7u83/stcgal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Grigori Goronzy
2014-01-06 20:35:27 +01:00
commit cdbb6eee7c
6 changed files with 1020 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
doc/hello.bin Normal file
View File

Binary file not shown.

100
doc/stc11f08xe.txt Normal file
View File

@ -0,0 +1,100 @@
MCU: STC11F08XE
Data: hello.bin
Handshake: 9600
Transfer: 9600
Clock: 20 MHz
2014-01-06 17:13:42.017505: host2mcu
7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F
7F 7F 7F 7F
2014-01-06 17:13:42.315631: mcu2host
46 B9 68 00 39 50 04 BC 04 BD 04 BD 04 BC 04 BC
04 BD 04 BC 04 BC 65 4C 00 D3 64 8C BF 7F F7 FF
FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 6B 0B D3 00 6A 82 80 11 4F 16
2014-01-06 17:13:42.455472: host2mcu
46 B9 6A 00 0D 50 00 00 36 01 D3 64 02 35 16
2014-01-06 17:13:42.479849: mcu2host
46 B9 68 00 07 8F 00 FE 16
2014-01-06 17:13:42.504527: host2mcu
46 B9 6A 00 0D 8F C0 7E 3F FE A0 83 04 A4 16
2014-01-06 17:13:42.768346: mcu2host
46 B9 68 00 0E 8F C0 7E 3F FE A0 83 04 04 A7 16
2014-01-06 17:13:42.987584: host2mcu
46 B9 6A 00 0C 8E C0 7E 3F FE A0 04 1F 16
2014-01-06 17:13:43.244111: mcu2host
46 B9 68 00 0D 84 C0 7E 3F FE A0 04 04 18 16
2014-01-06 17:13:43.286557: host2mcu
46 B9 6A 00 8C 84 00 00 02 00 00 20 00 00 00 00
00 00 00 00 00 00 00 00 80 7F 7E 7D 7C 7B 7A 79
78 77 76 75 74 73 72 71 70 6F 6E 6D 6C 6B 6A 69
68 67 66 65 64 63 62 61 60 5F 5E 5D 5C 5B 5A 59
58 57 56 55 54 53 52 51 50 4F 4E 4D 4C 4B 4A 49
48 47 46 45 44 43 42 41 40 3F 3E 3D 3C 3B 3A 39
38 37 36 35 34 33 32 31 30 2F 2E 2D 2C 2B 2A 29
28 27 26 25 24 23 22 21 20 1F 1E 1D 1C 1B 1A 19
18 17 16 15 14 13 12 11 10 0F 0E 21 81 16
2014-01-06 17:13:43.718954: mcu2host
46 B9 68 00 0E 00 00 08 00 8E 00 A8 2E 01 E2 16
2014-01-06 17:13:43.758507: host2mcu
46 B9 6A 00 8D 00 00 00 00 00 00 80 02 00 08 12
00 3F 80 FE 75 81 07 12 00 4C E5 82 60 03 02 00
03 E4 78 FF F6 D8 FD 02 00 03 AE 82 AF 83 8E 04
8F 05 1E BE FF 01 1F EC 4D 60 0F 7C 90 7D 01 1C
BC FF 01 1D EC 4D 70 F7 80 E4 22 90 03 E8 12 00
1E E5 80 F4 F5 80 80 F3 75 82 00 22 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 22 7A 16
2014-01-06 17:13:44.050030: mcu2host
46 B9 68 00 08 00 03 00 73 16
2014-01-06 17:13:44.063502: host2mcu
46 B9 6A 00 8D 00 00 00 00 80 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 F7 16
2014-01-06 17:13:44.261910: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:13:44.279527: host2mcu
46 B9 6A 00 8D 00 00 00 01 00 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 78 16
2014-01-06 17:13:44.486933: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:13:44.503472: host2mcu
46 B9 6A 00 8D 00 00 00 01 80 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 F8 16
2014-01-06 17:13:44.698788: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:13:44.716462: host2mcu
46 B9 6A 00 0D 69 00 00 36 01 D3 64 02 4E 16
2014-01-06 17:13:44.755837: mcu2host
46 B9 68 00 07 8D 00 FC 16
2014-01-06 17:13:44.786562: host2mcu
46 B9 6A 00 1B 8D BF 7F F7 FF FF FF FF FF FF FF
FF FF FF FF FF FF 01 30 9A 92 11 97 16
2014-01-06 17:13:44.843366: mcu2host
46 B9 68 00 24 50 BF 7F F7 FF FF 03 FF 65 4C BF
7F F7 FF FF FF FF 01 00 6B 0B D3 00 6A 82 80 00
00 00 00 0F A9 16
2014-01-06 17:13:44.968518: host2mcu
46 B9 6A 00 07 82 00 F3 16

70
doc/stc12-options.txt Normal file
View File

@ -0,0 +1,70 @@
Model-specific configuration registers
Placement of configuration values
"~" means the bit is a negated boolean. Sometimes values overlap,
depending on MCU model.
In STC10/11/12 series, the first 4 MCS bytes have active
values. Generally, unused bits should be set to 1.
MCS0
----
MSB 7 6 5 4 3 2 1 0 LSB
~RS2LV OSC1 OSC0 RSPEN
~LVD
RSPEN := RESET pin enable
~RS2LV := RESET2 pin low voltage detect enable
~LVD := low voltage detect enable
OSC0, OSC1 := oscillator stabilization delay
OSC1 OSC0 delay
0 0 4096
0 1 8192
1 0 16384
1 1 32768
MCS1
----
MSB 7 6 5 4 3 2 1 0 LSB
~PORD OSCG CLKSRC
~PORD := power-on-reset (POR) delay (0 = long, 1 = short)
OSCG := high oscillator gain
CLKSRC := clock source (0 = internal RC, 1 = external crystal)
MCS2
----
MSB 7 6 5 4 3 2 1 0 LSB
~WDEN ~WDSTP WDPS2 WDPS1 WDPS0
~WDEN := watchdog enable after power-on-reset
~WDSTP := stop watchdog counter in idle mode
WDPS2...WDPS0 := watchdog counter prescaler
WDPS2 WDPS1 WDPS0 divisior
0 0 0 2
0 0 1 4
0 1 0 8
0 1 1 16
1 0 0 32
1 0 1 64
1 1 0 128
1 1 1 256
MCS3
----
MSB 7 6 5 4 3 2 1 0 LSB
~EREE ~BSLD
~EREE := enable eeprom erase next time MCU is programmed
~BSLD := enable BSL pin detect; i.e. BSL is only enabled if P1.0/P1.1
(or others, depends on MCU model) are held low on POR.

182
doc/stc12-protocol.txt Normal file
View File

@ -0,0 +1,182 @@
STC10/11/12 reverse engineering
Initialisation/Synchronisation
------------------------------
Send a constant stream of 0x7f bytes, and wait for an initial response
by the MCU.
Basic frame format
------------------
M0 M1 DR L0 L1 D0 ... Dn C0 C1 ME
M0 := 0x46
M1 := 0xb9
DR := 0x6a if host2mcu else 0x68
L := 16 bit big endian packet length, counted from DR to ME
C := 16 big endian modular sum from DR to Dn
ME := 0x16
D0..Dn is the packet payload
In most cases, the first byte of the payload marks the type of packet
or type of command. Responses by the MCU often use this type to tell
the programmer software which kind of command should follow. For
instance, after the baudrate handshake, the MCU replies with a
type 0x84 packet, and 0x84 is used for "erase" command packets from
the host.
Fun fact: The start marker (0x46, 0xb9) interpreted as UTF-16 is the
Unicode character U+46B9, which is an unusual CJK ideograph (䚹)
which translates as "to prepare" or "all ready" into English. How
fitting! This might not be a coincidence.
Packets host2mcu
----------------
1. Initiate baudrate handshake
Payload: 0x50, 0x07, 0x00, 0x36, 0x01, ID0, ID1
^ is 0x00 with current STC software and 11F08XE, what gives?
ID0 = MCU ID, byte 1
ID1 = MCU ID, byte 2
2. Test baudrate setting
Payload: 0x8f, 0xc0, brt, 0x3f, brt_csum, delay, iap
brt := MCU baudrate timer compare
brt_csum := (2 * (256 - brt)) & 0xff
delay := delay after baudrate change (0x40 seems to be fine),
STC software always seems to use 0xa0
iap := MCU IAP wait state register value
3. Switch to baudrate setting
Payload: 0x8e, 0xc0, brt, 0x3f, brt_csum, delay, iap
^ current STC software *omits* this here!
Almost the same as the test packet.
4. Erase flash memory
Payload: 0x84, 0xff, 0x00, blks, 0x00, 0x00, size,
^ no idea what that is for, current STC software uses 0x00
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00,
0x80, ..., 0x0e
blks := 256 byte blocks to clear
size := total number of 256 byte blocks (size of flash memory)
The 0x80..0x0e sequence seems to be some kind of magic code
to stop flaky connections and the like from erasing the flash
by accident.
"size" specifies the number of flash memory blocks. if blks > size,
eeprom will be erased.
5. Program flash memory
Payload: 0x00, 0x00, 0x00, addr0, addr1, size0, size1, D0, ..., Dn
addr0, addr1 := big-endian 16 bit address
size0, size1 := big-endian 16 bit block size, always 128
D0...Dn := block data
Current STC software always seems to write at least 4 128 byte blocks
for some reason. Data is zero-padded.
Current STC software always writes a sequential set of memory. Since
flash and eeprom are essentially the same, any free space between
flash to be written and eeprom to be written is padded with zeros,
and then the whole batch is sent at once.
6. Finish flash programming
Payload: 0x69, 0x00, 0x00, 0x36, 0x01, ID0, ID1
^ kSTC-ISP uses 0x07
This should be sent after all flash programming is done. I am not
entirely sure why, though. Programming also works without it.
7. Set options
Payload: 0x8d, MS0, ..., MS15, CLK0, CLK1, CLK2, CLK3
MS0...MS15 := configuration registers specific to MCU model,
not documented here.
CLK0...CLK3 := 32 bit big endian measured clock, in Hz
8. Reset MCU
Payload: 0x82
Packets mcu2host
----------------
1. Info packet
Payload: 0x50, SYNC00, SYNC01, ..., SYNC70, SYNC71,
V1, V2, 0x00, ID0, ID1, 0x8c,
MS0, ..., MS7,
UID0, ..., UID6,
unknown bytes follow
SYNC* := sequence of 8 16-bit big-endian counter values, recorded
from the initial 0x7f sync sequence. this can be used to
determine the MCU clock frequency.
V1 := version number, two digits packed BCD.
V2 := stepping, one ASCII character.
ID0 := MCU model ID, byte 1
ID1 := MCU model ID, byte 2
UID0...UID6 := 7 bytes of unique id
UID is only sent by some BSL versions, others send zero bytes.
2. Acknowledge baudrate handshake start
Payload: 0x8f
This means the programming software should erase the flash memory as
the next step.
3. Acknowledge baudrate test
Payload: request packet payload with some pad byte appended to payload
4. Acknowledge baudrate switch
Payload: request packet payload with some pad byte appended to payload, and
first payload byte changed to 0x84
5. Acknowledge erase
Payload: 0x00, [UID0, ..., UID6]
The UID is optional, not sent by all BSL versions.
6. Acknowledge block write
Payload: 0x00, csum
csum := 8 bit modular sum of flash block data
7. Acknowledge finish flash writing
Payload: 0x8d
This means the programming software should set options as the next
step.
8. Acknowledge set options
Payload: 0x50, MS0, ..., MS4, 0x03, 0xff, V1, V2, MS0, ..., MS7,
UID0, ..., UID6,
unknown bytes follow
Some of the model-specific bytes are repeated twice (MS0-MS4).

100
doc/stc12c5a60s2.txt Normal file
View File

@ -0,0 +1,100 @@
MCU: STC12C5A60S2
Data: hello.bin
Handshake: 9600
Transfer: 9600
Clock: 20 MHz
2014-01-06 17:19:52.426530: host2mcu
7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F
7F 7F 7F 7F
2014-01-06 17:19:52.722646: mcu2host
46 B9 68 00 31 50 04 BD 04 BC 04 BC 04 BD 04 BC
04 BC 04 BC 04 BC 62 49 00 D1 7E 8C FF 7F F7 FF
FF FF 00 00 00 03 00 B0 02 2E 6B 00 CD 80 00 00
11 7E 16
2014-01-06 17:19:52.846519: host2mcu
46 B9 6A 00 0D 50 00 00 36 01 D1 7E 02 4D 16
2014-01-06 17:19:52.893712: mcu2host
46 B9 68 00 07 8F 00 FE 16
2014-01-06 17:19:52.928824: host2mcu
46 B9 6A 00 0D 8F C0 7E 3F FE A0 83 04 A4 16
2014-01-06 17:19:53.209386: mcu2host
46 B9 68 00 0E 8F C0 7E 3F FE A0 83 04 04 A7 16
2014-01-06 17:19:53.424544: host2mcu
46 B9 6A 00 0C 8E C0 7E 3F FE A0 04 1F 16
2014-01-06 17:19:53.679264: mcu2host
46 B9 68 00 0D 84 C0 7E 3F FE A0 04 04 18 16
2014-01-06 17:19:53.724472: host2mcu
46 B9 6A 00 8C 84 00 00 02 00 00 F0 00 00 00 00
00 00 00 00 00 00 00 00 80 7F 7E 7D 7C 7B 7A 79
78 77 76 75 74 73 72 71 70 6F 6E 6D 6C 6B 6A 69
68 67 66 65 64 63 62 61 60 5F 5E 5D 5C 5B 5A 59
58 57 56 55 54 53 52 51 50 4F 4E 4D 4C 4B 4A 49
48 47 46 45 44 43 42 41 40 3F 3E 3D 3C 3B 3A 39
38 37 36 35 34 33 32 31 30 2F 2E 2D 2C 2B 2A 29
28 27 26 25 24 23 22 21 20 1F 1E 1D 1C 1B 1A 19
18 17 16 15 14 13 12 11 10 0F 0E 22 51 16
2014-01-06 17:19:55.505307: mcu2host
46 B9 68 00 07 00 00 6F 16
2014-01-06 17:19:55.537548: host2mcu
46 B9 6A 00 8D 00 00 00 00 00 00 80 02 00 08 12
00 3F 80 FE 75 81 07 12 00 4C E5 82 60 03 02 00
03 E4 78 FF F6 D8 FD 02 00 03 AE 82 AF 83 8E 04
8F 05 1E BE FF 01 1F EC 4D 60 0F 7C 90 7D 01 1C
BC FF 01 1D EC 4D 70 F7 80 E4 22 90 03 E8 12 00
1E E5 80 F4 F5 80 80 F3 75 82 00 22 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 22 7A 16
2014-01-06 17:19:55.968298: mcu2host
46 B9 68 00 08 00 03 00 73 16
2014-01-06 17:19:55.986526: host2mcu
46 B9 6A 00 8D 00 00 00 00 80 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 F7 16
2014-01-06 17:19:56.412372: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:19:56.430530: host2mcu
46 B9 6A 00 8D 00 00 00 01 00 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 78 16
2014-01-06 17:19:56.865930: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:19:56.884481: host2mcu
46 B9 6A 00 8D 00 00 00 01 80 00 80 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 01 F8 16
2014-01-06 17:19:57.288219: mcu2host
46 B9 68 00 08 00 00 00 70 16
2014-01-06 17:19:57.306515: host2mcu
46 B9 6A 00 0D 69 00 00 36 01 D1 7E 02 66 16
2014-01-06 17:19:57.369302: mcu2host
46 B9 68 00 07 8D 00 FC 16
2014-01-06 17:19:57.412492: host2mcu
46 B9 6A 00 1B 8D FF 7F F7 FF FF FF FF FF FF FF
FF FF FF FF FF FF 01 30 5A 49 11 4E 16
2014-01-06 17:19:57.511742: mcu2host
46 B9 68 00 24 50 FF 7F F7 FF FF 03 FF 62 49 FF
7F F7 FF FF FF FF 01 00 03 00 B0 02 2E 6B 00 CD
80 00 00 10 09 16
2014-01-06 17:19:57.672474: host2mcu
46 B9 6A 00 07 82 00 F3 16