问题描述
嗅探到URB_Interruptions
我嗅探到一些应用程序(SoundLab)和设备(带USB的声谱仪)之间的通信。我发现负责返回当前状态的数据包:
USB URB
[Source: host]
[Destination: 1.1.2]
USBPcap pseudoheader length: 27
IRP ID: 0xffff858d126f4a60
IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
IRP information: 0x00, Direction: FDO -> PDO
0000 000. = Reserved: 0x00
.... ...0 = Direction: FDO -> PDO (0x0)
URB bus id: 1
Device address: 1
Endpoint: 0x02, Direction: OUT
0... .... = Direction: OUT (0)
.... 0010 = Endpoint number: 2
URB transfer type: URB_INTERRUPT (0x01)
Packet Data Length: 8
[bInterfaceClass: Unknown (0xffff)]
Leftover Capture Data: b331eb4d00000000
应用程序将其发送到2号终结点(出站),然后设备将urb中断与数据一起发送到1号终结点(入站):
USB URB
[Source: 1.1.1]
[Destination: host]
USBPcap pseudoheader length: 27
IRP ID: 0xffff858d10207af0
IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
IRP information: 0x01, Direction: PDO -> FDO
0000 000. = Reserved: 0x00
.... ...1 = Direction: PDO -> FDO (0x1)
URB bus id: 1
Device address: 1
Endpoint: 0x81, Direction: IN
1... .... = Direction: IN (1)
.... 0001 = Endpoint number: 1
URB transfer type: URB_INTERRUPT (0x01)
Packet Data Length: 8
[bInterfaceClass: Unknown (0xffff)]
Leftover Capture Data: 01a9009b90ddc0ff
尝试使用libus b模拟中断
现在我想在Linux中使用libusb来模拟这一点。我编写了此代码,可以在其中测试不同的中断。
require 'libusb'
require 'pry'
vendor_id = 0x64bd
product_id = 0x74e3
module Messages
GET_STATE = ['b331eb4d00000000'].pack('H*')
end
usb = LIBUSB::Context.new
device = usb.devices(idVendor: vendor_id, idProduct: product_id).first
dev_handle = device.open
if dev_handle.kernel_driver_active?(0)
dev_handle.detach_kernel_driver(0)
end
dev_handle.claim_interface(0)
binding.pry
dev_handle.release_interface(0)
dev_handle.close
然后我在pry控制台中运行此命令:
dev_handle.interrupt_transfer(endpoint: 2, dataOut: Messages::GET_STATE)
,并返回8。这不是我所期望的。
运行代码时看到的URB_Interruptions
USB URB
[Source: host]
[Destination: 1.6.2]
URB id: 0xffff8802142fecc0
URB type: URB_SUBMIT ('S')
URB transfer type: URB_INTERRUPT (0x01)
Endpoint: 0x02, Direction: OUT
Device: 6
URB bus id: 1
Device setup request: not relevant ('-')
Data: present (0)
URB sec: 1559130571
URB usec: 534195
URB status: Operation now in progress (-EINPROGRESS) (-115)
URB length [bytes]: 8
Data length [bytes]: 8
[Response in: 126]
[bInterfaceClass: HID (0x03)]
Unused Setup Header
Interval: 8
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Leftover Capture Data: b331eb4d00000000
USB URB
[Source: 1.6.2]
[Destination: host]
URB id: 0xffff8802142fecc0
URB type: URB_COMPLETE ('C')
URB transfer type: URB_INTERRUPT (0x01)
Endpoint: 0x02, Direction: OUT
Device: 6
URB bus id: 1
Device setup request: not relevant ('-')
Data: not present ('>')
URB sec: 1559130571
URB usec: 534846
URB status: Success (0)
URB length [bytes]: 8
Data length [bytes]: 0
[Request in: 125]
[Time from request: 0.000651000 seconds]
[bInterfaceClass: HID (0x03)]
Unused Setup Header
Interval: 8
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
摘要
结果,我得到的URB_INTERRUPTIONS与我在Windows上看到的截然不同。在Windows上,我有urb_interrupt to 2(Out)端点和设备的数据请求状态。则设备正在向1(In)端点发送urb_interrupt,其中当前状态编码在捕获数据中。我怎样才能用LIBUSB::DevHandle#interrupt_transfer来模仿呢?以下是此方法的文档:https://www.rubydoc.info/gems/libusb/LIBUSB/DevHandle#interrupt_transfer-instance_method。
usb
我尝试将您发布的预期推荐答案输出与接收到的usb输出合并在一起,最突出的是您的"实际"usb协议捕获显示了一个URB_INTERRUPT(由‘Direction’字段标记)。在您的"实际"USB流量转储中,看起来您有两个URB_INTERRUPT输出。
我不是USB协议方面的专家(我自己也是在对USB驱动程序进行反向工程时遇到这个问题的),但据我所知,要在‘’中获得URB_INTERRUPT(这就是您在预期输出中得到的),您必须将终结点地址更改为0x82,而不仅仅是2。
此答案进一步说明了这一点:https://superuser.com/a/876773/618124
主机上有USB端点0x00-0x7F,而端点0x80-0xFF 都在设备上(我想)。试试看是否奏效?