Bus Pirate v3 OpenOCD 0.6.1 + TJTAG not working

OpenOCD JTAG debugging with the Bus Pirate.

Bus Pirate v3 OpenOCD 0.6.1 + TJTAG not working

Postby master » Thu Dec 27, 2012 1:10 am

Hello every one,
I have a small problem I can't get my buspirate to do jtag I need to save a router :(
here is what i did i fellowed Gonemad's Bus Pirate/OpenOCD walk through
Code: Select all
Bus Pirate v3.b
Firmware v6.2-beta1 r1981  Bootloader v4.3
DEVID:0x0447 REVID:0x3043
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
x. exit(without change)

(1)>


I have tryied firmware 6.2r1981 ,"busPirate.production.zip" and buspirate.oocd.hex

INSTALLING openocd 0.61 on debian 64bit, I know that linux has an open source driver for ftd2xx and that the closed source is sometimes faster or so says the wiki.

tried installing ftd2xx with instruction from tincantools<dot>com wiki

./configure --enable-buspirate --enable-maintainer-mode --disable-werror --disable-shared --enable-ft2232_ftd2xx --with-ftd2xx-linux-tardir=../release/

Note: release is extraction file from the latest libftd2xx.1.1.12.tar.gz

I get the fellowing:
Code: Select all
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
...some more checks...
checking uninstalled ftd2xx distribution... -L/opt/release/build/x86_64 -lftd2xx -lrt
checking whether ftd2xx library works... configure: error: Cannot build & run test program using ftd2xx.lib


then... after very heavy breathing... I go without the "--with-ftd2xx-linux-tardir=../release/" flag

I ran ./configure --enable-buspirate --enable-maintainer-mode --disable-werror --disable-shared --enable-ft2232_ftd2xx
will configure and make && make install with no errors ;)

sudo openocd -f buspirate.cfg -d
also copyed buspirate.cfg to a new file called "openocd.cfg" and ran
sudo openocd -d
normal mode hangs even with halt and or init flags
BP-v3.b-oocd-normal-mode.log

with fast mode
BP-v3.b-oocd-fast-mode-error.log

...I don't recall exactly what happened here, all I can say is that I found my keyboard broken in half and monitor on the floor.
I have read on the forums that you need to put sleep in openocd-0.6.1/src/jtag/drivers/buspirate.c
line 787 inside function
buspirate_jtag_set_speed{
sleep(1);//sleep for a second
//and before function
buspirate_serial_setspeed(fd, speed);
}
this did nothing for me.

buspirate.cfg and or openocd.cfg
Code: Select all
interface buspirate
buspirate_port /dev/ttyUSB0
buspirate_speed fast
buspirate_vreg 0
buspirate_mode open-drain
buspirate_pullup 0


Ok, here are my Questions

1) Do I need to install libftd2xx.1.1.12.tar.gz on linux, is this closed source better then the free one that comes with the linux distros.

2) How can I fix jtage fast mode in openocd? Sloved viewtopic.php?f=27&t=4135&p=47834#p47834

3) On normal mode openocd hangs, I have tried "init" and "halt" no diff
"Warn : 189 61 gdb_server.c:2311 gdb_target_add_all(): gdb services need one or more targets defined"
, what can i do to talk to netgear wnr834b v2? I sloved it

4) last, question and most important is for notch tjtag program (which is awesome), I have tried using it with "Bus Pirate interface" which WORKS :) but is very slow b/c of uart speed :(. and also tried latest version with openocd enhanced speed ( 1Mb uart) DOES NOT WORK. (do note I have flashed with flashrom with buspirate speedup patch, and was able to do 2Mb uart speed)
Sloved with notch new update and adding some sleep, Fast mode with Tjtag on BP v3 is working Thanks notch for fast reply

sudo tjtag /probeonly
Code: Select all
==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================

Entering binary mode...
Buspirate did not respond correctly :( 0
Buspirate did not respond correctly :( 0
Buspirate did not respond correctly :( 0
Buspirate did not respond correctly :( 0
Buspirate did not respond correctly :( 0
Buspirate did not respond correctly :( 0
Buspirate:Too many tries in serial read! -exiting
- chip not detected, or not


Thanks
Attachments
buspirate-oocd-normal-mode.log
BP-v3.b-oocd-normal-mode
(13.93 KiB) Downloaded 263 times
buspirate-oocd-fast-mode-error.log
BP-v3.b-oocd-fast-mode-err
(7.17 KiB) Downloaded 254 times
Last edited by master on Fri Dec 28, 2012 8:13 pm, edited 6 times in total.
master
Newbie
Newbie
 
Posts: 3
Joined: Wed Dec 26, 2012 10:40 pm

Re: Bus Pirate v3 OpenOCD 0.6.1 + TJTAG not working

Postby notch » Thu Dec 27, 2012 7:33 am

Hi, I can only refer to your last question.
I begin with some clarification: the first working version was really slow because it was using DIO binary mode, which means one usb transaction per 1 bit of JTAG stream. The second version started using OpenOCD mode which gave some speed improvement by packing bits into one usb transaction. Unfortunately by mistake I've changed the usb-serial speed to 1Mb/s without notifying BusPirate about this change. As I don't have BPv3 to test and it was working well with my BPv4, I just realised my mistake now. I just pushed new version[1] which is using 115200b/s as default, and with "/bpfast" command line switch you can set the speed to 1M/s (fast mode of OpenOCD mode). Could you please test it and let me know if it works with and without /bpfast switch.
Even though the OpenOCD version is much faster than DIO one, you should not expect speeds comparable to parallel port version. USB adds quite big latency and tjtag isn't coping with it really well. I have an idea of how to fix it "properly" but it still need a lot of work. I hope to be able to finish it in coming months.

[1] https://github.com/notch/tjtag/commit/e ... 80df24b633
notch
Newbie
Newbie
 
Posts: 11
Joined: Thu May 03, 2012 2:33 am

Re: Bus Pirate v3 OpenOCD 0.6.1 + TJTAG not working

Postby master » Thu Dec 27, 2012 1:24 pm

Thanks notch,
it needs some sleep before and after it sets the uart speed like.
viewtopic.php?f=27&t=4135&p=47834#p47834
or it will go in to normal mode.

I fixed it by editing line 127 of buspirate.c in Tjtag
Code: Select all
void BP_OCDFastSerial(int fd)
{
   int ret;

   buf[0] = OOCD_CMD_UART_SPEED;
   buf[1] = OOCD_SERIAL_FAST;
   serial_write(fd, buf, 2);
   usleep(1000); //this is the minimum   sleep time that works.
   /* set the speed from our side */
   configurePort(fd, 1000000);//I thinks this should be "1000000" NOT "100000"
   usleep(1000);//this is the minimum sleep time that works.
   /* send testing sequence */
   buf[0] = 0xAA;
   buf[1] = 0x55;
   serial_write(fd, buf, 2);

   ret = readWithTimeout(fd, buf, 2, 10000);//changed timeout don't know if it makes a diff.
   if ( (ret != 2) || (buf[0] != OOCD_CMD_UART_SPEED) || (buf[1] != OOCD_SERIAL_FAST) ) {
      printf("Buspirate didn't respond correctly: (%d, %d, %d)\n",ret, buf[0], buf[1]);
      printf("Reverting to normal speed.\n");
      configurePort(fd, 115200);
   } else
      printf("Buspirate is operating in FAST mode.\n");
}


Normal mode is working
Code: Select all
sudo ./tjtag -probeonly /fc:41

==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================

Entering binary mode...
Entering OpenOCD mode... OK.
Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 10010100011100000100000101111111 (9470417F)
*** Found a Broadcom BCM4704 KPBG Rev 9 CPU chip ***

    - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
    - EJTAG Version ....... : 1 or 2.0
    - EJTAG DMA Support ... : Yes
    - EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Done
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ... Done

Manual Flash Selection ... Done

Flash Vendor ID: 00000000000000000000000011000010 (000000C2)
Flash Device ID: 00000000000000000000000010101000 (000000A8)
*** Manually Selected a MX29LV320B 2Mx16 BotB      (4MB) Flash Chip ***

    - Flash Chip Window Start .... : 1fc00000
    - Flash Chip Window Length ... : 00400000
    - Selected Area Start ........ : 00000000
    - Selected Area Length ....... : 00000000



*** REQUESTED OPERATION IS COMPLETE ***

Exiting binary mode...


and flashing in normal mode: sudo ./tjtag -flash:cfe /bypass /fc:41 /noerase
Code: Select all
=========================
Flashing Routine Complete
=========================
elapsed time: 7614 seconds


*** REQUESTED OPERATION IS COMPLETE ***

Exiting binary mode...


flashing in fast mode:

It appears that BP v3 has some burst speed every two seconds or so.
you can also tell just by observing the the green usb light as it dims every to seconds.

Code: Select all
sudo ./tjtag -flash:cfe /bpfast /fc:41 /bypass /noerase /silent

==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================

Entering binary mode...
Entering OpenOCD mode... OK.
Trying to enable fast mode...
Buspirate is operating in FAST mode.
Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 10010100011100000100000101111111 (9470417F)
*** Found a Broadcom BCM4704 KPBG Rev 9 CPU chip ***

    - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
    - EJTAG Version ....... : 1 or 2.0
    - EJTAG DMA Support ... : Yes
    - EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Done
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ... Done

Manual Flash Selection ... Done

Flash Vendor ID: 00000000000000000000000011000010 (000000C2)
Flash Device ID: 00000000000000000000000010101000 (000000A8)
*** Manually Selected a MX29LV320B 2Mx16 BotB      (4MB) Flash Chip ***

    - Flash Chip Window Start .... : 1fc00000
    - Flash Chip Window Length ... : 00400000
    - Selected Area Start ........ : 1fc00000
    - Selected Area Length ....... : 00040000

*** You Selected to Flash the CFE.BIN ***

=========================
Flashing Routine Started
=========================

Entered Unlock Bypass mode->

Loading CFE.BIN to Flash Memory...
Done  (CFE.BIN loaded into Flash Memory OK))=ffffffff

=========================
Flashing Routine Complete
=========================
elapsed time: 4892 seconds


*** REQUESTED OPERATION IS COMPLETE ***

Exiting binary mode...

Fast mode is 45 minutes faster then normal mode.

I am sure i corrupted the cfe in the flash. which explains why it is unable to detect the flash when probing without "/fc:41".
and i am guessing the cpu on the router is trying to access (polling) cfe in the flash with no luck keeping the cpu in inf loop ?
that could be why openocd was not going into gdb mode or just hangs.
I have found trying to flash cfe on tjtag with sudo ./tjtag -flash:cfe /bypass /fc:41
it appears to get stuck on erasing the flash or is taking a very long time.
Code: Select all
=========================
Flashing Routine Started
=========================
Total Blocks to Erase: 11

Erasing block: 1 (addr = 1fc00000)


looks like tjtag is writing a bunch of zeros on the flash or more likely the flash went bad.:(
Code: Select all
sudo ./tjtag -backup:cfe  /fc:40  /noreset /bypass

==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================

Entering binary mode...
Entering OpenOCD mode... OK.
Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 10010100011100000100000101111111 (9470417F)
*** Found a Broadcom BCM4704 KPBG Rev 9 CPU chip ***

    - EJTAG IMPCODE ....... : 00000000100000000000100100000100 (00800904)
    - EJTAG Version ....... : 1 or 2.0
    - EJTAG DMA Support ... : Yes
    - EJTAG Implementation flags: R4k MIPS32

Issuing Processor / Peripheral Reset ... Skipped
Enabling Memory Writes ... Done
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ... Done

Manual Flash Selection ... Done

Flash Vendor ID: 00000000000000000000000011000010 (000000C2)
Flash Device ID: 00000000000000000010001010101000 (000022A8)
*** Manually Selected a MX29LV320B 2Mx16 BotB      (4MB) Flash Chip ***

    - Flash Chip Window Start .... : 1fc00000
    - Flash Chip Window Length ... : 00400000
    - Selected Area Start ........ : 1fc00000
    - Selected Area Length ....... : 00040000

*** You Selected to Backup the CFE.BIN ***

=========================
Backup Routine Started
=========================

Saving CFE.BIN.SAVED_20121227_212511 to Disk...
[  0% Backed Up]   1fc00000: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00010: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00020: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00030: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00040: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00050: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00060: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00070: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00080: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc00090: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc000a0: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc000b0: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc000c0: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc000d0: 00000000 00000000 00000000 00000000
[  0% Backed Up]   1fc000e0: 00000000 00000000 00000000 00000000


tjtag also does not exit correctly
Code: Select all
Exiting binary mode...

then you get this when you try to run it again every EVEN times you run it.
Code: Select all
sudo ./tjtag  -probeonly /bpfast

==============================================
EJTAG Debrick Utility v3.0.1 Tornado-MOD
==============================================

Entering binary mode...
Buspirate:Too many tries in serial read! -exiting
- chip not detected, or not readable/writable
Couldn't start binary mode

easy fix just edit buspirate.c to add 0x0f
Code: Select all
printf(" Entering binary mode...\n");
         buf[0] = 0x0F; //Send 0x0F to exit raw bitbang mode and reset the Bus Pirate.
         serial_write(fd, buf, 1);
Attachments
buspirate.c
buspirate.c
(4.85 KiB) Downloaded 277 times
master
Newbie
Newbie
 
Posts: 3
Joined: Wed Dec 26, 2012 10:40 pm


Return to OpenOCD JTAG