brianddk/trezor_one_fw_upgrade.cmd

## trezor_one_fw_upgrade.cmd
@echo off
rem choco install -y openssl.light
rem choco install -y wget
rem choco install -y cygwin
rem tail -c +257 trezor.signed.bin | sha256sum
rem https://crt.sh/?q=26AFA022ADC5EE7E41A5226C1DE336D438F1AD0F
setlocal
set tail=%ChocolateyToolsLocation%\cygwin\bin\tail.exe
set sha256sum=%ChocolateyToolsLocation%\cygwin\bin\sha256sum.exe
set openssl="%ProgramFiles%\OpenSSL\bin\openssl.exe"
set py37dir=C:\Python37
set expected_ssl_fingerprint=26:AF:A0:22:AD:C5:EE:7E:41:A5:22:6C:1D:E3:36:D4:38:F1:AD:0F
set wserver=beta-wallet.trezor.io
set wpath=data/firmware/1
set release_file=releases.json
set fw_dir_uri=https://%wserver%/%wpath%

set fcmd=^^^< NUL %openssl% s_client -connect %wserver%:443 2^^^>NUL ^^^| %openssl% x509 -fingerprint -noout 2^^^>NUL
for /f "tokens=2 delims==" %%I in ('%fcmd%') do set actual_ssl_fingerprint=%%I
if %actual_ssl_fingerprint%==%expected_ssl_fingerprint% (call :GoodSSL) else (call :BadSSL)
goto :eof

:GoodSSL
  if exist %release_file% del %release_file%
  wget --quiet %fw_dir_uri%/%release_file%
  set fcmd=findstr url %release_file%
  for /f "tokens=2 delims=:, " %%I in ('%fcmd%') do if not defined release_bin_uri set release_bin_uri=%%~I
  set fcmd=findstr fingerprint %release_file%
  for /f "tokens=2 delims=:, " %%I in ('%fcmd%') do if not defined expected_bin_fingerprint set expected_bin_fingerprint=%%~I
  for %%I in (%release_bin_uri%) do set release_bin=%%~nxI
  if exist %release_bin% del %release_bin%
  wget --quiet https://%wserver%/%release_bin_uri%
  set chkcmd=%tail% -c +257 %release_bin% ^^^| %sha256sum%
  for /f %%I in ('%chkcmd%') do set actual_bin_fingerprint=%%I
  if %expected_bin_fingerprint%==%actual_bin_fingerprint% (call :GoodFP %release_bin% %expected_bin_fingerprint%) else (call :BadFP)
exit /b

:GoodFP
  echo %py37dir%\python.exe %py37dir%\Scripts\trezorctl firmware-update --filename %1 --fingerprint %2
  echo Firmware looks good, plug in while in bootloader mode, then hit enter
  pause
  %py37dir%\python.exe %py37dir%\Scripts\trezorctl firmware-update --filename %1 --fingerprint %2
exit /b

:BadFP
  echo Firmware Fingerprint Mismatch
exit /b -2

:BadSSL
  echo SSL Fingerprint Mismatch
exit /b -1
endlocal
	@echo off
	rem choco install -y openssl.light
	rem choco install -y wget
	rem choco install -y cygwin
	rem tail -c +257 trezor.signed.bin \| sha256sum
	rem https://crt.sh/?q=26AFA022ADC5EE7E41A5226C1DE336D438F1AD0F
	setlocal
	set tail=%ChocolateyToolsLocation%\cygwin\bin\tail.exe
	set sha256sum=%ChocolateyToolsLocation%\cygwin\bin\sha256sum.exe
	set openssl="%ProgramFiles%\OpenSSL\bin\openssl.exe"
	set py37dir=C:\Python37
	set expected_ssl_fingerprint=26:AF:A0:22:AD:C5:EE:7E:41:A5:22:6C:1D:E3:36:D4:38:F1:AD:0F
	set wserver=beta-wallet.trezor.io
	set wpath=data/firmware/1
	set release_file=releases.json
	set fw_dir_uri=https://%wserver%/%wpath%

	set fcmd=^^^< NUL %openssl% s_client -connect %wserver%:443 2^^^>NUL ^^^\| %openssl% x509 -fingerprint -noout 2^^^>NUL
	for /f "tokens=2 delims==" %%I in ('%fcmd%') do set actual_ssl_fingerprint=%%I
	if %actual_ssl_fingerprint%==%expected_ssl_fingerprint% (call :GoodSSL) else (call :BadSSL)
	goto :eof

	:GoodSSL
	if exist %release_file% del %release_file%
	wget --quiet %fw_dir_uri%/%release_file%
	set fcmd=findstr url %release_file%
	for /f "tokens=2 delims=:, " %%I in ('%fcmd%') do if not defined release_bin_uri set release_bin_uri=%%~I
	set fcmd=findstr fingerprint %release_file%
	for /f "tokens=2 delims=:, " %%I in ('%fcmd%') do if not defined expected_bin_fingerprint set expected_bin_fingerprint=%%~I
	for %%I in (%release_bin_uri%) do set release_bin=%%~nxI
	if exist %release_bin% del %release_bin%
	wget --quiet https://%wserver%/%release_bin_uri%
	set chkcmd=%tail% -c +257 %release_bin% ^^^\| %sha256sum%
	for /f %%I in ('%chkcmd%') do set actual_bin_fingerprint=%%I
	if %expected_bin_fingerprint%==%actual_bin_fingerprint% (call :GoodFP %release_bin% %expected_bin_fingerprint%) else (call :BadFP)
	exit /b

	:GoodFP
	echo %py37dir%\python.exe %py37dir%\Scripts\trezorctl firmware-update --filename %1 --fingerprint %2
	echo Firmware looks good, plug in while in bootloader mode, then hit enter
	pause
	%py37dir%\python.exe %py37dir%\Scripts\trezorctl firmware-update --filename %1 --fingerprint %2
	exit /b

	:BadFP
	echo Firmware Fingerprint Mismatch
	exit /b -2

	:BadSSL
	echo SSL Fingerprint Mismatch
	exit /b -1
	endlocal