1 | /* $Id: tstPalmOne.c 98103 2023-01-17 14:15:46Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * USB PalmOne testcase
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox base platform packages, as
|
---|
10 | * available from https://www.virtualbox.org.
|
---|
11 | *
|
---|
12 | * This program is free software; you can redistribute it and/or
|
---|
13 | * modify it under the terms of the GNU General Public License
|
---|
14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
15 | * License.
|
---|
16 | *
|
---|
17 | * This program is distributed in the hope that it will be useful, but
|
---|
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
20 | * General Public License for more details.
|
---|
21 | *
|
---|
22 | * You should have received a copy of the GNU General Public License
|
---|
23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
24 | *
|
---|
25 | * SPDX-License-Identifier: GPL-3.0-only
|
---|
26 | */
|
---|
27 |
|
---|
28 | #include <sys/types.h>
|
---|
29 | #include <sys/stat.h>
|
---|
30 | #include <sys/vfs.h>
|
---|
31 | #include <sys/ioctl.h>
|
---|
32 | #include <sys/poll.h>
|
---|
33 | #include <stdint.h>
|
---|
34 | #include <stdio.h>
|
---|
35 | #include <string.h>
|
---|
36 | #include <stdlib.h>
|
---|
37 | #include <limits.h>
|
---|
38 | #include <unistd.h>
|
---|
39 | #include <fcntl.h>
|
---|
40 | #include <errno.h>
|
---|
41 | #include <linux/usbdevice_fs.h>
|
---|
42 |
|
---|
43 |
|
---|
44 | /** @name USB Control message recipient codes (from spec)
|
---|
45 | * @{ */
|
---|
46 | #define VUSB_TO_DEVICE 0x0
|
---|
47 | #define VUSB_TO_INTERFACE 0x1
|
---|
48 | #define VUSB_TO_ENDPOINT 0x2
|
---|
49 | #define VUSB_TO_OTHER 0x3
|
---|
50 | #define VUSB_RECIP_MASK 0x1f
|
---|
51 | /** @} */
|
---|
52 |
|
---|
53 | /** @name USB control pipe setup packet structure (from spec)
|
---|
54 | * @{ */
|
---|
55 | #define VUSB_REQ_SHIFT (5)
|
---|
56 | #define VUSB_REQ_STANDARD (0x0 << VUSB_REQ_SHIFT)
|
---|
57 | #define VUSB_REQ_CLASS (0x1 << VUSB_REQ_SHIFT)
|
---|
58 | #define VUSB_REQ_VENDOR (0x2 << VUSB_REQ_SHIFT)
|
---|
59 | #define VUSB_REQ_RESERVED (0x3 << VUSB_REQ_SHIFT)
|
---|
60 | #define VUSB_REQ_MASK (0x3 << VUSB_REQ_SHIFT)
|
---|
61 | /** @} */
|
---|
62 |
|
---|
63 | #define VUSB_DIR_TO_HOST 0x80
|
---|
64 | typedef struct vusb_setup
|
---|
65 | {
|
---|
66 | uint8_t bmRequestType;
|
---|
67 | uint8_t bRequest;
|
---|
68 | uint16_t wValue;
|
---|
69 | uint16_t wIndex;
|
---|
70 | uint16_t wLength;
|
---|
71 | } VUSBSETUP, *PVUSBSETUP;
|
---|
72 | typedef const VUSBSETUP *PCVUSBSETUP;
|
---|
73 |
|
---|
74 |
|
---|
75 | int g_fd;
|
---|
76 |
|
---|
77 | int bitch(const char *pszMsg)
|
---|
78 | {
|
---|
79 | printf("failure: %s: %d %s\n", pszMsg, errno, strerror(errno));
|
---|
80 | return 1;
|
---|
81 | }
|
---|
82 |
|
---|
83 | void hex(const void *pv, ssize_t cb, const char *pszWhat)
|
---|
84 | {
|
---|
85 | printf("%s: cb=%d\n", pszWhat, cb);
|
---|
86 | unsigned char *pb = (unsigned char *)pv;
|
---|
87 | int cch = 0;
|
---|
88 | int off = 0;
|
---|
89 | int cchPrecision = 16;
|
---|
90 | while (off < cb)
|
---|
91 | {
|
---|
92 | int i;
|
---|
93 | printf("%s%0*x %04x:", off ? "\n" : "", sizeof(pb) * 2, (uintptr_t)pb, off);
|
---|
94 |
|
---|
95 | for (i = 0; i < cchPrecision && off + i < cb; i++)
|
---|
96 | printf(off + i < cb ? !(i & 7) && i ? "-%02x" : " %02x" : " ", pb[i]);
|
---|
97 | while (i++ < cchPrecision)
|
---|
98 | printf(" ");
|
---|
99 | printf(" ");
|
---|
100 | for (i = 0; i < cchPrecision && off + i < cb; i++)
|
---|
101 | {
|
---|
102 | uint8_t u8 = pb[i];
|
---|
103 | fputc(u8 < 127 && u8 >= 32 ? u8 : '.', stdout);
|
---|
104 | }
|
---|
105 |
|
---|
106 | /* next */
|
---|
107 | pb += cchPrecision;
|
---|
108 | off += cchPrecision;
|
---|
109 | }
|
---|
110 | printf("\n");
|
---|
111 | }
|
---|
112 |
|
---|
113 | int doioctl(int iCmd, void *pvData, const char *pszWho)
|
---|
114 | {
|
---|
115 | int rc;
|
---|
116 | do
|
---|
117 | {
|
---|
118 | errno = 0;
|
---|
119 | rc = ioctl(g_fd, iCmd, pvData);
|
---|
120 |
|
---|
121 | } while (rc && errno == EAGAIN);
|
---|
122 | if (rc)
|
---|
123 | printf("doioctl: %s: iCmd=%#x errno=%d %s\n", pszWho, iCmd, errno, strerror(errno));
|
---|
124 | else
|
---|
125 | printf("doioctl: %s: iCmd=%#x ok\n", pszWho, iCmd);
|
---|
126 | return rc;
|
---|
127 | }
|
---|
128 |
|
---|
129 | int dobulk(int EndPt, void *pvBuf, size_t cbBuf, const char *pszWho)
|
---|
130 | {
|
---|
131 | #if 0
|
---|
132 | struct usbdevfs_urb KUrb = {0};
|
---|
133 | KUrb.type = USBDEVFS_URB_TYPE_BULK;
|
---|
134 | KUrb.endpoint = EndPt;
|
---|
135 | KUrb.buffer = pvBuf;
|
---|
136 | KUrb.buffer_length = cbBuf;
|
---|
137 | KUrb.actual_length = 0; //cbBuf
|
---|
138 | KUrb.flags = 0; /* ISO_ASAP/SHORT_NOT_OK */
|
---|
139 | if (!doioctl(USBDEVFS_SUBMITURB, &KUrb, pszWho))
|
---|
140 | {
|
---|
141 | struct usbdevfs_urb *pKUrb = NULL;
|
---|
142 | if (!doioctl(USBDEVFS_REAPURB, &pKUrb, pszWho)
|
---|
143 | && pKUrb == &KUrb)
|
---|
144 | return KUrb.actual_length;
|
---|
145 | }
|
---|
146 | return -1;
|
---|
147 | #else
|
---|
148 | struct usbdevfs_bulktransfer BulkMsg = {0};
|
---|
149 |
|
---|
150 | BulkMsg.ep = EndPt;
|
---|
151 | BulkMsg.timeout = 1000;
|
---|
152 | BulkMsg.len = cbBuf;
|
---|
153 | BulkMsg.data = pvBuf;
|
---|
154 | int rc = doioctl(USBDEVFS_BULK, &BulkMsg, pszWho);
|
---|
155 | // printf("rc=%d BulkMsg.len=%d cbBuf=%d\n", rc, BulkMsg.len, cbBuf);
|
---|
156 | if (rc >= 0)
|
---|
157 | return rc;
|
---|
158 | return -1;
|
---|
159 | #endif
|
---|
160 | }
|
---|
161 |
|
---|
162 | int send_bulk(int EndPt, void *pvBuf, size_t cbBuf)
|
---|
163 | {
|
---|
164 | return dobulk(EndPt, pvBuf, cbBuf, "send_bulk");
|
---|
165 | }
|
---|
166 |
|
---|
167 | int recv_bulk(int EndPt, void *pvBuf, size_t cbBuf)
|
---|
168 | {
|
---|
169 | int cb = dobulk(EndPt | 0x80, pvBuf, cbBuf, "recv_bulk");
|
---|
170 | if (cb > 0)
|
---|
171 | printf("cb=%d\n", cb);
|
---|
172 | return cb;
|
---|
173 | }
|
---|
174 |
|
---|
175 | int doctrl(uint8_t bmRequestType, uint8_t bRequest, uint16_t wValue, uint16_t wIndex, uint16_t wLength,
|
---|
176 | void *pvBuf, const char *pszWho)
|
---|
177 | {
|
---|
178 | #if 0
|
---|
179 | struct usbdevfs_urb KUrb = {0};
|
---|
180 | KUrb.type = USBDEVFS_URB_TYPE_BULK;
|
---|
181 | KUrb.endpoint = EndPt;
|
---|
182 | KUrb.buffer = pvBuf;
|
---|
183 | KUrb.buffer_length = cbBuf;
|
---|
184 | KUrb.actual_length = 0; //cbBuf
|
---|
185 | KUrb.flags = 0; /* ISO_ASAP/SHORT_NOT_OK */
|
---|
186 | if (!doioctl(USBDEVFS_SUBMITURB, &KUrb, pszWho))
|
---|
187 | {
|
---|
188 | struct usbdevfs_urb *pKUrb = NULL;
|
---|
189 | if (!doioctl(USBDEVFS_REAPURB, &pKUrb, pszWho)
|
---|
190 | && pKUrb == &KUrb)
|
---|
191 | return KUrb.actual_length;
|
---|
192 | }
|
---|
193 | return -1;
|
---|
194 | #else
|
---|
195 | struct usbdevfs_ctrltransfer CtrlMsg = {0};
|
---|
196 |
|
---|
197 | CtrlMsg.bRequestType = bmRequestType;
|
---|
198 | CtrlMsg.bRequest = bRequest;
|
---|
199 | CtrlMsg.wValue = wValue;
|
---|
200 | CtrlMsg.wLength = wLength;
|
---|
201 | CtrlMsg.timeout = 1000;
|
---|
202 | CtrlMsg.data = pvBuf;
|
---|
203 |
|
---|
204 | int rc = doioctl(USBDEVFS_CONTROL, &CtrlMsg, pszWho);
|
---|
205 | printf("rc=%d CtrlMsg.wLength=%d\n", rc, CtrlMsg.wLength);
|
---|
206 | if (rc >= 0)
|
---|
207 | return rc;
|
---|
208 | return -1;
|
---|
209 | #endif
|
---|
210 | }
|
---|
211 |
|
---|
212 | static int claim_if(int iIf)
|
---|
213 | {
|
---|
214 | return doioctl(USBDEVFS_CLAIMINTERFACE, &iIf, "claim_if");
|
---|
215 | }
|
---|
216 |
|
---|
217 | static int usb_set_connected(int ifnum, int conn)
|
---|
218 | {
|
---|
219 | struct usbdevfs_ioctl io;
|
---|
220 | io.ifno = ifnum;
|
---|
221 | io.ioctl_code = (conn) ? USBDEVFS_CONNECT : USBDEVFS_DISCONNECT;
|
---|
222 | io.data = NULL;
|
---|
223 | return doioctl(USBDEVFS_IOCTL, &io, "set_connected");
|
---|
224 | }
|
---|
225 |
|
---|
226 | static int set_config(int iCfg)
|
---|
227 | {
|
---|
228 | return doioctl(USBDEVFS_SETCONFIGURATION, &iCfg, "set_config");
|
---|
229 | }
|
---|
230 |
|
---|
231 | static int set_interface(int iIf, int iAlt)
|
---|
232 | {
|
---|
233 | struct usbdevfs_setinterface SetIf = {0};
|
---|
234 | SetIf.interface = iIf;
|
---|
235 | SetIf.altsetting = iAlt;
|
---|
236 | return doioctl(USBDEVFS_SETINTERFACE, &SetIf, "set_interface");
|
---|
237 | }
|
---|
238 |
|
---|
239 | /* can be exploited to check if there is an active config. */
|
---|
240 | static int reset_ep(int EndPt)
|
---|
241 | {
|
---|
242 | return doioctl(USBDEVFS_RESETEP, &EndPt, "reset_ep");
|
---|
243 | }
|
---|
244 |
|
---|
245 |
|
---|
246 | static void msd()
|
---|
247 | {
|
---|
248 | #if 1
|
---|
249 | unsigned InEndPt = 1;
|
---|
250 | unsigned OutEndPt = 1;
|
---|
251 | #else
|
---|
252 | unsigned InEndPt = 1;
|
---|
253 | unsigned OutEndPt = 2;
|
---|
254 | #endif
|
---|
255 | unsigned char abBuf[512];
|
---|
256 | int i;
|
---|
257 |
|
---|
258 | // set_config(1); - the culprit
|
---|
259 | set_interface(0, 0);
|
---|
260 |
|
---|
261 | #if 0
|
---|
262 | /* Send an Get Max LUN request */
|
---|
263 | abBuf[0] = 0;
|
---|
264 | if (doctrl(VUSB_DIR_TO_HOST | VUSB_REQ_CLASS | VUSB_TO_INTERFACE,
|
---|
265 | 0xfe /* max lun */, 0, 1, 1, abBuf, "get max lun") >= 0)
|
---|
266 | printf("max luns: %d\n", abBuf[0]);
|
---|
267 | #endif
|
---|
268 |
|
---|
269 | for (i = 0; i < 3; i++)
|
---|
270 | {
|
---|
271 | printf("i=%d\n", i);
|
---|
272 |
|
---|
273 | /* Send an INQUIRY command to ep 2 */
|
---|
274 | memset(abBuf, 0, sizeof(abBuf));
|
---|
275 | memcpy(abBuf, "USBC", 4);
|
---|
276 | *(uint32_t *)(&abBuf[4]) = 0x12330984 ;
|
---|
277 | //abBuf[8] = 0x08;
|
---|
278 | abBuf[8] = 0x24;
|
---|
279 | abBuf[0xc] = 0x80;
|
---|
280 | abBuf[0xe] = 0x06; /* cmd length */
|
---|
281 | abBuf[0x0f] = 0x12; /* cmd - INQUIRY */
|
---|
282 | abBuf[0x13] = 0x24;
|
---|
283 |
|
---|
284 | hex(abBuf, 31, "intquery req");
|
---|
285 | if (send_bulk(OutEndPt, abBuf, 31) < 0)
|
---|
286 | return;
|
---|
287 | //usleep(15000);
|
---|
288 |
|
---|
289 | /* read result */
|
---|
290 | memset(abBuf, 0, sizeof(abBuf));
|
---|
291 | //printf("recv..\n");
|
---|
292 | int cb = recv_bulk(InEndPt, abBuf, 36);
|
---|
293 | hex(abBuf, cb, "inquiry result");
|
---|
294 |
|
---|
295 | /* sense? */
|
---|
296 | memset(abBuf, 0, sizeof(abBuf));
|
---|
297 | cb = recv_bulk(InEndPt, abBuf, 36);
|
---|
298 | hex(abBuf, cb, "inquiry sense?");
|
---|
299 | usleep(150000);
|
---|
300 | }
|
---|
301 | }
|
---|
302 |
|
---|
303 | void palm(void)
|
---|
304 | {
|
---|
305 | // set_config(1); //skip this
|
---|
306 | // reset_ep(6);
|
---|
307 |
|
---|
308 | /* This seems to be some kind of 'identify device' request. */
|
---|
309 | uint8_t abVendor[0x14] = {0};
|
---|
310 | int cb = doctrl(VUSB_DIR_TO_HOST | VUSB_REQ_VENDOR | VUSB_TO_ENDPOINT,
|
---|
311 | 0x04, 0, 0, 0x14, abVendor, "vendor req");
|
---|
312 | hex(abVendor, cb, "palm vendor req");
|
---|
313 |
|
---|
314 | /* read from ep 6. */
|
---|
315 | uint8_t abBuf[512];
|
---|
316 | memset(abBuf, 0, sizeof(abBuf));
|
---|
317 | cb = recv_bulk(6, abBuf, 6);
|
---|
318 | hex(abBuf, cb, "bulk 1");
|
---|
319 |
|
---|
320 | /* read from ep 6. */
|
---|
321 | memset(abBuf, 0, sizeof(abBuf));
|
---|
322 | cb = recv_bulk(6, abBuf, 22);
|
---|
323 | hex(abBuf, cb, "bulk 2");
|
---|
324 |
|
---|
325 | #if 0
|
---|
326 | /* write to ep 6 */
|
---|
327 | memset(abBuf, 0, sizeof(abBuf));
|
---|
328 | abBuf[0] = 1;
|
---|
329 | abBuf[1] = 2;
|
---|
330 | abBuf[5] = 0x32;
|
---|
331 | if (send_bulk(7, abBuf, 6) < 0)
|
---|
332 | return;
|
---|
333 |
|
---|
334 | memset(abBuf, 0, sizeof(abBuf));
|
---|
335 | abBuf[0] = 0x12;
|
---|
336 | abBuf[1] = 1;
|
---|
337 | if (send_bulk(7, abBuf, 8) < 0)
|
---|
338 | return;
|
---|
339 |
|
---|
340 | memset(abBuf, 0, sizeof(abBuf));
|
---|
341 | abBuf[1] = 0x20;
|
---|
342 | abBuf[6] = 0x24;
|
---|
343 | if (send_bulk(7, abBuf, 6) < 0)
|
---|
344 | return;
|
---|
345 |
|
---|
346 | memset(abBuf, 0, sizeof(abBuf));
|
---|
347 | abBuf[0] = 0xff;
|
---|
348 | abBuf[1] = 0xff;
|
---|
349 | abBuf[2] = 0xff;
|
---|
350 | abBuf[3] = 0xff;
|
---|
351 | abBuf[4] = 0x3c;
|
---|
352 | abBuf[6] = 0x3c;
|
---|
353 | abBuf[0x0f] = 1;
|
---|
354 | abBuf[0x11] = 0x10;
|
---|
355 | abBuf[0x15] = 0x10;
|
---|
356 | abBuf[0x18] = 0x3c;
|
---|
357 | abBuf[0x1a] = 0x3c;
|
---|
358 | if (send_bulk(7, abBuf, 0x24) < 0)
|
---|
359 | return;
|
---|
360 |
|
---|
361 | /* read from ep 6 */
|
---|
362 | memset(abBuf, 0, sizeof(abBuf));
|
---|
363 | cb = recv_bulk(6, abBuf, 64);
|
---|
364 | hex(abBuf, cb, "bulk 3");
|
---|
365 |
|
---|
366 | /* read from ep 6. */
|
---|
367 | memset(abBuf, 0, sizeof(abBuf));
|
---|
368 | cb = recv_bulk(6, abBuf, 50);
|
---|
369 | hex(abBuf, cb, "bulk 4");
|
---|
370 | #endif
|
---|
371 | }
|
---|
372 |
|
---|
373 | int reset(void)
|
---|
374 | {
|
---|
375 | int i = 0;
|
---|
376 | printf("resetting...\n");
|
---|
377 | return doioctl(USBDEVFS_RESET, &i, "reset");
|
---|
378 | }
|
---|
379 |
|
---|
380 | int main(int argc, char **argv)
|
---|
381 | {
|
---|
382 | g_fd = open(argv[1], O_RDWR);
|
---|
383 | if (errno == ENOENT && g_fd < 0)
|
---|
384 | {
|
---|
385 | int i;
|
---|
386 | for (i = 0; i < 120; i++)
|
---|
387 | {
|
---|
388 | g_fd = open(argv[1], O_RDWR);
|
---|
389 | if (g_fd >= 0)
|
---|
390 | break;
|
---|
391 | printf("."); fflush(stdout);
|
---|
392 | usleep(500000);
|
---|
393 | }
|
---|
394 | printf("\n");
|
---|
395 | }
|
---|
396 | if (g_fd < 0)
|
---|
397 | return bitch("open");
|
---|
398 |
|
---|
399 | // reset();
|
---|
400 | // set_config(0);
|
---|
401 | // set_config(1);
|
---|
402 |
|
---|
403 | usb_set_connected(0, 1);
|
---|
404 | claim_if(0);
|
---|
405 |
|
---|
406 | #if 0
|
---|
407 | msd();
|
---|
408 | #else
|
---|
409 | palm();
|
---|
410 | #endif
|
---|
411 | return 0;
|
---|
412 | }
|
---|