# C update and install


In this lesson we will be writing the C code for the bootloader that will receive firmware updates from
the update tool (which you wrote in `protect_and_update`!). You will need to implement the update functionality
as well as the install functionality!


### Challenge Name: c_update_short (/embsec/c_update_and_install/c_update_short)


For this challenge you will implement a basic bootloader update routine for the design challenge.
This routine will match the update tool which you wrote in a `protect_and_update`. For this impelementation you don't need
to worry about validating or securing the bootloader. Here we will just focus on writing an 'insecure' bootloader.

Some of the code has been written for you. Look for the 'TODOs' and to write the function that reads frames from
the update tool and writes them to flash!

You are familiar with the format of the binary blob, since you constructed in with fw_protect.
The update tool will send frames of the following format:

      [ 0x2 ]    [ variable ]
    ----------------------------
    frame size |   data... 

Process:

1. Wait until you receive a 'U' on UART1
2. Send a 'U' on UART1 to confirm
3. Receive frames and write them to flash
4. Stop when a zero-length frame is received

The code you have been given has a function that will run to check your work. If you wrote the code
correctly, you'll get a flag!

In this challenge you will be send a *short* firmware, so you can quickly test your code (as the update
process takes a while, and we want you to be able to get some fast feedback). The next challenge is the same
as this one, but you will be sent a much longer firmware that will check your code for edge cases!




In [None]:
import embsec
import subprocess
from core.util import extract_flag

def c_update_short():
    subprocess.check_output([f'(cd c_update_short && make CHALLENGE=c_update_short)'], shell=True)
    resp0, resp1, resp2 = embsec.grade_emulated(f'./c_update_short/gcc/main.bin', f'/embsec/c_update_and_install/c_update_short')
    stdout, stdin = resp2
    return (extract_flag(stdout))
    
c_update_short()



./src/c_update_short.c: In function 'load_initial_firmware':
  109 |   uint16_t msg_len = strlen(initial_msg)+1;
      |                      ^~~~~~
./src/c_update_short.c:14:1: note: include '<string.h>' or provide a declaration of 'strlen'
   13 | #include "uart.h"
  +++ |+#include <string.h>
   14 | 
  145 |     memcpy(temp_buf, initial_data + (i*FLASH_PAGESIZE), rem_fw_bytes);
      |     ^~~~~~
./src/c_update_short.c:145:5: note: include '<string.h>' or provide a declaration of 'memcpy'
./src/c_update_short.c: In function 'load_firmware':
  179 |   uint32_t received_fw_bytes = 0;
      |            ^~~~~~~~~~~~~~~~~
  176 |   uint32_t page_addr = FW_BASE;
      |            ^~~~~~~~~
  175 |   uint32_t data_index = 0;
      |            ^~~~~~~~~~
  171 |   int frame_length = 0;
      |       ^~~~~~~~~~~~
./src/c_update_short.c: In function 'verify_flash_contents':
  306 |   uart_write_str(UART1, resp_buff);
      |                         ^~~~~~~~~
      |                        

QEMU 5.1.0 monitor - type 'help' for more information
(qemu) 

qemu-system-arm: -serial tcp:0.0.0.0:13337,server: info: QEMU waiting for connection on: disconnected:tcp:0.0.0.0:13337,server
qemu-system-arm: -serial tcp:0.0.0.0:13338,server: info: QEMU waiting for connection on: disconnected:tcp:0.0.0.0:13338,server
qemu-system-arm: -serial tcp:0.0.0.0:13339,server: info: QEMU waiting for connection on: disconnected:tcp:0.0.0.0:13339,server


Version: 3
Size: 16 bytes

Waiting for bootloader to enter update mode...
UART2 >> bytearray(b'Welcome to the BWSI Vehicle Update Service!\nSend "U" to update, and "B" to run the firmware.\nWriting')
UART1 >> bytearray(b'U')
UART2 >> bytearray(b' 0x20 to UART0 will reset the device.\n')
UART1 >> bytearray(b'\x00\x03\x00\x00\x00\x00\x00')


Process CUpdateShort-1:
Traceback (most recent call last):
  File "/opt/conda/lib/python3.9/multiprocessing/process.py", line 315, in _bootstrap
    self.run()
  File "/opt/conda/lib/python3.9/site-packages/core/challenge.py", line 78, in run
    self.grader(*self.grader_pttys)
  File "/opt/conda/lib/python3.9/site-packages/embsec/lessons/c_update_and_install/c_update_and_install.py", line 147, in c_update_short_grader
    update_firmware(ser=ser1, infile='firmware_short.blob', debug=False)
  File "/opt/conda/lib/python3.9/site-packages/embsec/lessons/protect_and_update/fw_update.py", line 97, in update_firmware
    send_frame(ser, frame, debug=debug)
  File "/opt/conda/lib/python3.9/site-packages/embsec/lessons/protect_and_update/fw_update.py", line 68, in send_frame
    raise RuntimeError("ERROR: Bootloader responded with {}".format(repr(resp)))
RuntimeError: ERROR: Bootloader responded with bytearray(b'\x03')


### Challenge Name: c_update_long (/embsec/c_update_and_install/c_update_long)


This challenge is exactly the same as `c_update_short`, but you will be sent a *much* larger firmware during
the update process! This will test your ability to write across flash pages ... spooky!

Copy in the C code you wrote in the previous challenge, and make edits as needed to fix any bugs you find!

If the previous challenge works but this one does not, the issue is probably related to writing across pages!
If you wrote the code correctly, you'll get a flag!



In [None]:
import embsec
import subprocess
from core.util import extract_flag

def c_update_long():
    subprocess.check_output([f'(cd c_update_long && make CHALLENGE=c_update_long)'], shell=True)
    resp0, resp1, resp2 = embsec.grade_emulated(f'./c_update_long/gcc/main.bin', f'/embsec/c_update_and_install/c_update_long')
    stdout, stdin = resp2
    return (extract_flag(stdout))
    
c_update_long()

