-
-
Save sgrimee/e034b17163e7f86f9a7f to your computer and use it in GitHub Desktop.
Just playing with the IO set and go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import usb.core | |
import usb.util | |
import sys | |
def main(): | |
m = IoMouse() | |
# the windows app seems to do the following repeatedly | |
# when waiting to receive the key from another remote | |
data = m.get_line_coding() | |
print "Read line coding: " + hex_array(data) | |
print "Setting control line state" | |
m.set_control_line_state() | |
print "Setting line coding" | |
m.set_line_coding() | |
class IoMouse: | |
def __init__(self): | |
# find the USB device | |
self._dev = usb.core.find(idVendor=0x22b3, idProduct=0x0033) | |
if self._dev is None: | |
raise "device not found" | |
# free the control interface and claim it | |
interface = 0 | |
if self._dev.is_kernel_driver_active(interface): | |
print "we need to detach kernel driver" | |
self._dev.detach_kernel_driver(interface) | |
print "claiming device" | |
usb.util.claim_interface(self._dev, interface) | |
# configure the device | |
self._dev.set_configuration() | |
# get the configuration | |
cfg = self._dev.get_active_configuration() | |
# AFAIK interface 0 with EP3_IN is not used normally (maybe for firmware update?) | |
# inteface 1 has the CDC-data endpoints | |
data_intf = cfg[(1,0)] | |
self._ep1_out = data_intf[0] | |
self._ep2_in = data_intf[1] | |
# CDC CLASS Requests | |
# from http://sandiaproject.googlecode.com/svn/trunk/UofU_GPSReceiver/Main/USBCDC/USB_Common/usb.h | |
#define USB_CDC_GET_LINE_CODING 0x21 | |
#define USB_CDC_SET_LINE_CODING 0x20 | |
#define USB_CDC_SET_CONTROL_LINE_STATE 0x22 | |
# also useful: http://www.silabs.com/Support%20Documents/TechnicalDocs/AN758.pdf | |
# and maybe http://www.usb.org/developers/docs/devclass_docs/CDC1.2_WMC1.1_012011.zip | |
def get_line_coding(self): | |
#EP0: Read Class 0x21, 7 bytes | |
return self._dev.ctrl_transfer(0xa1, 0x21, 0x0, 0, 7) | |
def set_line_coding(self): | |
# set line to 115200 bauds, 8N1 | |
# http://www.silabs.com/Support%20Documents/TechnicalDocs/AN758.pdf | |
data = [ 0x00, 0xC2, 0x01, 0, 0, 0, 0x08] | |
return self._dev.ctrl_transfer(0x21, 0x20, 0x0, 0, data) | |
def set_control_line_state(self): | |
# wValue is 0 so it means: | |
# - deactivate carrier | |
# - DTE is not present | |
return self._dev.ctrl_transfer(0x21, 0x22, 0x0, 0, []) | |
def data_out(self, data): | |
# to do | |
pass | |
def hex_array(array_alpha): | |
""" Return an array of decimal bytes as an array of hexadecimal bytes""" | |
return ' '.join(format(x, '02x') for x in array_alpha) | |
def fuzz(): | |
# Lets start by Reading 1 byte from the Device using different Requests | |
# bRequest is a byte so there are 255 different values | |
print "Starting to fuzz" | |
for bRequest in range(255): | |
try: | |
ret = dev.ctrl_transfer(0xC0, bRequest, 0, 0, 1) | |
print "bRequest ",bRequest | |
print ret | |
except: | |
# failed to get data for this request | |
pass | |
if __name__ == '__main__': | |
main() | |
# Other doc | |
# ser = serial.Serial('/dev/ttyACM0', 115200, timeout=1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment