One Bus Pirate programs another?

in Bus Pirate by Ian | 7 comments

Can one Bus Pirate program another? Not yet, but we’ve been hard at work on it. This post is about a new application, available here, that will program PIC 24Fs from the Bus Pirate. Everything looks great on a logic analyzer, but it’s not working yet. Maybe you can help us figure it out, and get one of Ril3y’s laser-cut Bus Pirate cases as a bounty.

The Bus Pirate uses a PIC 24F. Unlike older PICs (12/16/18F), the 24F doesn’t require a 13volt power supply to enter programming mode. That means the 24/30/33F can be programmed with the existing Bus Pirate hardware. It’s matter of the right software. Keep reading for more about the Bus Pirate PIC24F programmer application.

The programming specification for the PIC24FJ64GA002 [PDF!] is pretty straight forward. Enter ICSP mode by clocking a key into the programming pins while MCLR is held low (page 15). Once in ICSP mode the PIC executes assembly instructions clocked into the programming pins. Erasing, reading, and writing are just a matter of entering the assembly instructions that do these things. The programming spec provides complete examples, so we don’t even have to come up with the ASM code ourselves.

The test application

This .NET test application tries to put a PIC 24F in ICSP mode and erase the chip. It uses the binary raw2wire mode of one Bus Pirate to twiddle the MCLR, PGC, and PGD pins on another Bus Pirate. The Bus Pirate is just a dumb IO bridge in these tests, all the PIC programming intelligence is in the .NET application.

Where we are now

The application appears to place the target PIC into ICSP mode. After entering the key with MCLR low (page 15), MCLR is brought back high and the PIC does not return to normal program execution. If we didn’t enter ICSP mode we’d expect that the PIC would run normally, for us that is a test program that lights a LED.

Next, we try a chip erase because it’s a pretty simple command (page 17).  This is not successful. After a reset our LED lights, the chip was not erased.

The logic analyzer output, which you can download here and view with the Saleae Logic client, looks great.

We accounted for the first SIX instruction, which is forced to a NOP and requires 5 extra clock ticks. All timings are well above the minimums because the bitbang output is so slow.

Get the code

You can browse the source in the Dangerous Prototypes SVN, the latest executable is here. Waveform outputs are here. A zipped snapshot of the current SVN version is available here. Discuss the code in the forum.

Get a laser-etched Bus Pirate case

We tried to get the ball rolling on this feature, but we need your help to finish it. We’re putting up one of Ril3y’s awesome laser-cut Bus Pirate cases as a bounty on this project.

The bounty will be awarded for the first solution that erases a PIC 24F chip and reads the device ID using the Bus Pirate’s raw2wire mode. We want to stick with the raw2wire mode so the final application is portable to other bitbang programmers like a simple FTDI chip in DIO mode. You can use our code, write your own, or just make the astute observation that brings the project together, but all solutions must be licensed GPL or CC-0.

As always, we’ll send it anywhere in the world. There’s only one bounty, we’ll decide the winner at our own discretion, please be nice and don’t sue us over the bounty, etc.

Other stuff

This is separate from the high-voltage PIC 12/16/18 programming adapter for the Bus Pirate we’ve been working on. The adapter generates the 13volt programming voltage that, when applied to the MCLR pin of a PIC 12/16/18, puts  the PIC into programming mode.  After messing around a bit, we’ve realized that lots of PICs need to have the voltage on the MCLR pin before the power is applied. Our original programming adapter didn’t have the ability to switch the power supply, so it’s back to the drawing board for that design.

This entry was posted in Bus Pirate and tagged , , .

Comments

  1. mjmdavis says:

    And so it begins.. The Rise of the Bus Pirates……

    • Sjaak says:

      AyAy, mate and a bottle of rum ;)

      Just by looking at the timing diagram (dunno the timingscale) but according to the specs you need to wait at least 26 (25+1 (p7+p19)). It looks like it is to short. Alternatively you could send blink a led code instead of the erase flash command. e.g.

      nop
      goto 0×0200
      nop
      bset portb, 1

  2. 7 says:

    here are the timings:

    actual p7 is 38.092msec
    http://img90.imageshack.us/img90/1818/14338075.png

    actual p19 is 25.998msec
    http://img16.imageshack.us/i/p19.png/

  3. Pablo says:

    Is this problem already solved? Is it currently possible to program a bus pirate with another?
    Regards

  4. George says:

    I’m a newbie to the Bus Pirate and PIC programming.

    I don’t see explicitly documented here …
    What’s the expected pin wiring between the programmer Bus Pirate (MOSI, Clock, MISO, CS) and the target Bus Pirate (MCLR, PGC, and PGD) by this software application?

    Is it MOSI -> PGD, Clock->PGC, CS->MCLR?

    Confirmation/corrections, hints and/or suggested links for additional reading for this would be welcomed.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.