- Darkstar Pictures Announces Free Online Film Festival!
- Stunning First Look at Indie Fantasy THE WANTING MARE [Trailer]
- Stunning First Look at Indie Fantasy THE WANTING MARE [Trailer]
- Stunning First Look at Indie Fantasy THE WANTING MARE [Trailer]
- SKYLINES Is Coming! [Poster Premiere]
- Who Hunts Who in HUNTER HUNTER? [Trailer]
- MONSTER HUNTER Coming for Christmas [Trailer]
- Saskatoon Fantastic Film Festival Returns with In-Person Event [Line Up]
- LUNATIQUE Director Returns with WASTELAND 3 Promo [Short Film]
- Win a copy of JAMES CAMERON'S STORY OF SCIENCE FICTION [Contest]
- Slice of Life, Blade Runner inspired short
- Is Snowpeircer a sequel to Willy Wonka?
- Re: Yesterday
- Re: Yesterday
- Yesterday
- Re: White Night (or where do I get my 30 + from now?)
- Re: White Night (or where do I get my 30 + from now?)
- Re: White Night (or where do I get my 30 + from now?)
- Re: White Night (or where do I get my 30 + from now?)
- Re: White Night (or where do I get my 30 + from now?)
- LUNATIQUE Director Returns with WASTELAND 3 Promo [Short Film]
- A Comet Destoys Earth in GREENLAND Trailer
- Interactive WAR OF THE WORLDS Adaptation Out Now!
- 8K Trailer for Train to Busan Sequel PENINSULA Drops Hard!
- Making a Bomb Shelter in a Funhouse is a Bad Idea in IMPACT EVENT [Trailer]
- Retro Slave: FOX's Post-Apocalyptic Sitcom WOOPS!
- TRAIN TO BUSAN Sequel PENINSULA Gets a Teaser Trailer
- New on Blu-ray and DVD for March 11, 2020
- The Apocalypse Kills Women in ONLY [Trailer]
- Trailer for TheWalking Dead: World Beyond Spin-Off Series
- BORDERLANDS Movie From Eli Roth in Development
- A Woman's Mind Unravels in BIGHT HILL ROAD [Review]
- TIFF 2020: Vanlife Gets a Reality Check in NOMADLAND [Review]
- TIFF 2020: APPLES, THE WAY I SEE IT, PIECES OF A WOMAN & ONE NIGHT IN MIAMI [Capsule Reviews]
- TIFF 2020: The Truth Tellers Return with THE NEW CORPORATION: THE UNFORTUNATELY NECESSARY SEQUEL [Review]
- TIFF 2020: NEW ORDER is Brutal, Violent & a Must-See [Review]
- TIFF 2020: ENEMIES OF THE STATE, Or Are They? [Review]
- TIFF 2020: HOLLER Explores Life in a Dying Town [Review]
- Fantasia 2020: THE OAK ROOM, MARYGOROUND & CLIMATE OF THE HUNTER [Capsule Reviews]
- UNCLE PECKERHEAD is One Note but Fun [Review]
- Dave Franco Shows Potential as Director with Debut Feature THE RENTAL [Review]
- VIFF2020: Director Loretta Todd on the Making of Her Debut Feature MONKEY BEACH [Interview]
- TIFF 2020: APPLES, THE WAY I SEE IT, PIECES OF A WOMAN & ONE NIGHT IN MIAMI [Capsule Reviews]
- TIFF 2020: The Truth Tellers Return with THE NEW CORPORATION: THE UNFORTUNATELY NECESSARY SEQUEL [Review]
- TIFF 2020: NEW ORDER is Brutal, Violent & a Must-See [Review]
- TIFF 2020: ENEMIES OF THE STATE, Or Are They? [Review]
- NO ESCAPE Director Talks Influencers, Escape Rooms & Writing [Interview]
- TIFF 2020: HOLLER Explores Life in a Dying Town [Review]
- The Funny Side of Alien Invasions: You have to SAVE YOURSELVES! [Trailer]
- Kodi Smit-McPhee Goes to the Future to Save the Present in 2067 [Trailer]
- First Look at Denis Villeneuve's DUNE [Trailer]
- Fantasia 2020: LAPSIS, THE COLUMNIST, MINOR PREMISE, FEELS GOOD MAN & HAIL TO THE DEADITES [Capsule Reviews]
- BUNRAKU Writer/Director Returns with LX 2048 [Trailer]
- BLOOD QUANTUM Writer/Director Talks Inspiration, Zombies & Representation [Interview]
- Fantasia 2020: THE OAK ROOM, MARYGOROUND & CLIMATE OF THE HUNTER [Capsule Reviews]
- Sylvester McCoy Talks SENSE8, DOCTOR WHO & THE OWNERS [Interview]
- Fantasia 2020: PVT CHAT, PATRICK, TIME OF MOULTING, SLEEP [Capsule Reviews]
- Scholar Mitch Horowitz Breaks Down Faith, Horror & CURSED FILMS [Interview]
- Actor Cosmo Jarvis Talks About his New Thriller THE SHADOW OF VIOLENCE [Interview]
- Director Jay Cheel Talks Making of Horror Documentary CURSED FILMS [Interview]
- Europe is in Shambles in UNDERGODS [Trailer]
Jack In
Latest Comments
Latest Forum Posts
PA News
Latest Reviews
Older News
Crew
Marina Antunes
Editor in Chief
Vancouver, British Columbia
Christopher Webster
Managing Editor
Edmonton, Alberta
DN aka quietearth
Founder / Asst. Managing Editor
Denver, Colorado
Simon Read
UK Correspondent
Edinburgh, Scotland
Rick McGrath
Toronto Correspondent
Toronto, Ontario
Manuel de Layet
France Correspondent
Paris, France
rochefort
Austin Correspondent
Austin, Texas
Daniel Olmos
Corrispondente in Italia
Italy
Griffith Maloney aka Griffith Maloney
New York Correspondent
New York, NY
Stephanie O
Floating Correspondent
Quiet Earth Bunker
Jason Widgington
Montreal Correspondent
Montreal, Quebec
Carlos Prime
Austin Correspondent
Austin, TX
Latest news
quietearth [General News 10.16.06]
This is intended to be a howto to debug usb transactions under linux, or simply to reverse engineer propietary usb stuff.
If you need to reverse engineer a windows only usb driver, you can do it easily using vmware. We can snoop the usb traffic from windows using usbmon which is part of the linux kernel since version 2.6.11 (I think). Previous to that you had to use patches.
1. Compile and install the kernel
First off we need to compile the "Debug filesystem" and the usbmon module into the kernel. Under your source directory, run:
# make menuconfigEnable the debug filesystem which is located under Kernel hacking -> Kernel Debugging. Unfortunately this cannot be compiled as a module.
Then enable usb monitoring under Device Drivers -> USB support. It should be around the USB Multimedia adapters or before port drivers.
You will then need to compile the newly configured kernel and install it. This will be distribution dependent, so consult your documentation. If you are looking for instructions for ubuntu, you can read my post about it here.
2. Setup
Once you're booted into your new kernel, we need to mount the debug filesystem and load usbmon (which should be a module):
# mount -t debugfs none_debugs /sys/kernel/debug
# modprobe usbmon
# ls -l /sys/kernel/debug
total 0
-rw------- 1 root root 0 2006-10-16 12:53 1s
-rw------- 1 root root 0 2006-10-16 12:53 1t
-rw------- 1 root root 0 2006-10-16 12:53 2s
-rw------- 1 root root 0 2006-10-16 12:53 2tYou should already have vmware setup with your necessary version of windows installed. At this point we can use the usbmon package (note the package name is the same as the kernel module, but not the same thing) which makes reading the debug output much easier, or you could read the usbmon documentation located in Docuemtation/usb/usbmon.txt in the linux kernel source.
I'm going to use the usbmon package (0.4) so let's grab it from http://people.redhat.com/zaitcev/linux/. This is a java program, and I couldn't use the pre-installed blackdown java on ubuntu, I had to grab the Sun jre and jdk from the repositories. To compile you will probably need to modify the USBMon Makefile to change the JAVAC (java compiler) location. Run make and you should be able to start it up with "java USBMon". Let's leave this for later as it will need to be loaded after we've inserted our device.
3. Execution
Startup vmware and boot your windows virtual machine, once loaded make sure you have loaded the device driver and software for the usb thing you wish to watch. Insert the usb device, both windows and linux should recognize the device, and it should function fine without any special modifications required. Now we can load up the java USBMon program and find our usb device, it will be listed under whatever usb bus # you plugged it into. It might be listed as "generic" or something else which is non-intuitive, so you can take a look at /proc/bus/usb/devices to help out.
Once you've found the device in USBMon, set the primary control pipe and all the interfaces under the Configuration tab to "Full Data Monitoring", then go ahead and run a transaction to it under windows. To see the data, go to the Endpoints tab and under whatever Endpoint Data section, just click on "Data not shown" and it will open a new window with a text/hex/binary dump of the data.
At this point I would reccomend doing one transaction to your device at a time, then looking at the debug output to figure out how it works. The USBMon interface leaves a lot to be desired, so if anyone knows of any better program, please post a comment here.
Then again it might just be easier to do it by hand as described in the kernel documentation.
UPDATE: 10/17/06
I got linked off Make, woohoo! Make rules, it's one of the few sites I read. Thanks to all who visited, and special thanks to Pete for the update on the impending binary api goodness..
Pingbacks
Pingback from http://zedomax.com/blog/2006/10/17/diy-hack-howto-snoop-doggy-usb/
Pingback from http://hax0r.schleppingsquid.net/?p=29
Trackbacks
USB Snooping in linux
Rad, Quiet Earth has a good how-to on listening in to what's going on over USB, great for reverse engineering weird USB doo-dads... - "This is intended to be a ho...
Rad, Quiet Earth has a good how-to on listening in to what's going on over USB, great for reverse engineering weird USB doo-dads... - "This is intended to be a ho...
You might also like
Pete Zaitcev (14 years ago) Reply
Just like you said, forget the USBmon. It's the old program which Dave Harding wrote, but he never completed it.
Currently (for 2.6.18), I simply read the raw output for the text format API.
Last week one guy sent me a patch to introduce a binary API, which plugs into libpcap, and thus into Wireshark. We're hashing this out, so it's not quite there.
Anonymous (13 years ago) Reply
ur hot
danielstaple (13 years ago) Reply
The cool thing I have spotted is that the debugfs and usbmon module is already present under ubuntu. You will not need to compile or configure the kernel, just mount the debugfs, load the usbmon module, and the usbmon directory should appear under the /sys/kernel/debug directory.
Happy hacking - I am going to try to get some multimedia keys working on my new shiny keyboard...
Giro (12 years ago) Reply
There is an even better way to sniff on USB Traffic:
the svn version of libpcap is able to sniff on USB Traffic. In combination with Wireshark it is very easy to see whats going on on the USB
http://wiki.wireshark.org/USB
CeDeROM (12 years ago) Reply
pingback frompoland: http://www.tomek.cedro.info/content/view/202/72/lang,pl/
Anonymous (11 years ago) Reply
ping