bluez5_utils-5.62/tools/bluemoon.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 *
 *  BlueZ - Bluetooth protocol stack for Linux
 *
 *  Copyright (C) 2012  Intel Corporation. All rights reserved.
 *
 *
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <ctype.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <getopt.h>
#include <sys/stat.h>
#include <sys/param.h>

#include "monitor/bt.h"
#include "src/shared/mainloop.h"
#include "src/shared/util.h"
#include "src/shared/hci.h"

#define CMD_RESET		0xfc01
struct cmd_reset {
	uint8_t  reset_type;
	uint8_t  patch_enable;
	uint8_t  otp_ddc_reload;
	uint8_t  boot_option;
	uint32_t boot_addr;
} __attribute__ ((packed));

#define CMD_NO_OPERATION	0xfc02

#define CMD_READ_VERSION	0xfc05
struct rsp_read_version {
	uint8_t  status;
	uint8_t  hw_platform;
	uint8_t  hw_variant;
	uint8_t  hw_revision;
	uint8_t  fw_variant;
	uint8_t  fw_revision;
	uint8_t  fw_build_nn;
	uint8_t  fw_build_cw;
	uint8_t  fw_build_yy;
	uint8_t  fw_patch;
} __attribute__ ((packed));

#define CMD_READ_BOOT_PARAMS	0xfc0d
struct rsp_read_boot_params {
	uint8_t  status;
	uint8_t  otp_format;
	uint8_t  otp_content;
	uint8_t  otp_patch;
	uint16_t dev_revid;
	uint8_t  secure_boot;
	uint8_t  key_from_hdr;
	uint8_t  key_type;
	uint8_t  otp_lock;
	uint8_t  api_lock;
	uint8_t  debug_lock;
	uint8_t  otp_bdaddr[6];
	uint8_t  min_fw_build_nn;
	uint8_t  min_fw_build_cw;
	uint8_t  min_fw_build_yy;
	uint8_t  limited_cce;
	uint8_t  unlocked_state;
} __attribute__ ((packed));

#define CMD_WRITE_BOOT_PARAMS	0xfc0e
struct cmd_write_boot_params {
	uint32_t boot_addr;
	uint8_t  fw_build_nn;
	uint8_t  fw_build_cw;
	uint8_t  fw_build_yy;
} __attribute__ ((packed));

#define CMD_MANUFACTURER_MODE	0xfc11
struct cmd_manufacturer_mode {
	uint8_t  mode_switch;
	uint8_t  reset;
} __attribute__ ((packed));

#define CMD_WRITE_BD_DATA	0xfc2f
struct cmd_write_bd_data {
	uint8_t  bdaddr[6];
	uint8_t  reserved1[6];
	uint8_t  features[8];
	uint8_t  le_features;
	uint8_t  reserved2[32];
	uint8_t  lmp_version;
	uint8_t  reserved3[26];
} __attribute__ ((packed));

#define CMD_READ_BD_DATA	0xfc30
struct rsp_read_bd_data {
	uint8_t  status;
	uint8_t  bdaddr[6];
	uint8_t  reserved1[6];
	uint8_t  features[8];
	uint8_t  le_features;
	uint8_t  reserved2[32];
	uint8_t  lmp_version;
	uint8_t  reserved3[26];
} __attribute__ ((packed));

#define CMD_WRITE_BD_ADDRESS	0xfc31
struct cmd_write_bd_address {
	uint8_t  bdaddr[6];
} __attribute__ ((packed));

#define CMD_ACT_DEACT_TRACES	0xfc43
struct cmd_act_deact_traces {
	uint8_t  tx_trace;
	uint8_t  tx_arq;
	uint8_t  rx_trace;
} __attribute__ ((packed));

#define CMD_TRIGGER_EXCEPTION	0xfc4d
struct cmd_trigger_exception {
	uint8_t  type;
} __attribute__ ((packed));

#define CMD_DDC_CONFIG_WRITE	0xfc8b

#define CMD_MEMORY_WRITE	0xfc8e

static struct bt_hci *hci_dev;
static uint16_t hci_index = 0;

#define FIRMWARE_BASE_PATH "/lib/firmware"

static bool set_bdaddr = false;
static const char *set_bdaddr_value = NULL;
static bool get_bddata = false;
static bool load_firmware = false;
static const char *load_firmware_value = NULL;
static uint8_t *firmware_data = NULL;
static size_t firmware_size = 0;
static size_t firmware_offset = 0;
static bool check_firmware = false;
static const char *check_firmware_value = NULL;
uint8_t manufacturer_mode_reset = 0x00;
static bool use_manufacturer_mode = false;
static bool set_traces = false;
static bool set_exception = false;
static bool reset_on_exit = false;
static bool cold_boot = false;

static void reset_complete(const void *data, uint8_t size, void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to reset (0x%02x)\n", status);
		mainloop_quit();
		return;
	}

	mainloop_quit();
}

static void cold_boot_complete(const void *data, uint8_t size, void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to cold boot (0x%02x)\n", status);
		mainloop_quit();
		return;
	}

	if (reset_on_exit) {
		bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
						reset_complete, NULL, NULL);
		return;
	}

	mainloop_quit();
}

static void leave_manufacturer_mode_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to leave manufacturer mode (0x%02x)\n",
									status);
		mainloop_quit();
		return;
	}

	if (reset_on_exit) {
		bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
						reset_complete, NULL, NULL);
		return;
	}

	mainloop_quit();
}

static void shutdown_device(void)
{
	bt_hci_flush(hci_dev);

	free(firmware_data);

	if (use_manufacturer_mode) {
		struct cmd_manufacturer_mode cmd;

		cmd.mode_switch = 0x00;
		cmd.reset = manufacturer_mode_reset;

		bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
				leave_manufacturer_mode_complete, NULL, NULL);
		return;
	}

	if (reset_on_exit) {
		bt_hci_send(hci_dev, BT_HCI_CMD_RESET, NULL, 0,
						reset_complete, NULL, NULL);
		return;
	}

	mainloop_quit();
}

static void write_bd_address_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to write address (0x%02x)\n", status);
		mainloop_quit();
		return;
	}

	shutdown_device();
}

static void read_bd_addr_complete(const void *data, uint8_t size,
							void *user_data)
{
	const struct bt_hci_rsp_read_bd_addr *rsp = data;
	struct cmd_write_bd_address cmd;

	if (rsp->status) {
		fprintf(stderr, "Failed to read address (0x%02x)\n",
							rsp->status);
		mainloop_quit();
		shutdown_device();
		return;
	}

	if (set_bdaddr_value) {
		fprintf(stderr, "Setting address is not supported\n");
		mainloop_quit();
		return;
	}

	printf("Controller Address\n");
	printf("\tOld BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
					rsp->bdaddr[5], rsp->bdaddr[4],
					rsp->bdaddr[3], rsp->bdaddr[2],
					rsp->bdaddr[1], rsp->bdaddr[0]);

	memcpy(cmd.bdaddr, rsp->bdaddr, 6);
	cmd.bdaddr[0] = (hci_index & 0xff);

	printf("\tNew BD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
					cmd.bdaddr[5], cmd.bdaddr[4],
					cmd.bdaddr[3], cmd.bdaddr[2],
					cmd.bdaddr[1], cmd.bdaddr[0]);

	bt_hci_send(hci_dev, CMD_WRITE_BD_ADDRESS, &cmd, sizeof(cmd),
					write_bd_address_complete, NULL, NULL);
}

static void act_deact_traces_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to activate traces (0x%02x)\n", status);
		shutdown_device();
		return;
	}

	shutdown_device();
}

static void act_deact_traces(void)
{
	struct cmd_act_deact_traces cmd;

	cmd.tx_trace = 0x03;
	cmd.tx_arq = 0x03;
	cmd.rx_trace = 0x03;

	bt_hci_send(hci_dev, CMD_ACT_DEACT_TRACES, &cmd, sizeof(cmd),
					act_deact_traces_complete, NULL, NULL);
}

static void trigger_exception(void)
{
	struct cmd_trigger_exception cmd;

	cmd.type = 0x00;

	bt_hci_send(hci_dev, CMD_TRIGGER_EXCEPTION, &cmd, sizeof(cmd),
							NULL, NULL, NULL);

	shutdown_device();
}

static void write_bd_data_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to write data (0x%02x)\n", status);
		shutdown_device();
		return;
	}

	if (set_traces) {
		act_deact_traces();
		return;
	}

	shutdown_device();
}

static void read_bd_data_complete(const void *data, uint8_t size,
							void *user_data)
{
	const struct rsp_read_bd_data *rsp = data;

	if (rsp->status) {
		fprintf(stderr, "Failed to read data (0x%02x)\n", rsp->status);
		shutdown_device();
		return;
	}

	printf("Controller Data\n");
	printf("\tBD_ADDR: %2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X\n",
					rsp->bdaddr[5], rsp->bdaddr[4],
					rsp->bdaddr[3], rsp->bdaddr[2],
					rsp->bdaddr[1], rsp->bdaddr[0]);

	printf("\tLMP Version: %u\n", rsp->lmp_version);
	printf("\tLMP Features: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x"
					" 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
					rsp->features[0], rsp->features[1],
					rsp->features[2], rsp->features[3],
					rsp->features[4], rsp->features[5],
					rsp->features[6], rsp->features[7]);
	printf("\tLE Features: 0x%2.2x\n", rsp->le_features);

	if (set_bdaddr) {
		struct cmd_write_bd_data cmd;

		memcpy(cmd.bdaddr, rsp->bdaddr, 6);
		cmd.bdaddr[0] = (hci_index & 0xff);
		cmd.lmp_version = 0x07;
		memcpy(cmd.features, rsp->features, 8);
		cmd.le_features = rsp->le_features;
		cmd.le_features |= 0x1e;
		memcpy(cmd.reserved1, rsp->reserved1, sizeof(cmd.reserved1));
		memcpy(cmd.reserved2, rsp->reserved2, sizeof(cmd.reserved2));
		memcpy(cmd.reserved3, rsp->reserved3, sizeof(cmd.reserved3));

		bt_hci_send(hci_dev, CMD_WRITE_BD_DATA, &cmd, sizeof(cmd),
					write_bd_data_complete, NULL, NULL);
		return;
	}

	shutdown_device();
}

static void firmware_command_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to load firmware (0x%02x)\n", status);
		manufacturer_mode_reset = 0x01;
		shutdown_device();
		return;
	}

	if (firmware_offset >= firmware_size) {
		printf("Activating firmware\n");
		manufacturer_mode_reset = 0x02;
		shutdown_device();
		return;
	}

	if (firmware_data[firmware_offset] == 0x01) {
		uint16_t opcode;
		uint8_t dlen;

		opcode = firmware_data[firmware_offset + 2] << 8 |
					firmware_data[firmware_offset + 1];
		dlen = firmware_data[firmware_offset + 3];

		bt_hci_send(hci_dev, opcode, firmware_data +
						firmware_offset + 4, dlen,
					firmware_command_complete, NULL, NULL);

		firmware_offset += dlen + 4;

		if (firmware_data[firmware_offset] == 0x02) {
			dlen = firmware_data[firmware_offset + 2];
			firmware_offset += dlen + 3;
		}
	} else {
		fprintf(stderr, "Invalid packet in firmware\n");
		manufacturer_mode_reset = 0x01;
		shutdown_device();
	}

}

static void enter_manufacturer_mode_complete(const void *data, uint8_t size,
							void *user_data)
{
	uint8_t status = *((uint8_t *) data);

	if (status) {
		fprintf(stderr, "Failed to enter manufacturer mode (0x%02x)\n",
									status);
		mainloop_quit();
		return;
	}

	if (load_firmware) {
		uint8_t status = BT_HCI_ERR_SUCCESS;
		firmware_command_complete(&status, sizeof(status), NULL);
		return;
	}

	if (get_bddata || set_bdaddr) {
		bt_hci_send(hci_dev, CMD_READ_BD_DATA, NULL, 0,
					read_bd_data_complete, NULL, NULL);
		return;
	}

	if (set_traces) {
		act_deact_traces();
		return;
	}

	if (set_exception) {
		trigger_exception();
		return;
	}

	shutdown_device();
}

static void request_firmware(const char *path)
{
	unsigned int cmd_num = 0;
	unsigned int evt_num = 0;
	struct stat st;
	ssize_t len;
	int fd;

	fd = open(path, O_RDONLY);
	if (fd < 0) {
		fprintf(stderr, "Failed to open firmware %s\n", path);
		shutdown_device();
		return;
	}

	if (fstat(fd, &st) < 0) {
		fprintf(stderr, "Failed to get firmware size\n");
		close(fd);
		shutdown_device();
		return;
	}

	firmware_data = malloc(st.st_size);
	if (!firmware_data) {
		fprintf(stderr, "Failed to allocate firmware buffer\n");
		close(fd);
		shutdown_device();
		return;
	}

	len = read(fd, firmware_data, st.st_size);
	if (len < 0) {
		fprintf(stderr, "Failed to read firmware file\n");
		close(fd);
		shutdown_device();
		return;
	}

	close(fd);

	if (len < st.st_size) {
		fprintf(stderr, "Firmware size does not match buffer\n");
		shutdown_device();
		return;
	}

	firmware_size = len;

	if (firmware_data[0] == 0xff)
		firmware_offset = 1;

	while (firmware_offset < firmware_size) {
		uint16_t opcode;
		uint8_t evt, dlen;

		switch (firmware_data[firmware_offset]) {
		case 0x01:
			opcode = firmware_data[firmware_offset + 2] << 8 |
					firmware_data[firmware_offset + 1];
			dlen = firmware_data[firmware_offset + 3];

			if (opcode != CMD_MEMORY_WRITE)
				printf("Unexpected opcode 0x%02x\n", opcode);

			firmware_offset += dlen + 4;
			cmd_num++;
			break;

		case 0x02:
			evt = firmware_data[firmware_offset + 1];
			dlen = firmware_data[firmware_offset + 2];

			if (evt != BT_HCI_EVT_CMD_COMPLETE)
				printf("Unexpected event 0x%02x\n", evt);

			firmware_offset += dlen + 3;
			evt_num++;
			break;

		default:
			fprintf(stderr, "Invalid firmware file\n");
			shutdown_device();
			return;
		}
	}

	printf("Firmware with %u commands and %u events\n", cmd_num, evt_num);

	if (firmware_data[0] == 0xff)
		firmware_offset = 1;
}

static void read_boot_params_complete(const void *data, uint8_t size,
							void *user_data)
{
	const struct rsp_read_boot_params *rsp = data;

	if (rsp->status) {
		fprintf(stderr, "Failed to read boot params (0x%02x)\n",
							rsp->status);
		mainloop_quit();
		return;
	}

	if (size != sizeof(*rsp)) {
		fprintf(stderr, "Size mismatch for read boot params\n");
		mainloop_quit();
		return;
	}

	printf("Secure Boot Parameters\n");
	printf("\tOTP Format Version:\t%u\n", rsp->otp_format);
	printf("\tOTP Content Version:\t%u\n", rsp->otp_content);
	printf("\tOTP ROM Patch Version:\t%u\n", rsp->otp_patch);
	printf("\tDevice Revision ID:\t%u\n", le16_to_cpu(rsp->dev_revid));
	printf("\tSecure Boot Enable:\t%u\n", rsp->secure_boot);
	printf("\tTake Key From Header:\t%u\n", rsp->key_from_hdr);
	printf("\tRSA Key Type:\t\t%u\n", rsp->key_type);
	printf("\tOTP Lock:\t\t%u\n", rsp->otp_lock);
	printf("\tAPI Lock:\t\t%u\n", rsp->api_lock);
	printf("\tDebug Lock:\t\t%u\n", rsp->debug_lock);
	printf("\tMin FW Build Number:\t%u-%u.%u\n", rsp->min_fw_build_nn,
			rsp->min_fw_build_cw, 2000 + rsp->min_fw_build_yy);
	printf("\tLimited CCE to ISSC:\t%u\n", rsp->limited_cce);
	printf("\tUnlocked State:\t\t%u\n", rsp->unlocked_state);

	mainloop_quit();
}

static const struct {
	uint8_t val;
	const char *str;
} hw_variant_table[] = {
	{ 0x06, "iBT 1.1 (XG223)"	},
	{ 0x07, "iBT 2.0 (WP)"		},
	{ 0x08, "iBT 2.5 (StP)"		},
	{ 0x09, "iBT 1.5 (AG610)"	},
	{ 0x0a, "iBT 2.1 (AG620)"	},
	{ 0x0b, "iBT 3.0 (LnP)"		},
	{ 0x0c, "iBT 3.0 (WsP)"		},
	{ 0x11, "iBT 3.5 (JfP)"		},
	{ 0x12, "iBT 3.5 (ThP)"		},
	{ 0x13, "iBT 3.5 (HrP)"		},
	{ 0x14, "iBT 3.5 (CcP)"		},
	{ }
};

static const struct {
	uint8_t val;
	const char *str;
} fw_variant_table[] = {
	{ 0x01, "iBT 1.0 - iBT 2.5"	},
	{ 0x06, "iBT Bootloader"	},
	{ 0x23, "iBT 3.x Bluetooth FW"	},
	{ }
};

static void read_version_complete(const void *data, uint8_t size,
							void *user_data)
{
	const struct rsp_read_version *rsp = data;
	const char *str;
	int i;

	if (rsp->status) {
		fprintf(stderr, "Failed to read version (0x%02x)\n",
							rsp->status);
		mainloop_quit();
		return;
	}

	if (size != sizeof(*rsp)) {
		fprintf(stderr, "Size mismatch for read version response\n");
		mainloop_quit();
		return;
	}

	if (cold_boot) {
		struct cmd_reset cmd;

		cmd.reset_type = 0x01;
		cmd.patch_enable = 0x00;
		cmd.otp_ddc_reload = 0x01;
		cmd.boot_option = 0x00;
		cmd.boot_addr = cpu_to_le32(0x00000000);

		bt_hci_send(hci_dev, CMD_RESET, &cmd, sizeof(cmd),
					cold_boot_complete, NULL, NULL);
		return;
	}

	if (load_firmware) {
		/* This option is only supported for the legacy ROM produce,
		 * which can be identified by the fw_variant == 0x01
		 */
		if (rsp->fw_variant != 0x01) {
			printf("FW Variant: 0x%02x\n", rsp->fw_variant);
			fprintf(stderr, "This device is not supported\n");
			mainloop_quit();
			return;
		}

		if (load_firmware_value) {
			printf("Firmware: %s\n", load_firmware_value);
			request_firmware(load_firmware_value);
		} else {
			char fw_name[PATH_MAX];

			snprintf(fw_name, sizeof(fw_name),
				"%s/%s/ibt-hw-%x.%x.%x-fw-%x.%x.%x.%x.%x.bseq",
				FIRMWARE_BASE_PATH, "intel",
				rsp->hw_platform, rsp->hw_variant,
				rsp->hw_revision, rsp->fw_variant,
				rsp->fw_revision, rsp->fw_build_nn,
				rsp->fw_build_cw, rsp->fw_build_yy);

			printf("Firmware: %s\n", fw_name);
			printf("Patch level: %d\n", rsp->fw_patch);
			request_firmware(fw_name);
		}
	}

	if (use_manufacturer_mode) {
		struct cmd_manufacturer_mode cmd;

		cmd.mode_switch = 0x01;
		cmd.reset = 0x00;

		bt_hci_send(hci_dev, CMD_MANUFACTURER_MODE, &cmd, sizeof(cmd),
				enter_manufacturer_mode_complete, NULL, NULL);
		return;
	}

	if (set_bdaddr) {
		bt_hci_send(hci_dev, BT_HCI_CMD_READ_BD_ADDR, NULL, 0,
					read_bd_addr_complete, NULL, NULL);
		return;
	}

	printf("Controller Version Information\n");
	printf("\tHardware Platform:\t%u\n", rsp->hw_platform);

	str = "Reserved";

	for (i = 0; hw_variant_table[i].str; i++) {
		if (hw_variant_table[i].val == rsp->hw_variant) {
			str = hw_variant_table[i].str;
			break;
		}
	}

	printf("\tHardware Variant:\t%s (0x%02x)\n", str, rsp->hw_variant);
	printf("\tHardware Revision:\t%u.%u\n", rsp->hw_revision >> 4,
						rsp->hw_revision & 0x0f);

	str = "Reserved";

	for (i = 0; fw_variant_table[i].str; i++) {
		if (fw_variant_table[i].val == rsp->fw_variant) {
			str = fw_variant_table[i].str;
			break;
		}
	}

	printf("\tFirmware Variant:\t%s (0x%02x)\n", str, rsp->fw_variant);
	printf("\tFirmware Revision:\t%u.%u\n", rsp->fw_revision >> 4,
						rsp->fw_revision & 0x0f);
	printf("\tFirmware Build Number:\t%u-%u.%u\n", rsp->fw_build_nn,
				rsp->fw_build_cw, 2000 + rsp->fw_build_yy);
	printf("\tFirmware Patch Number:\t%u\n", rsp->fw_patch);

	if (rsp->hw_variant == 0x0b && rsp->fw_variant == 0x06) {
		bt_hci_send(hci_dev, CMD_READ_BOOT_PARAMS, NULL, 0,
					read_boot_params_complete, NULL, NULL);
		return;
	}

	mainloop_quit();
}

struct ddc {
	uint8_t  size;
	uint16_t id;
	uint8_t  value[0];
} __attribute__ ((packed));

static unsigned int analyze_ddc(uint8_t *data, ssize_t len)
{
	unsigned int ddc_num;
	ssize_t offset;
	struct ddc *ddc;

	ddc_num = 0;
	offset = 0;

	while (offset < len) {
		ddc = (void *)&data[offset];
		offset += ddc->size + 1;
		ddc_num++;
	}

	return ddc_num;
}

static void analyze_firmware_bseq(uint8_t *data, ssize_t len)
{
	struct cmd_write_bd_data *bddata = NULL;
	unsigned int cmd_num;
	unsigned int evt_num;
	unsigned int ddc_num;
	ssize_t offset;

	offset = 0;
	cmd_num = 0;
	evt_num = 0;
	ddc_num = 0;

	while (offset < len) {
		uint8_t type;
		struct bt_hci_cmd_hdr *cmd_hdr;
		struct bt_hci_evt_hdr *evt_hdr;

		type = data[offset];
		offset += 1;

		/* Command */
		if (type == 0x01) {
			cmd_hdr = (void *)&data[offset];

			if (cmd_hdr->opcode == CMD_WRITE_BD_DATA)
				bddata = (void *)&data[offset + 3];

			if (cmd_hdr->opcode == CMD_DDC_CONFIG_WRITE)
				ddc_num = analyze_ddc((void *)&data[offset + 3],
						      cmd_hdr->plen);

			offset += cmd_hdr->plen + sizeof(*cmd_hdr);
			cmd_num++;

		} else if (type == 0x02) {
			evt_hdr = (void *)&data[offset];
			offset += evt_hdr->plen + sizeof(*evt_hdr);
			evt_num++;
		} else {
			fprintf(stderr, "Unknown type: 0x%02x\n", type);
			return;
		}

	}

	printf("Command count:\t%d\n", cmd_num);
	printf("Event count:\t%d\n", evt_num);

	if (bddata) {
		printf("\n");
		printf("BD Data Configuration\n");
		printf("Features:\t%02X%02X %02X%02X %02X%02X %02X%02X\n",
		       bddata->features[7], bddata->features[6],
		       bddata->features[5], bddata->features[4],
		       bddata->features[3], bddata->features[2],
		       bddata->features[1], bddata->features[0]);
		printf("LE Features:\t%02x\n", bddata->le_features);
		printf("LMP Version:\t0x%02x\n", bddata->lmp_version);
	}

	if (ddc_num)
		printf("Total DDC:\t%d\n", ddc_num);
}

struct css_hdr {
	uint32_t module_type;
	uint32_t header_len;
	uint32_t header_version;
	uint32_t module_id;
	uint32_t module_vendor;
	uint32_t date;
	uint32_t size;
	uint32_t key_size;
	uint32_t modulus_size;
	uint32_t exponent_size;
	uint8_t  reserved[88];
} __attribute__ ((packed));

static void analyze_firmware(const char *path)
{
	unsigned int cmd_num = 0;
	struct css_hdr *css;
	const char *ext;
	struct stat st;
	ssize_t len;
	int fd;

	fd = open(path, O_RDONLY);
	if (fd < 0) {
		fprintf(stderr, "Failed to open firmware %s\n", path);
		return;
	}

	if (fstat(fd, &st) < 0) {
		fprintf(stderr, "Failed to get firmware size\n");
		close(fd);
		return;
	}

	firmware_data = malloc(st.st_size);
	if (!firmware_data) {
		fprintf(stderr, "Failed to allocate firmware buffer\n");
		close(fd);
		return;
	}

	len = read(fd, firmware_data, st.st_size);
	if (len < 0) {
		fprintf(stderr, "Failed to read firmware file\n");
		close(fd);
		goto done;
	}

	close(fd);

	if (len != st.st_size) {
		fprintf(stderr, "Failed to read complete firmware file\n");
		goto done;
	}

	/* Check the file extension for file type */
	ext = strrchr(path, '.');
	if (!ext) {
		fprintf(stderr, "Unable to get the file extension from path\n");
		goto done;
	}

	if (!strncmp(ext, ".ddc", 4)) {
		printf("Firmware file type: DDC file\n\n");
		cmd_num = analyze_ddc(firmware_data, len);
		printf("Total DDC:\t%d\n", cmd_num);
		goto done;

	} else if (!strncmp(ext, ".bseq", 5)) {
		printf("Firmware file type: BSEQ file\n\n");
		analyze_firmware_bseq(firmware_data, len);
		goto done;

	} else if (!strncmp(ext, ".sfi", 4))
		printf("Firmware file type: SFI file\n\n");

	else {
		fprintf(stderr, "Unknown file extension: %s\n", ext);
		goto done;
	}

	if ((size_t) len < sizeof(*css)) {
		fprintf(stderr, "Firmware file is too short\n");
		goto done;
	}

	css = (void *) firmware_data;

	printf("Module type:\t%u\n", le32_to_cpu(css->module_type));
	printf("Header len:\t%u DWORDs / %u bytes\n",
				le32_to_cpu(css->header_len),
				le32_to_cpu(css->header_len) * 4);
	printf("Header version:\t%u.%u\n",
				le32_to_cpu(css->header_version) >> 16,
				le32_to_cpu(css->header_version) & 0xffff);
	printf("Module ID:\t%u\n", le32_to_cpu(css->module_id));
	printf("Module vendor:\t0x%x\n", le32_to_cpu(css->module_vendor));
	printf("Date:\t\t%04x-%02x-%02x\n", le32_to_cpu(css->date) >> 16,
				le32_to_cpu(css->date) >> 8 & 0xff,
				le32_to_cpu(css->date) & 0xff);
	printf("Size:\t\t%u DWORDs / %u bytes\n", le32_to_cpu(css->size),
						le32_to_cpu(css->size) * 4);
	printf("Key size:\t%u DWORDs / %u bytes\n",
					le32_to_cpu(css->key_size),
					le32_to_cpu(css->key_size) * 4);
	printf("Modulus size:\t%u DWORDs / %u bytes\n",
					le32_to_cpu(css->modulus_size),
					le32_to_cpu(css->modulus_size) * 4);
	printf("Exponent size:\t%u DWORDs / %u bytes\n",
					le32_to_cpu(css->exponent_size),
					le32_to_cpu(css->exponent_size) * 4);
	printf("\n");


	if ((size_t) len != le32_to_cpu(css->size) * 4) {
		fprintf(stderr, "CSS.size does not match file length\n");
		goto done;
	}

	if (le32_to_cpu(css->header_len) != (sizeof(*css) / 4) +
					le32_to_cpu(css->key_size) +
					le32_to_cpu(css->modulus_size) +
					le32_to_cpu(css->exponent_size)) {
		fprintf(stderr, "CSS.headerLen does not match data sizes\n");
		goto done;
	}

	firmware_size = le32_to_cpu(css->size) * 4;
	firmware_offset = le32_to_cpu(css->header_len) * 4;

	while (firmware_offset < firmware_size) {
		uint16_t opcode;
		uint8_t dlen;
		struct cmd_write_boot_params *params;

		opcode = get_le16(firmware_data + firmware_offset);
		dlen = firmware_data[firmware_offset + 2];

		switch (opcode) {
		case CMD_WRITE_BOOT_PARAMS:
			params = (void *)&firmware_data[firmware_offset + 3];
			printf("Boot Parameters\n");
			printf("Boot Address:\t0x%08x\n",
					le32_to_cpu(params->boot_addr));
			printf("Firmware build:\t%u-%u.%u\n",
					params->fw_build_nn,
					params->fw_build_cw,
					2000 + params->fw_build_yy);
			printf("\n");
		case CMD_NO_OPERATION:
		case CMD_MEMORY_WRITE:
			break;
		default:
			printf("Unexpected opcode 0x%02x\n", opcode);
			break;
		}

		firmware_offset += dlen + 3;
		cmd_num++;
	}

	printf("Firmware with %u commands\n", cmd_num);

done:
	free(firmware_data);
}

static void signal_callback(int signum, void *user_data)
{
	switch (signum) {
	case SIGINT:
	case SIGTERM:
		mainloop_quit();
		break;
	}
}

static void usage(void)
{
	printf("bluemoon - Bluemoon configuration utility\n"
		"Usage:\n");
	printf("\tbluemoon [options]\n");
	printf("Options:\n"
		"\t-A, --bdaddr [addr]    Set Bluetooth address\n"
		"\t-F, --firmware [file]  Load firmware\n"
		"\t-C, --check <file>     Check firmware image\n"
		"\t-R, --reset            Reset controller\n"
		"\t-B, --coldboot         Cold boot controller\n"
		"\t-E, --exception        Trigger exception\n"
		"\t-i, --index <num>      Use specified controller\n"
		"\t-h, --help             Show help options\n");
}

static const struct option main_options[] = {
	{ "bdaddr",   optional_argument, NULL, 'A' },
	{ "bddata",   no_argument,       NULL, 'D' },
	{ "firmware", optional_argument, NULL, 'F' },
	{ "check",    required_argument, NULL, 'C' },
	{ "traces",   no_argument,       NULL, 'T' },
	{ "reset",    no_argument,       NULL, 'R' },
	{ "coldboot", no_argument,       NULL, 'B' },
	{ "exception",no_argument,       NULL, 'E' },
	{ "index",    required_argument, NULL, 'i' },
	{ "raw",      no_argument,       NULL, 'r' },
	{ "version",  no_argument,       NULL, 'v' },
	{ "help",     no_argument,       NULL, 'h' },
	{ }
};

int main(int argc, char *argv[])
{
	const char *str;
	bool use_raw = false;
	int exit_status;

	for (;;) {
		int opt;

		opt = getopt_long(argc, argv, "A::DF::C:TRBEi:rvh",
						main_options, NULL);
		if (opt < 0)
			break;

		switch (opt) {
		case 'A':
			if (optarg)
				set_bdaddr_value = optarg;
			set_bdaddr = true;
			break;
		case 'D':
			use_manufacturer_mode = true;
			get_bddata = true;
			break;
		case 'F':
			use_manufacturer_mode = true;
			if (optarg)
				load_firmware_value = optarg;
			load_firmware = true;
			break;
		case 'C':
			check_firmware_value = optarg;
			check_firmware = true;
			break;
		case 'E':
			use_manufacturer_mode = true;
			set_exception = true;
			break;
		case 'T':
			use_manufacturer_mode = true;
			set_traces = true;
			break;
		case 'R':
			reset_on_exit = true;
			break;
		case 'B':
			cold_boot = true;
			break;
		case 'i':
			if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
				str = optarg + 3;
			else
				str = optarg;
			if (!isdigit(*str)) {
				usage();
				return EXIT_FAILURE;
			}
			hci_index = atoi(str);
			break;
		case 'r':
			use_raw = true;
			break;
		case 'v':
			printf("%s\n", VERSION);
			return EXIT_SUCCESS;
		case 'h':
			usage();
			return EXIT_SUCCESS;
		default:
			return EXIT_FAILURE;
		}
	}

	if (argc - optind > 0) {
		fprintf(stderr, "Invalid command line parameters\n");
		return EXIT_FAILURE;
	}

	mainloop_init();

	printf("Bluemoon configuration utility ver %s\n", VERSION);

	if (check_firmware) {
		analyze_firmware(check_firmware_value);
		return EXIT_SUCCESS;
	}

	if (use_raw) {
		hci_dev = bt_hci_new_raw_device(hci_index);
		if (!hci_dev) {
			fprintf(stderr, "Failed to open HCI raw device\n");
			return EXIT_FAILURE;
		}
	} else {
		hci_dev = bt_hci_new_user_channel(hci_index);
		if (!hci_dev) {
			fprintf(stderr, "Failed to open HCI user channel\n");
			return EXIT_FAILURE;
		}
	}

	bt_hci_send(hci_dev, CMD_READ_VERSION, NULL, 0,
					read_version_complete, NULL, NULL);

	exit_status = mainloop_run_with_signal(signal_callback, NULL);

	bt_hci_unref(hci_dev);

	return exit_status;
}