Development of a User-Space Application for an HID Device, Using libhid
Snooping can be done with a number of utilities. This is where I learned about the discrepancies between what the Matrix documentation says and what actually happens:
[5037 ms] <<< URB 647 coming back <<< -- URB_FUNCTION_CONTROL_TRANSFER: PipeHandle = 8180c814 TransferFlags = 00000002 (DIRECTION_OUT) TransferBufferLength = 00000005 TransferBuffer = 92a137ed TransferBufferMDL = fe9876e8 UrbLink = 00000000 SetupPacket = 00000000: 21 09 00 02 00 00 05 00 [5038 ms] <<< URB 645 coming back <<< -- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER: PipeHandle = fe9876a0 [endpoint 0x81] TransferFlags = 00000003 (DIRECTION_IN) TransferBufferLength = 00000005 TransferBuffer = fefeef08 TransferBufferMDL = 81a18f48 00000000: 00 20 00 00 1a UrbLink = 00000000 [5038 ms] >>> URB 648 going down >>> -- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER: PipeHandle = fe9876a0 [endpoint 0x81] TransferFlags = 00000003 (DIRECTION_IN) TransferBufferLength = 00000005 TransferBuffer = fefeef08 TransferBufferMDL = 00000000 UrbLink = 00000000
From the snoop log, we see the control message sent to the device at the start, followed by a series of interrupt reads. According to the documentation, “The Host sends [a] poll to request information from Matrix at a periodic rate. Matrix answers to the poll and reports all the happening events.” So, my interpretation of this was to send periodic control write messages to the device and read the responses from the interrupt endpoint. Also according to the documentation, the format of the write message is five bytes in length, so with this information, I used the test_libhid.c file included with libhid to see what happens. I found that functions within libhid give error codes if they fail and that the /var/log/messages file, with the extra DEBUG information from the modified kernel file, reports useful errors.
Upon closer inspection of the snoop log, I saw that the control write was, in fact, eight bytes in length. See SetupPacket in snoop log output. The five bytes described in the documentation seemed to represent the first five bytes of the packet, and the last three bytes seemed to be padding. That is, changing these last three bytes doesn't seem to affect the operation. Subsequent error-free testing, with the packet set to eight bytes, confirmed that the documentation had been misleading.
In terms of where to start with this project, I found the mailing list for libhid to be helpful. The libusb mailing list also provided guidelines. The Linux usbutils are quite useful in determining what interfaces are available on the device and the meaning of the descriptors.
The libhid source code, still in constant development, also is a source of help. Because the code constantly is being developed, it is a good idea to keep an eye on the Subversion repository for changes, including documentation changes such as helpful comments in the code.
Special thanks to Charles Lepple and Arnaud Quette, the original authors of libhid, and also to Martin F. Krafft, who later joined and led the rewrite. They all provided me with a lot of help, and without them I certainly wouldn't have gotten my little light to go green.
Also, thanks to my supervisor, Dr Paul O'Leary, at WIT, for his encouragement and analytical skills. It always is good to have an experienced pair of eyes to guide me in the right direction.
libhid uses the HIDParser framework made available by MGE.
Resources for this article: /article/8275.
Eoin Verling (email@example.com) qualified in 1998 and has been a sysadmin since. He currently is undertaking a research Master's in parallel computing at Waterford Institute of Technology, Ireland. There's nothing he likes better than a bit of ceol agus craic!
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
- Optimization in GCC
- Using tshark to Watch and Inspect Network Traffic
- September 2015 Issue of Linux Journal: HOW-TOs
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python