- Writers needed:
Spain
Rotterdam
Berlin - Luke and Brie are on a first date
- Sea Legs
- Kung Fu Joe
- The Dark Lurking
- Review of Jean Reno's L'IMMORTEL (22 BULLETS)
- Review of Tim Burton's ALICE IN WONDERLAND
- Book Review: AMERICAN APOCALYPSE - THE BEGINNING
- Review of THE CRAZIES
- PA Video Game Review: FALLEN EARTH
- Review of SURVIVORS season 2 episode 6
- Review of SURVIVORS season 2 episode 5
- PA Book Review: ELEGY BEACH
- Review of SURVIVORS season 2 episode 4
- Prom blows! Luckily CABIN FEVER 2: SPRING FEVER doesn't
- Review of arthouse post apocalyptic flick DUST
- Re: Last Stand Part 1 New Zombie Series
- Re: 667
- Re: Last Stand Part 1 New Zombie Series
- Re: Last Stand Part 1 New Zombie Series
- Re: Quarantine
- Re: Quarantine
- Re: No one here is talking about Fallout 3???
- Last Stand Part 1 New Zombie Series
- New Reno Trip
- inner city vs outer space
- Coming to the BBC.. a new 6 part post apocalyptic comic adaptation FALLOUT
- EXCLUSIVE: Kyle Rankin of Infestation fame is back with the PA NUCLEAR FAMILY
- Trailer for post-apocalyptic creature feature DARK NEMESIS
- Chris Gorak teams with Timur Bekmambetov on new PA flick!
- First look at DANISH post-apocalyptic actioner EASTERN ARMY
- Watch the full PA short CONNECTED now!
- Trailer for Capcom's live action DEAD RISING movie... seriously
- Leaked promo reel for UK PA zombie flick DEVIL'S PLAYGROUND
- Trailer for post-apocalyptic video game METRO 2033
- Retro Slave: the apocalypse gets silly in AMERICA 3000
- PA Video Game Review: FALLEN EARTH
- Portuguese horror series THE TEN (O Dez) debuts
- Polish techno-neo-noir choose your own adventure in SUFFERROSA
- Horror meets steampunk in Luke Ĺmigiel's DECATHEXIS
- Mauro Borrelli's BOX OF SHADOWS gets a new trailer
- First look at DANISH post-apocalyptic actioner EASTERN ARMY
- Watch the full PA short CONNECTED now!
- We are not going to stay here and be eaten by zombies! 2nd trailer for A CADAVER CHRISTMAS
- And the BULLETFACE winners are...
- Trailer for Capcom's live action DEAD RISING movie... seriously
- Leaked promo reel for UK PA zombie flick DEVIL'S PLAYGROUND
- Trailer for post-apocalyptic video game METRO 2033
- Finally a real trailer for indie thriller DON MCKAY (aka Moment of Truth)
- Book Review: AMERICAN APOCALYPSE - THE BEGINNING
- What are your favorite weird and arthouse films? SOUND OFF!
- My favorite, most twisted scene from Pearry Teo's NECROMENTIA
- Gundam goes WWII in PROJECT ARBITER. Someone make this film!
- SXSW 2010: Preview trailer for Lena Dunham's TINY FURNITURE
- Review of THE CRAZIES
- Retro Slave: the apocalypse gets silly in AMERICA 3000
- Teaser for "groundbreaking" new shorts series PARALLEL LINES
News
Reviews
Forums
Post apocalyptic list
Yes, we've sold out.

Join QE!
Upcoming Reviews
Latest Reviews
Latest Forum Posts
PA News
Older News

Posted on Monday, October 16th, 2006 21:19:45 GMT by: quietearth
Posted under: linux usb snoop
This is intended to be a howto to debug usb transactions under linux, or simply to reverse engineer propietary usb stuff.
If you need to reverse engineer a windows only usb driver, you can do it easily using vmware. We can snoop the usb traffic from windows using usbmon which is part of the linux kernel since version 2.6.11 (I think). Previous to that you had to use patches.
1. Compile and install the kernel
First off we need to compile the "Debug filesystem" and the usbmon module into the kernel. Under your source directory, run:
# make menuconfigEnable the debug filesystem which is located under Kernel hacking -> Kernel Debugging. Unfortunately this cannot be compiled as a module.
Then enable usb monitoring under Device Drivers -> USB support. It should be around the USB Multimedia adapters or before port drivers.
You will then need to compile the newly configured kernel and install it. This will be distribution dependent, so consult your documentation. If you are looking for instructions for ubuntu, you can read my post about it here.
2. Setup
Once you're booted into your new kernel, we need to mount the debug filesystem and load usbmon (which should be a module):
# mount -t debugfs none_debugs /sys/kernel/debug
# modprobe usbmon
# ls -l /sys/kernel/debug
total 0
-rw------- 1 root root 0 2006-10-16 12:53 1s
-rw------- 1 root root 0 2006-10-16 12:53 1t
-rw------- 1 root root 0 2006-10-16 12:53 2s
-rw------- 1 root root 0 2006-10-16 12:53 2tYou should already have vmware setup with your necessary version of windows installed. At this point we can use the usbmon package (note the package name is the same as the kernel module, but not the same thing) which makes reading the debug output much easier, or you could read the usbmon documentation located in Docuemtation/usb/usbmon.txt in the linux kernel source.
I'm going to use the usbmon package (0.4) so let's grab it from http://people.redhat.com/zaitcev/linux/. This is a java program, and I couldn't use the pre-installed blackdown java on ubuntu, I had to grab the Sun jre and jdk from the repositories. To compile you will probably need to modify the USBMon Makefile to change the JAVAC (java compiler) location. Run make and you should be able to start it up with "java USBMon". Let's leave this for later as it will need to be loaded after we've inserted our device.
3. Execution
Startup vmware and boot your windows virtual machine, once loaded make sure you have loaded the device driver and software for the usb thing you wish to watch. Insert the usb device, both windows and linux should recognize the device, and it should function fine without any special modifications required. Now we can load up the java USBMon program and find our usb device, it will be listed under whatever usb bus # you plugged it into. It might be listed as "generic" or something else which is non-intuitive, so you can take a look at /proc/bus/usb/devices to help out.
Once you've found the device in USBMon, set the primary control pipe and all the interfaces under the Configuration tab to "Full Data Monitoring", then go ahead and run a transaction to it under windows. To see the data, go to the Endpoints tab and under whatever Endpoint Data section, just click on "Data not shown" and it will open a new window with a text/hex/binary dump of the data.
At this point I would reccomend doing one transaction to your device at a time, then looking at the debug output to figure out how it works. The USBMon interface leaves a lot to be desired, so if anyone knows of any better program, please post a comment here.
Then again it might just be easier to do it by hand as described in the kernel documentation.
UPDATE: 10/17/06
I got linked off Make, woohoo! Make rules, it's one of the few sites I read. Thanks to all who visited, and special thanks to Pete for the update on the impending binary api goodness..
Pingbacks
Pingback from http://zedomax.com/blog/2006/10/17/diy-hack-howto-snoop-doggy-usb/
Pingback from http://hax0r.schleppingsquid.net/?p=29
Trackbacks
USB Snooping in linux
Rad, Quiet Earth has a good how-to on listening in to what's going on over USB, great for reverse engineering weird USB doo-dads... - "This is intended to be a ho...
Rad, Quiet Earth has a good how-to on listening in to what's going on over USB, great for reverse engineering weird USB doo-dads... - "This is intended to be a ho...
RSS Feed for commentsComments
Posted by: Pete Zaitcev | October 16, 2006 07:49:11 pm | permalink
Posted by: Anonymous | May 25, 2007 08:47:04 pm | permalink
Posted by: danielstaple | August 7, 2007 04:13:59 pm | permalink
Posted by: Giro | July 31, 2008 03:30:12 am | permalink
Posted by: CeDeROM | August 16, 2008 03:20:36 pm | permalink
Posted by: Anonymous | July 3, 2009 04:09:46 pm | permalink
Post a comment
Related articles
rss | subscribe via email | the team | contact us | mobile
© 2006-2009 Don Neumann (except where applicable)
We are looking for free hosting with a cut of sales, you'll get a link right here.
If you want news of your film posted, use our contact page and we'll check it out
Permission is granted to use material from this site if you provide a reference to us via a link and DO NOT HOTLINK.
GenreBanners.com Banner Exchange