 |
teknikill.net
Motorola IMfree (MX240) Messageboard
 FAQ  Search  Memberlist  Usergroups  Register |
 Profile  Log in to check your private messages  Log in |
|
  |
teknikill.net Forum Index -> Development |
| View previous topic :: View next topic |
| Author |
Message |
dusty
Developer
Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH
|
 Posted: Wed Feb 16, 2005 8:38 pm Post subject: sniffing usb protocol
|
 |
|
I am also trying to reverse engineer the mx240a to create a linux driver. If any progress has been made, I would like to help. I am new to perl, but I know C, and C++, and I pick up languages quickly. I have modified a perl script I found to make the output of usbsnoop-1.8 more readable. Here it is:
| Code: |
#! /usr/bin/perl
# modified from spike (http://www.aracnet.com/~seagull/NJB/tools/)
# formats output from usbsnoop-1.8 (http://benoit.papillault.free.fr/usbsnoop/)
sub ST_INIT { 0; }
sub ST_OUT { 1; }
sub ST_IN { 2; }
$state= ST_INIT;
$count= 0;
while (<>) {
$_= &trim($_);
if ( />>>/ ) {
&dump(\%packet) if $count;
$state= ST_OUT;
$count++;
%packet= (
num => $count
);
next;
} elsif ( /<<
$state= ST_IN;
next;
} elsif ( $state == ST_INIT ) {
next;
}
if ( /^-- URB_FUNCTION_CONTROL_TRANSFER/ ) {
$packet{pipe}= 'C';
} elsif ( /^-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER/ ) {
$packet{pipe}= 'B';
} elsif ( /^ ([0-9a-f]{8}:) (.*)$/ ) {
my ($offset)= $1;
my ($dline);
unless ( exists $packet{direction} ) {
$packet{direction}= ( $state == ST_IN ) ? '<' : '>';
$packet{data}= [];
}
$_= $2;
$_= &trim($_);
$dline= sprintf("%s %s", $offset, &ascii_rep($_));
push (@{$packet{data}}, $dline);
} elsif ( /^ SetupPacket/ ) {
$_ = <>;
/([0-9a-f]{8}:) (.*)$/;
$packet{setup}= sprintf("%s %s", $1, &compact($2));
}
}
&dump(\%packet) if $count;
0;
sub dump {
my ($href)= @_;
if ( exists $href->{direction} ) { # don't print empty stuff
printf("%06d\t%s", $href->{num}, $href->{pipe});
if ( $href->{pipe} eq 'C' ) {
printf("S %s", $href->{setup});
if ( exists $href->{direction} ) {
# print "\n";
$line= shift(@{$href->{data}});
printf("\tC%s %s", $href->{direction}, $line);
}
} elsif ( $href->{pipe} eq 'B' ) {
if ( exists $href->{direction} ) {
$line= shift(@{$href->{data}});
printf("%s %s", $href->{direction}, $line);
}
} else {
warn sprintf( "unknown pipe: %s", href->{pipe} );
}
foreach $line (@{$href->{data}}) {
printf("\t %s", $line);
}
#print "\n";
}
}
sub trim {
my ($line)= @_;
$line=~ s/\n//g;
$line=~ s/^\d+\s+\d+\.\d+\s+//;
return $line;
}
sub ascii_rep {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($ascii, $byte);
foreach $byte (@hexdata) {
my ($dec)= hex($byte);
my ($abyte);
$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;
$ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}
$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width}, $ascii);
}
sub compact {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
# my ($ascii, $byte);
my ($byte);
foreach $byte (@hexdata) {
my ($dec)= hex($byte);
# my ($abyte);
$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;
# $ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}
$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width});
}
|
works for me, but I'm new to perl (just learned it today)
usbsnoop-1.8 seems to work quite well (tested on WinXP SP2.)
If posting some output from this script or the original logs would help, please let me know. (I need to generate new data that doesn't contain my AIM password.)
- Dusty
|
|
| Back to top |
|
 |
dusty
Developer
Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH
|
|
Posted: Fri Feb 18, 2005 3:55 am Post subject:
|
|
|
new version that analyzes mx240a protocol
| Code: |
#! /usr/bin/perl
# analyzes mx240a protocol with annotations
# from usbsnoop-1.8 (http://benoit.papillault.free.fr/usbsnoop/)
# modified from spike (http://www.aracnet.com/~seagull/NJB/tools/)
sub ST_INIT { 0; }
sub ST_OUT { 1; }
sub ST_IN { 2; }
$state= ST_INIT;
$count= 0;
while (<>) {
$_= &trim($_);
if ( />>> $/ ) {
&dump(\%packet) if $packet{data};
$state= ST_OUT;
$count++;
%packet= (
num => $count
);
next;
} elsif ( /<<< $/ ) {
$state= ST_IN;
next;
} elsif ( $state == ST_INIT ) {
next;
}
if ( /^-- URB_FUNCTION_CONTROL_TRANSFER/ ) {
$packet{pipe}= 'C';
} elsif ( /^-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER/ ) {
$packet{pipe}= 'B';
} elsif ( /^ ([0-9a-f]{8}:) (.*)$/ ) {
my ($offset)= $1;
my ($dline);
unless ( exists $packet{direction} ) {
$packet{direction}= ( $state == ST_IN ) ? '<' : '>';
$packet{data}= [];
}
$dline= &ascii_rep(&trim($2));
push (@{$packet{data}}, $dline);
} elsif ( /^ SetupPacket/ ) {
$_ = <>;
/[0-9a-f]{8}: (.*)$/;
$packet{setup}= &compact($1);
}
}
&dump(\%packet) if $packet{data};
0;
sub dump {
my ($href)= @_;
if ( ! ($href->{data}== 1 && $href->{data}[0]=~ /^ad00/) ) { # don't print empty stuff
printf("%06d\t%s", $href->{num}, $href->{pipe});
if ( $href->{pipe} eq 'C' ) {
printf("S %s", $href->{setup});
if ( exists $href->{direction} ) {
# print "\n";
$line= shift(@{$href->{data}});
printf("\tC%s %s%s\n", $href->{direction}, $line, &annotate( $line ) );
}
} elsif ( $href->{pipe} eq 'B' ) {
if ( exists $href->{direction} ) {
$line= shift(@{$href->{data}});
printf("%s %s%s\n", $href->{direction}, $line, &annotate( $line ) );
}
} else {
warn sprintf( "unknown pipe: %s", href->{pipe} );
}
foreach $line (@{$href->{data}}) {
printf("\t %s%s\n", $line, &annotate( $line ));
}
}
}
sub trim {
my ($line)= @_;
$line=~ s/\n//g;
$line=~ s/^\d+\s+\d+\.\d+\s+//;
return $line;
}
sub annotate {
$_= $_[0];
return ' # init base' if (/^adef 8d/);
return ' # init base ACK' if (/^ef01 01fe/);
return ' # poll' if (/^ad00/);
return ' # send service_name' if (/^c.d7/);
return ' # connect' if (/^f.8e/);
return ' # ACK' if (/^f.fd/);
return ' # send handheld_name' if (/^c.d9/);
return ' # send tone data' if (/^c.cd/);
return ' # send username' if (/^f.91/);
return ' # send password' if (/^f.92/);
return ' # login successful' if (/^e.d3/);
return ' # add person' if (/^e.ca/);
return ' # send person data' if (/^c.c9/);
return ' # status modifier?' if (/^a.c9/);
return ' # talk' if (/^f.94/);
return ' # fN93 ?' if (/^f.93/);
return ' # bye' if (/^f.95/);
return ' # fN8c ?' if (/^f.8c/);
return ' # logoff' if (/^e0ce/);
return ' # presence ?' if (/^e.ce/);
return ' # 8N8e ?' if (/^e.8e/);
return ' # eed3 ?' if (/^eed3/);
return ' # enter chat' if (/^f.9b/);
return ' # eNc9 chat ?' if (/^e.c9/);
return ' # send message' if (/^f[1-7]/);
return ' # receive message' if (/^8[1-7]/);
return '';
}
sub ascii_rep {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($ascii, $byte);
foreach $byte (@hexdata) {
my ($dec)= hex($byte);
my ($abyte);
$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;
$ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}
$width= 40-length($compact);
return sprintf("%s%s %s", $compact, ' 'x${width}, $ascii);
}
sub compact {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($byte);
foreach $byte (@hexdata) {
my ($dec)= hex($byte);
$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;
'.';
}
$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width});
}
|
|
|
| Back to top |
|
|
grn
newb
Joined: 11 Feb 2005
Posts: 13
|
|
Posted: Fri Feb 18, 2005 5:14 pm Post subject: ...
|
|
|
|
can we send data through the base station to the device/
|
|
| Back to top |
|
|
dusty
Developer
Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH
|
|
Posted: Fri Feb 18, 2005 7:24 pm Post subject:
|
|
|
|
Yes, but I haven't implemented it yet.
|
|
| Back to top |
|
|
xantus
Site Admin
Joined: 26 Jan 2005
Posts: 44
Location: Washington
|
|
Posted: Mon May 02, 2005 10:08 am Post subject:
|
|
|
I've got your code working...sorta
It sees my registration packet (op_unknown0) but I'm not sure what to send back to authorize the device. Here's the packet:
e0 ce 00 05 12 75 ff fe
My device id is 00051275
I can do the im service server in perl when we have something working.
David
|
|
| Back to top |
|
|
dusty
Developer
Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH
|
|
Posted: Mon May 02, 2005 4:45 pm Post subject:
|
|
|
|
Have you looked through the perl script (mpd-bridge.pl) ? It handles the authentication. I think that code should be ip_logoff (ip stands for input packet, op stands for output packet - ip packets come from the handheld.)
|
|
| Back to top |
|
|
xantus
Site Admin
Joined: 26 Jan 2005
Posts: 44
Location: Washington
|
|
Posted: Tue May 03, 2005 12:19 am Post subject:
|
|
|
| dusty wrote: |
| Have you looked through the perl script (mpd-bridge.pl) ? It handles the authentication. I think that code should be ip_logoff (ip stands for input packet, op stands for output packet - ip packets come from the handheld.) |
Yes I did. I'll dig deeper...It was about 3am when I posted that. 
|
|
| Back to top |
|
|
thegilmanator
newb
Joined: 01 Jun 2005
Posts: 7
|
|
Posted: Thu Jun 02, 2005 4:50 pm Post subject:
|
|
|
|
I'm using SnoopyPro. What is the perferred format for submitting logs to you guys? What exactly would you like included in those logs?
|
|
| Back to top |
|
|
|
|
| |
teknikill.net Forum Index -> Development |
All times are GMT
|
| Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
