CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support

Reverse Engineer the TinyBootloader.

 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
treitmey



Joined: 23 Jan 2004
Posts: 1094
Location: Appleton,WI USA

View user's profile Send private message Visit poster's website

Reverse Engineer the TinyBootloader.
PostPosted: Mon Oct 12, 2009 11:28 am     Reply with quote

I wanted to reverse engineer the Tiny boot loader to better understand
what each part is doing, and perhaps make it eaiser for other to understand.
http://www.etc.ugal.ro/cchiculita/software/picbootloader.htm
So I want to design in CCS C such that the result is like the following HEX. If you have mpasm, and CCS C you can follow along.
source in asm. similar to tinyB18F with 18F452 set along with fuses.
btw. If anyone knows of a show-stopper reason this can't be done. let me know,.. I don't want to sit here spinning my wheels.

1st question. Can the startup initialization code be eliminated? I want
to start with a jump to the loader.

Code:
   radix DEC
      LIST      P=18F452   ; change also: Configure->SelectDevice from Mplab
xtal EQU 18432000      ; you may want to change: _XT_OSC_1H  _HS_OSC_1H  _HSPLL_OSC_1H
baud EQU 19200         ; standard TinyBld baud rates: 115200 or 19200
   ; The above 3 lines can be changed and built a bootloader for the desired frequency (and PIC type)

   ;********************************************************************
   ;   Tiny Bootloader      18F series      Size=100words
   ;   [email protected]
   ;   http://www.etc.ugal.ro/cchiculita/software/picbootloader.htm
   ;   Modified by Nam Nguyen-Quang for testing different PIC18Fs with tinybldWin.exe v1.9
   ;   [email protected]
   ;********************************************************************

;   This source file is for PIC18F242, 252, 442, 452, 248, 258, 448, 458, 2220, 2320,
;   4220, 4320, 1220, 1320, 2331, 2431, 4331, 4431, 2439, 2539, 4439, and 4539

;   Copy these include files to your project directory (i.e. they are in the same
;   directory with your .asm source file), if necessary

   #include "icdpictypes.inc"   ; Takes care of: #include "p18fxxx.inc",  max_flash, IdTypePIC
   #include "spbrgselect.inc"   ; RoundResult and baud_rate

      #define first_address max_flash-200      ;100 words
 CONFIG   OSC = HS, OSCS = OFF, PWRT = ON, BOR = ON, BORV = 27, WDT = OFF
 CONFIG WDTPS = 32, CCP2MUX = OFF, STVR = ON, LVP = OFF, DEBUG = OFF


;   For different PICs, uncomment the appropriate lines of CONFIG directives
;   as indicated, and comment out all the other lines, if necessary
;   For example, the following configuration is for PIC18F4580, with 8 MHz crystal
;   You could find the symbol names for the chip in its include file
;   (in the Microchip\MPASM Suite directory)

;----- CONFIG1H Options -----
;   For 18F242, 248, 252, 258, 442, 448, 452, and 458 (xx2/xx8)
;      CONFIG   OSC = HS, OSCS = OFF

;   For 18F1220, 1320, 2220, 2320, 4220, and 4320 (x220/x320)
;      CONFIG   OSC = HS, FSCM = OFF, IESO = OFF
;      CONFIG   OSC = INTIO2, FSCM = OFF, IESO = OFF   ; Use internal oscilator, xtal = 8000000

;   For 18F2331, 2431, 4331, and 4431
;      CONFIG   OSC = HS, FCMEN = OFF, IESO = OFF
;      CONFIG   OSC = IRCIO, FCMEN = OFF, IESO = OFF

;   For 18F2439, 2539, 4439, and 4539
;      CONFIG   OSC = HS

;   For 2480, 2580, 4480, and 4580
;      CONFIG   OSC = HS, FCMENB = OFF, IESOB = OFF
;      CONFIG   OSC = IRCIO67, FCMENB = OFF, IESOB = OFF   ; Use internal oscilator, xtal = 8000000


;----- CONFIG2L Options -----
;   For 18F242, 248, 252, 258, 442, 448, 452, and 458 (xx2/xx8)
;   For 18F1220, 1320, 2220, 2320, 4220, and 4320 (x220/x320)
;   and for 18F2439, 2539, 4439, and 4539 as well
;      CONFIG   PWRT = ON, BOR = ON, BORV = 27

;   For 18F2331, 2431, 4331, and 4431
;      CONFIG   PWRTEN = ON, BOREN = ON, BORV = 27

;   For 2480, 2580, 4480, and 4580
;      CONFIG   PWRT = ON, BOR = BOHW, BORV = 27


;----- CONFIG2H Options -----
;   For all of the chips associated with this source file, except xx31 as follows
;      CONFIG   WDT = OFF, WDTPS = 128

;   For 18F2331, 2431, 4331, and 4431
;      CONFIG   WDTEN = OFF, WINEN = OFF, WDPS = 128

;----- CONFIG3L Options -----
;   For 18F2331, 2431, 4331, and 4431
;      CONFIG   T1OSCMX = ON, HPOL = HIGH, LPOL = HIGH, PWMPIN = OFF


;----- CONFIG3H Options -----
;   For 18F242, 252, 442, and 452
;      CONFIG   CCP2MUX = OFF

;   For 18F1220, 1320, 2220, 2320, 4220, and 4320
;      CONFIG   MCLRE = ON, PBAD = DIG, CCP2MX = OFF

;   For 18F2331, and 2431
;      CONFIG   MCLRE = ON

;   For 18F4331, and 4431
;      CONFIG   MCLRE = ON, EXCLKMX = RD0, PWM4MX = RD5, SSPMX = RD1, FLTAMX = RD4

;   For 2480, 2580, 4480, and 4580
;      CONFIG   MCLRE = ON, LPT1OSC = OFF, PBADEN = OFF


;----- CONFIG4L Options -----
;   For 18F242, 248, 252, 258, 442, 448, 452, and 458
;   For 18F1220, 1320, 2220, 2320, 4220, and 4320
;   and for 18F2439, 2539, 4439, and 4539 as well
;      CONFIG STVR = ON, LVP = OFF, DEBUG = OFF

;   For 18F2331, 2431, 4331, and 4431
;      CONFIG   STVREN = ON, LVP = OFF, DEBUG = OFF

;   For 2480, 2580, 4480, and 4580
;      CONFIG   STVREN = ON, LVP = OFF, DEBUG = OFF, XINST = OFF, BBSIZ = 1024


;----------------------------- PROGRAM ---------------------------------
   cblock 0
   crc
   i
   cnt1
   cnt2
   cnt3
   counter_hi
   counter_lo
   flag
   endc
   cblock 10
   buffer:64
   dummy4crc
   endc

SendL macro car
   movlw car
   movwf TXREG
   endm

;0000000000000000000000000 RESET 00000000000000000000000000

      ORG     0x0000
      GOTO    IntrareBootloader

;view with TabSize=4
;&&&&&&&&&&&&&&&&&&&&&&&   START     &&&&&&&&&&&&&&&&&&&&&&
;----------------------  Bootloader  ----------------------
;PC_flash:      C1h            U      H      L      x  ...  <64 bytes>   ...  crc
;PC_eeprom:      C1h               40h   EEADR   EEDATA   0      crc
;PC_cfg         C1h         U OR 80h   H      L      1      byte   crc
;PIC_response:      type `K`

   ORG first_address      ;space to deposit first 4 instr. of user prog.
   nop
   nop
   nop
   nop
   org first_address+8
IntrareBootloader
                     ;init IntOSC, added by Nam Nguyen-Quang
   ;movlw 0x70
   ;movwf OSCCON
   ; the above 2 lines should be commented out for designs not using the internal oscilator
   ; or for the chips without the internal oscilator
                     ;init serial port
   movlw b'00100100'
   movwf TXSTA
   movlw spbrg_value
   movwf SPBRG
   movlw b'10010000'
   movwf RCSTA
                     ;wait for computer
   rcall Receive
   sublw 0xC1            ;Expect C1h
   bnz way_to_exit
   SendL IdTypePIC         ;send PIC type
MainLoop
   SendL 'K'            ; "-Everything OK, ready and waiting."
mainl
   clrf crc
   rcall Receive         ;Upper
   movwf TBLPTRU
      movwf flag         ;(for EEPROM and CFG cases)
   rcall Receive         ;Hi
   movwf TBLPTRH
      movwf EEADR         ;(for EEPROM case)
   rcall Receive         ;Lo
   movwf TBLPTRL
      movwf EEDATA      ;(for EEPROM case)

   rcall Receive         ;count
   movwf i
   incf i
   lfsr FSR0, (buffer-1)
rcvoct                  ;read 64+1 bytes
      movwf TABLAT      ;prepare for cfg; => store byte before crc
   rcall Receive
   movwf PREINC0
   decfsz i
   bra rcvoct

   tstfsz crc            ;check crc
   bra ziieroare
      btfss flag,6      ;is EEPROM data?
      bra noeeprom
      movlw b'00000100'   ;Setup eeprom
      rcall Write
      bra waitwre
noeeprom
      btfss flag,7      ;is CFG data?
      bra noconfig
      tblwt*            ;write TABLAT(byte before crc) to TBLPTR***
      movlw b'11000100'   ;Setup cfg
      rcall Write
      bra waitwre
noconfig
                     ;write
eraseloop
   movlw   b'10010100'      ; Setup erase
   rcall Write
   TBLRD*-               ; point to adr-1

writebigloop
   movlw 8               ; 8groups
   movwf counter_hi
   lfsr FSR0,buffer
writesloop
   movlw 8               ; 8bytes = 4instr
   movwf counter_lo
writebyte
   movf POSTINC0,w         ; put 1 byte
   movwf TABLAT
   tblwt+*
   decfsz counter_lo
   bra writebyte

   movlw   b'10000100'      ; Setup writes
   rcall Write
   decfsz counter_hi
   bra writesloop
waitwre
   ;btfsc EECON1,WR      ;for eeprom writes (wait to finish write)
   ;bra waitwre         ;no need: round trip time with PC bigger than 4ms

   bcf EECON1,WREN         ;disable writes
   bra MainLoop

ziieroare               ;CRC failed
   SendL 'N'
   bra mainl

;******** procedures ******************

Write
   movwf EECON1
   movlw 0x55
   movwf EECON2
   movlw 0xAA
   movwf EECON2
   bsf EECON1,WR         ;WRITE
   nop
   ;nop
   return


Receive
   movlw xtal/1845200 + 1   ; for 20MHz => 11 => 1second delay
                     ; for 18F2xxx chips, this should be xtal/1000000+1
   movwf cnt1
rpt2
   clrf cnt2
rpt3
   clrf cnt3
rptc
      btfss PIR1,RCIF         ;test RX
      bra notrcv
       movf RCREG,w         ;return read data in W
       addwf crc,f            ;compute crc
      return
notrcv
   decfsz cnt3
   bra rptc
   decfsz cnt2
   bra rpt3
   decfsz cnt1
   bra rpt2
   ;timeout:
way_to_exit
   bcf   RCSTA,   SPEN         ; deactivate UART
   bra first_address
;*************************************************************
; After reset
; Do not expect the memory to be zero,
; Do not expect registers to be initialised like in catalog.

            END

Code:

:020000040000FA
:04000000A0EF3FF03E
:087F3800000000000000000041
:107F4000240EAC6E3B0EAF6E900EAB6E46D8C108E1
:107F500053E1410EAD6E4B0EAD6E006A3ED8F86E29
:107F6000076E3BD8F76EA96E38D8F66EA86E35D876
:107F7000016E012A00EE09F0F56E2FD8EC6E012E8D
:107F8000FBD700661FD007AC03D0040E1ED818D054
:107F900007AE04D00C00C40E18D812D0940E15D819
:107FA0000A00080E056E00EE0AF0080E066EEE508E
:107FB000F56E0F00062EFBD7840E07D8052EF5D7D9
:107FC000A694C9D74E0EAD6EC8D7A66E550EA76E35
:107FD000AA0EA76EA682000012000A0E026E036AA5
:107FE000046A9EAA03D0AE5000261200042EF9D7D0
:0C7FF000032EF6D7022EF3D7AB9E9ED7CF
:020000040030CA
:03000100220A0AC6
:02000500008178
:060008000FC00FE00F40E5
:00000001FF
ckielstra



Joined: 18 Mar 2004
Posts: 3680
Location: The Netherlands

View user's profile Send private message

PostPosted: Mon Oct 19, 2009 5:24 pm     Reply with quote

The bootloader code is short so it should be relative easy to port. I'm willing to help but don't fully understand why would you want to do this?

The beauty of this bootloader is it being so tiny. Rewriting the code in CCS-C makes it easier to understand but will also be (slightly) larger.
asmallri



Joined: 12 Aug 2004
Posts: 1635
Location: Perth, Australia

View user's profile Send private message Send e-mail Visit poster's website

PostPosted: Mon Oct 19, 2009 9:52 pm     Reply with quote

If you look at the stated objective of the Tiny Bootloader, its primary objective was to make the code as small as possible. Porting to CCS would double the size and you would still be dependent of the PC programmer application.
_________________
Regards, Andrew

http://www.brushelectronics.com/software
Home of Ethernet, SD card and Encrypted Serial Bootloaders for PICs!!
treitmey



Joined: 23 Jan 2004
Posts: 1094
Location: Appleton,WI USA

View user's profile Send private message Visit poster's website

PostPosted: Tue Oct 20, 2009 8:04 am     Reply with quote

Yes, I understand the concerns. And I think most of the port may be
simple #asm statements, and #org to put it in the right area.

My goal was to make it easier to understand, while producing the exact
same hex.


Well the history is I was trying to add an TX enable.
I'm ashamed to say I had a lot of difficulty.
I also was trying the ds30 loader.
http://mrmackey.no-ip.org/elektronik/ds30loader/
And I was having a lot of difficulty.

I figure many more people will embrace the bootloader if they see
its design(in C) and understand how it works. They may even be
able to make easy changes(TXE) without help.

I have been given permission to reverse eng. it by the author.

Yes, it is OK to use that code for whatever purposes, to learn from it,
rewrite in another language (CCS) and make it available to others.
Claudiu dot Chiculita at ugal dot ro


So.....
The first step was to get any type of code compiling without the CCS startup code.
and perhaps get it to #org in the proper area.

also any thoughts,.. Will I have to compile ccs then assemble with mpasm.

This is all very new. Sorry for the ignorance.


Last edited by treitmey on Tue Oct 20, 2009 8:15 am; edited 1 time in total
treitmey



Joined: 23 Jan 2004
Posts: 1094
Location: Appleton,WI USA

View user's profile Send private message Visit poster's website

PostPosted: Tue Oct 20, 2009 8:11 am     Reply with quote

Maybe this isn't a worthwhile project.
After several days I think I understand much of the asm.
And there are many comments.
Perhaps I should just move on.
I've got my TXE working, thanks to
Mark Weir's code.

Consider the thread closed.
Guest








PostPosted: Tue Oct 20, 2009 9:54 am     Reply with quote

I think it's a good idea to make a real small C code loader. The loader must import standard bin hex file, just as tiny loader...
The one CCS made is real bad stuff!
treitmey



Joined: 23 Jan 2004
Posts: 1094
Location: Appleton,WI USA

View user's profile Send private message Visit poster's website

PostPosted: Tue Oct 20, 2009 10:37 am     Reply with quote

Look at ds30 loader. The link is above.
In hindsight I think my problems with ds30loader were because of a
beta release that was hanging on eeprom write.
I think he fixed that now.
ckielstra



Joined: 18 Mar 2004
Posts: 3680
Location: The Netherlands

View user's profile Send private message

PostPosted: Tue Oct 20, 2009 12:27 pm     Reply with quote

Anonymous wrote:
I think it's a good idea to make a real small C code loader. The loader must import standard bin hex file, just as tiny loader...
The Tiny bootloader does not import standard bin hex files, that's one of the reasons why it can be so tiny. Reading the file and converting to bin is done by the special PC program (and this source code is not provided).

Quote:
The one CCS made is real bad stuff!
I don't think it is so bad. It is just lacking a good 'how-to' document describing how to use it.
Guest








PostPosted: Tue Oct 20, 2009 1:00 pm     Reply with quote

I just make a test, and:

1) loader changed to my OSC!
2) I burn it to the PIC.
3) Starting the pc loader. It found the right devices 18F26j11.
4) Upload a test program, but here the pc program crash at the end of the verifying process?

Not good?
ckielstra



Joined: 18 Mar 2004
Posts: 3680
Location: The Netherlands

View user's profile Send private message

PostPosted: Thu Oct 22, 2009 3:23 am     Reply with quote

Anonymous guest: Which bootloader are you testing?
You mention a PC loader program. The CCS bootloader does not use such a program.

My guess is you tried the Tiny bootloader? If that's true then go for help to the Tiny Bootloader website. The source code of the Tiny Bootloader PC program is not public so we can not help you.
Gonzalo
Guest







Cracking TinyPICbld
PostPosted: Mon Jan 11, 2010 4:01 pm     Reply with quote

I spent some time years ago, using a freeware serial port monitor to sniff serial traffic between the PC s/w and PC bootloader. Seems like something completely feasible for doing with any Java, C or VB app.

I remember a dialogue much like this:
1- PC: burst of C1h bytes // a sort of ping, with rate and timeout defined by PC sw
2- PIC: 2K // PIC acknowledge command
3- PC: Send binary bytes of HEX file, in chunks of 16xn bytes, exactly as seen in hex file.
4- PIC: Send same ACK command upon successfully writing each chunk in Flash, and ready to accept the next one // much like XON/XOFF protocol

That's all. PC sw might scan the hex file to check if there's a B/L overwritting risk.

Gonzalo
Display posts from previous:   
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group