teknikill.net Forum Index teknikill.net
Motorola IMfree (MX240) Messageboard
FAQFAQ SearchSearch MemberlistMemberlist UsergroupsUsergroups RegisterRegister
ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in

sniffing usb protocol

Post new topicReply to topic teknikill.net Forum Index -> Development
View previous topic :: View next topic
Author Message
dusty
Developer


Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH

PostPosted: Wed Feb 16, 2005 8:38 pm Post subject: sniffing usb protocol Reply with quote

I am also trying to reverse engineer the mx240a to create a linux driver. If any progress has been made, I would like to help. I am new to perl, but I know C, and C++, and I pick up languages quickly. I have modified a perl script I found to make the output of usbsnoop-1.8 more readable. Here it is:

Code:

#! /usr/bin/perl

# modified from spike (http://www.aracnet.com/~seagull/NJB/tools/)

# formats output from usbsnoop-1.8 (http://benoit.papillault.free.fr/usbsnoop/)

sub ST_INIT { 0; }
sub ST_OUT { 1; }
sub ST_IN { 2; }

$state= ST_INIT;
$count= 0;

while (<>) {
$_= &trim($_);

if ( />>>/ ) {
&dump(\%packet) if $count;
$state= ST_OUT;
$count++;
%packet= (
num => $count
);
next;
} elsif ( /<< $state= ST_IN;
next;
} elsif ( $state == ST_INIT ) {
next;
}

if ( /^-- URB_FUNCTION_CONTROL_TRANSFER/ ) {
$packet{pipe}= 'C';
} elsif ( /^-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER/ ) {
$packet{pipe}= 'B';
} elsif ( /^ ([0-9a-f]{8}:) (.*)$/ ) {
my ($offset)= $1;
my ($dline);

unless ( exists $packet{direction} ) {
$packet{direction}= ( $state == ST_IN ) ? '<' : '>';
$packet{data}= [];
}

$_= $2;
$_= &trim($_);

$dline= sprintf("%s %s", $offset, &ascii_rep($_));

push (@{$packet{data}}, $dline);
} elsif ( /^ SetupPacket/ ) {
$_ = <>;
/([0-9a-f]{8}:) (.*)$/;
$packet{setup}= sprintf("%s %s", $1, &compact($2));
}
}

&dump(\%packet) if $count;

0;

sub dump {
my ($href)= @_;

if ( exists $href->{direction} ) { # don't print empty stuff

printf("%06d\t%s", $href->{num}, $href->{pipe});
if ( $href->{pipe} eq 'C' ) {
printf("S %s", $href->{setup});
if ( exists $href->{direction} ) {
# print "\n";
$line= shift(@{$href->{data}});
printf("\tC%s %s", $href->{direction}, $line);
}
} elsif ( $href->{pipe} eq 'B' ) {
if ( exists $href->{direction} ) {
$line= shift(@{$href->{data}});
printf("%s %s", $href->{direction}, $line);
}
} else {
warn sprintf( "unknown pipe: %s", href->{pipe} );
}

foreach $line (@{$href->{data}}) {
printf("\t %s", $line);
}

#print "\n";

}
}

sub trim {
my ($line)= @_;

$line=~ s/\n//g;
$line=~ s/^\d+\s+\d+\.\d+\s+//;

return $line;
}

sub ascii_rep {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($ascii, $byte);

foreach $byte (@hexdata) {
my ($dec)= hex($byte);
my ($abyte);

$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;

$ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}

$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width}, $ascii);
}

sub compact {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
# my ($ascii, $byte);
my ($byte);

foreach $byte (@hexdata) {
my ($dec)= hex($byte);
# my ($abyte);

$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;

# $ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}

$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width});
}


works for me, but I'm new to perl (just learned it today)

usbsnoop-1.8 seems to work quite well (tested on WinXP SP2.)

If posting some output from this script or the original logs would help, please let me know. (I need to generate new data that doesn't contain my AIM password.)

- Dusty
Back to top
View user's profile Send private message Send e-mail AIM Address
dusty
Developer


Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH

PostPosted: Fri Feb 18, 2005 3:55 am Post subject: Reply with quote

new version that analyzes mx240a protocol

Code:
#! /usr/bin/perl

# analyzes mx240a protocol with annotations
# from usbsnoop-1.8 (http://benoit.papillault.free.fr/usbsnoop/)

# modified from spike (http://www.aracnet.com/~seagull/NJB/tools/)


sub ST_INIT { 0; }
sub ST_OUT { 1; }
sub ST_IN { 2; }

$state= ST_INIT;
$count= 0;

while (<>) {
$_= &trim($_);

if ( />>> $/ ) {
&dump(\%packet) if $packet{data};
$state= ST_OUT;
$count++;
%packet= (
num => $count
);
next;
} elsif ( /<<< $/ ) {
$state= ST_IN;
next;
} elsif ( $state == ST_INIT ) {
next;
}

if ( /^-- URB_FUNCTION_CONTROL_TRANSFER/ ) {
$packet{pipe}= 'C';
} elsif ( /^-- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER/ ) {
$packet{pipe}= 'B';
} elsif ( /^ ([0-9a-f]{8}:) (.*)$/ ) {
my ($offset)= $1;
my ($dline);

unless ( exists $packet{direction} ) {
$packet{direction}= ( $state == ST_IN ) ? '<' : '>';
$packet{data}= [];
}

$dline= &ascii_rep(&trim($2));

push (@{$packet{data}}, $dline);
} elsif ( /^ SetupPacket/ ) {
$_ = <>;
/[0-9a-f]{8}: (.*)$/;
$packet{setup}= &compact($1);
}
}

&dump(\%packet) if $packet{data};

0;

sub dump {
my ($href)= @_;

if ( ! ($href->{data}== 1 && $href->{data}[0]=~ /^ad00/) ) { # don't print empty stuff

printf("%06d\t%s", $href->{num}, $href->{pipe});
if ( $href->{pipe} eq 'C' ) {
printf("S %s", $href->{setup});
if ( exists $href->{direction} ) {
# print "\n";
$line= shift(@{$href->{data}});
printf("\tC%s %s%s\n", $href->{direction}, $line, &annotate( $line ) );
}
} elsif ( $href->{pipe} eq 'B' ) {
if ( exists $href->{direction} ) {
$line= shift(@{$href->{data}});
printf("%s %s%s\n", $href->{direction}, $line, &annotate( $line ) );
}
} else {
warn sprintf( "unknown pipe: %s", href->{pipe} );
}

foreach $line (@{$href->{data}}) {
printf("\t %s%s\n", $line, &annotate( $line ));
}

}
}

sub trim {
my ($line)= @_;

$line=~ s/\n//g;
$line=~ s/^\d+\s+\d+\.\d+\s+//;

return $line;
}

sub annotate {
$_= $_[0];

return ' # init base' if (/^adef 8d/);
return ' # init base ACK' if (/^ef01 01fe/);
return ' # poll' if (/^ad00/);
return ' # send service_name' if (/^c.d7/);
return ' # connect' if (/^f.8e/);
return ' # ACK' if (/^f.fd/);
return ' # send handheld_name' if (/^c.d9/);
return ' # send tone data' if (/^c.cd/);
return ' # send username' if (/^f.91/);
return ' # send password' if (/^f.92/);
return ' # login successful' if (/^e.d3/);
return ' # add person' if (/^e.ca/);
return ' # send person data' if (/^c.c9/);
return ' # status modifier?' if (/^a.c9/);
return ' # talk' if (/^f.94/);
return ' # fN93 ?' if (/^f.93/);
return ' # bye' if (/^f.95/);
return ' # fN8c ?' if (/^f.8c/);
return ' # logoff' if (/^e0ce/);
return ' # presence ?' if (/^e.ce/);
return ' # 8N8e ?' if (/^e.8e/);
return ' # eed3 ?' if (/^eed3/);
return ' # enter chat' if (/^f.9b/);
return ' # eNc9 chat ?' if (/^e.c9/);
return ' # send message' if (/^f[1-7]/);
return ' # receive message' if (/^8[1-7]/);
return '';
}

sub ascii_rep {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($ascii, $byte);

foreach $byte (@hexdata) {
my ($dec)= hex($byte);
my ($abyte);

$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;

$ascii.= ( $dec > 31 && $dec < 127 ) ? sprintf("%c", $dec) :
'.';
}

$width= 40-length($compact);
return sprintf("%s%s %s", $compact, ' 'x${width}, $ascii);
}

sub compact {
my (@hexdata)= split(/\s+/, $_[0]);
my ($i)= 0;
my ($compact, $width);
my ($byte);

foreach $byte (@hexdata) {
my ($dec)= hex($byte);

$compact.= $byte;
$compact.= ' ' if ($i%2);
$i++;

'.';
}

$width= 40-length($compact);
return sprintf("%s%s %s\n", $compact, ' 'x${width});
}
Back to top
View user's profile Send private message Send e-mail AIM Address
grn
newb


Joined: 11 Feb 2005
Posts: 13

PostPosted: Fri Feb 18, 2005 5:14 pm Post subject: ... Reply with quote

can we send data through the base station to the device/
Back to top
View user's profile Send private message
dusty
Developer


Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH

PostPosted: Fri Feb 18, 2005 7:24 pm Post subject: Reply with quote

Yes, but I haven't implemented it yet.
Back to top
View user's profile Send private message Send e-mail AIM Address
xantus
Site Admin


Joined: 26 Jan 2005
Posts: 44
Location: Washington

PostPosted: Mon May 02, 2005 10:08 am Post subject: Reply with quote

I've got your code working...sorta

It sees my registration packet (op_unknown0) but I'm not sure what to send back to authorize the device. Here's the packet:

e0 ce 00 05 12 75 ff fe

My device id is 00051275

I can do the im service server in perl when we have something working.

David
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
dusty
Developer


Joined: 16 Feb 2005
Posts: 25
Location: Dayton, OH

PostPosted: Mon May 02, 2005 4:45 pm Post subject: Reply with quote

Have you looked through the perl script (mpd-bridge.pl) ? It handles the authentication. I think that code should be ip_logoff (ip stands for input packet, op stands for output packet - ip packets come from the handheld.)
Back to top
View user's profile Send private message Send e-mail AIM Address
xantus
Site Admin


Joined: 26 Jan 2005
Posts: 44
Location: Washington

PostPosted: Tue May 03, 2005 12:19 am Post subject: Reply with quote

dusty wrote:
Have you looked through the perl script (mpd-bridge.pl) ? It handles the authentication. I think that code should be ip_logoff (ip stands for input packet, op stands for output packet - ip packets come from the handheld.)


Yes I did. I'll dig deeper...It was about 3am when I posted that. Smile
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
thegilmanator
newb


Joined: 01 Jun 2005
Posts: 7

PostPosted: Thu Jun 02, 2005 4:50 pm Post subject: Reply with quote

I'm using SnoopyPro. What is the perferred format for submitting logs to you guys? What exactly would you like included in those logs?
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic teknikill.net Forum Index -> Development All times are GMT
Page 1 of 1


Jump to:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2001, 2005 phpBB Group