Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

highest address. Non-contiguous address jumping is only allowed, if the host/PC program sends the
PROGRAM_COMPLETE command in between the non-continuous address regions.
3. After sending one or more PROGRAM_DEVICE packets, the host/PC software must send the PROGRAM_COMPLETE
command once the end of the region is reached (of if it wants to abort operation of the entire region). The microcontroller
firmware is allowed to buffer up received bytes intended for programming, without necessarily committing all of them to
the non-volatile memory, until the PROGRAM_COMPLETE command is issued by the host/PC software.
1.6.3.2 Implementation Details
This section discusses the lower level details of the boot loader and how it was implemented.
Description
1.6.3.2.1 Command Set
Details the commands implemented in the HID boot loader example.
Description
The host application GUI program communicates with the USB HID bootloader firmware using a set of 9 commands. The
host application is the “master” of the bootloading operation, and is responsible for issuing commands to the bootloader
firmware that is responsible for fulfilling the requests.
All commands that the host application sends to the microcontroller firmware are fixed 64-byte USB packets that are sent
over the HID interrupt OUT endpoint to the device. Some commands that the host software sends to the microcontroller
firmware require that the firmware responds with a fixed 64-byte response packet on the HID interrupt IN endpoint, while
other commands require no response.
The first byte of the packet is always the command for the current packet. The remaining 63 bytes are command-specific
information, where required. The commands are listed and summarized below.
Command Byte
(Hex)
Command Device Response Packet
Expected
02 QUERY_DEVICE Yes
03 UNLOCK_CONFIG No
04 ERASE_DEVICE No
05 PROGRAM_DEVICE No
06 PROGRAM_COMPLETE No
07 GET_DATA Yes
08 RESET_DEVICE No
09 SIGN_FLASH No
0C QUERY_EXTENDED_INFO Yes
1.6.3.2.1.1 QUERY_DEVICE
The QUERY_DEVICE command (0x02) is a request from the host to determine the valid memory ranges that are allowed to
be programmed, among other things about the microcontroller.
Description
The QUERY_DEVICE command (0x02) is a request from the host to determine the valid memory ranges that are allowed to
be programmed, among other things about the microcontroller. This information can be obtained by the PC GUI application
by sending the QUERY_DEVICE command, and then reading back the response packet which will describe the device’s
programmable regions (ex: application firmware, EEPROM, and User ID programmable region addresses/size). The
1.6 Demos MLA - USB Library Help Device - Boot Loader - HID
243

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh