Menu
▾
▴
pyusb-users
|
From: Romain A. <r.a...@gm...> - 2010-01-22 09:14:19
|
My device has 1 configuration, 1 interface, and two endpoints
Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x
USBXpress Device
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x10c4 Cygnal Integrated Products, Inc.
idProduct 0x0002 F32x USBXpress Device
bcdDevice 1.00
iManufacturer 1 Silicon Labs
iProduct 2 USB API
iSerial 3 1
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 32
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 60mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 0 (Defined at Interface level)
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
I'm running ubuntu linux ans PyUSB1.0 you are right.
On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.a...@gm...>wrote:
> This can be many things, does your device have more than one
> configuration or interface/alternate setting? And about the endpoint
> address? I see you are using PyUSB 1.0, are you running it under
> Windows? I haven't tested it in Windows yet (actually I did, but there
> are some issues that I did not fix yet, then I could not progress with
> tests).
>
> Wander
>
> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
> > Hi, this my first time in this mailing list,
> >
> > I'm trying to reverse a device that has no support for Linux, I'm new to
> > pyusb and have a problem with my script.
> >
> > I sniffed the USBlog from a virtual machine running windows and my
> working
> > device here's the log:
> >
> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
> > f53ed800 355027800 C Co:2:002:0 0 0
> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
> >
> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send it's
> data
> >
> > Here's my code (mainly used the examples on the pyusb website)
> >
> > ------------------------
> > import usb.core
> > import usb.util
> >
> > # find our device
> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
> >
> > # was it found?
> > if dev is None:
> > raise ValueError('Device not found')
> >
> > # set the active configuration. With no arguments, the first
> > # configuration will be the active one
> >
> > dev.set_configuration()
> >
> > msg = [0x00, 0xFF, 0xFF]
> > sent_bytes = dev.write(0x02, msg, 0, 100)
> > ------------------------
> >
> > and here's the output
> >
> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
> > f341b700 484299102 C Co:2:003:0 0 0
> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
> >
> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device doesn't
> send
> > it's data, we can see in the first line of both log that the
> ControlOutput
> > is not the same, I think this is my problem.
> >
> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000 0000
> >
> > Hope someone can help me,
> >
> > Cheers, Romain
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Throughout its 18-year history, RSA Conference consistently attracts the
> > world's best and brightest in the field, creating opportunities for
> > Conference
> > attendees to learn about information security's most important issues
> > through
> > interactions with peers, luminaries and emerging and established
> companies.
> > http://p.sf.net/sfu/rsaconf-dev2dev
> > _______________________________________________
> > Pyusb-users mailing list
> > Pyusb-users@li...
> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >
> >
>
|
|
From: Romain A. <r.a...@gm...> - 2010-01-23 16:06:28
|
Ooops my mail was too big, I pasted the log files on pastebin instead. Yes I did both sniffing, from linux with usbmon and from windows itself with usbsnoop. What I didn't do is starting sniffing when I plug the device, I always started sniffing before pressing the "download data" button under windows when the device was already connected. This first log file is from windows running usbsnoop when I plug the device. I don't know if this traffic is generated from windows querying the device or from the device driver initialising the device. http://pastebin.com/f43a0c4a0 The second log file, always from windows, is when I press the "download data" button from the device software, so nothing happened between this log and the previous one on the usb port http://pastebin.com/f7acda94a Hope you can help me, I'm really stucked at this point Thanks, Romain On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.a...@gm...> wrote: > There must be some earlier data exchange, either on the out/in > endpoint or in the default control endpoint... As you sad you were > using a Windows VM for reverse engineering, you can use a USB sw > sniffer to check it... > > You can use that: http://sourceforge.net/projects/usbsnoop/ > > Wander > > 2010/1/22 Romain Aviolat <r.aviolat@gm...>: > > My device has 1 configuration, 1 interface, and two endpoints > > > > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x > > USBXpress Device > > Device Descriptor: > > bLength 18 > > bDescriptorType 1 > > bcdUSB 1.10 > > bDeviceClass 0 (Defined at Interface level) > > bDeviceSubClass 0 > > bDeviceProtocol 0 > > bMaxPacketSize0 64 > > idVendor 0x10c4 Cygnal Integrated Products, Inc. > > idProduct 0x0002 F32x USBXpress Device > > bcdDevice 1.00 > > iManufacturer 1 Silicon Labs > > iProduct 2 USB API > > iSerial 3 1 > > bNumConfigurations 1 > > Configuration Descriptor: > > bLength 9 > > bDescriptorType 2 > > wTotalLength 32 > > bNumInterfaces 1 > > bConfigurationValue 1 > > iConfiguration 0 > > bmAttributes 0x80 > > (Bus Powered) > > MaxPower 60mA > > Interface Descriptor: > > bLength 9 > > bDescriptorType 4 > > bInterfaceNumber 0 > > bAlternateSetting 0 > > bNumEndpoints 2 > > bInterfaceClass 0 (Defined at Interface level) > > bInterfaceSubClass 0 > > bInterfaceProtocol 0 > > iInterface 0 > > Endpoint Descriptor: > > bLength 7 > > bDescriptorType 5 > > bEndpointAddress 0x02 EP 2 OUT > > bmAttributes 2 > > Transfer Type Bulk > > Synch Type None > > Usage Type Data > > wMaxPacketSize 0x0040 1x 64 bytes > > bInterval 0 > > Endpoint Descriptor: > > bLength 7 > > bDescriptorType 5 > > bEndpointAddress 0x82 EP 2 IN > > bmAttributes 2 > > Transfer Type Bulk > > Synch Type None > > Usage Type Data > > wMaxPacketSize 0x0040 1x 64 bytes > > bInterval 0 > > Device Status: 0x0000 > > > > I'm running ubuntu linux ans PyUSB1.0 you are right. > > > > > > > > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...> > > wrote: > >> > >> This can be many things, does your device have more than one > >> configuration or interface/alternate setting? And about the endpoint > >> address? I see you are using PyUSB 1.0, are you running it under > >> Windows? I haven't tested it in Windows yet (actually I did, but there > >> are some issues that I did not fix yet, then I could not progress with > >> tests). > >> > >> Wander > >> > >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>: > >> > Hi, this my first time in this mailing list, > >> > > >> > I'm trying to reverse a device that has no support for Linux, I'm new > to > >> > pyusb and have a problem with my script. > >> > > >> > I sniffed the USBlog from a virtual machine running windows and my > >> > working > >> > device here's the log: > >> > > >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0 > >> > f53ed800 355027800 C Co:2:002:0 0 0 > >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff > >> > > >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send it's > >> > data > >> > > >> > Here's my code (mainly used the examples on the pyusb website) > >> > > >> > ------------------------ > >> > import usb.core > >> > import usb.util > >> > > >> > # find our device > >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002) > >> > > >> > # was it found? > >> > if dev is None: > >> > raise ValueError('Device not found') > >> > > >> > # set the active configuration. With no arguments, the first > >> > # configuration will be the active one > >> > > >> > dev.set_configuration() > >> > > >> > msg = [0x00, 0xFF, 0xFF] > >> > sent_bytes = dev.write(0x02, msg, 0, 100) > >> > ------------------------ > >> > > >> > and here's the output > >> > > >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0 > >> > f341b700 484299102 C Co:2:003:0 0 0 > >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff > >> > > >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device doesn't > >> > send > >> > it's data, we can see in the first line of both log that the > >> > ControlOutput > >> > is not the same, I think this is my problem. > >> > > >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000 0000 > >> > > >> > Hope someone can help me, > >> > > >> > Cheers, Romain > >> > > >> > > >> > > >> > > >> > > ------------------------------------------------------------------------------ > >> > Throughout its 18-year history, RSA Conference consistently attracts > the > >> > world's best and brightest in the field, creating opportunities for > >> > Conference > >> > attendees to learn about information security's most important issues > >> > through > >> > interactions with peers, luminaries and emerging and established > >> > companies. > >> > http://p.sf.net/sfu/rsaconf-dev2dev > >> > _______________________________________________ > >> > Pyusb-users mailing list > >> > Pyusb-users@li... > >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users > >> > > >> > > > > > > > > ------------------------------------------------------------------------------ > > Throughout its 18-year history, RSA Conference consistently attracts the > > world's best and brightest in the field, creating opportunities for > > Conference > > attendees to learn about information security's most important issues > > through > > interactions with peers, luminaries and emerging and established > companies. > > http://p.sf.net/sfu/rsaconf-dev2dev > > _______________________________________________ > > Pyusb-users mailing list > > Pyusb-users@li... > > https://lists.sourceforge.net/lists/listinfo/pyusb-users > > > > > |
|
From: Wander L. <wan...@gm...> - 2010-01-25 23:49:48
|
Repair that there is a vendor control request issued before sending
the command 0x00 0xFF 0xFF.
RequestType = 0x40 (which means vendor)
Request = 0x02
Value = 0x02
Index = 0x00
There is no data payload.
Try the following:
import usb.core
import usb.util
# find our device
dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
# was it found?
if dev is None:
raise ValueError('Device not found')
# set the active configuration. With no arguments, the first
# configuration will be the active one
dev.set_configuration()
## HERE THE CONTROL TRANSFER
dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
msg = [0x00, 0xFF, 0xFF]
sent_bytes = dev.write(0x02, msg, 0, 100)
Hopefully you can read some response from the device...
Wander
2010/1/24 Romain Aviolat <r.a...@gm...>:
> Ooops my mail was too big, I pasted the log files on pastebin instead.
>
> Yes I did both sniffing, from linux with usbmon and from windows itself with
> usbsnoop.
> What I didn't do is starting sniffing when I plug the device, I always
> started sniffing before pressing the "download data" button under windows
> when the device was already connected.
>
> This first log file is from windows running usbsnoop when I plug the device.
> I don't know if this traffic is generated from windows querying the device
> or from the device driver initialising the device.
> http://pastebin.com/f43a0c4a0
>
> The second log file, always from windows, is when I press the "download
> data" button from the device software, so nothing happened between this log
> and the previous one on the usb port
> http://pastebin.com/f7acda94a
>
> Hope you can help me, I'm really stucked at this point
>
> Thanks,
> Romain
>
>
> On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.a...@gm...> wrote:
>>
>> There must be some earlier data exchange, either on the out/in
>> endpoint or in the default control endpoint... As you sad you were
>> using a Windows VM for reverse engineering, you can use a USB sw
>> sniffer to check it...
>>
>> You can use that: http://sourceforge.net/projects/usbsnoop/
>>
>> Wander
>>
>> 2010/1/22 Romain Aviolat <r.aviolat@gm...>:
>> > My device has 1 configuration, 1 interface, and two endpoints
>> >
>> > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x
>> > USBXpress Device
>> > Device Descriptor:
>> > bLength 18
>> > bDescriptorType 1
>> > bcdUSB 1.10
>> > bDeviceClass 0 (Defined at Interface level)
>> > bDeviceSubClass 0
>> > bDeviceProtocol 0
>> > bMaxPacketSize0 64
>> > idVendor 0x10c4 Cygnal Integrated Products, Inc.
>> > idProduct 0x0002 F32x USBXpress Device
>> > bcdDevice 1.00
>> > iManufacturer 1 Silicon Labs
>> > iProduct 2 USB API
>> > iSerial 3 1
>> > bNumConfigurations 1
>> > Configuration Descriptor:
>> > bLength 9
>> > bDescriptorType 2
>> > wTotalLength 32
>> > bNumInterfaces 1
>> > bConfigurationValue 1
>> > iConfiguration 0
>> > bmAttributes 0x80
>> > (Bus Powered)
>> > MaxPower 60mA
>> > Interface Descriptor:
>> > bLength 9
>> > bDescriptorType 4
>> > bInterfaceNumber 0
>> > bAlternateSetting 0
>> > bNumEndpoints 2
>> > bInterfaceClass 0 (Defined at Interface level)
>> > bInterfaceSubClass 0
>> > bInterfaceProtocol 0
>> > iInterface 0
>> > Endpoint Descriptor:
>> > bLength 7
>> > bDescriptorType 5
>> > bEndpointAddress 0x02 EP 2 OUT
>> > bmAttributes 2
>> > Transfer Type Bulk
>> > Synch Type None
>> > Usage Type Data
>> > wMaxPacketSize 0x0040 1x 64 bytes
>> > bInterval 0
>> > Endpoint Descriptor:
>> > bLength 7
>> > bDescriptorType 5
>> > bEndpointAddress 0x82 EP 2 IN
>> > bmAttributes 2
>> > Transfer Type Bulk
>> > Synch Type None
>> > Usage Type Data
>> > wMaxPacketSize 0x0040 1x 64 bytes
>> > bInterval 0
>> > Device Status: 0x0000
>> >
>> > I'm running ubuntu linux ans PyUSB1.0 you are right.
>> >
>> >
>> >
>> > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...>
>> > wrote:
>> >>
>> >> This can be many things, does your device have more than one
>> >> configuration or interface/alternate setting? And about the endpoint
>> >> address? I see you are using PyUSB 1.0, are you running it under
>> >> Windows? I haven't tested it in Windows yet (actually I did, but there
>> >> are some issues that I did not fix yet, then I could not progress with
>> >> tests).
>> >>
>> >> Wander
>> >>
>> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
>> >> > Hi, this my first time in this mailing list,
>> >> >
>> >> > I'm trying to reverse a device that has no support for Linux, I'm new
>> >> > to
>> >> > pyusb and have a problem with my script.
>> >> >
>> >> > I sniffed the USBlog from a virtual machine running windows and my
>> >> > working
>> >> > device here's the log:
>> >> >
>> >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
>> >> > f53ed800 355027800 C Co:2:002:0 0 0
>> >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
>> >> >
>> >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send
>> >> > it's
>> >> > data
>> >> >
>> >> > Here's my code (mainly used the examples on the pyusb website)
>> >> >
>> >> > ------------------------
>> >> > import usb.core
>> >> > import usb.util
>> >> >
>> >> > # find our device
>> >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
>> >> >
>> >> > # was it found?
>> >> > if dev is None:
>> >> > raise ValueError('Device not found')
>> >> >
>> >> > # set the active configuration. With no arguments, the first
>> >> > # configuration will be the active one
>> >> >
>> >> > dev.set_configuration()
>> >> >
>> >> > msg = [0x00, 0xFF, 0xFF]
>> >> > sent_bytes = dev.write(0x02, msg, 0, 100)
>> >> > ------------------------
>> >> >
>> >> > and here's the output
>> >> >
>> >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
>> >> > f341b700 484299102 C Co:2:003:0 0 0
>> >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
>> >> >
>> >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device
>> >> > doesn't
>> >> > send
>> >> > it's data, we can see in the first line of both log that the
>> >> > ControlOutput
>> >> > is not the same, I think this is my problem.
>> >> >
>> >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000 0000
>> >> >
>> >> > Hope someone can help me,
>> >> >
>> >> > Cheers, Romain
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > ------------------------------------------------------------------------------
>> >> > Throughout its 18-year history, RSA Conference consistently attracts
>> >> > the
>> >> > world's best and brightest in the field, creating opportunities for
>> >> > Conference
>> >> > attendees to learn about information security's most important issues
>> >> > through
>> >> > interactions with peers, luminaries and emerging and established
>> >> > companies.
>> >> > http://p.sf.net/sfu/rsaconf-dev2dev
>> >> > _______________________________________________
>> >> > Pyusb-users mailing list
>> >> > Pyusb-users@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
>> >> >
>> >> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Throughout its 18-year history, RSA Conference consistently attracts the
>> > world's best and brightest in the field, creating opportunities for
>> > Conference
>> > attendees to learn about information security's most important issues
>> > through
>> > interactions with peers, luminaries and emerging and established
>> > companies.
>> > http://p.sf.net/sfu/rsaconf-dev2dev
>> > _______________________________________________
>> > Pyusb-users mailing list
>> > Pyusb-users@li...
>> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
>> >
>> >
>
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for
> Conference
> attendees to learn about information security's most important issues
> through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> Pyusb-users mailing list
> Pyu...@li...
> https://lists.sourceforge.net/lists/listinfo/pyusb-users
>
>
|
|
From: Romain A. <r.a...@gm...> - 2010-01-26 15:08:22
|
I think we're nearly in.
dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
I think it's "bRequest=0x02" instead of "bmRequest=0x02" right ?
With this sentence I've got the follownig error:
Traceback (most recent call last):
File "test", line 25, in <module>
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02)
TypeError: ctrl_transfer() takes at least 5 non-keyword arguments (4 given)
and if I add wIndex:
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
wIndex=0x00)
the error:
File "test", line 25, in <module>
dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
wIndex=0x00)
File "/usr/local/lib/python2.6/dist-packages/usb/core.py", line 619, in
ctrl_transfer
a = (data_or_wLength is None) and array.array('B') or array.array('B',
data_or_wLength)
TypeError: 'NoneType' object is not iterable
Thanks
Romain
On Tue, Jan 26, 2010 at 3:48 PM, Romain Aviolat <r.a...@gm...> wrote:
> Repair that there is a vendor control request issued before sending
> the command 0x00 0xFF 0xFF.
>
> RequestType = 0x40 (which means vendor)
> Request = 0x02
> Value = 0x02
> Index = 0x00
>
> There is no data payload.
>
> Try the following:
>
> import usb.core
> import usb.util
>
> # find our device
> dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
>
> # was it found?
> if dev is None:
> raise ValueError('Device not found')
>
> # set the active configuration. With no arguments, the first
> # configuration will be the active one
>
> dev.set_configuration()
>
> ## HERE THE CONTROL TRANSFER
> dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
>
> msg = [0x00, 0xFF, 0xFF]
> sent_bytes = dev.write(0x02, msg, 0, 100)
>
> Hopefully you can read some response from the device...
>
> Wander
>
> 2010/1/24 Romain Aviolat <r.aviolat@gm...>:
> > Ooops my mail was too big, I pasted the log files on pastebin instead.
> >
> > Yes I did both sniffing, from linux with usbmon and from windows itself
> with
> > usbsnoop.
> > What I didn't do is starting sniffing when I plug the device, I always
> > started sniffing before pressing the "download data" button under windows
> > when the device was already connected.
> >
> > This first log file is from windows running usbsnoop when I plug the
> device.
> > I don't know if this traffic is generated from windows querying the
> device
> > or from the device driver initialising the device.
> > http://pastebin.com/f43a0c4a0
> >
> > The second log file, always from windows, is when I press the "download
> > data" button from the device software, so nothing happened between this
> log
> > and the previous one on the usb port
> > http://pastebin.com/f7acda94a
> >
> > Hope you can help me, I'm really stucked at this point
> >
> > Thanks,
> > Romain
> >
> >
> > On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.aviolat@gm...> wrote:
> >>
> >> There must be some earlier data exchange, either on the out/in
> >> endpoint or in the default control endpoint... As you sad you were
> >> using a Windows VM for reverse engineering, you can use a USB sw
> >> sniffer to check it...
> >>
> >> You can use that: http://sourceforge.net/projects/usbsnoop/
> >>
> >> Wander
> >>
> >> 2010/1/22 Romain Aviolat <r.aviolat@gm...>:
> >> > My device has 1 configuration, 1 interface, and two endpoints
> >> >
> >> > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x
> >> > USBXpress Device
> >> > Device Descriptor:
> >> > bLength 18
> >> > bDescriptorType 1
> >> > bcdUSB 1.10
> >> > bDeviceClass 0 (Defined at Interface level)
> >> > bDeviceSubClass 0
> >> > bDeviceProtocol 0
> >> > bMaxPacketSize0 64
> >> > idVendor 0x10c4 Cygnal Integrated Products, Inc.
> >> > idProduct 0x0002 F32x USBXpress Device
> >> > bcdDevice 1.00
> >> > iManufacturer 1 Silicon Labs
> >> > iProduct 2 USB API
> >> > iSerial 3 1
> >> > bNumConfigurations 1
> >> > Configuration Descriptor:
> >> > bLength 9
> >> > bDescriptorType 2
> >> > wTotalLength 32
> >> > bNumInterfaces 1
> >> > bConfigurationValue 1
> >> > iConfiguration 0
> >> > bmAttributes 0x80
> >> > (Bus Powered)
> >> > MaxPower 60mA
> >> > Interface Descriptor:
> >> > bLength 9
> >> > bDescriptorType 4
> >> > bInterfaceNumber 0
> >> > bAlternateSetting 0
> >> > bNumEndpoints 2
> >> > bInterfaceClass 0 (Defined at Interface level)
> >> > bInterfaceSubClass 0
> >> > bInterfaceProtocol 0
> >> > iInterface 0
> >> > Endpoint Descriptor:
> >> > bLength 7
> >> > bDescriptorType 5
> >> > bEndpointAddress 0x02 EP 2 OUT
> >> > bmAttributes 2
> >> > Transfer Type Bulk
> >> > Synch Type None
> >> > Usage Type Data
> >> > wMaxPacketSize 0x0040 1x 64 bytes
> >> > bInterval 0
> >> > Endpoint Descriptor:
> >> > bLength 7
> >> > bDescriptorType 5
> >> > bEndpointAddress 0x82 EP 2 IN
> >> > bmAttributes 2
> >> > Transfer Type Bulk
> >> > Synch Type None
> >> > Usage Type Data
> >> > wMaxPacketSize 0x0040 1x 64 bytes
> >> > bInterval 0
> >> > Device Status: 0x0000
> >> >
> >> > I'm running ubuntu linux ans PyUSB1.0 you are right.
> >> >
> >> >
> >> >
> >> > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...>
> >> > wrote:
> >> >>
> >> >> This can be many things, does your device have more than one
> >> >> configuration or interface/alternate setting? And about the endpoint
> >> >> address? I see you are using PyUSB 1.0, are you running it under
> >> >> Windows? I haven't tested it in Windows yet (actually I did, but
> there
> >> >> are some issues that I did not fix yet, then I could not progress
> with
> >> >> tests).
> >> >>
> >> >> Wander
> >> >>
> >> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
> >> >> > Hi, this my first time in this mailing list,
> >> >> >
> >> >> > I'm trying to reverse a device that has no support for Linux, I'm
> new
> >> >> > to
> >> >> > pyusb and have a problem with my script.
> >> >> >
> >> >> > I sniffed the USBlog from a virtual machine running windows and my
> >> >> > working
> >> >> > device here's the log:
> >> >> >
> >> >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
> >> >> > f53ed800 355027800 C Co:2:002:0 0 0
> >> >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
> >> >> >
> >> >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send
> >> >> > it's
> >> >> > data
> >> >> >
> >> >> > Here's my code (mainly used the examples on the pyusb website)
> >> >> >
> >> >> > ------------------------
> >> >> > import usb.core
> >> >> > import usb.util
> >> >> >
> >> >> > # find our device
> >> >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
> >> >> >
> >> >> > # was it found?
> >> >> > if dev is None:
> >> >> > raise ValueError('Device not found')
> >> >> >
> >> >> > # set the active configuration. With no arguments, the first
> >> >> > # configuration will be the active one
> >> >> >
> >> >> > dev.set_configuration()
> >> >> >
> >> >> > msg = [0x00, 0xFF, 0xFF]
> >> >> > sent_bytes = dev.write(0x02, msg, 0, 100)
> >> >> > ------------------------
> >> >> >
> >> >> > and here's the output
> >> >> >
> >> >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
> >> >> > f341b700 484299102 C Co:2:003:0 0 0
> >> >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
> >> >> >
> >> >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device
> >> >> > doesn't
> >> >> > send
> >> >> > it's data, we can see in the first line of both log that the
> >> >> > ControlOutput
> >> >> > is not the same, I think this is my problem.
> >> >> >
> >> >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000
> 0000
> >> >> >
> >> >> > Hope someone can help me,
> >> >> >
> >> >> > Cheers, Romain
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> ------------------------------------------------------------------------------
> >> >> > Throughout its 18-year history, RSA Conference consistently
> attracts
> >> >> > the
> >> >> > world's best and brightest in the field, creating opportunities for
> >> >> > Conference
> >> >> > attendees to learn about information security's most important
> issues
> >> >> > through
> >> >> > interactions with peers, luminaries and emerging and established
> >> >> > companies.
> >> >> > http://p.sf.net/sfu/rsaconf-dev2dev
> >> >> > _______________________________________________
> >> >> > Pyusb-users mailing list
> >> >> > Pyusb-users@li...
> >> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >> >> >
> >> >> >
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Throughout its 18-year history, RSA Conference consistently attracts
> the
> >> > world's best and brightest in the field, creating opportunities for
> >> > Conference
> >> > attendees to learn about information security's most important issues
> >> > through
> >> > interactions with peers, luminaries and emerging and established
> >> > companies.
> >> > http://p.sf.net/sfu/rsaconf-dev2dev
> >> > _______________________________________________
> >> > Pyusb-users mailing list
> >> > Pyusb-users@li...
> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >> >
> >> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Throughout its 18-year history, RSA Conference consistently attracts the
> > world's best and brightest in the field, creating opportunities for
> > Conference
> > attendees to learn about information security's most important issues
> > through
> > interactions with peers, luminaries and emerging and established
> companies.
> > http://p.sf.net/sfu/rsaconf-dev2dev
> > _______________________________________________
> > Pyusb-users mailing list
> > Pyusb-users@li...
> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >
> >
|
|
From: Wander L. <wan...@gm...> - 2010-01-27 05:18:48
Attachments:
core.py
|
It must be a PyUSB bug. I have no access to my development environment
neither time to merge a fix to svn. Please use the attached file for
your tests.
Wander
2010/1/27 Romain Aviolat <r.a...@gm...>:
> I think we're nearly in.
>
> dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
>
> I think it's "bRequest=0x02" instead of "bmRequest=0x02" right ?
>
> With this sentence I've got the follownig error:
>
> Traceback (most recent call last):
> File "test", line 25, in <module>
> dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02)
> TypeError: ctrl_transfer() takes at least 5 non-keyword arguments (4 given)
>
> and if I add wIndex:
>
> dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
> wIndex=0x00)
>
> the error:
> File "test", line 25, in <module>
> dev.ctrl_transfer(bmRequestType=0x04, bRequest=0x02, wValue=0x02,
> wIndex=0x00)
> File "/usr/local/lib/python2.6/dist-packages/usb/core.py", line 619, in
> ctrl_transfer
> a = (data_or_wLength is None) and array.array('B') or array.array('B',
> data_or_wLength)
> TypeError: 'NoneType' object is not iterable
>
> Thanks
>
> Romain
>
>
> On Tue, Jan 26, 2010 at 3:48 PM, Romain Aviolat <r.a...@gm...> wrote:
>>
>> Repair that there is a vendor control request issued before sending
>> the command 0x00 0xFF 0xFF.
>>
>> RequestType = 0x40 (which means vendor)
>> Request = 0x02
>> Value = 0x02
>> Index = 0x00
>>
>> There is no data payload.
>>
>> Try the following:
>>
>> import usb.core
>> import usb.util
>>
>> # find our device
>> dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
>>
>> # was it found?
>> if dev is None:
>> raise ValueError('Device not found')
>>
>> # set the active configuration. With no arguments, the first
>> # configuration will be the active one
>>
>> dev.set_configuration()
>>
>> ## HERE THE CONTROL TRANSFER
>> dev.ctrl_transfer(bmRequestType=0x04, bmRequest=0x02, wValue=0x02)
>>
>> msg = [0x00, 0xFF, 0xFF]
>> sent_bytes = dev.write(0x02, msg, 0, 100)
>>
>> Hopefully you can read some response from the device...
>>
>> Wander
>>
>> 2010/1/24 Romain Aviolat <r.aviolat@gm...>:
>> > Ooops my mail was too big, I pasted the log files on pastebin instead.
>> >
>> > Yes I did both sniffing, from linux with usbmon and from windows itself
>> > with
>> > usbsnoop.
>> > What I didn't do is starting sniffing when I plug the device, I always
>> > started sniffing before pressing the "download data" button under
>> > windows
>> > when the device was already connected.
>> >
>> > This first log file is from windows running usbsnoop when I plug the
>> > device.
>> > I don't know if this traffic is generated from windows querying the
>> > device
>> > or from the device driver initialising the device.
>> > http://pastebin.com/f43a0c4a0
>> >
>> > The second log file, always from windows, is when I press the "download
>> > data" button from the device software, so nothing happened between this
>> > log
>> > and the previous one on the usb port
>> > http://pastebin.com/f7acda94a
>> >
>> > Hope you can help me, I'm really stucked at this point
>> >
>> > Thanks,
>> > Romain
>> >
>> >
>> > On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.aviolat@gm...> wrote:
>> >>
>> >> There must be some earlier data exchange, either on the out/in
>> >> endpoint or in the default control endpoint... As you sad you were
>> >> using a Windows VM for reverse engineering, you can use a USB sw
>> >> sniffer to check it...
>> >>
>> >> You can use that: http://sourceforge.net/projects/usbsnoop/
>> >>
>> >> Wander
>> >>
>> >> 2010/1/22 Romain Aviolat <r.aviolat@gm...>:
>> >> > My device has 1 configuration, 1 interface, and two endpoints
>> >> >
>> >> > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc.
>> >> > F32x
>> >> > USBXpress Device
>> >> > Device Descriptor:
>> >> > bLength 18
>> >> > bDescriptorType 1
>> >> > bcdUSB 1.10
>> >> > bDeviceClass 0 (Defined at Interface level)
>> >> > bDeviceSubClass 0
>> >> > bDeviceProtocol 0
>> >> > bMaxPacketSize0 64
>> >> > idVendor 0x10c4 Cygnal Integrated Products, Inc.
>> >> > idProduct 0x0002 F32x USBXpress Device
>> >> > bcdDevice 1.00
>> >> > iManufacturer 1 Silicon Labs
>> >> > iProduct 2 USB API
>> >> > iSerial 3 1
>> >> > bNumConfigurations 1
>> >> > Configuration Descriptor:
>> >> > bLength 9
>> >> > bDescriptorType 2
>> >> > wTotalLength 32
>> >> > bNumInterfaces 1
>> >> > bConfigurationValue 1
>> >> > iConfiguration 0
>> >> > bmAttributes 0x80
>> >> > (Bus Powered)
>> >> > MaxPower 60mA
>> >> > Interface Descriptor:
>> >> > bLength 9
>> >> > bDescriptorType 4
>> >> > bInterfaceNumber 0
>> >> > bAlternateSetting 0
>> >> > bNumEndpoints 2
>> >> > bInterfaceClass 0 (Defined at Interface level)
>> >> > bInterfaceSubClass 0
>> >> > bInterfaceProtocol 0
>> >> > iInterface 0
>> >> > Endpoint Descriptor:
>> >> > bLength 7
>> >> > bDescriptorType 5
>> >> > bEndpointAddress 0x02 EP 2 OUT
>> >> > bmAttributes 2
>> >> > Transfer Type Bulk
>> >> > Synch Type None
>> >> > Usage Type Data
>> >> > wMaxPacketSize 0x0040 1x 64 bytes
>> >> > bInterval 0
>> >> > Endpoint Descriptor:
>> >> > bLength 7
>> >> > bDescriptorType 5
>> >> > bEndpointAddress 0x82 EP 2 IN
>> >> > bmAttributes 2
>> >> > Transfer Type Bulk
>> >> > Synch Type None
>> >> > Usage Type Data
>> >> > wMaxPacketSize 0x0040 1x 64 bytes
>> >> > bInterval 0
>> >> > Device Status: 0x0000
>> >> >
>> >> > I'm running ubuntu linux ans PyUSB1.0 you are right.
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...>
>> >> > wrote:
>> >> >>
>> >> >> This can be many things, does your device have more than one
>> >> >> configuration or interface/alternate setting? And about the endpoint
>> >> >> address? I see you are using PyUSB 1.0, are you running it under
>> >> >> Windows? I haven't tested it in Windows yet (actually I did, but
>> >> >> there
>> >> >> are some issues that I did not fix yet, then I could not progress
>> >> >> with
>> >> >> tests).
>> >> >>
>> >> >> Wander
>> >> >>
>> >> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
>> >> >> > Hi, this my first time in this mailing list,
>> >> >> >
>> >> >> > I'm trying to reverse a device that has no support for Linux, I'm
>> >> >> > new
>> >> >> > to
>> >> >> > pyusb and have a problem with my script.
>> >> >> >
>> >> >> > I sniffed the USBlog from a virtual machine running windows and my
>> >> >> > working
>> >> >> > device here's the log:
>> >> >> >
>> >> >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
>> >> >> > f53ed800 355027800 C Co:2:002:0 0 0
>> >> >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
>> >> >> >
>> >> >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send
>> >> >> > it's
>> >> >> > data
>> >> >> >
>> >> >> > Here's my code (mainly used the examples on the pyusb website)
>> >> >> >
>> >> >> > ------------------------
>> >> >> > import usb.core
>> >> >> > import usb.util
>> >> >> >
>> >> >> > # find our device
>> >> >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
>> >> >> >
>> >> >> > # was it found?
>> >> >> > if dev is None:
>> >> >> > raise ValueError('Device not found')
>> >> >> >
>> >> >> > # set the active configuration. With no arguments, the first
>> >> >> > # configuration will be the active one
>> >> >> >
>> >> >> > dev.set_configuration()
>> >> >> >
>> >> >> > msg = [0x00, 0xFF, 0xFF]
>> >> >> > sent_bytes = dev.write(0x02, msg, 0, 100)
>> >> >> > ------------------------
>> >> >> >
>> >> >> > and here's the output
>> >> >> >
>> >> >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
>> >> >> > f341b700 484299102 C Co:2:003:0 0 0
>> >> >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
>> >> >> >
>> >> >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device
>> >> >> > doesn't
>> >> >> > send
>> >> >> > it's data, we can see in the first line of both log that the
>> >> >> > ControlOutput
>> >> >> > is not the same, I think this is my problem.
>> >> >> >
>> >> >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000
>> >> >> > 0000
>> >> >> >
>> >> >> > Hope someone can help me,
>> >> >> >
>> >> >> > Cheers, Romain
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > ------------------------------------------------------------------------------
>> >> >> > Throughout its 18-year history, RSA Conference consistently
>> >> >> > attracts
>> >> >> > the
>> >> >> > world's best and brightest in the field, creating opportunities
>> >> >> > for
>> >> >> > Conference
>> >> >> > attendees to learn about information security's most important
>> >> >> > issues
>> >> >> > through
>> >> >> > interactions with peers, luminaries and emerging and established
>> >> >> > companies.
>> >> >> > http://p.sf.net/sfu/rsaconf-dev2dev
>> >> >> > _______________________________________________
>> >> >> > Pyusb-users mailing list
>> >> >> > Pyusb-users@li...
>> >> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > ------------------------------------------------------------------------------
>> >> > Throughout its 18-year history, RSA Conference consistently attracts
>> >> > the
>> >> > world's best and brightest in the field, creating opportunities for
>> >> > Conference
>> >> > attendees to learn about information security's most important issues
>> >> > through
>> >> > interactions with peers, luminaries and emerging and established
>> >> > companies.
>> >> > http://p.sf.net/sfu/rsaconf-dev2dev
>> >> > _______________________________________________
>> >> > Pyusb-users mailing list
>> >> > Pyusb-users@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
>> >> >
>> >> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Throughout its 18-year history, RSA Conference consistently attracts the
>> > world's best and brightest in the field, creating opportunities for
>> > Conference
>> > attendees to learn about information security's most important issues
>> > through
>> > interactions with peers, luminaries and emerging and established
>> > companies.
>> > http://p.sf.net/sfu/rsaconf-dev2dev
>> > _______________________________________________
>> > Pyusb-users mailing list
>> > Pyusb-users@li...
>> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
>> >
>> >
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
> business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Pyusb-users mailing list
> Pyu...@li...
> https://lists.sourceforge.net/lists/listinfo/pyusb-users
>
>
|
|
From: Romain A. <r.a...@gm...> - 2010-01-22 14:28:05
|
Yes I did both sniffing, from linux with usbmon and from windows itself with
usbsnoop.
What I didn't do is starting sniffing when I plug the device, I always
started sniffing before pressing the "download data" button under windows
when the device was already connected.
Sorry to fulfil the mailing list with log files... :(
This first log file is from windows running usbsnoop when I plug the device.
I don't know if this traffic is generated from windows querying the device
or from the device driver initialising the device.
-----------------------------------------------------------------------------------------------
[19 ms] UsbSnoop - FilterAddDevice(ed2e2748) : DriverObject 86a15030, pdo
865dd8d8
[20 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[20 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[20 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[20 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[20 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[20 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[20 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_START_DEVICE)
[20 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_START_DEVICE)
[203 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[203 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[203 ms] >>> URB 1 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000012
TransferBuffer = 86932b8c
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000001 (USB_DEVICE_DESCRIPTOR_TYPE)
LanguageId = 00000000
[206 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[206 ms] <<< URB 1 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d9af (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000012
TransferBuffer = 86932b8c
TransferBufferMDL = 869fd098
00000000: 12 01 10 01 00 00 00 40 c4 10 02 00 00 01 01 02
00000010: 03 01
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 01 00 00 12 00
[206 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[206 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[206 ms] >>> URB 2 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000100
TransferBuffer = f7c6d780
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000003 (USB_STRING_DESCRIPTOR_TYPE)
LanguageId = 00000000
[209 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[209 ms] <<< URB 2 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d8af (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000004
TransferBuffer = f7c6d780
TransferBufferMDL = 869fd098
00000000: 04 03 09 04
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 03 00 00 00 01
[209 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[209 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[209 ms] >>> URB 3 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000100
TransferBuffer = f7c6d780
TransferBufferMDL = 00000000
Index = 00000001
DescriptorType = 00000003 (USB_STRING_DESCRIPTOR_TYPE)
LanguageId = 00000409
[214 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[214 ms] <<< URB 3 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d8af (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 0000001a
TransferBuffer = f7c6d780
TransferBufferMDL = 869fd098
00000000: 1a 03 53 00 69 00 6c 00 69 00 63 00 6f 00 6e 00
00000010: 20 00 4c 00 61 00 62 00 73 00
UrbLink = 00000000
SetupPacket =
00000000: 80 06 01 03 09 04 00 01
[214 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[214 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[214 ms] >>> URB 4 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000100
TransferBuffer = f7c6d780
TransferBufferMDL = 00000000
Index = 00000002
DescriptorType = 00000003 (USB_STRING_DESCRIPTOR_TYPE)
LanguageId = 00000409
[219 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[219 ms] <<< URB 4 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d95f (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000010
TransferBuffer = f7c6d780
TransferBufferMDL = 869fd098
00000000: 10 03 55 00 53 00 42 00 20 00 41 00 50 00 49 00
UrbLink = 00000000
SetupPacket =
00000000: 80 06 02 03 09 04 00 01
[219 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[219 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[219 ms] >>> URB 5 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000100
TransferBuffer = f7c6d780
TransferBufferMDL = 00000000
Index = 00000003
DescriptorType = 00000003 (USB_STRING_DESCRIPTOR_TYPE)
LanguageId = 00000409
[224 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[224 ms] <<< URB 5 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d94f (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000004
TransferBuffer = f7c6d780
TransferBufferMDL = 86674940
00000000: 04 03 31 00
UrbLink = 00000000
SetupPacket =
00000000: 80 06 03 03 09 04 00 01
[224 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[224 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[224 ms] >>> URB 6 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000009
TransferBuffer = f7c6d938
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
LanguageId = 00000000
[228 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[228 ms] <<< URB 6 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d9af (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000009
TransferBuffer = f7c6d938
TransferBufferMDL = 86674940
00000000: 09 02 20 00 01 01 00 80 1e
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 02 00 00 09 00
[228 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[228 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[228 ms] >>> URB 7 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000020
TransferBuffer = 8662ad38
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
LanguageId = 00000000
[232 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=2
[232 ms] <<< URB 7 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = f7c6d9af (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000020
TransferBuffer = 8662ad38
TransferBufferMDL = 86674940
00000000: 09 02 20 00 01 01 00 80 1e 09 04 00 00 02 00 00
00000010: 00 00 07 05 02 02 40 00 00 07 05 82 02 40 00 00
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 02 00 00 20 00
[232 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[232 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) : fdo=865dd8d8,
Irp=86a37008, IRQL=0
[232 ms] >>> URB 8 going down >>>
-- URB_FUNCTION_SELECT_CONFIGURATION:
ConfigurationDescriptor = 0x8662ad38 (configure)
ConfigurationDescriptor : bLength = 9
ConfigurationDescriptor : bDescriptorType = 0x00000002
ConfigurationDescriptor : wTotalLength = 0x00000020
ConfigurationDescriptor : bNumInterfaces = 0x00000001
ConfigurationDescriptor : bConfigurationValue = 0x00000001
ConfigurationDescriptor : iConfiguration = 0x00000000
ConfigurationDescriptor : bmAttributes = 0x00000080
ConfigurationDescriptor : MaxPower = 0x0000001e
ConfigurationHandle = 0x00000000
Interface[0]: Length = 56
Interface[0]: InterfaceNumber = 0
Interface[0]: AlternateSetting = 0
[270 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86a37008, Context=8675b008, IRQL=0
[270 ms] <<< URB 8 coming back <<<
-- URB_FUNCTION_SELECT_CONFIGURATION:
ConfigurationDescriptor = 0x8662ad38 (configure)
ConfigurationDescriptor : bLength = 9
ConfigurationDescriptor : bDescriptorType = 0x00000002
ConfigurationDescriptor : wTotalLength = 0x00000020
ConfigurationDescriptor : bNumInterfaces = 0x00000001
ConfigurationDescriptor : bConfigurationValue = 0x00000001
ConfigurationDescriptor : iConfiguration = 0x00000000
ConfigurationDescriptor : bmAttributes = 0x00000080
ConfigurationDescriptor : MaxPower = 0x0000001e
ConfigurationHandle = 0x865dbc20
Interface[0]: Length = 56
Interface[0]: InterfaceNumber = 0
Interface[0]: AlternateSetting = 0
Interface[0]: Class = 0x00000000
Interface[0]: SubClass = 0x00000000
Interface[0]: Protocol = 0x00000000
Interface[0]: InterfaceHandle = 0x86bdcc08
Interface[0]: NumberOfPipes = 2
Interface[0]: Pipes[0] : MaximumPacketSize = 0x00000040
Interface[0]: Pipes[0] : EndpointAddress = 0x00000002
Interface[0]: Pipes[0] : Interval = 0x00000000
Interface[0]: Pipes[0] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[0]: Pipes[0] : PipeHandle = 0x86bdcc24
Interface[0]: Pipes[0] : MaxTransferSize = 0x00001000
Interface[0]: Pipes[0] : PipeFlags = 0x00000000
Interface[0]: Pipes[1] : MaximumPacketSize = 0x00000040
Interface[0]: Pipes[1] : EndpointAddress = 0x00000082
Interface[0]: Pipes[1] : Interval = 0x00000000
Interface[0]: Pipes[1] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[0]: Pipes[1] : PipeHandle = 0x86bdcc44
Interface[0]: Pipes[1] : MaxTransferSize = 0x00001000
Interface[0]: Pipes[1] : PipeFlags = 0x00000000
[272 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_CAPABILITIES)
[272 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_CAPABILITIES)
[272 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_PNP_DEVICE_STATE)
[272 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_PNP_DEVICE_STATE)
[272 ms] UsbSnoop - FilterDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_DEVICE_RELATIONS)
[272 ms] UsbSnoop - FdoHookDispatchPnp(ed2e245c) : IRP_MJ_PNP
(IRP_MN_QUERY_DEVICE_RELATIONS)
-----------------------------------------------------------------------------------------------
Ufff....
The second log file, always from windows, is when I press the "download
data" button from the device software, so nothing happened between this log
and the previous one on the usb port.
-----------------------------------------------------------------------------------------------
[276122 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276122 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=86646008, IRQL=0
[276122 ms] >>> URB 9 going down >>>
-- URB_FUNCTION_VENDOR_DEVICE:
TransferFlags = 00000000 (USBD_TRANSFER_DIRECTION_OUT,
~USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
no data supplied
UrbLink = 00000000
RequestTypeReservedBits = 00000000
Request = 00000002
Value = 00000002
Index = 00000000
[276125 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=86646008, Context=8675b008, IRQL=2
[276125 ms] <<< URB 9 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = 0000000a (USBD_TRANSFER_DIRECTION_OUT,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
UrbLink = 00000000
SetupPacket =
00000000: 40 02 02 00 00 00 00 00
[276125 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276125 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=868feb70, IRQL=0
[276125 ms] >>> URB 10 going down >>>
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc44 [endpoint 0x00000082]
TransferFlags = 00000003 (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00001000
TransferBuffer = 86634000
TransferBufferMDL = 00000000
UrbLink = 00000000
[276125 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276125 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=865e6008, IRQL=0
[276125 ms] >>> URB 11 going down >>>
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc24 [endpoint 0x00000002]
TransferFlags = 00000002 (USBD_TRANSFER_DIRECTION_OUT,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000003
TransferBuffer = 86ebb420
TransferBufferMDL = 00000000
00000000: 00 ff ff
UrbLink = 00000000
[276127 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=86932aa0,
Irp=865e6008, Context=8673c920, IRQL=2
[276127 ms] <<< URB 11 coming back <<<
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc24 [endpoint 0x00000002]
TransferFlags = 00000002 (USBD_TRANSFER_DIRECTION_OUT,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000003
TransferBuffer = 86ebb420
TransferBufferMDL = 8663d128
UrbLink = 00000000
[276127 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=868feb70, Context=8675b008, IRQL=2
[276127 ms] <<< URB 10 coming back <<<
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc44 [endpoint 0x00000082]
TransferFlags = 00000003 (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000003
TransferBuffer = 86634000
TransferBufferMDL = 866d88a8
00000000: 02 40 00
UrbLink = 00000000
[276127 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276127 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=868feb70, IRQL=2
[276127 ms] >>> URB 12 going down >>>
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc44 [endpoint 0x00000082]
TransferFlags = 00000003 (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00001000
TransferBuffer = 86634000
TransferBufferMDL = 00000000
UrbLink = 00000000
[276128 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=868feb70, Context=8675b008, IRQL=2
[276128 ms] <<< URB 12 coming back <<<
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc44 [endpoint 0x00000082]
TransferFlags = 00000003 (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000040
TransferBuffer = 86634000
TransferBufferMDL = 86ec1ac0
00000000: 64 fb 01 fe aa fe 60 b5 e6 00 fb 00 ff 0a cf 01
00000010: 81 1f 80 af 90 ff 30 3f 00 00 00 00 e6 02 00 00
00000020: 01 00 c0 bd 00 00 80 3f 00 00 20 c2 00 00 ff 20
00000030: 01 bf 06 bb 79 f3 98 00 ff 01 bf c8 c7 00 7b 04
UrbLink = 00000000
[276128 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276128 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=868feb70, IRQL=2
[276128 ms] >>> URB 13 going down >>>
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
PipeHandle = 86bdcc44 [endpoint 0x00000082]
TransferFlags = 00000003 (USBD_TRANSFER_DIRECTION_IN,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00001000
TransferBuffer = 86634000
TransferBufferMDL = 00000000
UrbLink = 00000000
[276138 ms] UsbSnoop - FilterDispatchAny(ed2ddfd2) :
IRP_MJ_INTERNAL_DEVICE_CONTROL
[276138 ms] UsbSnoop - FdoHookDispatchInternalIoctl(ed2de1ea) :
fdo=865dd8d8, Irp=866d8008, IRQL=0
[276138 ms] >>> URB 14 going down >>>
-- URB_FUNCTION_VENDOR_DEVICE:
TransferFlags = 00000000 (USBD_TRANSFER_DIRECTION_OUT,
~USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
no data supplied
UrbLink = 00000000
RequestTypeReservedBits = 00000000
Request = 00000002
Value = 00000004
Index = 00000000
[276140 ms] UsbSnoop - MyInternalIOCTLCompletion(ed2de126) : fido=00000000,
Irp=866d8008, Context=8673c920, IRQL=2
[276140 ms] <<< URB 14 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 86bd20d0
TransferFlags = 0000000a (USBD_TRANSFER_DIRECTION_OUT,
USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
UrbLink = 00000000
SetupPacket =
00000000: 40 02 04 00 00 00 00 00
-----------------------------------------------------------------------------------------------
Hope you can help me, I'm really stucked at this point
Thanks,
Romain
On Fri, Jan 22, 2010 at 2:43 PM, Romain Aviolat <r.a...@gm...> wrote:
> There must be some earlier data exchange, either on the out/in
> endpoint or in the default control endpoint... As you sad you were
> using a Windows VM for reverse engineering, you can use a USB sw
> sniffer to check it...
>
> You can use that: http://sourceforge.net/projects/usbsnoop/
>
> Wander
>
> 2010/1/22 Romain Aviolat <r.aviolat@gm...>:
> > My device has 1 configuration, 1 interface, and two endpoints
> >
> > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x
> > USBXpress Device
> > Device Descriptor:
> > bLength 18
> > bDescriptorType 1
> > bcdUSB 1.10
> > bDeviceClass 0 (Defined at Interface level)
> > bDeviceSubClass 0
> > bDeviceProtocol 0
> > bMaxPacketSize0 64
> > idVendor 0x10c4 Cygnal Integrated Products, Inc.
> > idProduct 0x0002 F32x USBXpress Device
> > bcdDevice 1.00
> > iManufacturer 1 Silicon Labs
> > iProduct 2 USB API
> > iSerial 3 1
> > bNumConfigurations 1
> > Configuration Descriptor:
> > bLength 9
> > bDescriptorType 2
> > wTotalLength 32
> > bNumInterfaces 1
> > bConfigurationValue 1
> > iConfiguration 0
> > bmAttributes 0x80
> > (Bus Powered)
> > MaxPower 60mA
> > Interface Descriptor:
> > bLength 9
> > bDescriptorType 4
> > bInterfaceNumber 0
> > bAlternateSetting 0
> > bNumEndpoints 2
> > bInterfaceClass 0 (Defined at Interface level)
> > bInterfaceSubClass 0
> > bInterfaceProtocol 0
> > iInterface 0
> > Endpoint Descriptor:
> > bLength 7
> > bDescriptorType 5
> > bEndpointAddress 0x02 EP 2 OUT
> > bmAttributes 2
> > Transfer Type Bulk
> > Synch Type None
> > Usage Type Data
> > wMaxPacketSize 0x0040 1x 64 bytes
> > bInterval 0
> > Endpoint Descriptor:
> > bLength 7
> > bDescriptorType 5
> > bEndpointAddress 0x82 EP 2 IN
> > bmAttributes 2
> > Transfer Type Bulk
> > Synch Type None
> > Usage Type Data
> > wMaxPacketSize 0x0040 1x 64 bytes
> > bInterval 0
> > Device Status: 0x0000
> >
> > I'm running ubuntu linux ans PyUSB1.0 you are right.
> >
> >
> >
> > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.aviolat@gm...>
> > wrote:
> >>
> >> This can be many things, does your device have more than one
> >> configuration or interface/alternate setting? And about the endpoint
> >> address? I see you are using PyUSB 1.0, are you running it under
> >> Windows? I haven't tested it in Windows yet (actually I did, but there
> >> are some issues that I did not fix yet, then I could not progress with
> >> tests).
> >>
> >> Wander
> >>
> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>:
> >> > Hi, this my first time in this mailing list,
> >> >
> >> > I'm trying to reverse a device that has no support for Linux, I'm new
> to
> >> > pyusb and have a problem with my script.
> >> >
> >> > I sniffed the USBlog from a virtual machine running windows and my
> >> > working
> >> > device here's the log:
> >> >
> >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0
> >> > f53ed800 355027800 C Co:2:002:0 0 0
> >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff
> >> >
> >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send it's
> >> > data
> >> >
> >> > Here's my code (mainly used the examples on the pyusb website)
> >> >
> >> > ------------------------
> >> > import usb.core
> >> > import usb.util
> >> >
> >> > # find our device
> >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002)
> >> >
> >> > # was it found?
> >> > if dev is None:
> >> > raise ValueError('Device not found')
> >> >
> >> > # set the active configuration. With no arguments, the first
> >> > # configuration will be the active one
> >> >
> >> > dev.set_configuration()
> >> >
> >> > msg = [0x00, 0xFF, 0xFF]
> >> > sent_bytes = dev.write(0x02, msg, 0, 100)
> >> > ------------------------
> >> >
> >> > and here's the output
> >> >
> >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0
> >> > f341b700 484299102 C Co:2:003:0 0 0
> >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff
> >> >
> >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device doesn't
> >> > send
> >> > it's data, we can see in the first line of both log that the
> >> > ControlOutput
> >> > is not the same, I think this is my problem.
> >> >
> >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000 0000
> >> >
> >> > Hope someone can help me,
> >> >
> >> > Cheers, Romain
> >> >
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Throughout its 18-year history, RSA Conference consistently attracts
> the
> >> > world's best and brightest in the field, creating opportunities for
> >> > Conference
> >> > attendees to learn about information security's most important issues
> >> > through
> >> > interactions with peers, luminaries and emerging and established
> >> > companies.
> >> > http://p.sf.net/sfu/rsaconf-dev2dev
> >> > _______________________________________________
> >> > Pyusb-users mailing list
> >> > Pyusb-users@li...
> >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >> >
> >> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Throughout its 18-year history, RSA Conference consistently attracts the
> > world's best and brightest in the field, creating opportunities for
> > Conference
> > attendees to learn about information security's most important issues
> > through
> > interactions with peers, luminaries and emerging and established
> companies.
> > http://p.sf.net/sfu/rsaconf-dev2dev
> > _______________________________________________
> > Pyusb-users mailing list
> > Pyusb-users@li...
> > https://lists.sourceforge.net/lists/listinfo/pyusb-users
> >
> >
>
|
|
From: Romain A. <r.a...@gm...> - 2010-01-29 12:12:03
|
Hi Wander, it now works like charm with your modified version of core.py :) Can you give me a feedback when you will have modified the SVN version ? I can now read the data from my device, thank you for your help! Romain |
|
From: Wander L. <wan...@gm...> - 2010-01-29 14:17:48
|
Well, I am in a work trip, because of that PyUSB development is stopped... I will be back next month, I hope soon I will update svn repositories... Wander 2010/1/29 Romain Aviolat <r.a...@gm...>: > Hi Wander, it now works like charm with your modified version of core.py :) > > Can you give me a feedback when you will have modified the SVN version ? > > I can now read the data from my device, thank you for your help! > > Romain > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the > business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > Pyusb-users mailing list > Pyu...@li... > https://lists.sourceforge.net/lists/listinfo/pyusb-users > > |
|
From: Wander L. <wan...@gm...> - 2010-01-22 10:34:12
|
There must be some earlier data exchange, either on the out/in endpoint or in the default control endpoint... As you sad you were using a Windows VM for reverse engineering, you can use a USB sw sniffer to check it... You can use that: http://sourceforge.net/projects/usbsnoop/ Wander 2010/1/22 Romain Aviolat <r.a...@gm...>: > My device has 1 configuration, 1 interface, and two endpoints > > Bus 002 Device 002: ID 10c4:0002 Cygnal Integrated Products, Inc. F32x > USBXpress Device > Device Descriptor: > bLength 18 > bDescriptorType 1 > bcdUSB 1.10 > bDeviceClass 0 (Defined at Interface level) > bDeviceSubClass 0 > bDeviceProtocol 0 > bMaxPacketSize0 64 > idVendor 0x10c4 Cygnal Integrated Products, Inc. > idProduct 0x0002 F32x USBXpress Device > bcdDevice 1.00 > iManufacturer 1 Silicon Labs > iProduct 2 USB API > iSerial 3 1 > bNumConfigurations 1 > Configuration Descriptor: > bLength 9 > bDescriptorType 2 > wTotalLength 32 > bNumInterfaces 1 > bConfigurationValue 1 > iConfiguration 0 > bmAttributes 0x80 > (Bus Powered) > MaxPower 60mA > Interface Descriptor: > bLength 9 > bDescriptorType 4 > bInterfaceNumber 0 > bAlternateSetting 0 > bNumEndpoints 2 > bInterfaceClass 0 (Defined at Interface level) > bInterfaceSubClass 0 > bInterfaceProtocol 0 > iInterface 0 > Endpoint Descriptor: > bLength 7 > bDescriptorType 5 > bEndpointAddress 0x02 EP 2 OUT > bmAttributes 2 > Transfer Type Bulk > Synch Type None > Usage Type Data > wMaxPacketSize 0x0040 1x 64 bytes > bInterval 0 > Endpoint Descriptor: > bLength 7 > bDescriptorType 5 > bEndpointAddress 0x82 EP 2 IN > bmAttributes 2 > Transfer Type Bulk > Synch Type None > Usage Type Data > wMaxPacketSize 0x0040 1x 64 bytes > bInterval 0 > Device Status: 0x0000 > > I'm running ubuntu linux ans PyUSB1.0 you are right. > > > > On Fri, Jan 22, 2010 at 10:05 AM, Romain Aviolat <r.a...@gm...> > wrote: >> >> This can be many things, does your device have more than one >> configuration or interface/alternate setting? And about the endpoint >> address? I see you are using PyUSB 1.0, are you running it under >> Windows? I haven't tested it in Windows yet (actually I did, but there >> are some issues that I did not fix yet, then I could not progress with >> tests). >> >> Wander >> >> 2010/1/21 Romain Aviolat <r.aviolat@gm...>: >> > Hi, this my first time in this mailing list, >> > >> > I'm trying to reverse a device that has no support for Linux, I'm new to >> > pyusb and have a problem with my script. >> > >> > I sniffed the USBlog from a virtual machine running windows and my >> > working >> > device here's the log: >> > >> > f53ed800 355026092 S Co:2:002:0 s 40 02 0002 0000 0000 0 >> > f53ed800 355027800 C Co:2:002:0 0 0 >> > f53ed800 355075185 S Bo:2:002:2 -115 3 = 00ffff >> > >> > If the device receive the 0x00, 0xFF, 0xFF sequence, it then send it's >> > data >> > >> > Here's my code (mainly used the examples on the pyusb website) >> > >> > ------------------------ >> > import usb.core >> > import usb.util >> > >> > # find our device >> > dev = usb.core.find(idVendor=0x10c4, idProduct=0x0002) >> > >> > # was it found? >> > if dev is None: >> > raise ValueError('Device not found') >> > >> > # set the active configuration. With no arguments, the first >> > # configuration will be the active one >> > >> > dev.set_configuration() >> > >> > msg = [0x00, 0xFF, 0xFF] >> > sent_bytes = dev.write(0x02, msg, 0, 100) >> > ------------------------ >> > >> > and here's the output >> > >> > f341b700 484297497 S Co:2:003:0 s 00 09 0001 0000 0000 0 >> > f341b700 484299102 C Co:2:003:0 0 0 >> > f341b700 484312389 S Bo:2:003:2 -115 3 = 00ffff >> > >> > The 0x00, 0xFF, 0xFF sequence is correctly sent but the device doesn't >> > send >> > it's data, we can see in the first line of both log that the >> > ControlOutput >> > is not the same, I think this is my problem. >> > >> > I don't know how to change 09 0001 0000 0000 to 40 02 0002 0000 0000 >> > >> > Hope someone can help me, >> > >> > Cheers, Romain >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Throughout its 18-year history, RSA Conference consistently attracts the >> > world's best and brightest in the field, creating opportunities for >> > Conference >> > attendees to learn about information security's most important issues >> > through >> > interactions with peers, luminaries and emerging and established >> > companies. >> > http://p.sf.net/sfu/rsaconf-dev2dev >> > _______________________________________________ >> > Pyusb-users mailing list >> > Pyusb-users@li... >> > https://lists.sourceforge.net/lists/listinfo/pyusb-users >> > >> > > > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for > Conference > attendees to learn about information security's most important issues > through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > Pyusb-users mailing list > Pyu...@li... > https://lists.sourceforge.net/lists/listinfo/pyusb-users > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X