Wrapper library for avrdude

2
votes

The problem: Through an Android app, be able to programmatically verify arduino flash contents to ensure it has not been changed (maliciously)

I am able to do that with avrdude using the command as below in the android adb shell

avrdude -C/data/data/com.myapp.avrdude/local/etc/avrdude.conf -v -patmega2560 -cstk500v2 -P/dev/ttyACM0 -b115200 -D -Uflash:v:firmware.hex:i

This works well with arduino, but the problem comes in when I want to do the same with a board that uses an FTDI chip. When it's connected to the android device it does not show up in /dev/ location.

On a linux machine the arduino device appears as /dev/ttyACM0, and the FTDI device is /dev/ttyUSB0. The problem is the FTDI device does not appear on android therefore the avrdude command above becomes useless.

I do not want to build the kernel driver for FTDI as specified here

The approach I want to go with which I think is most viable is to find/build a simple java wrapper for avrdude that interacts with the usb device at a higher level, this way I can make use of the FTDI java library to execute a command to verify flash.

Is this approach viable? If not, what is the best way to approach this problem?

2
androidarduinoftdiavrdude

2 Answers

1
votes

Looking at the FTDI site, it looks as though there may be a driver for some FTDI ICs: FTDI Android Driver You may then well be building avrdude again in java ha.

I have used avrdude often when using arduino...mainly to remote re-format/upgrade firmware on a 3D printer from a raspberrypi...

I'd go

1) Look into the Arduino Driver...

2) if fail...Maybe try down the avenue of running C programs in java? So you can package avrdude with your app?

3) XY Problem -> Why not look at other avenues...The only way to really pop malicious firmware on is with physical access to the device and with a user that has the prior source code (you can set lock bits to prevent reading EEPROM). Even a timestamped and UUID 1024bit AES token/JWT like thing could be used on startup to verify the build?

https://en.wikipedia.org/wiki/Java_Native_Interface
1
votes

building for JNI won't help while avrdude wasn't built with FTDI support.

I've downloaded avrdude-6.3.tar.gz and ran ./configure --enable-linuxgpio:

Configuration summary:
----------------------
...
DON'T HAVE libftdi1
DON'T HAVE libftdi
...

when looking for it:

$ sudo yum whatprovides */libftdi1

it gives me:

libftdi-devel-1.1-4.el7.x86_64 : Header files and static libraries for libftdi
Filename : /usr/include/libftdi1

sudo yum install libftdi-devel also installs libconfuse. it also needs flex and bison.

there are even drivers for D2XX and FT4222H.

see AN_357 Android D2XX Demo Application for FT4222H.

and there are builds for ARM libft4222-linux-1.4.1.231.tgz

... which would go into the jniLibs/armeabi directory.

it depends which chipset it is, but the TN 134 FTDI Android D2XX Driver states:

To accompany the native D2XX library, FTDI have provided a Java class and a JNI wrapper which can be easily included in an application. The class provides access to all of the classic D2XX functions including EEPROM functions.

it even comes with a video install guide.

also found the Arduino build-script for avrdude.