HydraFW Binary SPI mode guide

#HydraFW binary SPI mode guide

This guide is updated towards development firmware

##Commands Once the SPI mode has been selected, the following commands are available :

• 0b00000000 Return to main mode. Returns BBIO1
• 0b00000010 Puts the CS pin low. Returns 0x01
• 0b00000011 Puts the CS pin high. Returns 0x01
• 0b00000100 Write-then-read (see below).
• 0b00000101 Write-then-read with no chip select (see below).
• 0b00001101 Sniff all SPI trafic (see below).
• 0b00001110 Sniff SPI data when CS is low.
• 0b00001111 Sniff SPI data when CS is high.
• 0b0001xxxx Bulk SPI transfer.
• 0b01000000 configure peripherals.
• 0b01100xxx Set SPI speed.
• 0b10000xy0 Configure SPI port.

##Command details ###Write-then-read operation (0b00000100 - 0b00000101) This command is used to send at most 4096 bytes and will read at most 4096 bytes of data. Format :

Byte 1           2          3          4          5         6        ...
|----------|----------|----------|----------|----------|----------|------...
 [command]    [Bytes to write]      [Bytes to read]       [Data to write

The bytes to read/write are in little-endian format. All data will be buffered before being sent to the SPI bus. Read data will also be buffered on the Hydrabus before being sent back to the user. In normal mode (0b00000100), CS is pulled low before sending the data. In no CS mode (0b00000101), the CS pin is not driven at all.

More information can be found here : http://dangerousprototypes.com/docs/SPI_(binary)#00000100_-_Write_then_read

###SPI sniffer (0b00001101 - 0b00001110 - 0b00001111) To be done

###Bulk SPI transfer (0b0001xxxx) In this mode, the last 4 bits of the command define the number of bytes to write (from 1 to 16) (Command 0b00010000 will send 1 byte). The same number of bytes will be read and sent back to the user. Hydrabus will wait for the defined number of bytes, send a 0x01 (acknowledge) then the read bytes.

###Set SPI speed (0b01100xxx) This command sets the SPI device bitrate. The three last bits will select the speed (int bits/sec) within the following list :

• 0b000 => 320000
• 0b001 => 650000
• 0b010 => 1310000
• 0b011 => 2620000
• 0b100 => 5250000
• 0b101 => 10500000
• 0b110 => 21000000
• 0b111 => 42000000

This commands returns 0x01 if successful, 0x00 in case of error.

###Configure SPI port (0b10000xy0) This allows to set the following parameters :

• x sets the polarity value
• y sets the clock phase

See https://github.com/bvernoux/hydrafw/wiki/HydraFW-SPI-guide for explanation.

This commands returns 0x01 if successful, 0x00 in case of error.

##Example script The following python script can be used to read 4096 bytes from a SPI EEPROM :

import hexdump
import serial
import struct

#Open serial port
ser = serial.Serial('/dev/ttyACM0', 115200)

#Open binary mode
for i in xrange(20):
    ser.write("\x00")
if "BBIO1" not in ser.read(5):
    print "Could not get into binary mode"
    quit()

# Switching to SPI mode
ser.write('\x01')
if "SPI1" not in  ser.read(4):
    print "Cannot set SPI mode"
    quit()

# Reading information
while (addr < 4096*size):
#Write-then-read. 4 bytes to write, 4096 bytes to read 
ser.write('\x04\x00\x04\x10\x00')
#Read command(\x03) and starting address (\x00\x00\x00)
ser.write('\x03\x00\x00\x00')
#Hydrabus will send \x01 in case of success...
ser.read(1)
#...followed by 4096 read bytes
buff += ser.read(4096)

print hexdump.hexdump(buff)

#Return to main binary mode
ser.write('\x00')
#reset to console mode
ser.write('\x0F\n')