KITSRUS PROGRAMMER FIRMWARE PROTOCOL P018 AS OF 16 AUGUST 2004

-Revised 1 March 2005, clarifications by Brandon Fosdick and Bob Axtell

-Corrections 21 April 2005, Brandon Fosdick

Introduction

This is a description of the protocol used by a host computer to talk to the Kitsrus DIY line of PIC programmers. These programmers (and this protocol) were derived from the Pocket Programmer originally created by Tony Nixon. At the end of this treatise a short clarification of how the FTDI FT232BM is used in the DIY programmers is presented.

The exchange sequences listed below are from the perspective of the programmer and therefore describe what the programmer expects to send and receive. As such, the sequences are a psuedocode that should be fairly easy for the average coder to sort out. Constructs like SEND(N) indicate that the programmer is going to send N bytes to the host. Similarly, EXPECT(N) indicates that the programmer is waiting for N bytes to be sent from the host. Naturally, a byte is assumed to be 8 bits and the length of a word is dependent upon the PIC being programmed. The serial port setup is 19200,8,N,1 and cannot be changed.

Upon Powerup, the PIC sends two bytes: 'B' (ASCII) + Firmware Type (Byte).

The Firmware Type byte can be decoded as:

Kit Type Code

K128 0

K149-A 1 {RS232 Mode}

K149-B 2 {USB Mode}

K150 3

K170 4 {never implemented}

K182 5 {acts like K128}

K185 0x44 {new design}

Kit	Type Code
K128	0
K149-A	1	{RS232 Mode}
K149-B	2	{USB Mode}
K150	3
K170	4	{never implemented}
K182	5	{acts like K128}
K185	0x44	{new design}

NOTE: This is never seen with USB based programmers since it's sent immediately upon connecting the USB cable. Its nearly impossible to plug in a cable and launch a terminal fast enough to actually see these two bytes. But the host can force a reset by pulsing DTR ON/OFF (K128,K182,K150,K185). The pulse operates in reverse for the K149: OFF/ON;
in fact DTR is normally SET during normal operation of the K149.

Power On Mode

After power-up the programmer waits to hear from the host before going into command mode. The host must send ASCII 'P' (0x50) to convince the programmer to enter command mode. If anything else is sent the programmer returns ASCII 'Q' (0x51) and goes back to waiting for 'P'. When it gets a 'P' it then sends a 'P' and enters command mode. Generally it will never come back here during operation, however the blank check commands do send it back here for some reason.


LOOP
   EXPECT(1) ASCII 'P' (0x50)
   IF 'P'
      SEND(1) ASCII 'P' (0x50)
      GOTO Command Mode
   ELSE
      SEND(1) ASCII 'Q' (0x51)
END LOOP

Command Mode

Once in command mode the programmer waits for a single binary byte indicating the command to execute. The recognized commands and their functions are listed below.

Command Description Sequence Notes

0 Do nothing GOTO Command Mode

1 Quit Command Mode
SEND(1) ASCII 'Q' (0x51) GOTO Power On Mode

2 Echo the next byte and return to command mode
EXPECT(1) - take whatever was sent SEND(1) - send it back GOTO Command Mode

3 INITIALISE PROGRAMMING VARIABLES
EXPECT(1) ROM size High EXPECT(1) ROM size Low EXPECT(1) EEPROM size High EXPECT(1) EEPROM size Low EXPECT(1) Core Type EXPECT(1) Program Flags EXPECT(1) Programming Delay = (0 - 255) × 100µ EXPECT(1) Power Sequence EXPECT(1) Erase Mode EXPECT(1) Number attempts before reporting failure EXPECT(1) Over Program when programming succeeds SEND(1) ASCII 'I' (0x49) GOTO Command Mode

Core Type

0 = 18F6x2x
1 = 18Fx230x330

2 = 18Fxx2xx8

3 = 16F87 88

4 = 12C50x

5 = 12C67x 16C50x 16Cxxx

6 = 16C8x 16F8x 16F87x 16F62x

7 = 16F7x 16F7x7

8 = 12F67x

9 = 16F87xA

10 = 16F818

11 = 16F57

12 = 10Fxxx

Program Flags
Bit 0 = 1

Chip has calibration value ROM word

Bit 1 = 1

Chip has Band Gap value in FUSE

Bit 2 = 1

Sets single panel access for 18F

Bit 3 = 1

Use a much smaller than normal delay between activating Vcc/Vpp1/Vpp2

Power Sequence

0 = VCC only

1 = VCC then VPP1

2 = VCC then VPP2

3 = VPP1 then VCC

4 = VPP2 then VCC

Erase Mode

0 = 16C8x 16F8x 16F87x

1 = 16F7x

2 = 12F67x

3 = I6F7x7

4 = 18Fxxxx

5 = 16F87xA F818 F87

6 = 10Fxxx

7 = 16F57

4 TURN ON PROGRAMMING VOLTAGES
SEND ASCII 'V' (0x56) GOTO Command Mode
Command 3 must be sent at before sending Command 4. Otherwise the programmer will hang.

5 TURN OFF PROGRAMMING VOLTAGES
SEND ASCII 'v' (0x76) GOTO Command Mode

6 CYCLE PROGRAMMING VOLTAGES OFF THEN BACK ON
SEND ASCII 'V' (0x56) GOTO Command Mode
Command 3 must be sent before sending Command 6. Otherwise the programmer will hang.

7 PROGRAM ROM
EXPECT(1) Program word count High EXPECT(1) Program word count Low LOOP - Programming loop IF no programming error IF all words programmed SEND(1) ASCII 'P' (0x50) GOTO Command Mode ELSE SEND(1) ASCII 'Y' (0x59) EXPECT(32) 32 program bytes (in High, Low order) ELSE SEND(1) ASCII 'N' (0x4E) SEND(1) Current Address High SEND(1) Current Address Low SEND(1) Bad ROM word High SEND(1) Bad ROM word Low GOTO Command Mode END LOOP

The programming variables must have been initialized before sending this command.

The word count sent to the programmer must be the actual number of words in the program. However, the programmer works with 32 byte chunks and will always ask for at least 64 bytes, regardless of program length. The extra bytes that it requests are ignored, and therefore can be garbage.

8 PROGRAM EEPROM
EXPECT(1) EEPROM byte count High EXPECT(1) EEPROM byte count Low SEND(1) ASCII 'Y' (0x59) LOOP - Programming loop EXPECT(1) EEPROM byte x EXPECT(1) EEPROM byte x + 1 IF all bytes programmed SEND(1) ASCII 'P' (0x50) GOTO Command Mode ELSE SEND(1) ASCII 'Y' (0x59) END LOOP GOTO Command Mode

The programming variables must have been initialized before sending this command.

Byte count must be a multiple of 2 (an even number), use a pad byte if necessary

The programmer will always request two extra bytes, the values of which will be ignored.

9 PROGRAM Configuration Words
EXPECT(1) ASCII '0' (0x30) EXPECT(1) ASCII '0' (0x30) EXPECT(22) config bytes SEND(1) ASCII 'Y' (0x59) GOTO Command Mode

The programming variables must have been initialized before sending this command.

For 14bit PICs this function programs both ID and Fuse, but for 16bit PICs it only programs the ID bytes and saves the fuses for later (use command 17)

Config Bytes for a 14 bit PIC

ID1 ID2 ID3 ID4 'F' 'F' 'F' 'F' (ASCII)

FUSE Value Low

FUSE Value High

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

0xFF (Byte)

Config Bytes for a 16 bit PIC

ID1 ID2 ID3 ID4 1D5 1D6 1D7 1D8

FUSE1 Value Low

FUSE1 Value High

FUSE2 Value Low

FUSE2 Value High

FUSE3 Value Low

FUSE3 Value High

FUSE4 Value Low

FUSE4 Value High

FUSE5 Value Low

FUSE5 Value High

FUSE6 Value Low

FUSE6 Value High

FUSE7 Value Low

FUSE7 Value High

10 PROGRAM CALIBRATION
EXPECT(1) Calibration High EXPECT(1) Calibration Low EXPECT(1) FUSE High EXPECT(1) FUSE Low IF Calibration Error SEND(1) ASCII 'C' (0x43) IF Fuse Error SEND(1) ASCII 'F' (0x46) IF No Errors SEND(1) ASCII 'Y' (0x59) GOTO Command Mode

11 READ ROM
LOOP - for all ROM words starting at address zero SEND(1) ROM word High SEND(1) ROM word Low IF received a byte GOTO Command Mode END LOOP GOTO Command Mode
This command will abort if a byte is received from the PC while transferring

12 READ EEPROM
LOOP - for all EEPROM bytes starting at address zero SEND(1) EEPROM byte IF received a byte GOTO Command Mode END LOOP GOTO Command Mode
This command will abort if a byte is received from the PC while transferring

13 READ CONFIGURATION
SEND(1) ASCII 'C' (0x43) SEND(26) Content depends on chip, or 0xFF if unused GOTO Command Mode

Configuration Format

ChipID_L (Byte)

ChipID_H (Byte)

ID1 (Byte)

ID2 (Byte)

ID3 (Byte)

ID4 (Byte)

ID5 (Byte)

ID6 (Byte)

ID7 (Byte)

ID8 (Byte)

Fuse1_L (Byte)

Fuse1_H (Byte)

Fuse2_L (Byte) can also be CAL word #1 or address 0x2008, or 10Fxxx Backup CAL word

Fuse2_H (Byte)

Fuse3_L (Byte) can also be CAL word #2 or address 0x2009

Fuse3_H (Byte)

Fuse4_L (Byte)

Fuse4_H (Byte)

Fuse5_L (Byte)

Fuse5_H (Byte)

Fuse6_L (Byte)

Fuse6_H (Byte)

Fuse7_L (Byte)

Fuse7_H (Byte)

Calibrate_L (Byte)

Calibrate_H (Byte)

14 ERASE CHIP
SEND(1) ASCII 'Y' (0x59)

15 ERASE CHECK ROM
EXPECT(1) Value of the high byte of a blank ROM word IF All ROM checked IF All Blank SEND(1) ASCII 'Y' (0x59) ELSE IF Cal word not blank SEND(1) ASCII 'C' (0x43) ELSE SEND(1) ASCII 'N' (0x4E) ELSE SEND(1) ASCII 'B' (0x42) after every 256 blank words GOTO Command Mode
For example, the high byte of the blank value for a 14 bit PIC is 0x3F and for a 16 bit PIC is 0xFF

16 ERASE CHECK EEPROM
IF All Blank SEND(1) ASCII 'Y' (0x59) ELSE SEND(1) ASCII 'N' (0x4E) GOTO Command Mode

17 PROGRAM 18Fxxxx FUSE
SEND(1) ASCII 'Y' (0x59) GOTO Command Mode
Programs the Fuses that were sent as part of command 9

18 CHIP IN SOCKET DETECT
SEND(1) ASCII 'A' (0x41) IF Chip is in socket SEND(1) ASCII 'Y' (0x59) GOTO Power On Mode

19 CHIP OUT OF SOCKET DETECT
SEND(1) ASCII 'A' (0x41) IF Chip is not in socket SEND(1) ASCII 'Y' (0x59) GOTO Power On Mode

20 GET VERSION
SEND(1) Firmware Version (See firmware version table) GOTO Command Mode

21 GET PROTOCOL
SEND(4) Protocol version string ("P018") GOTO Command Mode

22 PROGRAM DEBUG VECTOR
EXPECT(1) High address of DEBUG vector EXPECT(1) Mid address of DEBUG vector EXPECT(1) Low address of DEBUG vector IF Success SEND(1) ASCII 'Y' (0x59) ELSE SEND(1) ASCII 'N' (0x4E) GOTO Command Mode

23 READ DEBUG VECTOR
SEND(1) 0xEF SEND(1) High address of DEBUG vector SEND(1) Mid address of DEBUG vector SEND(1) Low address of DEBUG vector GOTO Command Mode

24 PROGRAM CAL DATA FOR 10Fxxx
EXPECT(1) Calibration High EXPECT(1) Calibration Low EXPECT(1) Backup Calibration High EXPECT(1) Backup Calibration Low IF Calibration Error SEND(1) ASCII 'C' (0x43) IF Backup Calibration Error SEND(1) ASCII 'B' (0x42) IF No Errors SEND(1) ASCII 'Y' (0x59) GOTO Command Mode

Command	Description	Sequence	Notes
0	Do nothing	`GOTO Command Mode`
1	Quit Command Mode	`SEND(1) ASCII 'Q' (0x51) GOTO Power On Mode`
2	Echo the next byte and return to command mode	`EXPECT(1) - take whatever was sent SEND(1) - send it back GOTO Command Mode`
3	INITIALISE PROGRAMMING VARIABLES	`EXPECT(1) ROM size High EXPECT(1) ROM size Low EXPECT(1) EEPROM size High EXPECT(1) EEPROM size Low EXPECT(1) Core Type EXPECT(1) Program Flags EXPECT(1) Programming Delay = (0 - 255) × 100µ EXPECT(1) Power Sequence EXPECT(1) Erase Mode EXPECT(1) Number attempts before reporting failure EXPECT(1) Over Program when programming succeeds SEND(1) ASCII 'I' (0x49) GOTO Command Mode`	Core Type 0 = 18F6x2x 1 = 18Fx230x330 2 = 18Fxx2xx8 3 = 16F87 88 4 = 12C50x 5 = 12C67x 16C50x 16Cxxx 6 = 16C8x 16F8x 16F87x 16F62x 7 = 16F7x 16F7x7 8 = 12F67x 9 = 16F87xA 10 = 16F818 11 = 16F57 12 = 10Fxxx Program Flags Bit 0 = 1 Chip has calibration value ROM word Bit 1 = 1 Chip has Band Gap value in FUSE Bit 2 = 1 Sets single panel access for 18F Bit 3 = 1 Use a much smaller than normal delay between activating Vcc/Vpp1/Vpp2 Power Sequence 0 = VCC only 1 = VCC then VPP1 2 = VCC then VPP2 3 = VPP1 then VCC 4 = VPP2 then VCC Erase Mode 0 = 16C8x 16F8x 16F87x 1 = 16F7x 2 = 12F67x 3 = I6F7x7 4 = 18Fxxxx 5 = 16F87xA F818 F87 6 = 10Fxxx 7 = 16F57
4	TURN ON PROGRAMMING VOLTAGES	`SEND ASCII 'V' (0x56) GOTO Command Mode`	Command 3 must be sent at before sending Command 4. Otherwise the programmer will hang.
5	TURN OFF PROGRAMMING VOLTAGES	`SEND ASCII 'v' (0x76) GOTO Command Mode`
6	CYCLE PROGRAMMING VOLTAGES OFF THEN BACK ON	`SEND ASCII 'V' (0x56) GOTO Command Mode`	Command 3 must be sent before sending Command 6. Otherwise the programmer will hang.
7	PROGRAM ROM	`EXPECT(1) Program word count High EXPECT(1) Program word count Low LOOP - Programming loop IF no programming error IF all words programmed SEND(1) ASCII 'P' (0x50) GOTO Command Mode ELSE SEND(1) ASCII 'Y' (0x59) EXPECT(32) 32 program bytes (in High, Low order) ELSE SEND(1) ASCII 'N' (0x4E) SEND(1) Current Address High SEND(1) Current Address Low SEND(1) Bad ROM word High SEND(1) Bad ROM word Low GOTO Command Mode END LOOP`	The programming variables must have been initialized before sending this command. The word count sent to the programmer must be the actual number of words in the program. However, the programmer works with 32 byte chunks and will always ask for at least 64 bytes, regardless of program length. The extra bytes that it requests are ignored, and therefore can be garbage.
8	PROGRAM EEPROM	`EXPECT(1) EEPROM byte count High EXPECT(1) EEPROM byte count Low SEND(1) ASCII 'Y' (0x59) LOOP - Programming loop EXPECT(1) EEPROM byte x EXPECT(1) EEPROM byte x + 1 IF all bytes programmed SEND(1) ASCII 'P' (0x50) GOTO Command Mode ELSE SEND(1) ASCII 'Y' (0x59) END LOOP GOTO Command Mode`	The programming variables must have been initialized before sending this command. Byte count must be a multiple of 2 (an even number), use a pad byte if necessary The programmer will always request two extra bytes, the values of which will be ignored.
9	PROGRAM Configuration Words	`EXPECT(1) ASCII '0' (0x30) EXPECT(1) ASCII '0' (0x30) EXPECT(22) config bytes SEND(1) ASCII 'Y' (0x59) GOTO Command Mode`	The programming variables must have been initialized before sending this command. For 14bit PICs this function programs both ID and Fuse, but for 16bit PICs it only programs the ID bytes and saves the fuses for later (use command 17) Config Bytes for a 14 bit PIC ID1 ID2 ID3 ID4 'F' 'F' 'F' 'F' (ASCII) FUSE Value Low FUSE Value High 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) 0xFF (Byte) Config Bytes for a 16 bit PIC ID1 ID2 ID3 ID4 1D5 1D6 1D7 1D8 FUSE1 Value Low FUSE1 Value High FUSE2 Value Low FUSE2 Value High FUSE3 Value Low FUSE3 Value High FUSE4 Value Low FUSE4 Value High FUSE5 Value Low FUSE5 Value High FUSE6 Value Low FUSE6 Value High FUSE7 Value Low FUSE7 Value High
10	PROGRAM CALIBRATION	`EXPECT(1) Calibration High EXPECT(1) Calibration Low EXPECT(1) FUSE High EXPECT(1) FUSE Low IF Calibration Error SEND(1) ASCII 'C' (0x43) IF Fuse Error SEND(1) ASCII 'F' (0x46) IF No Errors SEND(1) ASCII 'Y' (0x59) GOTO Command Mode`
11	READ ROM	`LOOP - for all ROM words starting at address zero SEND(1) ROM word High SEND(1) ROM word Low IF received a byte GOTO Command Mode END LOOP GOTO Command Mode`	This command will abort if a byte is received from the PC while transferring
12	READ EEPROM	`LOOP - for all EEPROM bytes starting at address zero SEND(1) EEPROM byte IF received a byte GOTO Command Mode END LOOP GOTO Command Mode`	This command will abort if a byte is received from the PC while transferring
13	READ CONFIGURATION	`SEND(1) ASCII 'C' (0x43) SEND(26) Content depends on chip, or 0xFF if unused GOTO Command Mode`	Configuration Format ChipID_L (Byte) ChipID_H (Byte) ID1 (Byte) ID2 (Byte) ID3 (Byte) ID4 (Byte) ID5 (Byte) ID6 (Byte) ID7 (Byte) ID8 (Byte) Fuse1_L (Byte) Fuse1_H (Byte) Fuse2_L (Byte) can also be CAL word #1 or address 0x2008, or 10Fxxx Backup CAL word Fuse2_H (Byte) Fuse3_L (Byte) can also be CAL word #2 or address 0x2009 Fuse3_H (Byte) Fuse4_L (Byte) Fuse4_H (Byte) Fuse5_L (Byte) Fuse5_H (Byte) Fuse6_L (Byte) Fuse6_H (Byte) Fuse7_L (Byte) Fuse7_H (Byte) Calibrate_L (Byte) Calibrate_H (Byte)
14	ERASE CHIP	`SEND(1) ASCII 'Y' (0x59)`
15	ERASE CHECK ROM	`EXPECT(1) Value of the high byte of a blank ROM word IF All ROM checked IF All Blank SEND(1) ASCII 'Y' (0x59) ELSE IF Cal word not blank SEND(1) ASCII 'C' (0x43) ELSE SEND(1) ASCII 'N' (0x4E) ELSE SEND(1) ASCII 'B' (0x42) after every 256 blank words GOTO Command Mode`	For example, the high byte of the blank value for a 14 bit PIC is 0x3F and for a 16 bit PIC is 0xFF
16	ERASE CHECK EEPROM	`IF All Blank SEND(1) ASCII 'Y' (0x59) ELSE SEND(1) ASCII 'N' (0x4E) GOTO Command Mode`
17	PROGRAM 18Fxxxx FUSE	`SEND(1) ASCII 'Y' (0x59) GOTO Command Mode`	Programs the Fuses that were sent as part of command 9
18	CHIP IN SOCKET DETECT	`SEND(1) ASCII 'A' (0x41) IF Chip is in socket SEND(1) ASCII 'Y' (0x59) GOTO Power On Mode`
19	CHIP OUT OF SOCKET DETECT	`SEND(1) ASCII 'A' (0x41) IF Chip is not in socket SEND(1) ASCII 'Y' (0x59) GOTO Power On Mode`
20	GET VERSION	`SEND(1) Firmware Version (See firmware version table) GOTO Command Mode`
21	GET PROTOCOL	`SEND(4) Protocol version string ("P018") GOTO Command Mode`
22	PROGRAM DEBUG VECTOR	`EXPECT(1) High address of DEBUG vector EXPECT(1) Mid address of DEBUG vector EXPECT(1) Low address of DEBUG vector IF Success SEND(1) ASCII 'Y' (0x59) ELSE SEND(1) ASCII 'N' (0x4E) GOTO Command Mode`
23	READ DEBUG VECTOR	`SEND(1) 0xEF SEND(1) High address of DEBUG vector SEND(1) Mid address of DEBUG vector SEND(1) Low address of DEBUG vector GOTO Command Mode`
24	PROGRAM CAL DATA FOR 10Fxxx	`EXPECT(1) Calibration High EXPECT(1) Calibration Low EXPECT(1) Backup Calibration High EXPECT(1) Backup Calibration Low IF Calibration Error SEND(1) ASCII 'C' (0x43) IF Backup Calibration Error SEND(1) ASCII 'B' (0x42) IF No Errors SEND(1) ASCII 'Y' (0x59) GOTO Command Mode`

USB DEVICE FT232BM

The FT232BM is a USB-driven USB1.1 to RS232 converter. It allows an RS232 design to be used in a non-RS232 environment. The device works very well for that purpose. The way we use the device, no known issues have arisen.

As implemented in DIY programmers, the FT232BM is NOT provided with PnP strings (PnP ID Strings are used by the Windows / Linux host to assist in installing drivers) so this makes the drivers more difficult to install. DIY depends on standard non-PnP VCP drivers provided by FTDI. Win98 (an especially stupid O/S) is sometimes very difficult to install the drivers in; when a problem occurs, the old drivers MUST be physically removed from the path before re-installing a second time.

Normally, when the programmer is first installed, the VCP driver assigns a fixed"COMM PORT" value to the channel. Every time the USB cable is removed and inserted normally,that same port value is always used. But if the VCP driver detects an error, it RELEASESthat port, which then might be reassigned to possibly another port. This can occur withK149/K150 units when the POWER to the unit is removed before the USB cable is removed. So to prevent port reassignment, the user should remember to INSERT USB Cable LAST when powering up, and REMOVE USB Cable FIRST when powering down. This eliminates 90% of the driver issues with DIY programmers.

Programming Sequence

Preliminary...

Initialize Programming Variables - Command 3
Turn on Programming Voltages - Command 4
If programming ROM - Command 7
If programming EEPROM - Command 8
If programming config - Command 9
If programming Fuses for 18F - Command 17
Turn off Programming Voltages - Command 5

Built by Text2Html