Author Topic: Anyone know what this is? (Read 5105 times)

ulao · « **on:** January 18, 2019, 09:40:24 pm »

I'm sniffing a usb 2.0 device and I see endpoint 2 showing this. I though a pid0 was required but it is only sending pid1 data. Though I'm used to looking at control data, maybe this is different.

To catch this packet do I just watch on endpoint2 for interface | class

bmRequestType == 0x11?

for example
/* Handle HID Class specific requests */
if (USB_ControlRequest.bmRequestType == (REQDIR_DEVICETOHOST | REQTYPE_CLASS | REQREC_INTERFACE))
{
//do something
}

Jan Axelson · « **Reply #1 on:** January 19, 2019, 11:14:38 am »

It's very rare that endpoint 2 is configured for control transfers because there is no advantage to having multiple control endpoints.

ulao · « **Reply #2 on:** January 19, 2019, 12:28:15 pm »

Sure but I can't really question what its doing and why, it just is.

From the best I can tell the default end point is not used (other then the report for the button data ). Endpoint 1 is in, and 2 is out. This is what enpoint 1 looks like (81) its an in.

Now this is a device for a game console so the rules may be different but it does also work on a PC (does not use either endpoints 1 or 2). So my mission here is to mimic the endpoint point out. I have cloned this controller 1:1 as far as the descriptors go but thus far I do not understand the endpoint method for 1 and 2. I'm wondering is they are even control data?

Code: [Select]


Connection Status Device connected 
Current Configuration 1 
Speed Full (12 Mbit/s) 
Device Address 2 
Number Of Open Pipes 2 

Device Descriptor Bridge - Wii
Offset Field Size Value Description 
0 bLength 1 12h  
1 bDescriptorType 1 01h Device 
2 bcdUSB 2 0110h USB Spec 1.1 
4 bDeviceClass 1 00h Class info in Ifc Descriptors 
5 bDeviceSubClass 1 00h  
6 bDeviceProtocol 1 00h  
7 bMaxPacketSize0 1 40h 64 bytes 
8 idVendor 2 0F0Dh Hori Co., Ltd 
10 idProduct 2 00C1h  
12 bcdDevice 2 0572h 5.72 
14 iManufacturer 1 01h "Bliss-Box" 
15 iProduct 1 02h "Bridge - Wii" 
16 iSerialNumber 1 00h  
17 bNumConfigurations 1 01h  

Configuration Descriptor 1 Bus Powered, 500 mA
Offset Field Size Value Description 
0 bLength 1 09h  
1 bDescriptorType 1 02h Configuration 
2 wTotalLength 2 0029h  
4 bNumInterfaces 1 01h  
5 bConfigurationValue 1 01h  
6 iConfiguration 1 00h  
7 bmAttributes 1 80h Bus Powered 
 4..0: Reserved  ...00000   
 5: Remote Wakeup  ..0.....  No 
 6: Self Powered  .0......  No, Bus Powered 
 7: Reserved (set to one)
(bus-powered for 1.0)  1.......   
8 bMaxPower 1 FAh 500 mA 

Interface Descriptor 0/0 HID, 2 Endpoints
Offset Field Size Value Description 
0 bLength 1 09h  
1 bDescriptorType 1 04h Interface 
2 bInterfaceNumber 1 00h  
3 bAlternateSetting 1 00h  
4 bNumEndpoints 1 02h  
5 bInterfaceClass 1 03h HID 
6 bInterfaceSubClass 1 00h  
7 bInterfaceProtocol 1 00h  
8 iInterface 1 00h  

HID Descriptor 
Offset Field Size Value Description 
0 bLength 1 09h  
1 bDescriptorType 1 21h HID 
2 bcdHID 2 0111h 1.11 
4 bCountryCode 1 00h  
5 bNumDescriptors 1 01h  
6 bDescriptorType 1 22h Report 
7 wDescriptorLength 2 0050h 80 bytes 

Endpoint Descriptor 02 2 Out, Interrupt, 5 ms
Offset Field Size Value Description 
0 bLength 1 07h  
1 bDescriptorType 1 05h Endpoint 
2 bEndpointAddress 1 02h 2 Out 
3 bmAttributes 1 03h Interrupt 
 1..0: Transfer Type  ......11  Interrupt 
 7..2: Reserved  000000..   
4 wMaxPacketSize 2 0040h 64 bytes 
6 bInterval 1 05h 5 ms 

Endpoint Descriptor 81 1 In, Interrupt, 5 ms
Offset Field Size Value Description 
0 bLength 1 07h  
1 bDescriptorType 1 05h Endpoint 
2 bEndpointAddress 1 81h 1 In 
3 bmAttributes 1 03h Interrupt 
 1..0: Transfer Type  ......11  Interrupt 
 7..2: Reserved  000000..   
4 wMaxPacketSize 2 0040h 64 bytes 
6 bInterval 1 05h 5 ms

Jan Axelson · « **Reply #3 on:** January 19, 2019, 12:36:20 pm »

Endpoints 1 and 2 are interrupt endpoints.

ulao · « **Reply #4 on:** January 20, 2019, 09:29:16 am »

But I'm still confused on these points? If you share the confusion let me know if not let me know where I fall short of understanding.

1) I though a pid0 was required

2) If all I see is pid1 can I even catch that in my device (bmRequestType == 0x11?)?

3) In most implementation of USB for the device you catch incoming data with the control in. In this case its endpoint 2 with an address of 3. Will I need to work some sorcery with LUFA to get this to work. Not sure how much (if any) experience you have with LUFA.

4) I don't even think the descriptor allows this?
Endpoint Descriptor 02 2 Out, Interrupt, 5 ms
...
2 bEndpointAddress 1 02h 2 Out
I tried to change the address to 3 #define JOYSTICK_OUT_EPADDR (ENDPOINT_DIR_OUT | 3) but the endpoint also goes to 3.
Endpoint Descriptor 03 2 Out, Interrupt, 5 ms
...
2 bEndpointAddress 1 03h 3 Out
So I'm not even sure how you do that.
Or am I misunderstanding how this works, does the host assign any address it wants to the enpoint?

Jan Axelson · « **Reply #5 on:** January 20, 2019, 11:44:55 am »

In the descriptors you posted, it looks like endpoint 2 is an interrupt OUT endpoint and endpoint 1 is an interrrupt IN endpoint.

2 bEndpointAddress 1 02h 2 Out
3 bmAttributes 1 03h Interrupt

2 bEndpointAddress 1 81h 1 In
3 bmAttributes 1 03h Interrupt

The hardware usually manages the pids.

bmRequestType is only for control transfers.

ulao · « **Reply #6 on:** January 21, 2019, 07:35:03 am »

Ah!, sorry very good then, I need to set up for interrupts transfers. Don't see how to do that with LUFA but I'll keep searching.

PORTS Forum

News:

Author Topic: Anyone know what this is? (Read 5105 times)

ulao

Anyone know what this is?

Jan Axelson

Re: Anyone know what this is?

ulao

Re: Anyone know what this is?

Jan Axelson

Re: Anyone know what this is?

ulao

Re: Anyone know what this is?

Jan Axelson

Re: Anyone know what this is?

ulao

Re: Anyone know what this is?