pic32
This is an old revision of the document!
Table of Contents
PIC32
- the pic32 programming connector (labeled PIC32) matches the PICkit pinout exactly - readback protection is off :) firmware can be trivially extracted.
iMX to PIC comms
Watchdog initialization and feeding: kibble.sal
Stopping the watchdog (with NxExe watchdog 0): euthasol.sal
Stopping is as simple as
echo -ne "\xBC\x01\0\x04\0\x04H@\x03\0\0" > /dev/ttymxc2
Communication uses the same IPP protocol as cVEND.
IPP message types
| msgType | dir | name | description |
|---|---|---|---|
| 0x02 | → | ValueRead | accepts a 2-byte key, returns a variable-length value |
| 0x03 | ← | ValueReadReply | |
| 0x04 | → | ValueWrite | accepts a 2-byte key followed by a variable-length value, assigns value to key |
| 0x05 | ← | ValueWriteReply | |
| 0x0a | → | 10000000000080 reads external EEPROM, 18000000000080 reads internal EEPROM |
|
| 0x0c | → | immediately powers the device off | |
| 0x0e | → | immediately powers the device off | |
| 0x12 | → | SetLogLevel | 0000 enables some kind of logging behavior, 8000 disables it |
→ - iMX to PIC
← - PIC to iMX
Types 0x80-0xff mirror 0x00-0x7f, but with CRC32 enabled.
nx strings also suggest the existence of:
- ValueAttribRead
- ValueAttribWrite
- DeviceRead (0x0a?)
- DeviceWrite
- DeviceIoCtl
- AppRequest
Keys
| id | type | description |
|---|---|---|
| 003b | u8 | ignition state (0/1) |
| 4003 | u16 | watchdog timeout (seconds), 0 to disable |
| 500b | u16 | ambient light sensor |
| 5040 | u16 | input voltage (mV) |
| c000 | string | pic32 version |
| c001 | string | bootloader version |
pic32.1772578424.txt.gz · Last modified: by doof