|
Activation Codes and Methods, Hardware Details, Sniffing
-
Mir
- Posts: 4
- Joined: 29 Feb 2012, 10:40
Post
by Mir » 29 Feb 2012, 11:01
Hello
I own Option iCon 711 usb modem.
I'd appreciate help in getting in work with usb_modeswitch.
I had no luck in randomly copying some data from usbsniff.
First question would be: While using "SniffUSB" should i sniff the "main" device
or spcecific "sub" device?
Second: what information would be helpful?
It switches to to 0af0:4005 and modem interface is MI_01
Not to spam this post, below is just output of lsusb.
lsusb -v
Code: Select all Bus 002 Device 008: ID 0af0:4007 Option
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0af0 Option
idProduct 0x4007
bcdDevice 0.00
iManufacturer 3 USB Modem
iProduct 2 USB Modem
iSerial 4 1234567890ABCDEF
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 55
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 1 Modem Configuration
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 8 Mass Storage
bInterfaceSubClass 6 SCSI
bInterfaceProtocol 80 Bulk (Zip)
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 8 Mass Storage
bInterfaceSubClass 6 SCSI
bInterfaceProtocol 80 Bulk (Zip)
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
Pardon for my English and lack knowledge of usb_modeswitch.
-
frutis
- Posts: 4
- Joined: 02 Feb 2012, 11:06
Post
by frutis » 29 Feb 2012, 12:51
Install filter only for device USB\VID_0AF0&PID_4005&REV_0000.
Connect modem to the computer and wait for switch.
You can use application from this post: http://www.draisberghof.de/usb_modeswit ... .php?t=837 for log analyze.
Just select type CBW/CSW and direction OUT. Last message should be the right one.
-
Mir
- Posts: 4
- Joined: 29 Feb 2012, 10:40
Post
by Mir » 29 Feb 2012, 14:44
frutis wrote:Install filter only for device USB\VID_0AF0&PID_4005&REV_0000.
Connect modem to the computer and wait for switch.
You can use application from this post: http://www.draisberghof.de/usb_modeswit ... .php?t=837 for log analyze.
Just select type CBW/CSW and direction OUT. Last message should be the right one.
About _0af0:4005_:
No luck this way. First CBW/CSW (OUT) appears 7008 ms after first FilterAddDevice and there is no last message.
Sequences: OUT - endpoint 5; OUT - endpoint 87; IN - endpoint 87
or: OUT - endpoint 6; OUT - endpoint 88; IN - endpoint 88
There are 10 "other" OUT messages in the begining to enpoint 85.
Whole chat to _0af0:4007_ (before switch) is:
Code: Select all [56 ms] UsbSnoop - FilterAddDevice(b308f748) : DriverObject 886e4b48, pdo 8866f440
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_LEGACY_BUS_INFORMATION)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_FILTER_RESOURCE_REQUIREMENTS)
[57 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_START_DEVICE)
[57 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_START_DEVICE)
[58 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[58 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[58 ms] >>> URB 1 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000012
TransferBuffer = 887bb3e0
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000001 (USB_DEVICE_DESCRIPTOR_TYPE)
LanguageId = 00000000
[58 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[58 ms] <<< URB 1 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 885f2ac0
TransferFlags = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000012
TransferBuffer = 887bb3e0
TransferBufferMDL = 88c17890
00000000: 12 01 00 02 00 00 00 40 f0 0a 07 40 00 00 03 02
00000010: 04 01
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 01 00 00 12 00
[58 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[58 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[58 ms] >>> URB 2 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000009
TransferBuffer = 88a0b5f0
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
LanguageId = 00000000
[59 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[59 ms] <<< URB 2 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 885f2ac0
TransferFlags = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000009
TransferBuffer = 88a0b5f0
TransferBufferMDL = 88c17890
00000000: 09 02 37 00 02 01 01 e0 fa
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 02 00 00 09 00
[59 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[59 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[59 ms] >>> URB 3 going down >>>
-- URB_FUNCTION_GET_DESCRIPTOR_FROM_DEVICE:
TransferBufferLength = 00000037
TransferBuffer = 886786c8
TransferBufferMDL = 00000000
Index = 00000000
DescriptorType = 00000002 (USB_CONFIGURATION_DESCRIPTOR_TYPE)
LanguageId = 00000000
[59 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[59 ms] <<< URB 3 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 885f2ac0
TransferFlags = 0000000b (USBD_TRANSFER_DIRECTION_IN, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000037
TransferBuffer = 886786c8
TransferBufferMDL = 88c17890
00000000: 09 02 37 00 02 01 01 e0 fa 09 04 00 00 02 08 06
00000010: 50 00 07 05 01 02 00 02 00 07 05 81 02 00 02 00
00000020: 09 04 01 00 02 08 06 50 00 07 05 02 02 00 02 00
00000030: 07 05 82 02 00 02 00
UrbLink = 00000000
SetupPacket =
00000000: 80 06 00 02 00 00 37 00
[59 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[59 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[59 ms] >>> URB 4 going down >>>
-- URB_FUNCTION_SELECT_CONFIGURATION:
ConfigurationDescriptor = 0x886786c8 (configure)
ConfigurationDescriptor : bLength = 9
ConfigurationDescriptor : bDescriptorType = 0x00000002
ConfigurationDescriptor : wTotalLength = 0x00000037
ConfigurationDescriptor : bNumInterfaces = 0x00000002
ConfigurationDescriptor : bConfigurationValue = 0x00000001
ConfigurationDescriptor : iConfiguration = 0x00000001
ConfigurationDescriptor : bmAttributes = 0x000000e0
ConfigurationDescriptor : MaxPower = 0x000000fa
ConfigurationHandle = 0x00000000
Interface[0]: Length = 56
Interface[0]: InterfaceNumber = 0
Interface[0]: AlternateSetting = 0
Interface[1]: Length = 56
Interface[1]: InterfaceNumber = 1
Interface[1]: AlternateSetting = 0
[183 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=0
[183 ms] <<< URB 4 coming back <<<
-- URB_FUNCTION_SELECT_CONFIGURATION:
ConfigurationDescriptor = 0x886786c8 (configure)
ConfigurationDescriptor : bLength = 9
ConfigurationDescriptor : bDescriptorType = 0x00000002
ConfigurationDescriptor : wTotalLength = 0x00000037
ConfigurationDescriptor : bNumInterfaces = 0x00000002
ConfigurationDescriptor : bConfigurationValue = 0x00000001
ConfigurationDescriptor : iConfiguration = 0x00000001
ConfigurationDescriptor : bmAttributes = 0x000000e0
ConfigurationDescriptor : MaxPower = 0x000000fa
ConfigurationHandle = 0x89af92a0
Interface[0]: Length = 56
Interface[0]: InterfaceNumber = 0
Interface[0]: AlternateSetting = 0
Interface[0]: Class = 0x00000008
Interface[0]: SubClass = 0x00000006
Interface[0]: Protocol = 0x00000050
Interface[0]: InterfaceHandle = 0x885df900
Interface[0]: NumberOfPipes = 2
Interface[0]: Pipes[0] : MaximumPacketSize = 0x00000200
Interface[0]: Pipes[0] : EndpointAddress = 0x00000001
Interface[0]: Pipes[0] : Interval = 0x00000000
Interface[0]: Pipes[0] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[0]: Pipes[0] : PipeHandle = 0x885df91c
Interface[0]: Pipes[0] : MaxTransferSize = 0x00001000
Interface[0]: Pipes[0] : PipeFlags = 0x00000000
Interface[0]: Pipes[1] : MaximumPacketSize = 0x00000200
Interface[0]: Pipes[1] : EndpointAddress = 0x00000081
Interface[0]: Pipes[1] : Interval = 0x00000000
Interface[0]: Pipes[1] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[0]: Pipes[1] : PipeHandle = 0x885df93c
Interface[0]: Pipes[1] : MaxTransferSize = 0x00001000
Interface[0]: Pipes[1] : PipeFlags = 0x00000000
Interface[1]: Length = 56
Interface[1]: InterfaceNumber = 1
Interface[1]: AlternateSetting = 0
Interface[1]: Class = 0x00000008
Interface[1]: SubClass = 0x00000006
Interface[1]: Protocol = 0x00000050
Interface[1]: InterfaceHandle = 0x886af938
Interface[1]: NumberOfPipes = 2
Interface[1]: Pipes[0] : MaximumPacketSize = 0x00000200
Interface[1]: Pipes[0] : EndpointAddress = 0x00000002
Interface[1]: Pipes[0] : Interval = 0x00000000
Interface[1]: Pipes[0] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[1]: Pipes[0] : PipeHandle = 0x886af954
Interface[1]: Pipes[0] : MaxTransferSize = 0x00001000
Interface[1]: Pipes[0] : PipeFlags = 0x00000000
Interface[1]: Pipes[1] : MaximumPacketSize = 0x00000200
Interface[1]: Pipes[1] : EndpointAddress = 0x00000082
Interface[1]: Pipes[1] : Interval = 0x00000000
Interface[1]: Pipes[1] : PipeType = 0x00000002 (UsbdPipeTypeBulk)
Interface[1]: Pipes[1] : PipeHandle = 0x886af974
Interface[1]: Pipes[1] : MaxTransferSize = 0x00001000
Interface[1]: Pipes[1] : PipeFlags = 0x00000000
[183 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[183 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[183 ms] >>> URB 5 going down >>>
-- URB_FUNCTION_VENDOR_DEVICE:
TransferFlags = 00000002 (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
no data supplied
UrbLink = 00000000
RequestTypeReservedBits = 00000000
Request = 0000000a
Value = 00000000
Index = 00000000
[184 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[184 ms] <<< URB 5 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 885f2ac0
TransferFlags = 0000000a (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
UrbLink = 00000000
SetupPacket =
00000000: 40 0a 00 00 00 00 00 00
[184 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_INTERNAL_DEVICE_CONTROL
[184 ms] UsbSnoop - FdoHookDispatchInternalIoctl(b308b1ea) : fdo=8866f440, Irp=885fd008, IRQL=0
[184 ms] >>> URB 6 going down >>>
-- URB_FUNCTION_CLEAR_FEATURE_TO_DEVICE:
FeatureSelector = 00000001
Index = 00000000
[184 ms] UsbSnoop - MyInternalIOCTLCompletion(b308b126) : fido=00000000, Irp=885fd008, Context=899ff2f0, IRQL=2
[184 ms] <<< URB 6 coming back <<<
-- URB_FUNCTION_CONTROL_TRANSFER:
PipeHandle = 885f2ac0
TransferFlags = 0000000a (USBD_TRANSFER_DIRECTION_OUT, USBD_SHORT_TRANSFER_OK)
TransferBufferLength = 00000000
TransferBuffer = 00000000
TransferBufferMDL = 00000000
UrbLink = 00000000
SetupPacket =
00000000: 00 01 01 00 00 00 00 00
[184 ms] UsbSnoop - FilterDispatchAny(b308afd2) : IRP_MJ_SYSTEM_CONTROL
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_CAPABILITIES)
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_PNP_DEVICE_STATE)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_PNP_DEVICE_STATE)
[185 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[185 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS)
[585 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_SURPRISE_REMOVAL)
[585 ms] UsbSnoop - FdoHookDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_SURPRISE_REMOVAL)
[593 ms] UsbSnoop - FilterDispatchPnp(b308f45c) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE)
Last edited by Mir on 01 Mar 2012, 08:30, edited 1 time in total.
-
Mir
- Posts: 4
- Joined: 29 Feb 2012, 10:40
Post
by Mir » 29 Feb 2012, 15:06
After rebooting from Windows to Linux (if not repluged) it stays _0af0:4005_
lsusb -v
Code: Select all Bus 002 Device 002: ID 0af0:4005 Option
Couldn't open device, some information will be missing
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0af0 Option
idProduct 0x4005
bcdDevice 0.00
iManufacturer 3
iProduct 2
iSerial 4
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 161
bNumInterfaces 6
bConfigurationValue 1
iConfiguration 1
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 5
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 2
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 3
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x85 EP 5 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 5
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x86 EP 6 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x04 EP 4 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 32
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 4
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 8 Mass Storage
bInterfaceSubClass 6 SCSI
bInterfaceProtocol 80 Bulk (Zip)
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x05 EP 5 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x87 EP 7 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 5
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 8 Mass Storage
bInterfaceSubClass 6 SCSI
bInterfaceProtocol 80 Bulk (Zip)
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x06 EP 6 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x88 EP 8 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
-
frutis
- Posts: 4
- Joined: 02 Feb 2012, 11:06
Post
by frutis » 29 Feb 2012, 17:04
Install filter only for device with PID 4007 (not 4005). PID is changed after switch.
-
Josh
- Site Admin
- Posts: 6570
- Joined: 03 Nov 2007, 00:30
Post
by Josh » 01 Mar 2012, 03:02
For Option devices, there is only one known switching sequence. It has never changed.
See the data package, have a look into one of the files that have their name starting with "0af0".
You can edit any of these to create a configuration for your device.
-
Mir
- Posts: 4
- Joined: 29 Feb 2012, 10:40
Post
by Mir » 01 Mar 2012, 09:05
frutis wrote:Install filter only for device with PID 4007 (not 4005). PID is changed after switch.
Above there is capture of chat 0af0:4007
And here is capture of 4007 and 4005
http://www.2shared.com/file/lhLkLLjz/Us ... 74005.html
Josh wrote:For Option devices, there is only one known switching sequence. It has never changed. <cut>
The log above suggest that there is no MessageContent before switch (the one searched as described in http://blogger.ziesemer.com/2008/10/all ... buntu.html)
There is some
URB_FUNCTION_VENDOR_DEVICE (empty buffer)
and
URB_FUNCTION_CLEAR_FEATURE_TO_DEVICE (no buffer)
instead of
URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (with TransferBufferMDL)
usb_modeswitch -W -c 0af0\:4007
Code: Select all Reading config file: 0af0:4007
* usb_modeswitch: handle USB devices with multiple modes
* Version 1.2.1 (C) Josua Dietze 2011
* Based on libusb0 (0.1.12 and above)
! PLEASE REPORT NEW CONFIGURATIONS !
DefaultVendor= 0x0af0
DefaultProduct= 0x4007
TargetVendor= 0x0af0
TargetProduct= 0x4005
TargetClass= 0xff
TargetProductList=""
DetachStorageOnly=0
HuaweiMode=0
SierraMode=0
SonyMode=0
QisdaMode=0
GCTMode=0
KobilMode=0
SequansMode=0
MobileActionMode=0
CiscoMode=0
MessageEndpoint= not set
MessageContent="55534243785634120100000080000601000000000000000000000000000000"
NeedResponse=0
ResponseEndpoint= not set
InquireDevice enabled (default)
Success check enabled, max. wait time 10 seconds
System integration mode disabled
Looking for target devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 0af0:4007
found matching vendor ID
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
No devices in target mode or class found
Looking for default devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 0af0:4007
found matching vendor ID
found matching product ID
target class ff not matching
adding device
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
Found device in default mode, class or configuration (1)
Accessing device 005 on bus 002 ...
Getting the current device configuration ...
OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
OK, driver found; name unknown, limitation of libusb1
OK, driver "unkown" detached
SCSI inquiry data (for identification)
-------------------------
Vendor String: USBModem
Model String: Disk
Revision String: 2.31
-------------------------
USB description data (for identification)
-------------------------
Manufacturer: USB Modem
Product: USB Modem
Serial No.: 1234567890ABCDEF
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
OK, message successfully sent
Resetting response endpoint 0x81
Resetting message endpoint 0x01
Blocking the interface for 500 ms before releasing ...
Device is gone, skipping any further commands
Checking for mode switch (max. 10 times, once per second) ...
Searching for target devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
<cut>
searching devices, found USB ID 1d6b:0001
No new devices in target mode or class found
Mode switch has failed. Bye.
usb_modeswitch -W -c 0af0\:4007
Code: Select all Reading config file: 0af0:4007
* usb_modeswitch: handle USB devices with multiple modes
* Version 1.2.1 (C) Josua Dietze 2011
* Based on libusb0 (0.1.12 and above)
! PLEASE REPORT NEW CONFIGURATIONS !
DefaultVendor= 0x0af0
DefaultProduct= 0x4007
TargetVendor= 0x0af0
TargetProduct= 0x4005
TargetClass= 0xff
TargetProductList=""
DetachStorageOnly=0
HuaweiMode=0
SierraMode=0
SonyMode=0
QisdaMode=0
GCTMode=0
KobilMode=0
SequansMode=0
MobileActionMode=0
CiscoMode=0
MessageEndpoint= not set
MessageContent="55534243123456780000000000000601000000000000000000000000000000"
NeedResponse=0
ResponseEndpoint= not set
InquireDevice enabled (default)
Success check enabled, max. wait time 10 seconds
System integration mode disabled
Looking for target devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 0af0:4007
found matching vendor ID
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
No devices in target mode or class found
Looking for default devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 0af0:4007
found matching vendor ID
found matching product ID
target class ff not matching
adding device
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
Found device in default mode, class or configuration (1)
Accessing device 006 on bus 002 ...
Getting the current device configuration ...
OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
OK, driver found; name unknown, limitation of libusb1
OK, driver "unkown" detached
SCSI inquiry data (for identification)
-------------------------
Vendor String: USBModem
Model String: Disk
Revision String: 2.31
-------------------------
USB description data (for identification)
-------------------------
Manufacturer: USB Modem
Product: USB Modem
Serial No.: 1234567890ABCDEF
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
OK, message successfully sent
Resetting response endpoint 0x81
Resetting message endpoint 0x01
Blocking the interface for 500 ms before releasing ...
Device is gone, skipping any further commands
Checking for mode switch (max. 10 times, once per second) ...
Searching for target devices ...
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 04f2:b071
searching devices, found USB ID 1d6b:0002
searching devices, found USB ID 0af0:4007
found matching vendor ID
searching devices, found USB ID 1d6b:0001
<cut>
searching devices, found USB ID 1d6b:0001
searching devices, found USB ID 1d6b:0001
No new devices in target mode or class found
Mode switch has failed. Bye.
result:
Code: Select all dmesg | tail
usb 2-1: usbfs: process 2802 (usb_modeswitch) did not claim interface 0 before use
[/code]
-
Josh
- Site Admin
- Posts: 6570
- Joined: 03 Nov 2007, 00:30
Post
by Josh » 16 Mar 2012, 18:31
Back from vacation ...
This part of your output indicates there is something going on which looks like mode switching: Code: Select all Trying to send message 1 to endpoint 0x01 ...
OK, message successfully sent
Resetting response endpoint 0x81
Resetting message endpoint 0x01
Blocking the interface for 500 ms before releasing ...
Device is gone, skipping any further commands
Maybe the device is changing differently than in Windows (it happens)?
Try to remove the TargetVendor and TargetProduct lines from your config file and run again.
-
rene_falcon
- Posts: 15
- Joined: 22 Mar 2012, 09:58
Post
by rene_falcon » 22 Mar 2012, 10:13
Hello,
I have the same problem with the icon 711. Has there been any progress?
Removing the TargetVendor and TargetProduct lines does not help. Like you suggested earlier I tried one of the existing setup "0af0*"-files and changed the DefaultProduct:
Code: Select all #######################################################
# Option HSO device
DefaultVendor=0x0af0
DefaultProduct=0x4007
TargetClass=0xff
CheckSuccess=10
MessageContent="55534243785634120100000080000601000000000000000000000000000000"
NoDriverLoading=1
Here is some more info on what I observed:
* When plugged in an WinXP PC the first time, the VID/PID is 0af0:4007. SniffUSB does not show any "553..."-messages on 0af0:4007.
* After starting the installation from the "ZeroCD"-Drive, some drivers and the Option Connect Software are installed. After reboot the VID/PID changes to 0af0:4005. SniffUSB still does not show any "553..."-messages on 0af0:4007 when replugging the USB stick. Listening on 0af0:4005 and replugging SniffUSB shows a whole lot of "553..." messages and of course the log nether stops.
So actually I can't "see" the modeswitching ? And I guess that is why the messages do not work under Linux ...
Ciao,
Rene
-
Josh
- Site Admin
- Posts: 6570
- Joined: 03 Nov 2007, 00:30
Post
by Josh » 23 Mar 2012, 00:55
Hmm, that is strange indeed.
What do you get when you try to sniff on the 4007 product ID? I sure would like to have a look at the (complete) log. Maybe you can upload it somewhere as a zip file or post it at "pastebin.com"?
-
rene_falcon
- Posts: 15
- Joined: 22 Mar 2012, 09:58
Post
by rene_falcon » 26 Mar 2012, 11:08
Hello,
ok I uploaded the following logs:
* http://pastebin.com/GK2yLC70 : Sniff of PID 4007 after installation of the Option Software including the driver (should show the switch, but I can't see the necessary messages ...)
* http://pastebin.com/yEFWwEbD : Sniff of PID 4007 before installation of the Option Software including the driver (not much different)
* http://pastebin.com/UtjrgCj8 : Sniff of PID 4005 after installation of the Option Software including the driver (probably not helpful because switch has already taken place?)
BTW: I also opened a request at Option 4 days ago, but no reply yet. I also could not find the device on there website ...
Ciao,
Rene
-
Josh
- Site Admin
- Posts: 6570
- Joined: 03 Nov 2007, 00:30
Post
by Josh » 26 Mar 2012, 15:25
O.K., I see - my suspicion centers around that CLEAR_FEATURE_TO_DEVICE command in the 4007 log.
Mind that there is no "rule" what firmware manufacturers do to switch modes. The majority is using mass storage (UFI) commands, but actually they are free to do whatever they want.
To test this, we need a usb_modeswitch version with a new custom function (like the existing special modes, Sony/GCT/Kobil etc.). Give me some time for that ...
-
rene_falcon
- Posts: 15
- Joined: 22 Mar 2012, 09:58
Post
by rene_falcon » 26 Mar 2012, 16:15
Josh wrote:O.K., I see - my suspicion centers around that CLEAR_FEATURE_TO_DEVICE command in the 4007 log.
Mind that there is no "rule" what firmware manufacturers do to switch modes. The majority is using mass storage (UFI) commands, but actually they are free to do whatever they want.
To test this, we need a usb_modeswitch version with a new custom function (like the existing special modes, Sony/GCT/Kobil etc.). Give me some time for that ...
Reading your post I thought I test the special modes and see what happens. You know what? Using SierraMode or SequansMode switched the device. But usb_modeswitch reported the following error:
Trying to send Sierra control message
USB error: error sending control message: Broken pipe
Error: sending Sierra control message failed (error -32). Aborting.
See new lsusb output here (looks like the one Mir posted): http://pastebin.com/UvYMyXU0.
Hope this helps or makes at least a little bit of sense to you .
Now I guess I have to find out how to use it ...?
Ciao,
Rene
-
rene_falcon
- Posts: 15
- Joined: 22 Mar 2012, 09:58
Post
by rene_falcon » 26 Mar 2012, 17:28
Ok. I will try tomorrow. Can you give me some more instructions? I could Ubuntu 11.10 64bit an I get
gcc -o usb_modeswitch usb_modeswitch.c -Wall -l usb
usb_modeswitch.c:58:17: schwerwiegender Fehler: usb.h: Datei oder Verzeichnis nicht gefunden
Kompilierung beendet.
make: *** [usb_modeswitch] Fehler 1
Immediatly after "sudo make install". Meaning usb.h can not be found. libusb-dev is installed, but I guess I have to point make to necessary the include dir?
BTW: Currenty installed is usb_modeswitch 1.1.9 from the ubuntu repository.
Ciao,
Rene
|
|