Activation Codes and Methods, Hardware Details, Sniffing
Post Reply
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Sagem F@ST 9520

Post by Yarx » 15 Nov 2009, 20:18

/etc/usb_wi.conf

Code: Select all

#####################################
# Sagem F@ST 9520-35-GLR
#
#

DefaultVendor=  0x1076
DefaultProduct= 0x7F40

TargetVendor=   0x1076
TargetProduct=  0x7F00


Interface= 1

MessageContent="55534243809933fd2400000080000612000000240000000000000000000000"
lsusb

Code: Select all

Bus 001 Device 002: ID 1076:7f40 GCT Semiconductor, Inc.
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
dmesg

Code: Select all

[  195.141419] usb usb1: usb resume
[  195.141457] usb usb1: wakeup_rh
[  195.173372] hub 1-0:1.0: hub_resume
[  195.173471] uhci_hcd 0000:00:01.2: port 2 portsc 0093,00
[  195.173509] hub 1-0:1.0: port 2: status 0101 change 0001
[  195.274421] hub 1-0:1.0: state 7 ports 2 chg 0004 evt 0000
[  195.274495] hub 1-0:1.0: port 2, status 0101, change 0000, 12 Mb/s
[  195.376341] usb 1-2: new full speed USB device using uhci_hcd and address 2
[  195.510344] usb 1-2: config 34 has an invalid interface number: 1 but max is 0
[  195.510383] usb 1-2: config 34 has no interface number 0
[  195.513360] usb 1-2: default language 0x0409
[  195.528334] usb 1-2: udev 2, busnum 1, minor = 1
[  195.528365] usb 1-2: New USB device found, idVendor=1076, idProduct=7f40
[  195.528399] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.528431] usb 1-2: Product: M-WiMAX Network Adaptor
[  195.528458] usb 1-2: Manufacturer: GCT Semiconductor, Inc.
[  195.528485] usb 1-2: SerialNumber: 72130000
[  195.529316] usb 1-2: uevent
[  195.529488] usb 1-2: usb_probe_device
[  195.529520] usb 1-2: configuration #34 chosen from 1 choice
[  195.531496] usb 1-2: adding 1-2:34.1 (config #34, interface 1)
[  195.539090] usb 1-2:34.1: uevent
[  195.540101] usb-storage 1-2:34.1: usb_probe_interface
[  195.540254] usb-storage 1-2:34.1: usb_probe_interface - got id
[  195.558677] scsi2 : SCSI emulation for USB Mass Storage devices
[  195.564957] drivers/usb/core/inode.c: creating file '002'
[  195.565215] hub 1-0:1.0: state 7 ports 2 chg 0000 evt 0004
[  195.566910] usb-storage: device found at 2
[  195.566933] usb-storage: waiting for device to settle before scanning
[  200.577879] scsi 2:0:0:0: CD-ROM            GCT Semi CD-ROM           312e PQ: 0 ANSI: 0 CCS
[  200.612576] sr1: scsi3-mmc drive: 0x/0x caddy
[  200.617665] sr 2:0:0:0: Attached scsi CD-ROM sr1
[  200.620634] sr 2:0:0:0: Attached scsi generic sg2 type 5
[  200.624317] usb-storage: device scan complete
[  200.843085] usb 1-2:34.1: uevent
[  200.846503] usb 1-2: uevent
usb_modeswitch -c /etc/usb_wi.conf

Code: Select all

Looking for target devices ...
 No devices in target mode or class found
Looking for default devices ...
 Found default devices (1)
Accessing device 002 on bus 001 ...
Using endpoints 0x04 (out) and 0x83 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 OK, driver found ("usb-storage")
 OK, driver "usb-storage" detached

Received inquiry data (detailed identification)
-------------------------
  Vendor String: GCT Semi
   Model String: CD-ROM
Revision String: 312e
-------------------------

Device description data (identification)
-------------------------
Manufacturer: GCT Semiconductor, Inc.
     Product: M-WiMAX Network Adaptor
  Serial No.: 72130000
-------------------------
Setting up communication with interface 1 ...
Trying to send the message to endpoint 0x04 ...
 OK, message successfully sent
-> Run lsusb to note any changes. Bye.
lsusb

Code: Select all

Bus 001 Device 002: ID 1076:7f40 GCT Semiconductor, Inc.
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
dmesg

Code: Select all

[  313.674560] usb-storage 1-2:34.1: disconnect by usbfs
[  313.779618] usb 1-2: usbfs: process 1407 (usb_modeswitch) did not claim interface 1 before use
Please help, maybe my MessageContent is wrong ?

here is SniffUSB log file http://pastebin.com/f11560686

Thanks
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 15 Nov 2009, 23:41

Very good preparation, I'm impressed!

Looking at the data, I think the "0612" command is most likely not relevant for switching. It's actually the INQUIRY command which is used by USB_ModeSwitch anyway to get the SCSI strings. Plus, it's not completed, the device is gone during the transfer ...

I wonder about the control request immediately before the last bulk transfer. The request is 0xfe (Get Max LUN), and it is repeated three times no matter the answer being "0". Very suspicious.

The other thing is the interface number. There is only one interface advertised which should have the number "0". But it says the interface number is "1". The Linux USB host complains but accepts this number.

And third, there is an unusual configuration value in SELECT_CONFIGURATION. It says "bConfigurationValue 0x22".

Luckily, the switch is happening rather quickly so there are limited possibilities.

The easiest thing to test is the config value. You can try "Configuration=0x22" in your config file, without any MessageContent entry. If that has no effect you might be able to further circle in to the solution by comparing the behaviour of Windows when the device is plugged with no driver installed. In this case, only the beginning of the log would be of interest, until a few transfers after SELECT_CONFIGURATION.

If the "Get Max LUN" request does not pop up there I'll add a custom switch function to usb_modeswitch.
Top
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Post by Yarx » 16 Nov 2009, 11:04

I changed my config file
so here is result

usb_modeswitch -W -c /etc/usb_wi.conf

Code: Select all

Reading config file: /etc/usb_wi.conf

 * usb_modeswitch: handle USB devices with multiple modes
 * Version 1.0.5 (C) Josua Dietze 2009
 * Based on libusb 0.1.12

DefaultVendor=  0x1076
DefaultProduct= 0x7f40
TargetVendor=   0x1076
TargetProduct=  0x7f00
TargetClass=    not set

DetachStorageOnly=0
HuaweiMode=0
SierraMode=0
SonyMode=0
MessageEndpoint= not set
MessageContent= not set
NeedResponse=0
ResponseEndpoint= not set
Interface=0x01
Configuration=0x22

InquireDevice enabled (default)
Success check disabled

usb_set_debug: Setting debugging level to 15 (on)
usb_os_find_busses: Found 001
usb_os_find_devices: Found 002 on 001
usb_os_find_devices: Found 001 on 001
error obtaining child information: Inappropriate ioctl for device

Looking for target devices ...
 No devices in target mode or class found
Looking for default devices ...
 Found default devices (1)
Accessing device 002 on bus 001 ...
Using endpoints 0x04 (out) and 0x83 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 OK, driver found ("usb-storage")
 OK, driver "usb-storage" detached

Received inquiry data (detailed identification)
-------------------------
  Vendor String: GCT Semi
   Model String: CD-ROM
Revision String: 312e
-------------------------

Device description data (identification)
-------------------------
Manufacturer: GCT Semiconductor, Inc.
     Product: M-WiMAX Network Adaptor
  Serial No.: 72130000
-------------------------
Warning: no switching method given.
Changing configuration to 34 ...
 OK, configuration set
-> Run lsusb to note any changes. Bye.
lsusb

Code: Select all

Bus 001 Device 002: ID 1076:7f40 GCT Semiconductor, Inc.
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
dmesg

Code: Select all

[  570.424202] usb-storage 1-2:34.1: disconnect by usbfs
In the evening i'll try to uninstall drivers in windows and post LOG here

Big thanks!
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 16 Nov 2009, 16:19

Additionally, to exclude any side effects, disable Inquiry for any future experiments (command option -I).
Top
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Post by Yarx » 17 Nov 2009, 14:01

So I uninstall my drivers, and next i install drivers again

This log file is when installation program auto replug usb device
http://pastebin.com/f69ecd9d2 vid_1076&pid_7f40

And this is Log file for vid_1076&pid_7f00
http://pastebin.com/f82fe7ab
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 17 Nov 2009, 14:26

It's obvious that there is no "Get Max LUN" if the driver is not installed yet.

I'll try and add a "Sagem mode" tonight. Please stand by.
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 17 Nov 2009, 21:27

OK, here we are:
http://www.draisberghof.de/usb_modeswitch/yarx_usb_modeswitch.c

There is a new "GeniusMode" (the maker is "Genius Computer Technology" or GCT) which has the command line switch "-G".
In addition, you have to specify the interface, which is "1" in your case.

The resulting call:

Code: Select all

./usb_modeswitch -I -v 0x1076 -p 0x7f40 -G -I -i 1
If I test it with my modem I get error 16 (device busy).

The procedure may be time sensitive - if it's not working right away try to do the call right after plugging, before the storage device is made available (usually after five seconds settle-down time).
Top
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Post by Yarx » 19 Nov 2009, 00:56

I tried both options (call right after plugging and after storage device is made available ) but the result gave away the same:

usb_modeswitch -I -v 0x1076 -p 0x7f40 -G -I -i 1

Code: Select all

Looking for default devices ...
 Found default devices (1)
Accessing device 002 on bus 001 ...

Device description data (identification)
-------------------------
Manufacturer: GCT Semiconductor, Inc.
     Product: M-WiMAX Network Adaptor
  Serial No.: 72130000
-------------------------
Warning: no switching method given.
Sending Genius control messages ...
Error: sending Genius control message #1 failed (error -16). Trying to continue
Error: sending Genius control message #2 failed (error -16). Trying to continue
Error: sending Genius control message #3 failed (error -16). Trying to continue
 OK, Genius control messages sent
-> Run lsusb to note any changes. Bye.
lsusb

Code: Select all

Bus 001 Device 002: ID 1076:7f40 GCT Semiconductor, Inc.
dmesg

Code: Select all

usb 1-1: usbfs: process 2646 (usb_modeswitch) did not claim interface 1 before use
usb 1-1: usbfs: process 2646 (usb_modeswitch) did not claim interface 1 before use
usb 1-1: usbfs: process 2646 (usb_modeswitch) did not claim interface 1 before use
Maybe I need to experiment more with device drivers in windows?
But I do not know how it is better to do.
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 19 Nov 2009, 11:53

The only thing to do in Windows is to repeat the logging with the installed driver, just to see if the strange FE control request is still there and unchanged. Apart from that (and I doubt there will be a different output) we should know everything we need to know from your very first log.

Well, on to the next experiment ...
http://www.draisberghof.de/usb_modeswitch/yarx2_usb_modeswitch.c
Top
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Post by Yarx » 21 Nov 2009, 13:22

This is incredible, Thank you very very much

Here is Log

usb_modeswitch -I -v 0x1076 -p 0x7f40 -G -I -i 1

Code: Select all

Looking for default devices ...
 Found default devices (1)
Accessing device 002 on bus 001 ...

Device description data (identification)
-------------------------
Manufacturer: GCT Semiconductor, Inc.
     Product: M-WiMAX Network Adaptor
  Serial No.: 72130000
-------------------------
Warning: no switching method given.
Looking for active driver ...
 OK, driver found ("usb-storage")
 OK, driver "usb-storage" detached
Sending Genius control messages ...
Error: sending Genius control message #2 failed (error -32). Trying to continue
Error: sending Genius control message #3 failed (error -71). Trying to continue
 OK, Genius control messages sent
-> Run lsusb to note any changes. Bye.
lsusb

Code: Select all

Bus 001 Device 003: ID 1076:7f00 GCT Semiconductor, Inc.
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
dmesg

Code: Select all

usb 1-1: usbfs: USBDEVFS_CONTROL failed cmd usb_modeswitch rqt 161 rq 254 len 1 ret -71
usb 1-1: USB disconnect, address 2
usb 1-1: new full speed USB device using uhci_hcd and address 3
usb 1-1: New USB device found, idVendor=1076, idProduct=7f00
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: M-WiMAX Network Adaptor
usb 1-1: Manufacturer: GCT Semiconductor, Inc.
usb 1-1: SerialNumber: 72130000
usb 1-1: configuration #17 chosen from 1 choice
Thank you
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 21 Nov 2009, 22:47

Fine, so it's really the first command request we are sending. Are you able to comment out the loop for command #2 and #3, recompile and check if it is still working? The function is "switchGeniusMode".

I suspect we only need that one command.

Also you could try to take out the "claim_interface" line to see if that changes anything.

I'd be grateful for your cooperation (plus you will be mentioned as a contributor in the source code :lol: ).
Top
navigator666
Posts: 2
Joined: 22 Nov 2009, 15:34

Post by navigator666 » 22 Nov 2009, 15:37

So I guess everything work under Linux now? May I ask the topic-starter - do you live in Ukraine? Is the configuration you were trying to do is for Freshtel?
Would be grateful if you reply! Really having trouble with setting up this modem under ubuntu. Thanks in advance
Top
Yarx
Posts: 8
Joined: 15 Nov 2009, 20:05

Post by Yarx » 22 Nov 2009, 16:55

I comment out everything you say (and claim_interface too),but it sometimes don't switch.
So i add usb_control_msg twice, and now its work but gives one of these two Error msg :)


Error: sending Genius control message #1 failed (error -71). Trying to continue

dmesg

Code: Select all

[148153.391477] usb 1-2: usbfs: process 10624 (usb_modeswitch) did not claim interface 1 before use
[148153.392682] usb 1-2: usbfs: USBDEVFS_CONTROL failed cmd usb_modeswitch rqt 161 rq 160 len 1 ret -71
OR

Error: sending Genius control message #2 failed (error -32). Trying to continue

dmesg

Code: Select all

[147826.138066] usb 1-2: usbfs: process 10420 (usb_modeswitch) did not claim interface 1 before use
In both options it's switch correctly
lsusb

Code: Select all

Bus 001 Device 048: ID 1076:7f00 GCT Semiconductor, Inc.
Bus 001 Device 005: ID 03f0:0212 Hewlett-Packard DeskJet 1220C
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
here is the source

Code: Select all

int switchGeniusMode ()
{
        int ret, i;

        SHOW_PROGRESS("Sending Genius control messages ...\n");

        for (i=1;i<3;i++) {
                ret = usb_control_msg(devh, 0xa1, 0xa0, 0, Interface, buffer, 1, 1000);
                if (ret < 0)
                        fprintf(stderr, "Error: sending Genius control message #%d failed (error %d). Trying to continue\n", i, ret);
        }
        SHOW_PROGRESS(" OK, Genius control messages sent\n");
        usb_release_interface(devh, Interface);
}
2navigator666:
Yes, I am from Ukraine) and it's for Freshtel
So I guess everything work under Linux now?
Not quite.
Now we can just switch the modem (thanks Josh)
But I have some ideas :)
Top
navigator666
Posts: 2
Joined: 22 Nov 2009, 15:34

Post by navigator666 » 22 Nov 2009, 17:09

2Yarx: wow... maybe let's cooperate in making this piece of s...t work?
BTW, have you seen this: http://ualinux.com/index.php/forum/10-/ ... m-fst-9520 hope it is possible to take smth valuable from there
Top
Josh
Site Admin
Posts: 6570
Joined: 03 Nov 2007, 00:30

Post by Josh » 22 Nov 2009, 18:15

Yarx wrote:I comment out everything you say (and claim_interface too),but it sometimes don't switch.
So i add usb_control_msg twice, and now its work but gives one of these two Error msg
Does it work reliably with "claim_interface" active and only one contol_msg?

I really want to do this as cleanly as possible. Just one more try ...
Top
Post Reply

Return to “Device Information”