嗅探 URB_INTERRUPtions
我嗅探了一些应用程序(SoundLab)和设备(带 USB 的声波计)之间的通信。我找到了一个负责返回当前状态的数据包:
USB URB
[Source: host]
[Destination: 1.1.2]
USBPcap pseudoheader length: 27
IRP ID: 0xffff858d126f4a60
IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
IRP information: 0x00, Direction: FDO -> PDO
0000 000. = Reserved: 0x00
.... ...0 = Direction: FDO -> PDO (0x0)
URB bus id: 1
Device address: 1
Endpoint: 0x02, Direction: OUT
0... .... = Direction: OUT (0)
.... 0010 = Endpoint number: 2
URB transfer type: URB_INTERRUPT (0x01)
Packet Data Length: 8
[bInterfaceClass: Unknown (0xffff)]
Leftover Capture Data: b331eb4d00000000
它由应用程序发送到端点号 2(输出),然后设备将 urb 中断和数据发送到端点号 1(输入):
USB URB
[Source: 1.1.1]
[Destination: host]
USBPcap pseudoheader length: 27
IRP ID: 0xffff858d10207af0
IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
IRP information: 0x01, Direction: PDO -> FDO
0000 000. = Reserved: 0x00
.... ...1 = Direction: PDO -> FDO (0x1)
URB bus id: 1
Device address: 1
Endpoint: 0x81, Direction: IN
1... .... = Direction: IN (1)
.... 0001 = Endpoint number: 1
URB transfer type: URB_INTERRUPT (0x01)
Packet Data Length: 8
[bInterfaceClass: Unknown (0xffff)]
Leftover Capture Data: 01a9009b90ddc0ff
尝试用 libusb 模拟中断
现在我想在 Linux 中模仿这个,使用libusb https://github.com/larskanis/libusb。我编写了这段代码,可以在其中测试不同的中断。
require 'libusb'
require 'pry'
vendor_id = 0x64bd
product_id = 0x74e3
module Messages
GET_STATE = ['b331eb4d00000000'].pack('H*')
end
usb = LIBUSB::Context.new
device = usb.devices(idVendor: vendor_id, idProduct: product_id).first
dev_handle = device.open
if dev_handle.kernel_driver_active?(0)
dev_handle.detach_kernel_driver(0)
end
dev_handle.claim_interface(0)
binding.pry
dev_handle.release_interface(0)
dev_handle.close
然后我运行这个pry安慰:
dev_handle.interrupt_transfer(endpoint: 2, dataOut: Messages::GET_STATE)
它返回8。这不是我所期望的。
我在运行代码时看到的 URB_INTERRUPTions
USB URB
[Source: host]
[Destination: 1.6.2]
URB id: 0xffff8802142fecc0
URB type: URB_SUBMIT ('S')
URB transfer type: URB_INTERRUPT (0x01)
Endpoint: 0x02, Direction: OUT
Device: 6
URB bus id: 1
Device setup request: not relevant ('-')
Data: present (0)
URB sec: 1559130571
URB usec: 534195
URB status: Operation now in progress (-EINPROGRESS) (-115)
URB length [bytes]: 8
Data length [bytes]: 8
[Response in: 126]
[bInterfaceClass: HID (0x03)]
Unused Setup Header
Interval: 8
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Leftover Capture Data: b331eb4d00000000
USB URB
[Source: 1.6.2]
[Destination: host]
URB id: 0xffff8802142fecc0
URB type: URB_COMPLETE ('C')
URB transfer type: URB_INTERRUPT (0x01)
Endpoint: 0x02, Direction: OUT
Device: 6
URB bus id: 1
Device setup request: not relevant ('-')
Data: not present ('>')
URB sec: 1559130571
URB usec: 534846
URB status: Success (0)
URB length [bytes]: 8
Data length [bytes]: 0
[Request in: 125]
[Time from request: 0.000651000 seconds]
[bInterfaceClass: HID (0x03)]
Unused Setup Header
Interval: 8
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Summary
结果我得到的 URB_INTERRUPTions 与我在 Windows 上看到的有很大不同。在 Windows 上,我将 urb_interrupt 连接到 2 个(输出)端点,其中包含请求设备状态的数据。然后设备将 urb_interrupt 发送到 1(输入)端点,当前状态编码在捕获数据中。我怎样才能模仿这个LIBUSB::DevHandle#interrupt_transfer?这是此方法的文档:https://www.rubydoc.info/gems/libusb/LIBUSB/DevHandle#interrupt_transfer-instance_method https://www.rubydoc.info/gems/libusb/LIBUSB/DevHandle#interrupt_transfer-instance_method.
