From f0f161e5724375b7a289699703d86d6de2adae8d Mon Sep 17 00:00:00 2001 From: Joel Challis Date: Mon, 25 Nov 2019 20:33:02 +0000 Subject: [PATCH] Remove vusb 'reset to bootloader' hid message due to security implications (#7456) --- tmk_core/protocol/vusb/vusb.c | 13 +--- util/atmega32a_program.py | 110 ---------------------------------- 2 files changed, 1 insertion(+), 122 deletions(-) delete mode 100755 util/atmega32a_program.py diff --git a/tmk_core/protocol/vusb/vusb.c b/tmk_core/protocol/vusb/vusb.c index 72445e00b..e66938445 100644 --- a/tmk_core/protocol/vusb/vusb.c +++ b/tmk_core/protocol/vusb/vusb.c @@ -26,7 +26,6 @@ along with this program. If not, see . #include "debug.h" #include "host_driver.h" #include "vusb.h" -#include "bootloader.h" #include static uint8_t vusb_keyboard_leds = 0; @@ -145,7 +144,7 @@ static void send_consumer(uint16_t data) { *------------------------------------------------------------------*/ static struct { uint16_t len; - enum { NONE, BOOTLOADER, SET_LED } kind; + enum { NONE, SET_LED } kind; } last_req; usbMsgLen_t usbFunctionSetup(uchar data[8]) { @@ -173,11 +172,6 @@ usbMsgLen_t usbFunctionSetup(uchar data[8]) { debug("SET_LED: "); last_req.kind = SET_LED; last_req.len = rq->wLength.word; -#ifdef BOOTLOADER_SIZE - } else if (rq->wValue.word == 0x0301) { - last_req.kind = BOOTLOADER; - last_req.len = rq->wLength.word; -#endif } return USB_NO_MSG; // to get data in usbFunctionWrite } else { @@ -204,11 +198,6 @@ uchar usbFunctionWrite(uchar *data, uchar len) { last_req.len = 0; return 1; break; - case BOOTLOADER: - usbDeviceDisconnect(); - bootloader_jump(); - return 1; - break; case NONE: default: return -1; diff --git a/util/atmega32a_program.py b/util/atmega32a_program.py deleted file mode 100755 index 9438c7e77..000000000 --- a/util/atmega32a_program.py +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/bin/env python -# Copyright 2017 Luiz Ribeiro , Sebastian Kaim -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from __future__ import print_function - -import os -import sys -import time -import argparse -import usb - - -def check_keyboard_normal_mode(vendor, product): - """Returns a device if a ps2avrGB device in normal made (that is in keyboard mode) or None if it is not found.""" - return usb.core.find(idVendor=vendor, idProduct=product) - -def check_keyboard_bootloader_mode(): - """Returns True if a ps2avrGB device in bootloader (flashable) mode is found and False otherwise.""" - return (usb.core.find(idVendor=0x16c0, idProduct=0x05df) is not None) - -def flash_keyboard(firmware_file): - """Calls bootloadHID to flash the given file to the device.""" - print('Flashing firmware to device ...') - if os.system('bootloadHID -r "%s"' % firmware_file) == 0: - print('\nDone!') - else: - print('\nbootloadHID returned an error.') - -def print_device_info(dev): - """Prints all infos for a given USB device""" - print('Device Information:') - print(' idVendor: %d (0x%04x)' % (dev.idVendor, dev.idVendor)) - print(' idProduct: %d (0x%04x)' % (dev.idProduct, dev.idProduct)) - print('Manufacturer: %s' % (dev.iManufacturer)) - print('Serial: %s' % (dev.iSerialNumber)) - print('Product: %s' % (dev.iProduct), end='\n\n') - -def send_device_to_bootloader_mode(dev): - """Tries to send a given ps2avrGB keyboard to bootloader mode to allow flashing.""" - try: - dev.set_configuration() - - request_type = usb.util.build_request_type( - usb.util.CTRL_OUT, - usb.util.CTRL_TYPE_CLASS, - usb.util.CTRL_RECIPIENT_DEVICE) - - USBRQ_HID_SET_REPORT = 0x09 - HID_REPORT_OPTION = 0x0301 - - dev.ctrl_transfer(request_type, USBRQ_HID_SET_REPORT, HID_REPORT_OPTION, 0, [0, 0, 0xFF] + [0] * 5) - except usb.core.USBError: - # for some reason I keep getting USBError, but it works! - pass - -def auto_int(value): - """Helper for argparse to enable auto base detection""" - return int(value, 0) - -parser = argparse.ArgumentParser(description='Flash bootloadHID device') -parser.add_argument('--vendor', type=auto_int, default=0x20A0, help='Non bootloader idVendor to search for (default: 0x%(default)04x)') -parser.add_argument('--product', type=auto_int, default=0x422D, help='Non bootloader idProduct to search for (default: 0x%(default)04x)') -parser.add_argument('firmware_hex', type=argparse.FileType('r'), help='Firmware hex file to flash') -args = parser.parse_args() - -kb = check_keyboard_normal_mode(args.vendor, args.product) - -if kb is not None: - print('Found a keyboard in normal mode. Attempting to send it to bootloader mode ...', end='') - send_device_to_bootloader_mode(kb) - print(' done.') - print("Hint: If your keyboard can't be set to bootloader mode automatically, plug it in while pressing the bootloader key to do so manually.") - print(" You can find more infos about this here: https://github.com/qmk/qmk_firmware/tree/master/keyboards/ps2avrGB#setting-the-board-to-bootloader-mode") - -attempts = 12 # 60 seconds -found = False -for attempt in range(1, attempts + 1): - print("Searching for keyboard in bootloader mode (%i/%i) ... " % (attempt, attempts), end='') - - if check_keyboard_bootloader_mode(): - print('Found', end='\n\n') - flash_keyboard(args.firmware_hex.name) - found = True - break - else: - print('Nothing.', end='') - - if attempt != attempts: # no need to wait on the last attempt - print(' Sleeping 5 seconds.', end='') - time.sleep(5) - - # print a newline - print() - -if not found: - print("Couldn't find a flashable keyboard. Aborting.") - sys.exit(2)