]> git.zerfleddert.de Git - proxmark3-svn/blame - common/usb.c
tool to find UIDs in bitstream
[proxmark3-svn] / common / usb.c
CommitLineData
6658905f 1//-----------------------------------------------------------------------------\r
2// My USB driver. This has to be common, because it exists in both the\r
3// bootrom and the application.\r
4// Jonathan Westhues, split Aug 14 2005\r
5//-----------------------------------------------------------------------------\r
6#include <proxmark3.h>\r
7\r
8#define min(a, b) (((a) > (b)) ? (b) : (a))\r
9\r
10#define USB_REPORT_PACKET_SIZE 64\r
11\r
12typedef struct PACKED {\r
13 BYTE bmRequestType;\r
14 BYTE bRequest;\r
15 WORD wValue;\r
16 WORD wIndex;\r
17 WORD wLength;\r
18} UsbSetupData;\r
19\r
20#define USB_REQUEST_GET_STATUS 0\r
21#define USB_REQUEST_CLEAR_FEATURE 1\r
22#define USB_REQUEST_SET_FEATURE 3\r
23#define USB_REQUEST_SET_ADDRESS 5\r
24#define USB_REQUEST_GET_DESCRIPTOR 6\r
25#define USB_REQUEST_SET_DESCRIPTOR 7\r
26#define USB_REQUEST_GET_CONFIGURATION 8\r
27#define USB_REQUEST_SET_CONFIGURATION 9\r
28#define USB_REQUEST_GET_INTERFACE 10\r
29#define USB_REQUEST_SET_INTERFACE 11\r
30#define USB_REQUEST_SYNC_FRAME 12\r
31\r
32#define USB_DESCRIPTOR_TYPE_DEVICE 1\r
33#define USB_DESCRIPTOR_TYPE_CONFIGURATION 2\r
34#define USB_DESCRIPTOR_TYPE_STRING 3\r
35#define USB_DESCRIPTOR_TYPE_INTERFACE 4\r
36#define USB_DESCRIPTOR_TYPE_ENDPOINT 5\r
37#define USB_DESCRIPTOR_TYPE_DEVICE_QUALIFIER 6\r
38#define USB_DESCRIPTOR_TYPE_OTHER_SPEED_CONF 7\r
39#define USB_DESCRIPTOR_TYPE_INTERFACE_POWER 8\r
40#define USB_DESCRIPTOR_TYPE_HID 0x21\r
41#define USB_DESCRIPTOR_TYPE_HID_REPORT 0x22\r
42\r
43#define USB_DEVICE_CLASS_HID 0x03\r
44\r
45static const BYTE HidReportDescriptor[] = {\r
46 0x06,0xA0,0xFF, // Usage Page (vendor defined) FFA0\r
47 0x09,0x01, // Usage (vendor defined)\r
48 0xA1,0x01, // Collection (Application)\r
49 0x09,0x02, // Usage (vendor defined)\r
50 0xA1,0x00, // Collection (Physical)\r
51 0x06,0xA1,0xFF, // Usage Page (vendor defined)\r
52\r
53 //The,input report\r
54 0x09,0x03, // usage - vendor defined\r
55 0x09,0x04, // usage - vendor defined\r
56 0x15,0x80, // Logical Minimum (-128)\r
57 0x25,0x7F, // Logical Maximum (127)\r
58 0x35,0x00, // Physical Minimum (0)\r
59 0x45,0xFF, // Physical Maximum (255)\r
60 0x75,0x08, // Report Size (8) (bits)\r
61 0x95,0x40, // Report Count (64) (fields)\r
62 0x81,0x02, // Input (Data,Variable,Absolute)\r
63\r
64 //The,output report\r
65 0x09,0x05, // usage - vendor defined\r
66 0x09,0x06, // usage - vendor defined\r
67 0x15,0x80, // Logical Minimum (-128)\r
68 0x25,0x7F, // Logical Maximum (127)\r
69 0x35,0x00, // Physical Minimum (0)\r
70 0x45,0xFF, // Physical Maximum (255)\r
71 0x75,0x08, // Report Size (8) (bits)\r
72 0x95,0x40, // Report Count (64) (fields)\r
73 0x91,0x02, // Output (Data,Variable,Absolute)\r
74\r
75 0xC0, // End Collection\r
76\r
77 0xC0, // End Collection\r
78};\r
79\r
80static const BYTE DeviceDescriptor[] = {\r
81 0x12, // Descriptor length (18 bytes)\r
82 0x01, // Descriptor type (Device)\r
83 0x10,0x01, // Complies with USB Spec. Release (0110h = release 1.10)\r
84 0x00, // Class code (0)\r
85 0x00, // Subclass code (0)\r
86 0x00, // Protocol (No specific protocol)\r
87 0x08, // Maximum packet size for Endpoint 0 (8 bytes)\r
88 0xc4,0x9a, // Vendor ID (random numbers)\r
89 0x8f,0x4b, // Product ID (random numbers)\r
90 0x01,0x00, // Device release number (0001)\r
91 0x01, // Manufacturer string descriptor index\r
92 0x02, // Product string descriptor index\r
93 0x00, // Serial Number string descriptor index (None)\r
94 0x01, // Number of possible configurations (1)\r
95};\r
96\r
97static const BYTE ConfigurationDescriptor[] = {\r
98 0x09, // Descriptor length (9 bytes)\r
99 0x02, // Descriptor type (Configuration)\r
100 0x29,0x00, // Total data length (41 bytes)\r
101 0x01, // Interface supported (1)\r
102 0x01, // Configuration value (1)\r
103 0x00, // Index of string descriptor (None)\r
104 0x80, // Configuration (Bus powered)\r
105 250, // Maximum power consumption (500mA)\r
106\r
107 //interface\r
108 0x09, // Descriptor length (9 bytes)\r
109 0x04, // Descriptor type (Interface)\r
110 0x00, // Number of interface (0)\r
111 0x00, // Alternate setting (0)\r
112 0x02, // Number of interface endpoint (2)\r
113 0x03, // Class code (HID)\r
114 0x00, // Subclass code ()\r
115 0x00, // Protocol code ()\r
116 0x00, // Index of string()\r
117\r
118 // class\r
119 0x09, // Descriptor length (9 bytes)\r
120 0x21, // Descriptor type (HID)\r
121 0x00,0x01, // HID class release number (1.00)\r
122 0x00, // Localized country code (None)\r
123 0x01, // # of HID class dscrptr to follow (1)\r
124 0x22, // Report descriptor type (HID)\r
125 // Total length of report descriptor\r
126 sizeof(HidReportDescriptor),0x00,\r
127\r
128 // endpoint 1\r
129 0x07, // Descriptor length (7 bytes)\r
130 0x05, // Descriptor type (Endpoint)\r
131 0x01, // Encoded address (Respond to OUT)\r
132 0x03, // Endpoint attribute (Interrupt transfer)\r
133 0x08,0x00, // Maximum packet size (8 bytes)\r
134 0x01, // Polling interval (1 ms)\r
135\r
136 // endpoint 2\r
137 0x07, // Descriptor length (7 bytes)\r
138 0x05, // Descriptor type (Endpoint)\r
139 0x82, // Encoded address (Respond to IN)\r
140 0x03, // Endpoint attribute (Interrupt transfer)\r
141 0x08,0x00, // Maximum packet size (8 bytes)\r
142 0x01, // Polling interval (1 ms)\r
143};\r
144\r
145static const BYTE StringDescriptor0[] = {\r
146 0x04, // Length\r
147 0x03, // Type is string\r
148 0x09, // English\r
149 0x04, // US\r
150};\r
151\r
152static const BYTE StringDescriptor1[] = {\r
153 24, // Length\r
154 0x03, // Type is string\r
155 'J', 0x00,\r
156 '.', 0x00,\r
157 ' ', 0x00,\r
158 'W', 0x00,\r
159 'e', 0x00,\r
160 's', 0x00,\r
161 't', 0x00,\r
162 'h', 0x00,\r
163 'u', 0x00,\r
164 'e', 0x00,\r
165 's', 0x00,\r
166};\r
167\r
168static const BYTE StringDescriptor2[] = {\r
169 54, // Length\r
170 0x03, // Type is string\r
171 'P', 0x00,\r
172 'r', 0x00,\r
173 'o', 0x00,\r
174 'x', 0x00,\r
175 'M', 0x00,\r
176 'a', 0x00,\r
177 'r', 0x00,\r
178 'k', 0x00,\r
179 '-', 0x00,\r
180 '3', 0x00,\r
181 ' ', 0x00,\r
182 'R', 0x00,\r
183 'F', 0x00,\r
184 'I', 0x00,\r
185 'D', 0x00,\r
186 ' ', 0x00,\r
187 'I', 0x00,\r
188 'n', 0x00,\r
189 's', 0x00,\r
190 't', 0x00,\r
191 'r', 0x00,\r
192 'u', 0x00,\r
193 'm', 0x00,\r
194 'e', 0x00,\r
195 'n', 0x00,\r
196 't', 0x00,\r
197};\r
198\r
199static const BYTE * const StringDescriptors[] = {\r
200 StringDescriptor0,\r
201 StringDescriptor1,\r
202 StringDescriptor2,\r
203};\r
204\r
205\r
206static BYTE UsbBuffer[64];\r
207static int UsbSoFarCount;\r
208\r
209static BYTE CurrentConfiguration;\r
210\r
211static void UsbSendEp0(const BYTE *data, int len)\r
212{\r
213 int thisTime, i;\r
214\r
215 do {\r
216 thisTime = min(len, 8);\r
217 len -= thisTime;\r
218\r
219 for(i = 0; i < thisTime; i++) {\r
220 UDP_ENDPOINT_FIFO(0) = *data;\r
221 data++;\r
222 }\r
223\r
224 if(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED) {\r
225 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_TX_PACKET_ACKED;\r
226 while(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED)\r
227 ;\r
228 }\r
229\r
230 UDP_ENDPOINT_CSR(0) |= UDP_CSR_TX_PACKET;\r
231\r
232 do {\r
233 if(UDP_ENDPOINT_CSR(0) & UDP_CSR_RX_PACKET_RECEIVED_BANK_0) {\r
234 // This means that the host is trying to write to us, so\r
235 // abandon our write to them.\r
236 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_RX_PACKET_RECEIVED_BANK_0;\r
237 return;\r
238 }\r
239 } while(!(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED));\r
240 } while(len > 0);\r
241\r
242 if(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED) {\r
243 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_TX_PACKET_ACKED;\r
244 while(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED)\r
245 ;\r
246 }\r
247}\r
248\r
249static void UsbSendZeroLength(void)\r
250{\r
251 UDP_ENDPOINT_CSR(0) |= UDP_CSR_TX_PACKET;\r
252\r
253 while(!(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED))\r
254 ;\r
255\r
256 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_TX_PACKET_ACKED;\r
257\r
258 while(UDP_ENDPOINT_CSR(0) & UDP_CSR_TX_PACKET_ACKED)\r
259 ;\r
260}\r
261\r
8e19377d 262static void UsbSendStall(void)\r
263{\r
264 UDP_ENDPOINT_CSR(0) |= UDP_CSR_FORCE_STALL;\r
265\r
266 while(!(UDP_ENDPOINT_CSR(0) & UDP_CSR_STALL_SENT))\r
267 ;\r
268\r
269 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_STALL_SENT;\r
270\r
271 while(UDP_ENDPOINT_CSR(0) & UDP_CSR_STALL_SENT)\r
272 ;\r
273}\r
274\r
6658905f 275static void HandleRxdSetupData(void)\r
276{\r
277 int i;\r
278 UsbSetupData usd;\r
279\r
280 for(i = 0; i < sizeof(usd); i++) {\r
281 ((BYTE *)&usd)[i] = UDP_ENDPOINT_FIFO(0);\r
282 }\r
283\r
284 if(usd.bmRequestType & 0x80) {\r
285 UDP_ENDPOINT_CSR(0) |= UDP_CSR_CONTROL_DATA_DIR;\r
286 while(!(UDP_ENDPOINT_CSR(0) & UDP_CSR_CONTROL_DATA_DIR))\r
287 ;\r
288 }\r
289\r
290 UDP_ENDPOINT_CSR(0) &= ~UDP_CSR_RX_HAVE_READ_SETUP_DATA;\r
291 while(UDP_ENDPOINT_CSR(0) & UDP_CSR_RX_HAVE_READ_SETUP_DATA)\r
292 ;\r
293\r
294 switch(usd.bRequest) {\r
295 case USB_REQUEST_GET_DESCRIPTOR:\r
296 if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_DEVICE) {\r
297 UsbSendEp0((BYTE *)&DeviceDescriptor,\r
298 min(sizeof(DeviceDescriptor), usd.wLength));\r
299 } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_CONFIGURATION) {\r
300 UsbSendEp0((BYTE *)&ConfigurationDescriptor,\r
301 min(sizeof(ConfigurationDescriptor), usd.wLength));\r
302 } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_STRING) {\r
303 const BYTE *s = StringDescriptors[usd.wValue & 0xff];\r
304 UsbSendEp0(s, min(s[0], usd.wLength));\r
305 } else if((usd.wValue >> 8) == USB_DESCRIPTOR_TYPE_HID_REPORT) {\r
306 UsbSendEp0((BYTE *)&HidReportDescriptor,\r
307 min(sizeof(HidReportDescriptor), usd.wLength));\r
308 } else {\r
309 *((DWORD *)0x00200000) = usd.wValue;\r
310 }\r
311 break;\r
312\r
313 case USB_REQUEST_SET_ADDRESS:\r
314 UsbSendZeroLength();\r
315 UDP_FUNCTION_ADDR = UDP_FUNCTION_ADDR_ENABLED | usd.wValue ;\r
316 if(usd.wValue != 0) {\r
317 UDP_GLOBAL_STATE = UDP_GLOBAL_STATE_ADDRESSED;\r
318 } else {\r
319 UDP_GLOBAL_STATE = 0;\r
320 }\r
321 break;\r
322\r
323 case USB_REQUEST_GET_CONFIGURATION:\r
324 UsbSendEp0(&CurrentConfiguration, sizeof(CurrentConfiguration));\r
325 break;\r
326\r
327 case USB_REQUEST_GET_STATUS: {\r
328 if(usd.bmRequestType & 0x80) {\r
329 WORD w = 0;\r
330 UsbSendEp0((BYTE *)&w, sizeof(w));\r
331 }\r
332 break;\r
333 }\r
334 case USB_REQUEST_SET_CONFIGURATION:\r
335 CurrentConfiguration = usd.wValue;\r
336 if(CurrentConfiguration) {\r
337 UDP_GLOBAL_STATE = UDP_GLOBAL_STATE_CONFIGURED;\r
338 UDP_ENDPOINT_CSR(1) = UDP_CSR_ENABLE_EP |\r
339 UDP_CSR_EPTYPE_INTERRUPT_OUT;\r
340 UDP_ENDPOINT_CSR(2) = UDP_CSR_ENABLE_EP |\r
341 UDP_CSR_EPTYPE_INTERRUPT_IN;\r
342 } else {\r
343 UDP_GLOBAL_STATE = UDP_GLOBAL_STATE_ADDRESSED;\r
344 UDP_ENDPOINT_CSR(1) = 0;\r
345 UDP_ENDPOINT_CSR(2) = 0;\r
346 }\r
347 UsbSendZeroLength();\r
348 break;\r
349\r
350 case USB_REQUEST_GET_INTERFACE: {\r
351 BYTE b = 0;\r
352 UsbSendEp0(&b, sizeof(b));\r
353 break;\r
354 }\r
355\r
356 case USB_REQUEST_SET_INTERFACE:\r
357 UsbSendZeroLength();\r
358 break;\r
359\r
360 case USB_REQUEST_CLEAR_FEATURE:\r
361 case USB_REQUEST_SET_FEATURE:\r
8e19377d 362 UsbSendStall();\r
363 break;\r
6658905f 364 case USB_REQUEST_SET_DESCRIPTOR:\r
365 case USB_REQUEST_SYNC_FRAME:\r
366 default:\r
367 break;\r
368 }\r
369}\r
370\r
371void UsbSendPacket(BYTE *packet, int len)\r
372{\r
373 int i, thisTime;\r
374\r
375 while(len > 0) {\r
376 thisTime = min(len, 8);\r
377\r
378 for(i = 0; i < thisTime; i++) {\r
379 UDP_ENDPOINT_FIFO(2) = packet[i];\r
380 }\r
381 UDP_ENDPOINT_CSR(2) |= UDP_CSR_TX_PACKET;\r
382\r
383 while(!(UDP_ENDPOINT_CSR(2) & UDP_CSR_TX_PACKET_ACKED))\r
384 ;\r
385 UDP_ENDPOINT_CSR(2) &= ~UDP_CSR_TX_PACKET_ACKED;\r
386\r
387 while(UDP_ENDPOINT_CSR(2) & UDP_CSR_TX_PACKET_ACKED)\r
388 ;\r
389\r
390 len -= thisTime;\r
391 packet += thisTime;\r
392 }\r
393}\r
394\r
395static void HandleRxdData(void)\r
396{\r
397 int i, len;\r
398\r
399 if(UDP_ENDPOINT_CSR(1) & UDP_CSR_RX_PACKET_RECEIVED_BANK_0) {\r
400 len = UDP_CSR_BYTES_RECEIVED(UDP_ENDPOINT_CSR(1));\r
401\r
402 for(i = 0; i < len; i++) {\r
403 UsbBuffer[UsbSoFarCount] = UDP_ENDPOINT_FIFO(1);\r
404 UsbSoFarCount++;\r
405 }\r
406\r
407 UDP_ENDPOINT_CSR(1) &= ~UDP_CSR_RX_PACKET_RECEIVED_BANK_0;\r
408 while(UDP_ENDPOINT_CSR(1) & UDP_CSR_RX_PACKET_RECEIVED_BANK_0)\r
409 ;\r
410\r
411 if(UsbSoFarCount >= 64) {\r
412 UsbPacketReceived(UsbBuffer, UsbSoFarCount);\r
413 UsbSoFarCount = 0;\r
414 }\r
415 }\r
416\r
417 if(UDP_ENDPOINT_CSR(1) & UDP_CSR_RX_PACKET_RECEIVED_BANK_1) {\r
418 len = UDP_CSR_BYTES_RECEIVED(UDP_ENDPOINT_CSR(1));\r
419\r
420 for(i = 0; i < len; i++) {\r
421 UsbBuffer[UsbSoFarCount] = UDP_ENDPOINT_FIFO(1);\r
422 UsbSoFarCount++;\r
423 }\r
424\r
425 UDP_ENDPOINT_CSR(1) &= ~UDP_CSR_RX_PACKET_RECEIVED_BANK_1;\r
426 while(UDP_ENDPOINT_CSR(1) & UDP_CSR_RX_PACKET_RECEIVED_BANK_1)\r
427 ;\r
428\r
429 if(UsbSoFarCount >= 64) {\r
430 UsbPacketReceived(UsbBuffer, UsbSoFarCount);\r
431 UsbSoFarCount = 0;\r
432 }\r
433 }\r
434}\r
435\r
436void UsbStart(void)\r
437{\r
438 volatile int i;\r
439\r
440 UsbSoFarCount = 0;\r
441\r
442 USB_D_PLUS_PULLUP_OFF();\r
443\r
444 for(i = 0; i < 1000000; i++)\r
445 ;\r
446\r
447 USB_D_PLUS_PULLUP_ON();\r
448\r
449 if(UDP_INTERRUPT_STATUS & UDP_INTERRUPT_END_OF_BUS_RESET) {\r
450 UDP_INTERRUPT_CLEAR = UDP_INTERRUPT_END_OF_BUS_RESET;\r
451 }\r
452}\r
453\r
50722269 454BOOL UsbConnected()\r
455{\r
456 if (UDP_GLOBAL_STATE & UDP_GLOBAL_STATE_CONFIGURED)\r
457 return TRUE;\r
458 else\r
459 return FALSE;\r
460}\r
461\r
6658905f 462BOOL UsbPoll(BOOL blinkLeds)\r
463{\r
464 BOOL ret = FALSE;\r
465\r
466 if(UDP_INTERRUPT_STATUS & UDP_INTERRUPT_END_OF_BUS_RESET) {\r
467 UDP_INTERRUPT_CLEAR = UDP_INTERRUPT_END_OF_BUS_RESET;\r
468\r
469 // following a reset we should be ready to receive a setup packet\r
470 UDP_RESET_ENDPOINT = 0xf;\r
471 UDP_RESET_ENDPOINT = 0;\r
472\r
473 UDP_FUNCTION_ADDR = UDP_FUNCTION_ADDR_ENABLED;\r
474\r
475 UDP_ENDPOINT_CSR(0) = UDP_CSR_EPTYPE_CONTROL | UDP_CSR_ENABLE_EP;\r
476\r
477 CurrentConfiguration = 0;\r
478\r
479 ret = TRUE;\r
480 }\r
481\r
482 if(UDP_INTERRUPT_STATUS & UDP_INTERRUPT_ENDPOINT(0)) {\r
483 if(UDP_ENDPOINT_CSR(0) & UDP_CSR_RX_HAVE_READ_SETUP_DATA) {\r
484 HandleRxdSetupData();\r
485 ret = TRUE;\r
486 }\r
487 }\r
488\r
489 if(UDP_INTERRUPT_STATUS & UDP_INTERRUPT_ENDPOINT(1)) {\r
490 HandleRxdData();\r
491 ret = TRUE;\r
492 }\r
493\r
494 return ret;\r
495}\r
Impressum, Datenschutz