Activation Codes and Methods, Hardware Details, Sniffing
Mir
Posts: 4
Joined: 29 Feb 2012, 10:40

Option iCON 711 (Model: GI0711) 0af0:4007

Post by Mir » 29 Feb 2012, 11:01

Hello

I own Option iCon 711 usb modem.
I'd appreciate help in getting in work with usb_modeswitch.

I had no luck in randomly copying some data from usbsniff.

First question would be: While using "SniffUSB" should i sniff the "main" device
or spcecific "sub" device?

Second: what information would be helpful?

It switches to to 0af0:4005 and modem interface is MI_01
Image

Not to spam this post, below is just output of lsusb.

lsusb -v

Code: Select all

Bus 002 Device 008: ID 0af0:4007 Option 
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x0af0 Option
  idProduct          0x4007 
  bcdDevice            0.00
  iManufacturer           3 USB Modem
  iProduct                2 USB Modem
  iSerial                 4 1234567890ABCDEF
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           55
    bNumInterfaces          2
    bConfigurationValue     1
    iConfiguration          1 Modem Configuration
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         8 Mass Storage
      bInterfaceSubClass      6 SCSI
      bInterfaceProtocol     80 Bulk (Zip)
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         8 Mass Storage
      bInterfaceSubClass      6 SCSI
      bInterfaceProtocol     80 Bulk (Zip)
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  bNumConfigurations      1
Device Status:     0x0000
  (Bus Powered)
Pardon for my English and lack knowledge of usb_modeswitch.

frutis
Posts: 4
Joined: 02 Feb 2012, 11:06

Post by frutis » 29 Feb 2012, 12:51

Install filter only for device USB\VID_0AF0&PID_4005&REV_0000.
Connect modem to the computer and wait for switch.

You can use application from this post: http://www.draisberghof.de/usb_modeswit ... .php?t=837 for log analyze.
Just select type CBW/CSW and direction OUT. Last message should be the right one.

Mir
Posts: 4
Joined: 29 Feb 2012, 10:40

Post by Mir » 29 Feb 2012, 14:44

frutis wrote:Install filter only for device USB\VID_0AF0&PID_4005&REV_0000.
Connect modem to the computer and wait for switch.

You can use application from this post: http://www.draisberghof.de/usb_modeswit ... .php?t=837 for log analyze.
Just select type CBW/CSW and direction OUT. Last message should be the right one.
About _0af0:4005_:
No luck this way. First CBW/CSW (OUT) appears 7008 ms after first FilterAddDevice and there is no last message.
Sequences: OUT - endpoint 5; OUT - endpoint 87; IN - endpoint 87
or: OUT - endpoint 6; OUT - endpoint 88; IN - endpoint 88

There are 10 "other" OUT messages in the begining to enpoint 85.

Whole chat to _0af0:4007_ (before switch) is:
Image

Code: Select all

[56 ms] UsbSnoop - FilterAddDevice(b308f748) : DriverObject 886e4b48, pdo 8866f440
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_START_DEVICE)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_START_DEVICE)
[58 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[58 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[58 ms]  >>>  URB 1 going down  >>> 
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
  TransferBufferLength = 00000012
  TransferBuffer       = 887bb3e0
  TransferBufferMDL    = 00000000
  Index                = 00000000
  DescriptorType       = 00000001 (USB_DEVICE_DESCRIPTOR_TYPE)
  LanguageId           = 00000000
[58 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[58 ms]  <<<  URB 1 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 885f2ac0
  TransferFlags        = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000012
  TransferBuffer       = 887bb3e0
  TransferBufferMDL    = 88c17890
    00000000: 12 01 00 02 00 00 00 40 f0 0a 07 40 00 00 03 02
    00000010: 04 01
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 80 06 00 01 00 00 12 00
[58 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[58 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[58 ms]  >>>  URB 2 going down  >>> 
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
  TransferBufferLength = 00000009
  TransferBuffer       = 88a0b5f0
  TransferBufferMDL    = 00000000
  Index                = 00000000
  DescriptorType       = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
  LanguageId           = 00000000
[59 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[59 ms]  <<<  URB 2 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 885f2ac0
  TransferFlags        = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000009
  TransferBuffer       = 88a0b5f0
  TransferBufferMDL    = 88c17890
    00000000: 09 02 37 00 02 01 01 e0 fa
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 80 06 00 02 00 00 09 00
[59 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[59 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[59 ms]  >>>  URB 3 going down  >>> 
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
  TransferBufferLength = 00000037
  TransferBuffer       = 886786c8
  TransferBufferMDL    = 00000000
  Index                = 00000000
  DescriptorType       = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
  LanguageId           = 00000000
[59 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[59 ms]  <<<  URB 3 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 885f2ac0
  TransferFlags        = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000037
  TransferBuffer       = 886786c8
  TransferBufferMDL    = 88c17890
    00000000: 09 02 37 00 02 01 01 e0 fa 09 04 00 00 02 08 06
    00000010: 50 00 07 05 01 02 00 02 00 07 05 81 02 00 02 00
    00000020: 09 04 01 00 02 08 06 50 00 07 05 02 02 00 02 00
    00000030: 07 05 82 02 00 02 00
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 80 06 00 02 00 00 37 00
[59 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[59 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[59 ms]  >>>  URB 4 going down  >>> 
-- URB_FUNCTION_SELECT_CONFIGURATION:
  ConfigurationDescriptor = 0x886786c8 (configure)
  ConfigurationDescriptor : bLength             = 9
  ConfigurationDescriptor : bDescriptorType     = 0x00000002
  ConfigurationDescriptor : wTotalLength        = 0x00000037
  ConfigurationDescriptor : bNumInterfaces      = 0x00000002
  ConfigurationDescriptor : bConfigurationValue = 0x00000001
  ConfigurationDescriptor : iConfiguration      = 0x00000001
  ConfigurationDescriptor : bmAttributes        = 0x000000e0
  ConfigurationDescriptor : MaxPower            = 0x000000fa
  ConfigurationHandle     = 0x00000000
  Interface[0]: Length            = 56
  Interface[0]: InterfaceNumber   = 0
  Interface[0]: AlternateSetting  = 0
  Interface[1]: Length            = 56
  Interface[1]: InterfaceNumber   = 1
  Interface[1]: AlternateSetting  = 0
[183 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=0
[183 ms]  <<<  URB 4 coming back  <<< 
-- URB_FUNCTION_SELECT_CONFIGURATION:
  ConfigurationDescriptor = 0x886786c8 (configure)
  ConfigurationDescriptor : bLength             = 9
  ConfigurationDescriptor : bDescriptorType     = 0x00000002
  ConfigurationDescriptor : wTotalLength        = 0x00000037
  ConfigurationDescriptor : bNumInterfaces      = 0x00000002
  ConfigurationDescriptor : bConfigurationValue = 0x00000001
  ConfigurationDescriptor : iConfiguration      = 0x00000001
  ConfigurationDescriptor : bmAttributes        = 0x000000e0
  ConfigurationDescriptor : MaxPower            = 0x000000fa
  ConfigurationHandle     = 0x89af92a0
  Interface[0]: Length            = 56
  Interface[0]: InterfaceNumber   = 0
  Interface[0]: AlternateSetting  = 0
  Interface[0]: Class             = 0x00000008
  Interface[0]: SubClass          = 0x00000006
  Interface[0]: Protocol          = 0x00000050
  Interface[0]: InterfaceHandle   = 0x885df900
  Interface[0]: NumberOfPipes     = 2
  Interface[0]: Pipes[0] : MaximumPacketSize = 0x00000200
  Interface[0]: Pipes[0] : EndpointAddress   = 0x00000001
  Interface[0]: Pipes[0] : Interval          = 0x00000000
  Interface[0]: Pipes[0] : PipeType          = 0x00000002 (UsbdPipeTypeBulk)
  Interface[0]: Pipes[0] : PipeHandle        = 0x885df91c
  Interface[0]: Pipes[0] : MaxTransferSize   = 0x00001000
  Interface[0]: Pipes[0] : PipeFlags         = 0x00000000
  Interface[0]: Pipes[1] : MaximumPacketSize = 0x00000200
  Interface[0]: Pipes[1] : EndpointAddress   = 0x00000081
  Interface[0]: Pipes[1] : Interval          = 0x00000000
  Interface[0]: Pipes[1] : PipeType          = 0x00000002 (UsbdPipeTypeBulk)
  Interface[0]: Pipes[1] : PipeHandle        = 0x885df93c
  Interface[0]: Pipes[1] : MaxTransferSize   = 0x00001000
  Interface[0]: Pipes[1] : PipeFlags         = 0x00000000
  Interface[1]: Length            = 56
  Interface[1]: InterfaceNumber   = 1
  Interface[1]: AlternateSetting  = 0
  Interface[1]: Class             = 0x00000008
  Interface[1]: SubClass          = 0x00000006
  Interface[1]: Protocol          = 0x00000050
  Interface[1]: InterfaceHandle   = 0x886af938
  Interface[1]: NumberOfPipes     = 2
  Interface[1]: Pipes[0] : MaximumPacketSize = 0x00000200
  Interface[1]: Pipes[0] : EndpointAddress   = 0x00000002
  Interface[1]: Pipes[0] : Interval          = 0x00000000
  Interface[1]: Pipes[0] : PipeType          = 0x00000002 (UsbdPipeTypeBulk)
  Interface[1]: Pipes[0] : PipeHandle        = 0x886af954
  Interface[1]: Pipes[0] : MaxTransferSize   = 0x00001000
  Interface[1]: Pipes[0] : PipeFlags         = 0x00000000
  Interface[1]: Pipes[1] : MaximumPacketSize = 0x00000200
  Interface[1]: Pipes[1] : EndpointAddress   = 0x00000082
  Interface[1]: Pipes[1] : Interval          = 0x00000000
  Interface[1]: Pipes[1] : PipeType          = 0x00000002 (UsbdPipeTypeBulk)
  Interface[1]: Pipes[1] : PipeHandle        = 0x886af974
  Interface[1]: Pipes[1] : MaxTransferSize   = 0x00001000
  Interface[1]: Pipes[1] : PipeFlags         = 0x00000000
[183 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[183 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[183 ms]  >>>  URB 5 going down  >>> 
-- URB_FUNCTION_VENDOR_DEVICE:
  TransferFlags          = 00000002 (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000000
  TransferBuffer       = 00000000
  TransferBufferMDL    = 00000000

    no data supplied
  UrbLink                 = 00000000
  RequestTypeReservedBits = 00000000
  Request                 = 0000000a
  Value                   = 00000000
  Index                   = 00000000
[184 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[184 ms]  <<<  URB 5 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 885f2ac0
  TransferFlags        = 0000000a (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000000
  TransferBuffer       = 00000000
  TransferBufferMDL    = 00000000
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 40 0a 00 00 00 00 00 00
[184 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[184 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[184 ms]  >>>  URB 6 going down  >>> 
-- URB_FUNCTION_CLEAR_FEATURE_TO_DEVICE:
  FeatureSelector = 00000001
  Index           = 00000000
[184 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[184 ms]  <<<  URB 6 coming back  <<< 
-- URB_FUNCTION_CONTROL_TRANSFER:
  PipeHandle           = 885f2ac0
  TransferFlags        = 0000000a (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
  TransferBufferLength = 00000000
  TransferBuffer       = 00000000
  TransferBufferMDL    = 00000000
  UrbLink              = 00000000
  SetupPacket          =
    00000000: 00 01 01 00 00 00 00 00
[184 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_SYSTEM_CONTROL
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_PNP_DEVICE_STATE)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_PNP_DEVICE_STATE)
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_SURPRISE_REMOVAL)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_SURPRISE_REMOVAL)
[593 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE)
Last edited by Mir on 01 Mar 2012, 08:30, edited 1 time in total.

Mir
Posts: 4
Joined: 29 Feb 2012, 10:40

Post by Mir » 29 Feb 2012, 15:06

After rebooting from Windows to Linux (if not repluged) it stays _0af0:4005_

lsusb -v

Code: Select all

Bus 002 Device 002: ID 0af0:4005 Option 
Couldn't open device, some information will be missing
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x0af0 Option
  idProduct          0x4005 
  bcdDevice            0.00
  iManufacturer           3 
  iProduct                2 
  iSerial                 4 
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          161
    bNumInterfaces          6
    bConfigurationValue     1
    iConfiguration          1 
    bmAttributes         0xe0
      Self Powered
      Remote Wakeup
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               5
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        2
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x84  EP 4 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x03  EP 3 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        3
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x85  EP 5 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               5
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x86  EP 6 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval              32
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        4
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         8 Mass Storage
      bInterfaceSubClass      6 SCSI
      bInterfaceProtocol     80 Bulk (Zip)
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x05  EP 5 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x87  EP 7 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        5
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         8 Mass Storage
      bInterfaceSubClass      6 SCSI
      bInterfaceProtocol     80 Bulk (Zip)
      iInterface              0 
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x06  EP 6 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x88  EP 8 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0

frutis
Posts: 4
Joined: 02 Feb 2012, 11:06

Post by frutis » 29 Feb 2012, 17:04

Install filter only for device with PID 4007 (not 4005). PID is changed after switch.

Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 01 Mar 2012, 03:02

For Option devices, there is only one known switching sequence. It has never changed.

See the data package, have a look into one of the files that have their name starting with "0af0".

You can edit any of these to create a configuration for your device.

Mir
Posts: 4
Joined: 29 Feb 2012, 10:40

Post by Mir » 01 Mar 2012, 09:05

frutis wrote:Install filter only for device with PID 4007 (not 4005). PID is changed after switch.
Above there is capture of chat 0af0:4007

And here is capture of 4007 and 4005
http://www.2shared.com/file/lhLkLLjz/Us ... 74005.html
Josh wrote:For Option devices, there is only one known switching sequence. It has never changed. <cut>
The log above suggest that there is no MessageContent before switch (the one searched as described in http://blogger.ziesemer.com/2008/10/all ... buntu.html)
There is some
URB_FUNCTION_VENDOR_DEVICE (empty buffer)
and
URB_FUNCTION_CLEAR_FEATURE_TO_DEVICE (no buffer)
instead of
URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (with TransferBufferMDL)

usb_modeswitch -W -c 0af0\:4007

Code: Select all

Reading config file: 0af0:4007

 * usb_modeswitch: handle USB devices with multiple modes
 * Version 1.2.1 (C) Josua Dietze 2011
 * Based on libusb0 (0.1.12 and above)

 ! PLEASE REPORT NEW CONFIGURATIONS !

DefaultVendor=  0x0af0
DefaultProduct= 0x4007
TargetVendor=   0x0af0
TargetProduct=  0x4005
TargetClass=    0xff
TargetProductList=""

DetachStorageOnly=0
HuaweiMode=0
SierraMode=0
SonyMode=0
QisdaMode=0
GCTMode=0
KobilMode=0
SequansMode=0
MobileActionMode=0
CiscoMode=0
MessageEndpoint=  not set
MessageContent="55534243785634120100000080000601000000000000000000000000000000"
NeedResponse=0
ResponseEndpoint= not set

InquireDevice enabled (default)
Success check enabled, max. wait time 10 seconds
System integration mode disabled


Looking for target devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 0af0:4007
   found matching vendor ID
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
 No devices in target mode or class found
Looking for default devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 0af0:4007
   found matching vendor ID
   found matching product ID
   target class ff not matching
   adding device
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
 Found device in default mode, class or configuration (1)
Accessing device 005 on bus 002 ...
Getting the current device configuration ...
 OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 OK, driver found; name unknown, limitation of libusb1
 OK, driver "unkown" detached

SCSI inquiry data (for identification)
-------------------------
  Vendor String: USBModem
   Model String: Disk            
Revision String: 2.31
-------------------------

USB description data (for identification)
-------------------------
Manufacturer: USB Modem
     Product: USB Modem
  Serial No.: 1234567890ABCDEF
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
 OK, message successfully sent
Resetting response endpoint 0x81
Resetting message endpoint 0x01
Blocking the interface for 500 ms before releasing ...
 Device is gone, skipping any further commands

Checking for mode switch (max. 10 times, once per second) ...
 Searching for target devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002

<cut>

  searching devices, found USB ID 1d6b:0001
 No new devices in target mode or class found

Mode switch has failed. Bye.
usb_modeswitch -W -c 0af0\:4007

Code: Select all

Reading config file: 0af0:4007

 * usb_modeswitch: handle USB devices with multiple modes
 * Version 1.2.1 (C) Josua Dietze 2011
 * Based on libusb0 (0.1.12 and above)

 ! PLEASE REPORT NEW CONFIGURATIONS !

DefaultVendor=  0x0af0
DefaultProduct= 0x4007
TargetVendor=   0x0af0
TargetProduct=  0x4005
TargetClass=    0xff
TargetProductList=""

DetachStorageOnly=0
HuaweiMode=0
SierraMode=0
SonyMode=0
QisdaMode=0
GCTMode=0
KobilMode=0
SequansMode=0
MobileActionMode=0
CiscoMode=0
MessageEndpoint=  not set
MessageContent="55534243123456780000000000000601000000000000000000000000000000"
NeedResponse=0
ResponseEndpoint= not set

InquireDevice enabled (default)
Success check enabled, max. wait time 10 seconds
System integration mode disabled


Looking for target devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 0af0:4007
   found matching vendor ID
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
 No devices in target mode or class found
Looking for default devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 0af0:4007
   found matching vendor ID
   found matching product ID
   target class ff not matching
   adding device
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
 Found device in default mode, class or configuration (1)
Accessing device 006 on bus 002 ...
Getting the current device configuration ...
 OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 OK, driver found; name unknown, limitation of libusb1
 OK, driver "unkown" detached

SCSI inquiry data (for identification)
-------------------------
  Vendor String: USBModem
   Model String: Disk            
Revision String: 2.31
-------------------------

USB description data (for identification)
-------------------------
Manufacturer: USB Modem
     Product: USB Modem
  Serial No.: 1234567890ABCDEF
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
 OK, message successfully sent
Resetting response endpoint 0x81
Resetting message endpoint 0x01
Blocking the interface for 500 ms before releasing ...
 Device is gone, skipping any further commands

Checking for mode switch (max. 10 times, once per second) ...
 Searching for target devices ...
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 04f2:b071
  searching devices, found USB ID 1d6b:0002
  searching devices, found USB ID 0af0:4007
   found matching vendor ID
  searching devices, found USB ID 1d6b:0001

<cut>

  searching devices, found USB ID 1d6b:0001
  searching devices, found USB ID 1d6b:0001
 No new devices in target mode or class found

Mode switch has failed. Bye.
result:

Code: Select all

dmesg | tail
usb 2-1: usbfs: process 2802 (usb_modeswitch) did not claim interface 0 before use
[/code]

Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 16 Mar 2012, 18:31

Back from vacation ...

This part of your output indicates there is something going on which looks like mode switching:

Code: Select all

Trying to send message 1 to endpoint 0x01 ... 
  OK, message successfully sent 
 Resetting response endpoint 0x81 
 Resetting message endpoint 0x01 
 Blocking the interface for 500 ms before releasing ... 
  Device is gone, skipping any further commands
Maybe the device is changing differently than in Windows (it happens)?

Try to remove the TargetVendor and TargetProduct lines from your config file and run again.


rene_falcon
Posts: 15
Joined: 22 Mar 2012, 09:58

Post by rene_falcon » 22 Mar 2012, 10:13

Hello,

I have the same problem with the icon 711. Has there been any progress?

Removing the TargetVendor and TargetProduct lines does not help. Like you suggested earlier I tried one of the existing setup "0af0*"-files and changed the DefaultProduct:

Code: Select all

#######################################################
# Option HSO device

DefaultVendor=0x0af0
DefaultProduct=0x4007

TargetClass=0xff

CheckSuccess=10

MessageContent="55534243785634120100000080000601000000000000000000000000000000"

NoDriverLoading=1
Here is some more info on what I observed:
* When plugged in an WinXP PC the first time, the VID/PID is 0af0:4007. SniffUSB does not show any "553..."-messages on 0af0:4007.
* After starting the installation from the "ZeroCD"-Drive, some drivers and the Option Connect Software are installed. After reboot the VID/PID changes to 0af0:4005. SniffUSB still does not show any "553..."-messages on 0af0:4007 when replugging the USB stick. Listening on 0af0:4005 and replugging SniffUSB shows a whole lot of "553..." messages and of course the log nether stops.

So actually I can't "see" the modeswitching ? And I guess that is why the messages do not work under Linux ...

Ciao,
Rene

Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 23 Mar 2012, 00:55

Hmm, that is strange indeed.

What do you get when you try to sniff on the 4007 product ID? I sure would like to have a look at the (complete) log. Maybe you can upload it somewhere as a zip file or post it at "pastebin.com"?


rene_falcon
Posts: 15
Joined: 22 Mar 2012, 09:58

Post by rene_falcon » 26 Mar 2012, 11:08

Hello,

ok I uploaded the following logs:
* http://pastebin.com/GK2yLC70 : Sniff of PID 4007 after installation of the Option Software including the driver (should show the switch, but I can't see the necessary messages ...)
* http://pastebin.com/yEFWwEbD : Sniff of PID 4007 before installation of the Option Software including the driver (not much different)
* http://pastebin.com/UtjrgCj8 : Sniff of PID 4005 after installation of the Option Software including the driver (probably not helpful because switch has already taken place?)

BTW: I also opened a request at Option 4 days ago, but no reply yet. I also could not find the device on there website ...

Ciao,
Rene

Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 26 Mar 2012, 15:25

O.K., I see - my suspicion centers around that CLEAR_FEATURE_TO_DEVICE command in the 4007 log.
Mind that there is no "rule" what firmware manufacturers do to switch modes. The majority is using mass storage (UFI) commands, but actually they are free to do whatever they want.

To test this, we need a usb_modeswitch version with a new custom function (like the existing special modes, Sony/GCT/Kobil etc.). Give me some time for that ...


rene_falcon
Posts: 15
Joined: 22 Mar 2012, 09:58

Post by rene_falcon » 26 Mar 2012, 16:15

Josh wrote:O.K., I see - my suspicion centers around that CLEAR_FEATURE_TO_DEVICE command in the 4007 log.
Mind that there is no "rule" what firmware manufacturers do to switch modes. The majority is using mass storage (UFI) commands, but actually they are free to do whatever they want.

To test this, we need a usb_modeswitch version with a new custom function (like the existing special modes, Sony/GCT/Kobil etc.). Give me some time for that ...
Reading your post I thought I test the special modes and see what happens. You know what? Using SierraMode or SequansMode switched the device. But usb_modeswitch reported the following error:

Trying to send Sierra control message
USB error: error sending control message: Broken pipe
Error: sending Sierra control message failed (error -32). Aborting.

See new lsusb output here (looks like the one Mir posted): http://pastebin.com/UvYMyXU0.
Hope this helps or makes at least a little bit of sense to you ;).

Now I guess I have to find out how to use it ...?

Ciao,
Rene

Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 26 Mar 2012, 16:36

The special modes that you tried are also using control messages.

Anyway, I have changed the source for a test version:
http://www.draisberghof.de/usb_modeswit ... deswitch.c
http://www.draisberghof.de/usb_modeswit ... deswitch.h

You can just replace the existing files in the source folder of version 1.2.3.

Then use the -F parameter (or "--clear-mode") on the command line. You can also use "ClearFeatureMode=1" in a config file.


rene_falcon
Posts: 15
Joined: 22 Mar 2012, 09:58

Post by rene_falcon » 26 Mar 2012, 17:28

Josh wrote:The special modes that you tried are also using control messages.

Anyway, I have changed the source for a test version:
http://www.draisberghof.de/usb_modeswit ... deswitch.c
http://www.draisberghof.de/usb_modeswit ... deswitch.h

You can just replace the existing files in the source folder of version 1.2.3.

Then use the -F parameter (or "--clear-mode") on the command line. You can also use "ClearFeatureMode=1" in a config file.
Ok. I will try tomorrow. Can you give me some more instructions? I could Ubuntu 11.10 64bit an I get

gcc -o usb_modeswitch usb_modeswitch.c -Wall -l usb
usb_modeswitch.c:58:17: schwerwiegender Fehler: usb.h: Datei oder Verzeichnis nicht gefunden
Kompilierung beendet.
make: *** [usb_modeswitch] Fehler 1

Immediatly after "sudo make install". Meaning usb.h can not be found. libusb-dev is installed, but I guess I have to point make to necessary the include dir?

BTW: Currenty installed is usb_modeswitch 1.1.9 from the ubuntu repository.

Ciao,
Rene

Post Reply