> Hello List,
>
> I'm trying to reverse engineer a usb protocol. I'm interested in how
> usb devices work in general. Is the communication always passive or
> can devices actively request data or perform some sort of

Not sure what you mean here.
USB devices usually just do exactly what the host tells them to do.
There is no authentication on the USB level.

One of the first things that happens when a new device is plugged in,
it that the host queries the device through a special endpoint (EP0,
the control endpoint) for a set of descriptors, which includes the USB
vendor and product id. On the basis of those id's the host may decide
to load a driver that can handle this device. The device is then
assigned an address by the host and the driver tells the device to
configure itself for further communication (usually enabling more
endpoints).

> authentification with the driver? I see patterns in the protocol as
> well, is it possible that some devices require a "keep alive" signal?
> I've also tried performing what seem to be requests in the snoopy
> logs, but got inconsistent replies. Is usb communication in general
> request/response or should i consider the device as a finite state
> automaton, where a particular sequence of commands puts the device
> into a certain state (possibly writing desired data to an endpoint)?

Yes, USB communication is indeed request/response. The device cannot
send anything on it's own, it has to be requested by the host first.
Even the so-called 'interrupt endpoints' cannot spontaneously send
something. They are basically polled by the host.

There are indeed a set of states, I don't remember them all right now,
but once a USB device has been enumerated and configured, the state
does not change much.
Most of the state changes are not logged by USBsnoopy. I think USBsnoopy
only starts logging after the device has been enumerated.

> At the moment i have a few hundred pages of logs and before I get lost
> in the details I thought I could ask for some advice. Does anyone have
> any experience in reverse engineering usb protocols and can give me
> some pointers? I could also put the logs online if someone's
> interested in taking a look. The device is a Logitech IO2 digital pen.

Perhaps one of the first things to do is to find other people who have
already tried the same as you do.

>From the device descriptor you should be able to see if the device conforms
to some standard or if it uses a custom protocol. You can see the device
descriptor using 'lsusb -vv' for example, this would be a good thing to
put online. If it uses a standard protocol, you can probably just download\
the specification from usb.org.
If the device class is 0xFFFF, it is a custom device and you have to
reverse engineer it.

Also there are some analysis tools available that are able to compress
the usb snoopy output to a more compact format to make it more easily
readable. I don't know of a specific download location right now though.

A very nice introduction about USB is available from beyondlogic.org
called 'USB in a nutshell'. This really helped me understand USB because
it provides just the right mix of overview and detailed information.

Kind regards,
Bertrik

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Linux-usb-users@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-users

Reply via email to