you so much to everyone who helped out with others’ questions/issues.
