diff --git a/default.aproj b/default.aproj
index 7dd0904..f1dd0c1 100644
--- a/default.aproj
+++ b/default.aproj
@@ -20,5 +20,6 @@
+
diff --git a/user/CanThread.aardio b/user/CanThread.aardio
index 097e1a6..c1fdcc7 100644
--- a/user/CanThread.aardio
+++ b/user/CanThread.aardio
@@ -5,9 +5,9 @@ import win.timer;
CANHw = usb2canfd.USB2CANHW();
CANHw.LoadDll();
-DiagReqID = 0x18dadff1;
-DiagRespID = 0x18daf1df;
-DiagGloableID = 0x18DB33F1;
+DiagReqID = 0x741;//0x18dadff1;
+DiagRespID = 0x751;//0x18daf1df;
+DiagGloableID = 0x7DF;//0x18DB33F1;
stopflag = 0;
//注册一个消息钩子函数
FuncLoopMsg = function(msg){
diff --git a/user/Diag22code.aardio b/user/Diag22code.aardio
index 41436c1..7e2c794 100644
--- a/user/Diag22code.aardio
+++ b/user/Diag22code.aardio
@@ -17,7 +17,7 @@ FuncDiag22Pro = function(data){
}
var did = (data[1]<<8) + data[2];
select(did) {
- case 0xF192 {
+ case 0xF193 {
FuncDisplay("硬件版本号");
FuncDisplay(string.pack(table.slice(data,3)));
}
diff --git a/user/Diag27code.aardio b/user/Diag27code.aardio
index 796032f..66360ea 100644
--- a/user/Diag27code.aardio
+++ b/user/Diag27code.aardio
@@ -1,52 +1,78 @@
var SecuretySeed = {0,0,0,0,};
var SecuretyKey = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+var lockstate = 0;
//发送
FuncReq27 = function(num,key){
- if(num >= 1 && num <= 0x0C){
+ if(num >= 1 && num <= 0x1C){
if(key == null){
var data = {0x02,0x27,num,0,0,0,0,0};
CANHw.SendMsg(DiagReqID,data);
}
else {
- var data = {0x10,0X12,0x27,num,key[1],key[2],key[3],key[4]};
- CANHw.SendMsg(DiagReqID,data);
+ if(#key > 4){
+ var data = {0x10,0X12,0x27,num,key[1],key[2],key[3],key[4]};
+ CANHw.SendMsg(DiagReqID,data);
+
+ FuncPushPackage(DiagReqID,table.slice(key,5));
+ }
+ else {
+ var data = {0x06,0x27,num,key[1],key[2],key[3],key[4],0x00};
+ CANHw.SendMsg(DiagReqID,data);
+ }
- FuncPushPackage(DiagReqID,table.slice(key,5));
- }
-
-
-
+ }
+ }
+ else {
+ FuncDisplay("27长度错误");
}
}
-loadcodex("\user\securety.aardio");
+//loadcodex("\user\securety.aardio");
+loadcodex("\user\GeelySecurety.aardio");
//接收
FuncDiag27Pro = function(data){
//console.dumpJson(data);
select(data[1]) {
- case 1,3,5,7,9,11 {
+ case 1,3,5,7,9,11,0x11 {
var str = "收到种子";
for(i=1;4;1){
SecuretySeed[i] = data[i+1];
str += " " + tostring(SecuretySeed[i],16);
+ lockstate = 1;
}
FuncDisplay(str)
- SecuretyKey = GenerateKeyEx(SecuretySeed,data[1]);
- if(#SecuretyKey >= 16){
+ SecuretyKey = securetyKeyCalc(SecuretySeed,data[1]);
+ if(#SecuretyKey >= 4){
FuncReq27(data[1]+1,SecuretyKey);
+ var str = "计算密钥-";
+ for(i=1;4;1){
+ str += " " + tostring(SecuretyKey[i],16);
+ }
+ FuncDisplay(str);
}
else {
FuncDisplay("计算失败");
}
}
- case 2,4,6,8,10,12 {
+ case 2,4,6,8,10,12,0x12 {
FuncDisplay("解锁成功");
+ lockstate = 2;
}
else {
FuncDisplay("27服务未知子服务");
}
}
-}
\ No newline at end of file
+}
+
+FuncDiag27GetState = function(){
+ if(lockstate == 2){
+ return 0;
+ }
+ else {
+ return 1;
+ }
+
+}
diff --git a/user/Diag31code.aardio b/user/Diag31code.aardio
index 6fd6d75..eb8144a 100644
--- a/user/Diag31code.aardio
+++ b/user/Diag31code.aardio
@@ -13,6 +13,10 @@ FuncReq31CheckPD = function(){//Programming Dependencies
var data = {0xFF,0x01};
FuncReq31(data);
}
+FuncReq31CheckFlash = function(){
+ var data = {0x02,0x02};
+ FuncReq31(data);
+}
diff --git a/user/Diag34code.aardio b/user/Diag34code.aardio
index 37d3d8b..0cf81af 100644
--- a/user/Diag34code.aardio
+++ b/user/Diag34code.aardio
@@ -9,17 +9,5 @@ FuncReq34 = function(addr,len){
//接收
FuncDiag34Pro = function(data){
//console.dumpJson(data);
- select(data[1]) {
- case 1 {
- FuncDisplay("使能接收,禁能发送")
- }
- case 2 {
- FuncDisplay("28 - TDB02")
- }
- case 3 {
- FuncDisplay("28 - TDB03")
- }
- else {
- }
- }
+ FuncDisplay("请求下载成功")
}
\ No newline at end of file
diff --git a/user/DiagBootcode.aardio b/user/DiagBootcode.aardio
index 9f7a881..119a4d2 100644
--- a/user/DiagBootcode.aardio
+++ b/user/DiagBootcode.aardio
@@ -16,7 +16,7 @@ FuncWait = function(sid){
return 0xff;
}
else {
- FuncDisplay("刷写错误");
+ FuncDisplay("刷写错误 步骤" + bootstate);
boottimer.disable();
thread.command.$SendEnd(false);
return 1; //负响应
@@ -188,7 +188,7 @@ FuncBootSeq = function(){
}
case 2 {
if(sendstate == 0){
- FuncReadDID(0xF192);//读取硬件版本
+ FuncReadDID(0xF193);//读取硬件版本
FuncClearState();
}
else {
@@ -238,7 +238,7 @@ FuncBootSeq = function(){
}
case 7 {
if(sendstate == 0){
- FuncReq27(01);//解密
+ FuncReq27(0x11);//解密
FuncClearState();
}
else {
@@ -250,16 +250,18 @@ FuncBootSeq = function(){
if(sendstate == 0){
//FuncReq27(02);//发送key
FuncClearState();
+ FuncDisplay("等待解锁");
}
else {
- var ret = FuncWait(0x27);
+ //var ret = FuncWait(0x27);
+ var ret = FuncDiag27GetState();
nextstate(ret);
}
}
case 9 {
if(sendstate == 0){
FuncClearState();
- FuncDIDWriteStr(0xf198,"Daming_CANBootload ");//写入repair_shopcode
+ FuncDIDWriteStr(0xf198,"Daming ");//写入repair_shopcode
}
else {
@@ -283,9 +285,23 @@ FuncBootSeq = function(){
nextstate(ret);
}
}
+ case 11 {
+ if(sendstate == 0){//请求下载
+ FuncReq34(0x5A01,0x2C0);//
+ FuncClearState();
+ }
+ else {
+ var ret = FuncWait(0x34);
+ nextstate(ret);
+ }
+ }
+
+
+
+
case 11 {
if(sendstate == 0){//擦除flash
- FuncReq31EraseFlash(0x00FE0000,0x00019FE0);//
+ FuncReq31EraseFlash(0x00A000,0x00010000);//
FuncClearState();
}
diff --git a/user/GeelySecurety.aardio b/user/GeelySecurety.aardio
new file mode 100644
index 0000000..ec45635
--- /dev/null
+++ b/user/GeelySecurety.aardio
@@ -0,0 +1,83 @@
+
+xorArray = {0xAA,0x50,0x43,0x52}
+securetyKeyCalc = function(pucSeed,ucSecurityLevel){
+ //SeedSec_t cal,key,seed;
+ var seed = {0,0,0,0};
+ var key = {0,0,0,0};
+ var cal = {0,0,0,0};
+ seed[1]=pucSeed[4];
+ seed[2]=pucSeed[3];
+ seed[3]=pucSeed[2];
+ seed[4]=pucSeed[1];
+ select(ucSecurityLevel) {
+ case 0x01 {
+ cal[1] = seed[1]^xorArray[1];
+ cal[2] = seed[2]^xorArray[2];
+ cal[3] = seed[3]^xorArray[3];
+ cal[4] = seed[4]^xorArray[4];
+ /*
+ key[3] = ((cal[0]&0x0F)<<4)|( cal[0]&0xF0);
+ key[2] = ((cal[2]&0x0F)<<4)|((cal[3]&0xF0)>>4);
+ key[1] = (cal[2]&0xF0)|((cal[1]&0xF0)>>4);
+ key[0] = ((cal[3]&0x0F)<<4)|( cal[1]&0x0F);
+ */
+ key[4] = ((cal[1]&0x0F)<<4)|( cal[1]&0xF0);
+ key[3] = ((cal[3]&0x0F)<<4)|((cal[4]&0xF0)>>4);
+ key[2] = (cal[3]&0xF0)|((cal[2]&0xF0)>>4);
+ key[1] = ((cal[4]&0x0F)<<4)|( cal[2]&0x0F);
+ }
+ case 0x03 {
+ /*
+ cal.byte[0] = ((seed.byte[0]&0xF8)>>3)^xorArray[0];
+ cal.byte[1] = ((seed.byte[1]&0xF8)>>3)^xorArray[1];
+ cal.byte[2] = ((seed.byte[2]&0xF8)>>3)^xorArray[2];
+ cal.byte[3] = ((seed.byte[3]&0xF8)>>3)^xorArray[3];
+
+ key.byte[0] = ((cal.byte[3]&0x07)<<5)|(( cal.byte[0]&0xF8)>>3);
+ key.byte[1] = ((cal.byte[0]&0x07)<<5)|(cal.byte[2]&0x1F);
+ key.byte[2] = (cal.byte[1]&0xF8)|((cal.byte[3]&0xE0)>>5);
+ key.byte[3] = (cal.byte[2]&0xF8)|( cal.byte[1]&0x07);
+ */
+ cal[1] = ((seed[1]&0xF8)>>3)^xorArray[1];
+ cal[2] = ((seed[2]&0xF8)>>3)^xorArray[2];
+ cal[3] = ((seed[3]&0xF8)>>3)^xorArray[3];
+ cal[4] = ((seed[4]&0xF8)>>3)^xorArray[4];
+
+ key[1] = ((cal[4]&0x07)<<5)|(( cal[1]&0xF8)>>3);
+ key[2] = ((cal[0]&0x07)<<5)|(cal[3]&0x1F);
+ key[3] = (cal[2]&0xF8)|((cal[4]&0xE0)>>5);
+ key[4] = (cal[3]&0xF8)|( cal[2]&0x07);
+ }
+ case 0x11 {
+ /*
+ cal.byte[0] = seed.byte[0]^xorArray[0];
+ cal.byte[1] = seed.byte[1]^xorArray[1];
+ cal.byte[2] = seed.byte[2]^xorArray[2];
+ cal.byte[3] = seed.byte[3]^xorArray[3];
+
+ key.byte[3] = ((cal.byte[1]&0x03)<<6)|(( cal.byte[0]&0xFC)>>2);
+ key.byte[2] = ((cal.byte[0]&0x03)<<6)|(cal.byte[3]&0x3F);
+ key.byte[1] = (cal.byte[3]&0xFC)|((cal.byte[2]&0xC0)>>6);
+ key.byte[0] = (cal.byte[2]&0xFC)|(cal.byte[1]&0x03);
+ */
+ cal[1] = seed[1]^xorArray[1];
+ cal[2] = seed[2]^xorArray[2];
+ cal[3] = seed[3]^xorArray[3];
+ cal[4] = seed[4]^xorArray[4];
+
+ key[4] = ((cal[2]&0x03)<<6)|(( cal[1]&0xFC)>>2);
+ key[3] = ((cal[1]&0x03)<<6)|(cal[4]&0x3F);
+ key[2] = (cal[4]&0xFC)|((cal[3]&0xC0)>>6);
+ key[1] = (cal[3]&0xFC)|(cal[2]&0x03);
+ }
+ else {
+ }
+ }
+ var pucKey = {0,0,0,0};
+ pucKey[1]=key[4];
+ pucKey[2]=key[3];
+ pucKey[3]=key[2];
+ pucKey[4]=key[1];
+
+ return pucKey;
+}