D-Link DWM-221 B1 2001:a406 (vivo brazil 4G)

dsd · Post by **dsd** » 04 Mar 2016, 20:22

Hi,

I have a device from a brazilian 4G ISP named "vivo", that is also branded as d-link. Trying to get it going with usb_modeswitch 2.3.0.

On plugging in it identifies itself as 2001:a406. Full descriptors: https://gist.github.com/dsd/dc54fa719e950c67a2b9

There is a Linux driver on the emulated CDROM, which shows that it does a modeswitch with `eject /dev/sr0`.

That works fine. After doing the eject it comes back as 2001:7e19. Descriptors: https://gist.github.com/dsd/5e0bb118b8ebddab7c6a

Now to try to do the same with usb_modeswitch.

Code: Select all

# usb_modeswitch -v 2001 -p a406 -W -K
Take all parameters from the command line

 * usb_modeswitch: handle USB devices with multiple modes
 * Version 2.3.0 (C) Josua Dietze 2015
 * Based on libusb1/libusbx

 ! PLEASE REPORT NEW CONFIGURATIONS !

DefaultVendor=  0x2001
DefaultProduct= 0xa406

StandardEject=1

Look for default devices ...
  found USB ID 1d6b:0003
  found USB ID 0bda:b719
  found USB ID 04f2:b52b
  found USB ID 2001:a406
   vendor ID matched
   product ID matched
  found USB ID 1d6b:0002
 Found devices in default mode (1)
Access device 012 on bus 001
Get the current device configuration ...
Current configuration number is 1
Use interface number 0
Use endpoints 0x01 (out) and 0x81 (in)

USB description data (for identification)
-------------------------
Manufacturer: Mobile Connect
     Product: Mobile Connect
  Serial No.: 0123456789ABCDEF
-------------------------
Sending standard EJECT sequence
Looking for active driver ...
 OK, driver detached
Set up interface 0
Use endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
 OK, message successfully sent
Read the response to message 1 (CSW) ...
 Response reading failed (error -7)
 Device is gone, skip any further commands
-> Run lsusb to note any changes. Bye!

Hmm, no modeswitch happened, the only kernel messages that appeared:

Code: Select all

sd 10:0:0:0: [sdb] Synchronizing SCSI cache
sd 10:0:0:0: [sdb] Synchronize Cache(10) failed: Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
sd 10:0:0:0: [sdb] Sense Key : Illegal Request [current] 
sd 10:0:0:0: [sdb] Add. Sense: Invalid command operation code

Trying an alternative that I found on these forums for similar hardware:

Code: Select all

# usb_modeswitch -v 2001 -p a406 -W -n -M 555342435b000000000000000001061e000000000000000000000000000000 -2 555342435c000000000000000001061b000000010000000000000000000000 -3 555342435d000000000000000001061b000000020000000000000000000000
Take all parameters from the command line


 * usb_modeswitch: handle USB devices with multiple modes
 * Version 2.3.0 (C) Josua Dietze 2015
 * Based on libusb1/libusbx

 ! PLEASE REPORT NEW CONFIGURATIONS !

DefaultVendor=  0x2001
DefaultProduct= 0xa406
MessageContent="555342435b000000000000000001061e000000000000000000000000000000"
MessageContent2="555342435c000000000000000001061b000000010000000000000000000000"
MessageContent3="555342435d000000000000000001061b000000020000000000000000000000"

Look for default devices ...
  found USB ID 1d6b:0003
  found USB ID 0bda:b719
  found USB ID 04f2:b52b
  found USB ID 2001:a406
   vendor ID matched
   product ID matched
  found USB ID 1d6b:0002
 Found devices in default mode (1)
Access device 013 on bus 001
Get the current device configuration ...
Current configuration number is 1
Use interface number 0
Use endpoints 0x01 (out) and 0x81 (in)
Error: can't use storage command in MessageContent with interface 0;
       interface class is 239, expected 8. Abort

I traced through the code here and I can't quite figure out what this check is for. defaultClass is 239 (0xef) (from bDeviceClass) and interfaceClass is 8 (from bInterfaceClass). The code in question is:

Code: Select all

        if (defaultClass == 0)
                defaultClass = interfaceClass;
        else
                if (interfaceClass == LIBUSB_CLASS_MASS_STORAGE && defaultClass != LIBUSB_CLASS_MASS_STORAGE
                                && defaultClass != 0xef && defaultClass != LIBUSB_CLASS_VENDOR_SPEC) {

                        /* Unexpected default class combined with differing interface class */
                        SHOW_PROGRESS(output,"Bogus Class/InterfaceClass: 0x%02x/0x08\n", defaultClass);
                        defaultClass = 8;
                }

        if (strlen(MessageContent) && strncmp("55534243",MessageContent,8) == 0)
                if (defaultClass != 8) {
                        fprintf(stderr, "Error: can't use storage command in MessageContent with interface %d;\n"
                                "       interface class is %d, expected 8. Abort\n\n", Interface, defaultClass);
                        abortExit();
                }

Since defaultClass == 0xef we skip the "Bogus Class/Interface class" fixup, and just fall through to the error case.

I haven't looked in detail but I guess something is a bit odd with the descriptors. How can we fix up modeswitch to be more tolerant?

dsd · Post by **dsd** » 04 Mar 2016, 20:52

Data sent to the device when running 'eject /dev/sr1'

Code: Select all

ffff880267cf4d80 2187642418 S Bo:1:007:1 -115 31 = 55534243 40010000 08000000 80010a4a 01000010 00000008 00000000 000000
ffff880267cf4d80 2187642502 C Bo:1:007:1 0 31 >
ffff880269167b40 2187642506 S Bi:1:007:1 -115 8 <
ffff880269167b40 2187642699 C Bi:1:007:1 -32 0
ffff880267cf4d80 2187642705 S Co:1:007:0 s 02 01 0000 0081 0000 0
ffff880267cf4d80 2187642884 C Co:1:007:0 0 0
ffff880267cf4d80 2187642888 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187642981 C Bi:1:007:1 0 13 = 55534253 40010000 00000000 01
ffff880267cf4d80 2187642985 S Bo:1:007:1 -115 31 = 55534243 41010000 12000000 80010603 20000012 00000000 00000000 000000
ffff880267cf4d80 2187643077 C Bo:1:007:1 0 31 >
ffff880269167b40 2187643081 S Bi:1:007:1 -115 18 <
ffff880269167b40 2187643213 C Bi:1:007:1 0 18 = f0000500 0000000a 00000000 20000000 0000
ffff880267cf4d80 2187643217 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187643310 C Bi:1:007:1 0 13 = 55534253 41010000 00000000 00
ffff880267cf4d80 2187643327 S Bo:1:007:1 -115 31 = 55534243 42010000 00000000 00010600 00000000 00000000 00000000 000000
ffff880267cf4d80 2187643408 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187643411 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187643580 C Bi:1:007:1 0 13 = 55534253 42010000 00000000 00
ffff880267cf4d80 2187643596 S Bo:1:007:1 -115 31 = 55534243 43010000 00000000 0001061b 00000002 00000000 00000000 000000
ffff880267cf4d80 2187643683 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187643686 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187643803 C Bi:1:007:1 0 13 = 55534253 43010000 00000000 01
ffff880267cf4d80 2187643806 S Bo:1:007:1 -115 31 = 55534243 44010000 12000000 80010603 20000012 00000000 00000000 000000
ffff880267cf4d80 2187643900 C Bo:1:007:1 0 31 >
ffff880269167b40 2187643903 S Bi:1:007:1 -115 18 <
ffff880269167b40 2187644021 C Bi:1:007:1 0 18 = f0000500 0000000a 00000000 20000000 0000
ffff880267cf4d80 2187644025 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187644117 C Bi:1:007:1 0 13 = 55534253 44010000 00000000 00
ffff880267cf4d80 2187644140 S Bo:1:007:1 -115 31 = 55534243 45010000 00000000 0001061e 00000000 00000000 00000000 000000
ffff880267cf4d80 2187644215 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187644218 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187644400 C Bi:1:007:1 0 13 = 55534253 45010000 00000000 00
ffff880267cf4d80 2187644416 S Bo:1:007:1 -115 31 = 55534243 46010000 00000000 0001061b 00000001 00000000 00000000 000000
ffff880267cf4d80 2187644497 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187644500 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187644622 C Bi:1:007:1 0 13 = 55534253 46010000 00000000 00
ffff880267cf4d80 2187644633 S Bo:1:007:1 -115 31 = 55534243 47010000 00000000 0001061b 00000002 00000000 00000000 000000
ffff880267cf4d80 2187644721 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187644724 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187644968 C Bi:1:007:1 0 13 = 55534253 47010000 00000000 00
ffff880267cf4d80 2187645001 S Bo:1:007:1 -115 31 = 55534243 48010000 08000000 80010a4a 01000010 00000008 00000000 000000
ffff880267cf4d80 2187645076 C Bo:1:007:1 0 31 >
ffff8802667566c0 2187645080 S Bi:1:007:1 -115 8 <
ffff8802667566c0 2187645252 C Bi:1:007:1 -32 0
ffff880267cf4d80 2187645258 S Co:1:007:0 s 02 01 0000 0081 0000 0
ffff880267cf4d80 2187645409 C Co:1:007:0 0 0
ffff880267cf4d80 2187645411 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187645505 C Bi:1:007:1 0 13 = 55534253 48010000 00000000 01
ffff880267cf4d80 2187645508 S Bo:1:007:1 -115 31 = 55534243 49010000 12000000 80010603 20000012 00000000 00000000 000000
ffff880267cf4d80 2187645601 C Bo:1:007:1 0 31 >
ffff8802667566c0 2187645604 S Bi:1:007:1 -115 18 <
ffff8802667566c0 2187645771 C Bi:1:007:1 0 18 = f0000500 0000000a 00000000 20000000 0000
ffff880267cf4d80 2187645774 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187645868 C Bi:1:007:1 0 13 = 55534253 49010000 00000000 00
ffff880267cf4d80 2187645879 S Bo:1:007:1 -115 31 = 55534243 4a010000 00000000 00010600 00000000 00000000 00000000 000000
ffff880267cf4d80 2187645965 C Bo:1:007:1 0 31 >
ffff880267cf4d80 2187645967 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187646125 C Bi:1:007:1 0 13 = 55534253 4a010000 00000000 01
ffff880267cf4d80 2187646128 S Bo:1:007:1 -115 31 = 55534243 4b010000 12000000 80010603 20000012 00000000 00000000 000000
ffff880267cf4d80 2187646222 C Bo:1:007:1 0 31 >
ffff880269167b40 2187646225 S Bi:1:007:1 -115 18 <
ffff880269167b40 2187646332 C Bi:1:007:1 0 18 = f0000500 0000000a 00000000 20000000 0000
ffff880267cf4d80 2187646334 S Bi:1:007:1 -115 13 <
ffff880267cf4d80 2187646428 C Bi:1:007:1 0 13 = 55534253 4b010000 00000000 00

Post by **Josh** » 05 Mar 2016, 09:02

Code: Select all

if (defaultClass == 0)
                defaultClass = interfaceClass;
        else
                if (interfaceClass == LIBUSB_CLASS_MASS_STORAGE && defaultClass != LIBUSB_CLASS_MASS_STORAGE
                                && defaultClass != 0xef && defaultClass != LIBUSB_CLASS_VENDOR_SPEC) {

                        /* Unexpected default class combined with differing interface class */
                        SHOW_PROGRESS(output,"Bogus Class/InterfaceClass: 0x%02x/0x08\n", defaultClass);
                        defaultClass = 8;
                }

This is indeed buggy ...

The "unexpected" combination refers primarily to a Philips modem which had a device class of 2 which is really bogus for a multiplex device. Class 239 (0xef) refers to "miscellanous" which is standard-compliant in your case.

The correct code should be:

Code: Select all

if (defaultClass == 0 || defaultClass == 0xef)
                defaultClass = interfaceClass;
        else
                if (interfaceClass == LIBUSB_CLASS_MASS_STORAGE && defaultClass != LIBUSB_CLASS_MASS_STORAGE
                                && defaultClass != LIBUSB_CLASS_VENDOR_SPEC) {

                        /* Unexpected default class combined with differing interface class */
                        SHOW_PROGRESS(output,"Bogus Class/InterfaceClass: 0x%02x/0x08\n", defaultClass);
                        defaultClass = 8;
                }

Thanks for the thorough analysis !!
This will be corrected in the next release of course.

Post by **Josh** » 12 Jun 2016, 14:18

I'm in the process of preparing a new data and program package release.

The fix with the device class is implemented; I've also extended the "StandardEject" sequence so that it should catch this device with no modifications (SCSI eject for LUN 0 and LUN 1).

Thanks again!

D-Link DWM-221 B1 2001:a406 (vivo brazil 4G)

Re: D-Link 2001:a406 (vivo brazil 4G)

Re: D-Link 2001:a406 (vivo brazil 4G)

Re: D-Link 2001:a406 (vivo brazil 4G)