USB抓包;理解沟通

逆向工程 固件 USB 线鲨
2021-07-09 03:42:32

再会-

我通过 Wireshark 捕获了一些数据,并试图理解它以及 USB 的通信协议。

这个捕获包含序列 02010c,它告诉我特定目标的固件版本。Wireshark 说该请求的顺序较早-但我不明白该特定请求中的哪个位置是实际的“请求”。所以我认为我在理解 URB 的工作方式方面遇到了困难。

Frame 32625: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface wireshark_extcap1928, id 0
    Interface id: 0 (wireshark_extcap1928)
    Encapsulation type: USB packets with USBPcap header (152)
    Arrival Time: May  8, 2020 14:02:24.741579000 Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1588960944.741579000 seconds
    [Time delta from previous captured frame: 0.000943000 seconds]
    [Time delta from previous displayed frame: 0.000943000 seconds]
    [Time since reference or first frame: 141.773912000 seconds]
    Frame Number: 32625
    Frame Length: 91 bytes (728 bits)
    Capture Length: 91 bytes (728 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: usb]
USB URB
    [Source: 3.12.1]
    [Destination: host]
    USBPcap pseudoheader length: 27
    IRP ID: 0xffffd50384c4da20
    IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
    URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
    IRP information: 0x01, Direction: PDO -> FDO
        0000 000. = Reserved: 0x00
        .... ...1 = Direction: PDO -> FDO (0x1)
    URB bus id: 3
    Device address: 12
    Endpoint: 0x81, Direction: IN
        1... .... = Direction: IN (1)
        .... 0001 = Endpoint number: 1
    URB transfer type: URB_INTERRUPT (0x01)
    Packet Data Length: 64
    [Request in: 32618]
    [Time from request: 0.008964000 seconds]
    [bInterfaceClass: HID (0x03)]
Leftover Capture Data: 7e107bff000882000302010c003500000000000000000000…

被引用的请求:

Frame 32618: 27 bytes on wire (216 bits), 27 bytes captured (216 bits) on interface wireshark_extcap1928, id 0
    Interface id: 0 (wireshark_extcap1928)
    Encapsulation type: USB packets with USBPcap header (152)
    Arrival Time: May  8, 2020 14:02:24.732615000 Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1588960944.732615000 seconds
    [Time delta from previous captured frame: 0.000033000 seconds]
    [Time delta from previous displayed frame: 0.000033000 seconds]
    [Time since reference or first frame: 141.764948000 seconds]
    Frame Number: 32618
    Frame Length: 27 bytes (216 bits)
    Capture Length: 27 bytes (216 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: usb]
USB URB
    [Source: host]
    [Destination: 3.12.1]
    USBPcap pseudoheader length: 27
    IRP ID: 0xffffd50384c4da20
    IRP USBD_STATUS: USBD_STATUS_SUCCESS (0x00000000)
    URB Function: URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER (0x0009)
    IRP information: 0x00, Direction: FDO -> PDO
        0000 000. = Reserved: 0x00
        .... ...0 = Direction: FDO -> PDO (0x0)
    URB bus id: 3
    Device address: 12
    Endpoint: 0x81, Direction: IN
        1... .... = Direction: IN (1)
        .... 0001 = Endpoint number: 1
    URB transfer type: URB_INTERRUPT (0x01)
    Packet Data Length: 0
    [Response in: 32625]
    [bInterfaceClass: HID (0x03)]

我已经阅读了许多有关输入、输出和传输数据包的不同示例。我只是看不出这是如何工作的。

是不是很简单……还有另一对向上(向下?)发送命令到端点的数据包,而机器正坐在那里等待响应来自主机的“in”请求以允许它知道要发送数据吗?

0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇处理混淆代码的指南 下一篇如何处理反汇编代码和二进制文件的文本文件?