[Pyusb-users] Program doesn't seem to be writing

Mon, 16 Jun 2008 15:07:19 -0700 

Hi,
I'm trying to reverse engineer my iClicker base unit and create a Linux driver. Everything seems to be going OK except: 

   print handle.controlMsg(reqType,usb.REQ_SET_CONFIGURATION,0x40,0x200,0)
   print "written? ",handle.interruptWrite(0x83,dataOut,1000)

The sniffer I am using shows a read rather than a write.


I'm stuck.  I don't know whether my sniffer is lying to me or if I have 
a mistake in my code or if I haven't figured out the device's command 
structure.

_________________________________________________________________________________________________________________
A couple of comments:


I'm including the code, the program output and the sniffs as attachments 
so the body of the email doesn't get a mile long.



The controlMsg seems a little un-standard according to the usb spec but 
I'm trying to create a setup packet that I sniffed from the Windows 
app.:  21 09 00 02 00 00 40 00  The output I get in Linux (using a 
different sniffer) is: 21 09 0200 0000 0040.  I'm not absolutely sure 
but it looks like the Windows sniffer reverses high and low bytes for 
the two byte variables.  (40 should be in the low byte not the high byte.)


If I omit the controlMsg, the result is:  USB Error: No Error

The Linux sniffer is:  sudo cat /sys/kernel/debug/usbmon/1u > /tmp/1.mon.out


The Windows sniffer is: *SniffUSB.exe 
*(http://benoit.papillault.free.fr/usbsnoop/doc.php.en)



Thanks,
Bob



**

The following is the result of sniffing my program in Linux:
I have added some comments.

deff7c80 4036508939 S Ci:1:005:0 s 80 06 0300 0000 00ff 255 <
deff7c80 4036511867 C Ci:1:005:0 0 4 = 04030904
deff7c80 4036511896 S Ci:1:005:0 s 80 06 0301 0409 00ff 255 <
deff7c80 4036513866 C Ci:1:005:0 0 38 = 26034900 2d004300 6c006900 63006b00 
65007200 20005500 53004200 20004200
deff7c80 4036514005 S Co:1:005:0 s 00 09 0001 0000 0000 0
deff7c80 4036514867 C Co:1:005:0 0 0
deff7800 4036517477 S Co:1:005:0 s 01 0b 0000 0000 0000 0
deff7800 4036518874 C Co:1:005:0 0 0

         ----- setup packet ----->|                    |<------------
deff7800 4036520349 S Co:1:005:0 s 21 09 0200 0000 0040 64 = 9051e9b7 9051e9b7 
00000000 00000000 00000000 00000000 00000000 00000000
deff7800 4036521874 C Co:1:005:0 0 64 >
                      ^
                     /|\
                      |
Co means Command Output

Ii means Interrupt Input.  It should be Interrupt Output (shouldn't it?)
                      |
                     \|/
                      V
deff7800 4036522277 S Ii:1:005:3 -115:1 64 <
deff7800 4036524872 C Ii:1:005:3 0:1 64 = 0151a000 00000000 00000000 00000000 
00000000 00000000 00000000 00000000
deff7800 4036525875 S Co:1:005:0 s 01 0b 0000 0000 0000 0
deff7800 4036526865 C Co:1:005:0 0 0

The following is part of the result of sniffing the iClicker working correctly
in Windows.
______________________________________________________________________

[28669 ms]  <<<  URB 267 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 84a24bb0
  TransferFlags        = 0000000a (USBD_TRANSFER_DIRECTION_OUT, 
USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000040
  TransferBuffer       = efcf2f49
  TransferBufferMDL    = 84a4e728
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 21 09 00 02 00 00 40 00 <<<<<<SETUP PACKET 
======================================

[28673 ms] UsbSnoop - MyInternalIOCTLCompletion(f78dfdb0) : fido=848f08e0, 
Irp=84a15c00, Context=84bca6e8, IRQL=2

[28673 ms]  <<<  URB 265 coming back  <<< 
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
  PipeHandle           = 84a3d294 [endpoint 0x00000083]
  TransferFlags        = 00000003 (USBD_TRANSFER_DIRECTION_IN, 
USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000040
  TransferBuffer       = 84b20868
  TransferBufferMDL    = 85cfbb20
    00000000: 01 17 aa 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  UrbLink              = 00000000

[28673 ms] UsbSnoop - DispatchAny(f78de610) : IRP_MJ_INTERNAL_DEVICE_CONTROL

[28673 ms] UsbSnoop - MyDispatchInternalIOCTL(f78dfe80) : fdo=84aabde8, 
Irp=84a15c00, IRQL=2

[28673 ms]  >>>  URB 268 going down  >>> 
-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER:
  PipeHandle           = 84a3d294 [endpoint 0x00000083]
  TransferFlags        = 00000003 (USBD_TRANSFER_DIRECTION_IN, 
USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000040
  TransferBuffer       = 84b20868
  TransferBufferMDL    = 00000000
  UrbLink              = 00000000

[28837 ms] UsbSnoop - DispatchAny(f78de610) : IRP_MJ_INTERNAL_DEVICE_CONTROL

[28837 ms] UsbSnoop - MyDispatchInternalIOCTL(f78dfe80) : fdo=84aabde8, 
Irp=84a0e870, IRQL=0

[28837 ms]  >>>  URB 269 going down  >>> 
-- URB_FUNCTION_CLASS_INTERFACE:
  TransferFlags          = 00000000 (USBD_TRANSFER_DIRECTION_OUT, 
~USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000040
  TransferBuffer       = f7c21f49
  TransferBufferMDL    = 00000000
    00000000: 01 11 00 05 00 00 00 00 00 00 00 00 00 00 00 00  <<<COMMAND TO 
iClicker ===========
    00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  UrbLink                 = 00000000
  RequestTypeReservedBits = 00000022
  Request                 = 00000009
  Value                   = 00000200
  Index                   = 00000000

#!/usr/bin/env python
#
# Enumerate usb devices
#
#Copyright 2005 - 2007 Wander Lairson Costa


def getConfig(dev):
    for config in dev.configurations:
        print "dev.idVendor, dev.idProduct ",dev.idVendor, dev.idProduct
        print "  Configuration:", config.value
        cfgVal = config.value
	print "    Total length:", config.totalLength 
	print "    selfPowered:", config.selfPowered
	print "    remoteWakeup:", config.remoteWakeup
	print "    maxPower:", config.maxPower
	for intf in config.interfaces:
	    print "    Interface:",intf[0].interfaceNumber
            ifaceVal = intf[0].interfaceNumber
	    for alt in intf:
	        print "    Alternate Setting:",alt.alternateSetting
	        print "      Interface class:",alt.interfaceClass
	        print "      Interface sub class:",alt.interfaceSubClass
	        print "      Interface protocol:",alt.interfaceProtocol
	        for ep in alt.endpoints:
		    print "      Endpoint:",hex(ep.address)
		    print "        Type:",ep.type
		    print "        Max packet size:",ep.maxPacketSize
		    print "        Interval:",ep.interval
    return cfgVal, ifaceVal
	

def checkVendorDevice(devices):
    devNo = 9999
    ndx = 0
    for dev in devices:
        print dev.idVendor
        print dev.idProduct
        print ndx
        if dev.idVendor == 6273 and  dev.idProduct == 336:
            devNo = ndx
            print "iClicker base is present on device no. "+str(devNo)
            print "devNo is: ",devNo
        ndx = ndx + 1
        return devNo



import usb

busses = usb.busses()
ndx = 0
l = 0
while l < 2 and ndx < 20:
    ndxx = 0
    for bus in busses:
            devices = bus.devices
            num = checkVendorDevice(devices)
            if num != 9999:
                devNo = num
                busNo = ndxx
            ndxx = ndxx + 1
    l = len(devices)
    print l,
    ndx = ndx + 1

bus = busses[busNo]
devices = bus.devices

print busses
print bus
print devices

dev = devices[devNo]
cfigVal,ifaceVal = getConfig(dev)
print dev.open().getString(1,30)
handle = dev.open()
try:
    handle.setConfiguration(cfigVal)
    print "-------------set config-------------------------"
except:
    print "-----------------------------had to detach kernel driver-----------"
    handle.detachKernelDriver(0)
    handle.setConfiguration(cfigVal)
handle.claimInterface(ifaceVal)
handle.setAltInterface(ifaceVal)

#reqType=33
reqType=33
print "reqType ",reqType
print handle.controlMsg(reqType,usb.REQ_SET_CONFIGURATION,0x40,0x200,0)


dataOut = [0]*64
dataOut[0] = 0x01
dataOut[1] = 0x11

print "dataOut ",dataOut
print "written? ",handle.interruptWrite(0x83,dataOut,1000)


handle.releaseInterface()


0
0
0
0
0
0
0
0
0
6273
336
0
iClicker base is present on device no. 0
devNo is:  0
3 (<usb.Bus object at 0x81cbd70>, <usb.Bus object at 0x81d8180>, <usb.Bus 
object at 0x81da3b8>, <usb.Bus object at 0x81dc5f0>)
<usb.Bus object at 0x81dc5f0>
(<usb.Device object at 0x81dd608>, <usb.Device object at 0x81de828>, 
<usb.Device object at 0x81dfa48>)
dev.idVendor, dev.idProduct  6273 336
  Configuration: 1
    Total length: 34
    selfPowered: 0
    remoteWakeup: 0
    maxPower: 200
    Interface: 0
    Alternate Setting: 0
      Interface class: 3
      Interface sub class: 0
      Interface protocol: 0
      Endpoint: 0x83L
        Type: 3
        Max packet size: 64
        Interval: 1
I-Clicker USB Base
-------------set config-------------------------
reqType  33
(144, 177, 241, 183, 144, 177, 241, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
dataOut  [1, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
written?  64

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Pyusb-users mailing list
Pyusb-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/pyusb-users














    











					Reply via email to