Download: buspirate.v0c.zip
A few weeks ago we wrote about our Bus Pirate universal serial interface tool. We used the recent holiday to add some new features, like a JTAG programmer, macros, frequency measurement, and more. A major code reorganization makes everything simpler to read and update.
Check out the a demonstration of the new features below. We’re compiling a roadmap and wish list, so share your ideas in the comments. You can also see how we used the Bus Pirate to read a smart card and test-drive an I2C crystal oscillator.
New protocols
I2C>m <–setup mode
1. HiZ <– high impedance pins (safe mode)
2. 1-WIRE <– not ready for this release
3. uart
4. I2C
5. SPI
6. JTAG <– interface and programmer
7. RAW2WIRE
8. RAW3WIRE
MODE>1
900 Mod Seti
HiZ>
This firmware release lists three new protocols.
Hi-Z makes all pins high impedance/input, a safe state that won’t damage an attached circuit. To be safe, the Bus Pirate now starts in this mode.
1-Wire is listed, but we couldn’t include it in this release because we still don’t have any parts to test with our library. This is just a placeholder for now, but it will be added as soon as we get a 1-Wire part to test.
We wrote a simplified JTAG interface that includes a XSVF player for programming JTAG device chains.
**We included a hardware I2C library, but according to the device errata there’s a bug in the 24FJ64GA002 rev3 I2C module. This will work with a different chip (e.g. a 28pin dsPIC33).
Connection table
TOPLU İĞNE
1-Wire
I2C*
SPI**
RS232
JTAG
B9
Sda
Sda
Musi
–
TDI
B8
–
SCL
CLK
–
TCK
B7
–
–
MİSO
RX
TDO
B6
–
–
Cs
TX
TMS
B5
Aux
Aux
Aux
Aux
Aux
Zemin
Gnd
Gnd
Gnd
Gnd
Gnd
*also raw 2 wire. **also raw 3 wire.
The new modes connect to the Bus Pirate as described in the table.
New features and settings
Frequency measurement
HiZ>F <– do a frequency count 9xx FREQ count ON AUX: 22199552Hz (22MHz) HiZ>
As seen in the DS1077 demonstration, we added a frequency counter to the Bus Pirate’s AUX pin. ‘F’ steps frequency, maximum of about 50MHz.
Assign axillary control
HiZ>c <– menu c AUX PIN 1. AUX (DEFAULT) 2. CS/TMS MODE>1 <– set AUX control mode 9xx AUX: DEFAULT setting (AUX PIN) HiZ>
Sometimes we need to control the chip select (CS) /JTAG state device (TMS) pins manually. ‘c’ toggles the pin control between the axillary pin and the chip select pin.
Set terminal speed
HiZ>b <– menu b Set serial port speed: (bps) 1. 300 ... 9. 115200 SPEED>9 <– set speed Adjust your terminal and press space to continue HiZ>
‘b’ adjusts the PC-side serial port speed.
Macros
A new syntax addition, ‘(#)’, triggers protocol dependent macros.
JTAG>(0) <–macro 0 0.Macro Menüsü 1.Reset chain 2.Probe chain 3.XSVF player Jtag>
In any mode, use the macro (0) to display a menu of available macros.
I2C address search
I2C>(1) <–scan I2C addresses macro XXX 7bit I2C adres alanı aranıyor. Bulunan cihazlar: 0xB0 0xB1 <–DS1077 responds to write and read address I2C>
The I2C library includes a macro to automatically search the I2C address range for devices. helpful when you work with an unknown chip.
Raw2wire smart card ISO 7813-3 ATR
RAW2WIRE>(1)<–ATR and decode macro ISO 7813-3 ATR 950 AUX LOW 951 AUX HIGH 4xx RAW2WIRE 0x01 CLOCK TICKS 950 AUX LOW ISO 7813-3 reply: 0xA2 0x13 0x10 0x91<–ATR bytes Protocol: 2 wire <–decoded ATR data Read type: to end<– Data units: 256 <– Data unit length: 8 bits <– RAW2WIRE>
Macro 1 resets and identifies a smart card. For much more about the ISO7813-3 ATR, see how we used the Bus Pirate to read a smart card.
JTAG
JTAG is a debugging and programming interface for all kinds of electronics. The raw hardware interface can be accessed with the Bus Pirate’s raw 3 wire library, but we added a few features to make it much easier.
JTAG has different modes where data entry does different things. Modes are navigated with the JTAG TMS signal; there are a bunch of JTAG modes, called states.The Bus Pirate’s JTAG library is just the raw 3 wire library, enhanced to help with JTAG state changes.
We only implemented the JTAG states we need to get data in and out of a JTAG device chain: reset, idle, data register, and instruction register. Macro (1) issues a JTAG chain reset, and initializes the chain to the idle state. { puts the JTAG chain in data register mode. [ puts the chain in instruction register mode. ] or } return the chain to the idle state. The Bus Pirate has an internal state device tracker that is smart enough to manage the chain without explicitly returning the chain to idle; in other words, you don’t have to close your tags. The state device tracker reports every state change to help debug problems.
JTAG>[0xfe {rrrr} <– same as [0xfe]{rrrr}
xxx JTAGSM: already IDLE
XXX JTAGSM: İdare-> Öğretim Kayıtları (TMS için bir bit gecikti)
610 JTAG ready TO write IR <– JTAG chain instruction register
620 JTAG WRITE: 0xFE <– request ID
xxx JTAGSM: (WROTE delayed BIT) IR->IDLE <–back to IDLE
xxx JTAGSM: IDLE->Data Register <–IDLE to data register
611 JTAG ready TO READ/WRITE DR
630 JTAG READ: 0x93 <–device ID
630 JTAG READ: 0x40
630 JTAG READ: 0x60
630 JTAG READ: 0x59
xxx JTAGSM: DR->IDLE <–back to idle
640 JTAG IDLE
Jtag>
Here is a short interaction with a Xilinx XC9572 CPLD. We go to the instruction register ( [ ), and send the device ID request command (0xfe). Then, we go the the data register( { ), read four bytes (rrrr, or r:4 shorthand), and return to idle ( } ).
What are delayed bit writes?
JTAG requires that the last data bit written to the instruction register be entered at the same time as the state change. because the Bus Pirate has no way of predicting when we’ll actually change states, it delays the last bit of each byte write until one of three things happens:
Exit the instruction register with a }, ], or { command
Write another byte value
A read command
Pending bits are not cleared by bitwise operations (like ! or ^). Do these before writing your last byte, or change the code. We haven’t implemented pending writes to the data register, but it’s probably needed. You might need to execute this if you’re writing the data register, rather just reading, like we did.
JTAG Macros
JTAG>(1) <–macro 1
xxx jtagsm: sıfırlama
xxx jtagsm: reset-> rölanti
Jtag>
JTAG macro (1) resets the JTAG chain and then advances it to the idle state.
JTAG>(2) <–macro 2
xxx jtag init zinciri
xxx jtagsm: sıfırlama
xxx jtagsm: reset-> rölanti
XXX JTAGSM: İdare-> Öğretim Kayıtları (TMS için bir bit gecikti)
XXX JTAGSM: IR-> Boşta
XXX JTAGSM: İDLİ-> Veri Kaydı
XXX JTAGSM: DR-> Boşta
xxx jtagsm: sıfırlama
xxx jtagsm: reset-> rölanti
XXX JTAGSM: İDLİ-> Veri Kaydı
xxx JTAG CHAIN REPORT: <–start of report
0x01 cihaz (lar)
#0x01 : 0x93 0x40 0x60 0x59 <–device IDs
XXX JTAGSM: DR-> Boşta
Jtag>
Macro (2) resets the chain, counts the devices, and reports all the device IDs.
JTAG>(3) <–macro 3 6xx JTAG XSVF PLAYER xxx XON/XOFF flow control required <–required! xxx press z TO continue <– press z xxx begin XSVF submit <– submit the file 6×0 XSVF ok <– result or error YOUR PC DRIBBLED MAX 0x05 BYTES AFTER XOFF (THAT’S OK) 6xx press z 5 TIMES TO continue <– continue Jtag>
Macro 3 is an XSVF player/programmer using code from Xilinx. XSVF is byte format SVF, as described by Xilinx (pdf). XSVF files can be compiled for any chain with the appropriate generic JTAG definition files, even non-Xilinx devices. We successfully used the binary transfer features in Hercules and Tera Term to send XSVF files to the programmer.
JTAG in some cases pauses longer than it takes the PC to transfer a byte of data, so we implemented XON/XOFF software flow control for the XSVF player. Your terminal should be in XON/XOFF flow control mode before you submit the XSVF file, or the programmer will fail. even with software flow control, a modern PC has already send several bytes through the layers of operating system before it receives the flow control signals. We deal with this by catching these bytes before moving on, this is reported as the maximum number of bytes “dribbled”.
If there’s an error in the upload, the PC will probably continue to spit bytes at the Bus Pirate. To keep error messages visible, and avoid garbage in the terminal, the XSVF player waits for five lower case z’s before it returns to the prompt. We chose this sequence because it will never occur in an XSVF file.
*Note that the XSVF player does not respect the JTAG Hi-Z pin setting. Went it does, it fails. Be careful mixing voltages without a buffer.
Better code structure
The most significant difference between the version 0b and 0c firmware is a massive improvement in code structure. The Bus Pirate existed in numerous incarnations before we packaged it for the initial article. v.0c harmonizes the code libraries and makes it simpler to add new protocols.
How to add a customized protocol
The Bus Pirate code handles the user interface, and passes two variables to the active protocol library. The first variable is a command, such as CMD_READ, CMD_READBULK, or CMD_WRITE. The entire command set is defined in base.h. The second variable is an optional value. A easy CMD_READ command passes no value, a bulk read command passes the number of bytes to read, a write command passes the value to write to the bus, etc. At minimum, a customized protocol needs a function to receive these variables and translate them to bus actions.
We used three different techniques to link commands to bus actions. easy code can go directly in a huge switch statement, like SPI.c. external libraries use an single linking function, like I2C.c, and m_i2c_1.c. much more complicated protocols use the switch statement to call functions included in the library (raw2wire.c, raw3wire.c, jtag.c UART.c). helpful functions for terminal IO are included in base.h/c.
Due to massive code improvements, it’s now only mildly confusing to register a new protocol with the Bus Pirate:
base.h – create a dprotokol için efinition. Son giriş şu anda “#DEFINE RAW3WIRE 7” dir, bu nedenle bir sonraki giriş “#define mycustomwire 8” olabilir.
Buspirate.c – İşleme fonksiyonuna erişim sağlayan bir başlık dosyası dahildir. CHAR * MODE [] = değişken listesine bir menü girişi ekleyin. Menü girişi, listedeki aynı konumda, temel olarak atanan sayı olarak olmalıdır. MyCustomWire 8 numaralı ise, mod değişkeninde sekiz giriş olmalıdır. Son olarak, mod “MyCustomwire” olarak ayarlandığında, özelleştirilmiş kütüphane işleme rutinini çağıran BPProcess () işlevine ek bir anahtar ekleyin.
Almakla birlikte: bir günlük dilek listesi kesmek
Üç dilek listesine girdiğimiz geri bildirimleri derledik: protokoller, özellikler ve makrolar.
Protokoller
1 tire, numaralandırma ile (* Test etmek için parçalarımız var çıkmaz hazır)
OBD-II (teşekkürler [Shadyman])
OLABİLMEK
MIDI (Wikipedia)
Dmx512-a
IRDA, RC5X, vb.
Bazı protokoller harici bir alıcı-verici gerektirecektir.
Özellikler
Darbe genişliği modülatörü, frekans jeneratörü
“Interrupt’a kadar bekle” komutu
Capture periferik girişi için frekans ölçümünü dönüştürün
Herhangi bir pim üzerinde frekans ölçümüne izin ver
Geçerli yapılandırma ayarları ve PIN durumlarının bir raporunu gösterin.
Tamsayı toplu okuma, saat keneler, gecikmeler vb. İçin değerleri tekrarlayın.
Bir CRC jeneratörü
Makrolar
Şeffaf UART Köprüsü
SD Kart Başlatma, Meta Veri Ekstresi ve Dökümü
EEPROM Programı / Dökümü (I2C / SPI)
Nokia 6100 LCD Başlatma, Kontrol
NMEA GPS veri kod çözücü
Listeye ekleyecek bir şeyin var mı?
Firmware İndir: buspirate.v0c.zip