Menu
▾
▴
Re: [Pyusb-users] PyUSB how to set the ControlOutput message ?
|
From: Romain A. <r.a...@gm...> - 2010-01-26 15:08:22
|
I think we're nearly in.
dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
I think it's "bRequest=0x02" instead of "bmRequest=0x02" right ?
With this sentence I've got the follownig error:
Traceback (most recent call last):
File "test", line 25, in <module>
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02)
TypeError: ctrl_transfer() takes at least 5 non-keyword arguments (4 given)
and if I add wIndex:
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
wIndex=0x00)
the error:
File "test", line 25, in <module>
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
wIndex=0x00)
File "/usr/local/lib/python2.6/dist-packages/usb/core.py", line 619, in
ctrl_transfer
a = (data_or_wLength is None) and array.array('B') or array.array('B',
data_or_wLength)
TypeError: 'NoneType' object is not iterable
Thanks
Romain
On Tue, Jan 26, 2010 at 3:48 PM, Romain Aviolat <r.a...@gm...> wrote:
> Repair that there is a vendor control request issued before sending
> the command 0x00 0xFF 0xFF.
>
> RequestType = 0x40 (which means vendor)
> Request = 0x02
> Value = 0x02
> Index = 0x00
>
> There is no data payload.
>
> Try the following:
>
> import usb.core
> import usb.util
>
> # find our device
> dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
>
> # was it found?
> if dev is None:
> raise ValueError('Device not found')
>
> # set the active configuration. With no arguments, the first
> # configuration will be the active one
>
> dev.set_configuration()
>
> ## HERE THE CONTROL TRANSFER
> dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
>
> msg = [0x00, 0xFF, 0xFF]
> sent_bytes = dev.write(0x02, msg, 0, 100)
>
> Hopefully you can read some response from the device...
>
> Wander
>
> 2010/1/24 Romain Aviolat <r.aviolat@gm...>:
> > Ooops my mail was too big, I pasted the log files on pastebin instead.
> >
> > Yes I did both sniffing, from linux with usbmon and from windows itself
> with
> > usbsnoop.
> > What I didn't do is starting sniffing when I plug the device, I always
> > started sniffing before pressing the "download data" button under windows
> > when the device was already connected.
> >
> > This first log file is from windows running usbsnoop when I plug the
> device.
> > I don't know if this traffic is generated from windows querying the
> device
> > or from the device driver initialising the device.
> > http://pastebin.com/f43a0c4a0
> >
> > The second log file, always from windows, is when I press the "download
> > data" button from the device software, so nothing happened between this
> log
> > and the previous one on the usb port
> > http://pastebin.com/f7acda94a
> >
> > Hope you can help me, I'm really stucked at this point
> >
> > Thanks,
> > Romain
> >
> >
> > On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.aviolat@gm...> wrote:
> >>
> >> There must be some earlier data exchange, either on the out/in
> >> endpoint or in the default control endpoint... As you sad you were
> >> using a Windows VM for reverse engineering, you can use a USB sw
> >> sniffer to check it...
> >>
> >> You can use that: http://sourceforge.net/projects/usbsnoop/
> >>
> >> Wander
> >>
> >> 2010/1/22 Romain Aviolat <r.aviolat@gm...>:
> >> > My device has 1 configuration, 1 interface, and two endpoints
> >> >
> >> > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x
> >> > USBXpress Device
> >> > Device Descriptor:
> >> > bLength 18
> >> > bDescriptorType 1
> >> > bcdUSB 1.10
> >> > bDeviceClass 0 (Defined at Interface level)
> >> > bDeviceSubClass 0
> >> > bDeviceProtocol 0
> >> > bMaxPacketSize0 64
> >> > idVendor 0x10c4 Cygnal Integrated Products, Inc.
> >> > idProduct 0x0002 F32x USBXpress Device
> >> > bcdDevice 1.00
> >> > iManufacturer 1 Silicon Labs
> >> > iProduct 2 USB API
> >> > iSerial 3 1
> >> > bNumConfigurations 1
> >> > Configuration Descriptor:
> >> > bLength 9
> >> > bDescriptorType 2
> >> > wTotalLength 32
> >> > bNumInterfaces 1
> >> > bConfigurationValue 1
> >> > iConfiguration 0
> >> > bmAttributes 0x80
> >> > (Bus Powered)
> >> > MaxPower 60mA
> >> > Interface Descriptor:
> >> > bLength 9
> >> > bDescriptorType 4
> >> > bInterfaceNumber 0
> >> > bAlternateSetting 0
> >> > bNumEndpoints 2
> >> > bInterfaceClass 0 (Defined at Interface level)
> >> > bInterfaceSubClass 0
> >> > bInterfaceProtocol 0
> >> > iInterface 0
> >> > Endpoint Descriptor:
> >> > bLength 7
> >> > bDescriptorType 5
> >> > bEndpointAddress 0x02 EP 2 OUT
> >> > bmAttributes 2
> >> > Transfer Type Bulk
> >> > Synch Type None
> >> > Usage Type Data
> >> > wMaxPacketSize 0x0040 1x 64 bytes
> >> > bInterval 0
> >> > Endpoint Descriptor:
> >> > bLength 7
> >> > bDescriptorType 5
> >> > bEndpointAddress 0x82 EP 2 IN
> >> > bmAttributes 2
> >> > Transfer Type Bulk
> >> > Synch Type None
> >> > Usage Type Data
> >> > wMaxPacketSize 0x0040 1x 64 bytes
> >> > bInterval 0
> >> > Device Status: 0x0000
> >> >
> >> > I'm running ubuntu linux ans PyUSB1.0 you are right.
> >> >
> >> >
> >> >
> >> > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...>
> >> > wrote:
> >> >>
> >> >> This can be many things, does your device have more than one
> >> >> configuration or interface/alternate setting? And about the endpoint
> >> >> address? I see you are using PyUSB 1.0, are you running it under
> >> >> Windows? I haven't tested it in Windows yet (actually I did, but
> there
> >> >> are some issues that I did not fix yet, then I could not progress
> with
> >> >> tests).
> >> >>
> >> >> Wander
> >> >>
> >> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
> >> >> > Hi, this my first time in this mailing list,
> >> >> >
> >> >> > I'm trying to reverse a device that has no support for Linux, I'm
> new
> >> >> > to
> >> >> > pyusb and have a problem with my script.
> >> >> >
> >> >> > I sniffed the USBlog from a virtual machine running windows and my
> >> >> > working
> >> >> > device here's the log:
> >> >> >
> >> >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
> >> >> > f53ed800 355027800 C Co:2:002:0 0 0
> >> >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
> >> >> >
> >> >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send
> >> >> > it's
> >> >> > data
> >> >> >
> >> >> > Here's my code (mainly used the examples on the pyusb website)
> >> >> >
> >> >> > ------------------------
> >> >> > import usb.core
> >> >> > import usb.util
> >> >> >
> >> >> > # find our device
> >> >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
> >> >> >
> >> >> > # was it found?
> >> >> > if dev is None:
> >> >> > raise ValueError('Device not found')
> >> >> >
> >> >> > # set the active configuration. With no arguments, the first
> >> >> > # configuration will be the active one
> >> >> >
> >> >> > dev.set_configuration()
> >> >> >
> >> >> > msg = [0x00, 0xFF, 0xFF]
> >> >> > sent_bytes = dev.write(0x02, msg, 0, 100)
> >> >> > ------------------------
> >> >> >
> >> >> > and here's the output
> >> >> >
> >> >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
> >> >> > f341b700 484299102 C Co:2:003:0 0 0
> >> >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
> >> >> >
> >> >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device
> >> >> > doesn't
> >> >> > send
> >> >> > it's data, we can see in the first line of both log that the
> >> >> > ControlOutput
> >> >> > is not the same, I think this is my problem.
> >> >> >
> >> >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000
> 0000
> >> >> >
> >> >> > Hope someone can help me,
> >> >> >
> >> >> > Cheers, Romain
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> ------------------------------------------------------------------------------
> >> >> > Throughout its 18-year history, RSA Conference consistently
> attracts
> >> >> > the
> >> >> > world's best and brightest in the field, creating opportunities for
> >> >> > Conference
> >> >> > attendees to learn about information security's most important
> issues
> >> >> > through
> >> >> > interactions with peers, luminaries and emerging and established
> >> >> > companies.
> >> >> > http://p.sf.net/sfu/rsaconf-dev2dev
> >> >> > _______________________________________________
> >> >> > Pyusb-users mailing list
> >> >> > Pyusb-users@li...
> >> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >> >> >
> >> >> >
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Throughout its 18-year history, RSA Conference consistently attracts
> the
> >> > world's best and brightest in the field, creating opportunities for
> >> > Conference
> >> > attendees to learn about information security's most important issues
> >> > through
> >> > interactions with peers, luminaries and emerging and established
> >> > companies.
> >> > http://p.sf.net/sfu/rsaconf-dev2dev
> >> > _______________________________________________
> >> > Pyusb-users mailing list
> >> > Pyusb-users@li...
> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >> >
> >> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Throughout its 18-year history, RSA Conference consistently attracts the
> > world's best and brightest in the field, creating opportunities for
> > Conference
> > attendees to learn about information security's most important issues
> > through
> > interactions with peers, luminaries and emerging and established
> companies.
> > http://p.sf.net/sfu/rsaconf-dev2dev
> > _______________________________________________
> > Pyusb-users mailing list
> > Pyusb-users@li...
> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >
> >
|
