Development of a User-Space Application for an HID Device, Using libhid
Snooping can be done with a number of utilities. This is where I learned about the discrepancies between what the Matrix documentation says and what actually happens:
[5037 ms] <<< URB 647 coming back <<< -- URB_FUNCTION_CONTROL_TRANSFER: PipeHandle = 8180c814 TransferFlags = 00000002 (DIRECTION_OUT) TransferBufferLength = 00000005 TransferBuffer = 92a137ed TransferBufferMDL = fe9876e8 UrbLink = 00000000 SetupPacket = 00000000: 21 09 00 02 00 00 05 00 [5038 ms] <<< URB 645 coming back <<< -- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER: PipeHandle = fe9876a0 [endpoint 0x81] TransferFlags = 00000003 (DIRECTION_IN) TransferBufferLength = 00000005 TransferBuffer = fefeef08 TransferBufferMDL = 81a18f48 00000000: 00 20 00 00 1a UrbLink = 00000000 [5038 ms] >>> URB 648 going down >>> -- URB_FUNCTION_BULK_OR_INTERRUPT_TRANSFER: PipeHandle = fe9876a0 [endpoint 0x81] TransferFlags = 00000003 (DIRECTION_IN) TransferBufferLength = 00000005 TransferBuffer = fefeef08 TransferBufferMDL = 00000000 UrbLink = 00000000
From the snoop log, we see the control message sent to the device at the start, followed by a series of interrupt reads. According to the documentation, “The Host sends [a] poll to request information from Matrix at a periodic rate. Matrix answers to the poll and reports all the happening events.” So, my interpretation of this was to send periodic control write messages to the device and read the responses from the interrupt endpoint. Also according to the documentation, the format of the write message is five bytes in length, so with this information, I used the test_libhid.c file included with libhid to see what happens. I found that functions within libhid give error codes if they fail and that the /var/log/messages file, with the extra DEBUG information from the modified kernel file, reports useful errors.
Upon closer inspection of the snoop log, I saw that the control write was, in fact, eight bytes in length. See SetupPacket in snoop log output. The five bytes described in the documentation seemed to represent the first five bytes of the packet, and the last three bytes seemed to be padding. That is, changing these last three bytes doesn't seem to affect the operation. Subsequent error-free testing, with the packet set to eight bytes, confirmed that the documentation had been misleading.
In terms of where to start with this project, I found the mailing list for libhid to be helpful. The libusb mailing list also provided guidelines. The Linux usbutils are quite useful in determining what interfaces are available on the device and the meaning of the descriptors.
The libhid source code, still in constant development, also is a source of help. Because the code constantly is being developed, it is a good idea to keep an eye on the Subversion repository for changes, including documentation changes such as helpful comments in the code.
Special thanks to Charles Lepple and Arnaud Quette, the original authors of libhid, and also to Martin F. Krafft, who later joined and led the rewrite. They all provided me with a lot of help, and without them I certainly wouldn't have gotten my little light to go green.
Also, thanks to my supervisor, Dr Paul O'Leary, at WIT, for his encouragement and analytical skills. It always is good to have an experienced pair of eyes to guide me in the right direction.
libhid uses the HIDParser framework made available by MGE.
Resources for this article: /article/8275.
Eoin Verling (email@example.com) qualified in 1998 and has been a sysadmin since. He currently is undertaking a research Master's in parallel computing at Waterford Institute of Technology, Ireland. There's nothing he likes better than a bit of ceol agus craic!
|Free Today: September Issue of Linux Journal (Retail value: $5.99)||Sep 27, 2016|
|nginx||Sep 27, 2016|
|Epiq Solutions' Sidekiq M.2||Sep 26, 2016|
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Android Browser Security--What You Haven't Been Told
- Epiq Solutions' Sidekiq M.2
- Downloading an Entire Web Site with wget
- The Many Paths to a Solution
- Identity: Our Last Stand
- Securing the Programmer
- Nativ Disc
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide