From bd41521c6d965d7576406654362cf00322a3e046 Mon Sep 17 00:00:00 2001 From: Grigori Goronzy Date: Sun, 22 Nov 2015 18:47:24 +0100 Subject: [PATCH] Add commented dump to stc15a docs --- doc/stc15a-protocol.txt | 222 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 222 insertions(+) diff --git a/doc/stc15a-protocol.txt b/doc/stc15a-protocol.txt index 53c97aa..5a50b7d 100644 --- a/doc/stc15a-protocol.txt +++ b/doc/stc15a-protocol.txt @@ -89,3 +89,225 @@ FC := some frequency constant, normal: 0xdc, highspeed: 0xb8 IAP := IAP delay, normal: 0x83, highspeed: 0x81 + +Communication dump with notes +----------------------------- + +Firmware version: 6.7Q +Magic: F294 +UID: 0A00002802C4EB + +This seems to work differently from what we've seen on STC10/11/12 series with +firmware 6.2/6.5. + +Get status packet +----------------- + +mcu2host: + +2014-01-09 11:35:17.917063: +46 B9 68 00 07 80 00 EF 16 +2014-01-09 11:35:18.056583: +46 B9 68 00 40 50 02 B0 02 B0 02 AF 02 B0 02 E6 +02 E7 00 00 00 00 67 51 FF F2 94 8C EF 3B F5 58 +34 FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 +FF FF FF FF FF FF FF FF 58 50 0C 94 21 FF 29 21 +82 16 + +host2mcu: + +2014-01-09 11:37:13.000352: +7F 7F 7F 7F 46 B9 6A 00 07 80 00 F1 16 7F 7F 7F +7F +2014-01-09 11:37:13.298358: +46 B9 6A 00 07 82 00 F3 16 + +* MCU first sends an ACK packet (0x80), + which needs to be replied to with the same ACK (0x80) by the host. + after that host needs to pulse (send 0x7f until reply) again + +* STC software then adjust the frequency of the RC, after that the handshake + is done. + +Program hello.bin +----------------- + +host2mcu: + +FF 7F 7F 7F 7F 46 B9 6A 00 07 80 00 F1 16 7F 7F +7F 7F 7F 7F +2014-01-09 11:46:06.334342: +46 B9 6A 00 0D 50 00 00 36 01 F2 94 02 84 16 +^ Initiate baudrate handshake, like STC12 + + +46 +B9 6A 00 2A 65 58 50 0C 95 21 FF 2B FF FF 06 06 +58 00 02 00 58 80 02 00 58 80 02 00 58 FF 02 00 +58 00 02 00 58 80 02 00 0A 32 16 +^ This is a new type of packet (0x65), presumably + for frequency adjustment + + +7F 7F 7F 7F 7F +7F 7F 7F 7F 7F 7F 7F +46 B9 6A 00 3E 65 58 50 0C +95 21 FF 2B FF FF 06 0B 58 24 02 00 58 25 02 00 +58 26 02 00 58 27 02 00 58 28 02 00 58 29 02 00 +58 2A 02 00 58 2B 02 00 58 2C 02 00 58 2D 02 00 +58 2E 02 00 0B 51 16 +^ Same new packet again! + +7F 7F 7F 7F 7F 7F 7F 7F 7F +7F 7F 7F 7F 7F 7F 46 B9 6A 00 12 8E 58 29 0C A1 +64 DC 12 83 20 FF 00 05 2C 16 +^ Straight jumps to setting the new baudrate, + instead of testing it like in earlier firmware. + +2014-01-09 11:46:07.466357: +46 B9 6A 00 3B 84 FF 00 02 00 00 10 00 00 00 00 +00 00 00 00 00 00 00 00 80 7F 7E 7D 7C 7B 7A 79 +78 77 76 75 74 73 72 71 70 6F 6E 6D 6C 6B 6A 69 +68 67 66 65 64 63 62 61 60 5F 11 09 16 +^ erase flash + +2014-01-09 11:46:08.322346: +46 B9 6A 00 4D 00 00 00 00 00 00 40 02 00 08 12 +00 3F 80 FE 75 81 07 12 00 4C E5 82 60 03 02 00 +03 E4 78 FF F6 D8 FD 02 00 03 AE 82 AF 83 8E 04 +8F 05 1E BE FF 01 1F EC 4D 60 0F 7C 90 7D 01 1C +BC FF 01 1D EC 4D 70 F7 80 E4 22 90 1A 85 16 + +46 +B9 6A 00 4D 00 00 00 00 40 00 40 03 E8 12 00 1E +E5 80 F4 F5 80 80 F3 75 82 00 22 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 08 AC 16 + +46 B9 +6A 00 4D 00 00 00 00 80 00 40 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 01 77 16 + +46 B9 6A +00 4D 00 00 00 00 C0 00 40 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 01 B7 16 + +46 B9 6A 00 +4D 00 00 00 01 00 00 40 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 F8 16 + +46 B9 6A 00 4D +00 00 00 01 40 00 40 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 01 38 16 + +46 B9 6A 00 4D 00 +00 00 01 80 00 40 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 01 78 16 + +46 B9 6A 00 4D 00 00 +00 01 C0 00 40 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +00 00 00 00 00 01 B8 16 + +^ flash write packets. curiously they use + a smaller block size, 64 bytes. + +46 B9 6A 00 0D 69 00 00 +36 01 F2 94 02 9D 16 +^ finish packet + +2014-01-09 11:46:09.571449: +46 B9 6A 00 1A 8D EF FC F7 58 29 FF FF FF FF FF +FF FF FF FF FF FF FF FF FF 12 66 16 +^ set options packet + +2014-01-09 11:46:09.774383: +46 B9 6A 00 07 82 00 F3 16 +^ reset packet + +mcu2host: + +2014-01-09 11:49:50.004984: +46 B9 68 00 07 80 00 EF 16 +^ ACK + +2014-01-09 11:49:50.166675: +46 B9 68 00 40 50 02 9C 02 9C 02 9C 02 9C 02 E6 +02 E7 00 00 00 00 67 51 FF F2 94 8C EF FC F7 58 +29 FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 +FF FF FF 12 FF FF FF FF 58 50 0C 95 21 FF 2B 21 +01 16 +^ status packet + +46 B9 68 00 07 8F 00 FE 16 +^ acknowledge handshake + +2014-01-09 11:49:50.566935: +46 B9 68 00 2A 65 58 50 0C 95 21 FF 2B FF FF 06 +06 58 00 02 4A 58 80 03 45 58 80 03 46 58 FF 04 +3D 58 00 02 4A 58 80 03 45 0B D6 16 +^ reply to first new 0x65 packet + +2014-01-09 11:49:50.941928: +46 B9 68 00 3E 65 58 50 0C 95 21 FF 2B FF FF 06 +0B 58 24 02 92 58 25 02 94 58 26 02 97 58 27 02 +9A 58 28 02 9A 58 29 02 9C 58 2A 02 9F 58 2B 02 +A2 58 2C 02 A1 58 2D 02 A4 58 2E 02 A8 12 0A 16 +^ reply to second 0x65 packet + +2014-01-09 11:49:51.391860: +46 B9 68 00 13 84 58 29 0C A1 64 DC 12 83 20 FF +^ new packet type (0x84) + +00 05 05 26 16 +2014-01-09 11:49:52.253370: +46 B9 68 00 0E 00 0A 00 00 28 02 C4 EB 02 59 16 +^ acknowledge erase + +2014-01-09 11:49:52.393369: +46 B9 68 00 08 00 8E 00 FE 16 +2014-01-09 11:49:52.518566: +46 B9 68 00 08 00 75 00 E5 16 +2014-01-09 11:49:52.643749: +46 B9 68 00 08 00 00 00 70 16 +2014-01-09 11:49:52.772755: +46 B9 68 00 08 00 00 00 70 16 +2014-01-09 11:49:52.905131: +46 B9 68 00 08 00 00 00 70 16 +2014-01-09 11:49:53.047673: +46 B9 68 00 08 00 00 00 70 16 +2014-01-09 11:49:53.170668: +46 B9 68 00 08 00 00 00 70 16 +2014-01-09 11:49:53.299131: +46 B9 68 00 08 00 00 00 70 16 +^ acknowlegde flash writes + +2014-01-09 11:49:53.460551: +46 B9 68 00 07 8D 00 FC 16 +^ acknowledge finish flash programming + + | last three bytes of UID +46 B9 68 00 2F 50 02 +C4 EB 58 29 03 FF 67 51 EF FC F7 58 29 FF FF FF +FF FF FF FF FF FF FF FF FF FF FF 12 FF FF FF FF +00 00 00 00 00 00 00 1A 36 16 +^ acknowledge set options +