-
Notifications
You must be signed in to change notification settings - Fork 92
HydraFW Binary mode guide
This guide is updated towards firmware release HydraFW v0.11 and later
Like the bus pirate, HydraBus can be used inwith a more compact protocol which allows scripting its usage
- Syntax is similar to bus pirate (where applicable)
- Currently supported modes :
- Raw-wire
- 2-WIRE (Since 3679dc0601220ee4ac897d7e3af4cb59b545e984)
- 3-WIRE (Since a9681c5e39155f7ae1b6e1b2668950ef70b1223b)
- I2C (Since 53ab788fa02beac41ae7e1d3e392f5bc38fd8b83)
- SPI (Since a6c9697a7f69feabd5f0452d7940fcfad4630b5e)
- JTAG/OpenOCD (Since f5350d1e25358f6e86d496d035a172ea5c7baa81)
- CAN (Since da87a52f0078185c5a3df9d2279181216ec442a1)
- PIN (Since e9451c71dfbe44fe5623be493c0cfa1c307aae29)
- NAND Flash (Since 0685c439a9765073dd5848872f7f174ed7bbe8aa)
- SMARTCARD (Since e93be6ced16bcbc0faacd2ac24fa5fa1bedf6d0e)
- NFC Reader (Since 0264ac7515d2811576b6db2af00ab7878686ee3e)
- MMC (Since 532e4ed70666062f10f2fe47bd6108e64f4e9e10)
- SDIO (Since 28deb4fdfefc1e2d2a41c364197147b16e42d8c3)
- Auxiliary pins (Since 858de3f1fe260b07ad0d0893f3bded5ee730b018)
- Raw-wire
Note All hex (0x00
) or binary (0b00000000
) values below represent a raw byte, not an ASCII string.
Send 20 0x00
(null bytes) to Hydrabus. It should then respond with the string BBIO1
-
0b00000000
Reset binary mode. ReturnsBBIO1
-
0b00000001
SPI mode ReturnsSPI1
-
0b00000010
I2C mode ReturnsI2C1
-
0b00000011
UART mode ReturnsART1
-
0b00000100
1-Wire mode Returns1W01
-
0b00000101
Raw-wire mode ReturnsRAW1
-
0b00000110
JTAG/OpenOCD mode. ReturnsOCD1
-
0b00001000
CAN mode ReturnsCAN1
-
0b00001001
PIN mode ReturnsPIN1
-
0b00001010
NAND Flash mode ReturnsFLA1
-
0b00001011
SMARTCARD mode ReturnsCRD1
-
0b00001100
NFC Reader mode ReturnsNFC1
-
0b00001101
MMC mode ReturnsMMC1
-
0b00001110
SDIO mode ReturnsSDI1
-
0b00001111
Returns to console mode. (Ctrl-O (SI) can be pressed if you need to exit Binary Mode from a Console Terminal app). ReturnsHydrabus
-
0b00010100
Read ADC (PA1). Returns 2 bytes with the ADC value (big-endian). -
0b00010101
Read ADC (PA1) continuously. Returns ADC values continuously. Stop by sending0x00
. -
0b00010110
Read PWM frequency (PC6). Returns frequency in Hz (4 bytes), then duty cycle in % (4 bytes).
-
0b11000000
Read auxiliary pins -
0b1101wxyz
Write auxiliary pins -
0b11100000
Read auxiliary pins mode -
0b11110000
Set auxiliary pins mode
Auxiliary-pins are not available for all BBIO modes see each BBIO mode to check if available.
For more details on Binary Auxiliary-pins see https://github.com/hydrabus/hydrafw/wiki/Auxiliary-pins
Information about the bus pirate binary mode is available here : http://dangerousprototypes.com/2009/10/09/bus-pirate-raw-bitbang-mode/
In order to use Binary mode on any computer see Python 3.6+ library https://github.com/hydrabus/pyHydrabus
- CHANGELOG
- Console commands
- Binary mode guide
-
NFC/HydraNFC v1 guide
- Read UID of an ISO/IEC_14443 Tag
- Read UID and data of a MIFARE Ultralight Tag
- Read UID of an ISO/IEC 15693 Tag
- Emul ISO14443a Tag
- Emul MIFARE Ultralight Tag
- Emul Mifare Classic Tag
- Unique NFC sniffer design
- Launch NFC sniffer from console
- Sniffer ISO14443A wireshark pcap
- Autonomous/stand-alone sniffer mode
- Sniffer ISO14443A real-time infinite trace mode
- HydraFW-HydraNFC-v1.x-TRF7970A-Tutorial