Chinaunix首页 | 论坛 | 博客

梦想失落乐园

首页 |  博文目录 |  关于我

q77190858

  • 博客访问: 123424
  • 博文数量: 16
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 222
  • 用 户 组: 普通用户
  • 注册时间: 2014-07-23 22:32
个人简介

这个博客已经停止更新,请访问blog.mxslly.com

文章分类

全部博文(16)

文章存档

2018年(4)

2016年(3)

2015年(8)

2014年(1)

我的朋友
最近访客
推荐博文
相关博文
抓取4G、3G的USB上网卡的messagecontent

分类: LINUX

2015-09-01 20:38:32

经过几天的努力,终于成功抓取并且分析出来了我的4G无线上网卡的Messagecontent,很高兴,和大家分享下

为了让3G4G上网卡、终端能够在Ubuntu下使用,互联网上的教程大概都是说要不在制造商网站下载linux下的驱动,要不用usb-modeswitch进行模式切换。可惜的是我用的这一款MF832S没有linux的驱动,于是我只能用usb-modeswitch来进行模式切换了
然而我查了一下由于这个设备比较新,连usb-modeswitch都没有它的资料,没办法,只能自己抓包了。由于网上没有详细的教程,这个过程中遇到了很多的坑,所以把我的经验写下来

我用的是win7x64不支持snifferUSB,我用的是Device Monitoring Studio 7.21,只有15天的试用期,不知道有没有破解版的,反正能用就行


选择Next connected device(就是下一个连接的设备),右键选择start monitoring(抓包)

视图选择只要选一个URB视图就可以了,当然你选一个RAW原始数据视图也可以。然后点击开始就会开始监视USB口,只要检测到第一个新连接的设备就会开始抓包
插上4G终端,就会抓到一系列的usb数据

所有的数据如下
点击(此处)折叠或打开
  1. 000000: PnP Event: Device Connected (UP), 01.09.2015 20:17:29.678 (1. Device: Unknown)
  2. The USB device has just been connected to the system.
  3. 000001: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.678 +0.0 (1. Device: Unknown)
  4. Descriptor Type: Device
  5. Descriptor Index: 0x0
  6. Transfer Buffer Size: 0x12 bytes
  7. 000002: Control Transfer (UP), 01.09.2015 20:17:29.679 +0.001. (1. Device: Unknown) Status: 0x00000000
  8. Pipe Handle: Control Pipe
  9. 12 01 00 02 EF 02 01 40 D2 19 98 01 00 01 01 02 ....?.@??......0
  10. 03 02 0
  11. Setup Packet
  12. 80 06 00 01 00 00 12 00 ?.......
  13. Recipient: Device
  14. Request Type: Standard
  15. Direction: Device->Host
  16. Request: 0x6 (GET_DESCRIPTOR)
  17. Value: 0x100
  18. Index: 0x0
  19. Length: 0x12
  20. 000003: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.679 +0.0 (1. Device: Unknown)
  21. Descriptor Type: Configuration
  22. Descriptor Index: 0x0
  23. Transfer Buffer Size: 0x9 bytes
  26. 000004: Control Transfer (UP), 01.09.2015 20:17:29.680 +0.001. (1. Device: Unknown) Status: 0x00000000
  27. Pipe Handle: Control Pipe
  28. 09 02 20 00 01 01 00 A0 FA .. ....狕.
  29. Setup Packet
  30. 80 06 00 02 00 00 09 00 ?.......
  31. Recipient: Device
  32. Request Type: Standard
  33. Direction: Device->Host
  34. Request: 0x6 (GET_DESCRIPTOR)
  35. Value: 0x200
  36. Index: 0x0
  37. Length: 0x9
  39. 000005: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.680 +0.0 (1. Device: Unknown)
  40. Descriptor Type: Configuration
  41. Descriptor Index: 0x0
  42. Transfer Buffer Size: 0x20 bytes
  45. 000006: Control Transfer (UP), 01.09.2015 20:17:29.681 +0.001. (1. Device: Unknown) Status: 0x00000000
  46. Pipe Handle: Control Pipe
  47. 09 02 20 00 01 01 00 A0 FA 09 04 00 00 02 08 06 .. ....狕........
  48. 50 04 07 05 86 02 00 02 00 07 05 06 02 00 02 00 P...?...R.......
  50. Setup Packet
  51. 80 06 00 02 00 00 20 00 ?..... .
  52. Recipient: Device
  53. Request Type: Standard
  54. Direction: Device->Host
  55. Request: 0x6 (GET_DESCRIPTOR)
  56. Value: 0x200
  57. Index: 0x0
  58. Length: 0x20
  59. 000007: Select Configuration (DOWN), 01.09.2015 20:17:29.681 +0.0 (1. Device: Unknown)
  60. Configuration Index: 1
  62. 000008: Select Configuration (UP), 01.09.2015 20:17:29.708 +0.0. (1. Device: Unknown) Status: 0x00000000
  63. Configuration Index: 1
  64. Configuration Handle: 0x986b370
  65. 000009: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.710 +0.002 (1. Device: Unknown)
  66. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  67. Send 0x1f bytes to the device
  68. 55 53 42 43 00 00 00 00 24 00 00 00 80 00 06 12 USBC....$...?...
  69. 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 ...$...........
  71. 000012: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  72. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  73. Get 0x24 bytes from the device
  74. 05 80 00 02 1F 00 00 00 5A 54 45 00 00 00 00 00 .?......ZTE.....
  75. 43 44 52 4F 4D 00 00 00 00 00 00 00 00 00 00 00 CDROM...........
  76. 31 2E 30 00 1.0.
  78. 000014: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  79. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  80. Get 0xd bytes from the device
  81. 55 53 42 53 00 00 00 00 00 00 00 00 00 USBS.........
  83. 000015: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.711 +0.0 (1. Device: Unknown)
  84. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  85. Send 0x1f bytes to the device
  86. 55 53 42 43 01 00 00 00 00 00 00 00 00 00 06 00 USBC............
  87. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
  89. 000018: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.712 +0.0. (1. Device: Unknown) Status: 0x00000000
  90. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  91. Get 0xd bytes from the device
  92. 55 53 42 53 01 00 00 00 00 00 00 00 01 USBS.........
  94. 000019: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.719 +0.007 (1. Device: Unknown)
  95. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  96. Send 0x1f bytes to the device
  97. 55 53 42 43 03 00 00 00 12 00 00 00 80 00 0C 03 USBC........?...
  98. 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 ...............
  100. 000022: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.723 +0.0. (1. Device: Unknown) Status: 0x00000000
  101. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  102. Get 0x12 bytes from the device
  103. 70 00 06 00 00 00 00 0A 00 00 00 00 28 00 00 00 p...........(...
  104. 00 00 ..
  106. 000024: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.723 +0.0. (1. Device: Unknown) Status: 0x00000000
  107. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  108. Get 0xd bytes from the device
  109. 55 53 42 53 03 00 00 00 00 00 00 00 00 USBS.........
  111. 000025: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.724 +0.001 (1. Device: Unknown)
  112. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  113. Send 0x1f bytes to the device
  114. 55 53 42 43 02 00 00 00 00 00 00 00 00 00 06 1B USBC............
  115. 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ...............
  117. 000028: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.724 +0.0. (1. Device: Unknown) Status: 0x00000000
  118. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  119. Get 0xd bytes from the device
  120. 55 53 42 53 02 00 00 00 00 00 00 00 00 USBS.........
  122. 000029: PnP Event: Surprise Removal (UP), 01.09.2015 20:17:29.850 +0.126 (1. Device: Unknown)
  123. The USB device has just been disconnected from the system.
  125. 000030: PnP Event: Device Disconnected (UP), 01.09.2015 20:17:29.856 +0.006 (1. Device: Unknown)
  126. The USB device has just been removed from the system, all drivers unloaded.
我们着重分析55 53 42 43 开头的31字节的数据,我们知道这就是messagecontent的内容(就是以ANSCII码"USBC"开头的数据)。然而问题是怎么这么多的USBC开头的数据,究竟哪个是

点击(此处)折叠或打开

  1. )
  2. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  3. Send 0x1f bytes to the device
  4. 55 53 42 43 00 00 00 00 24 00 00 00 80 00 06 12 USBC....$...?...
  5. 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 ...$...........
  6. 000012: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  7. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  8. Get 0x24 bytes from the device
  9. 05 80 00 02 1F 00 00 00 5A 54 45 00 00 00 00 00 .?......ZTE.....
  10. 43 44 52 4F 4D 00 00 00 00 00 00 00 00 00 00 00 CDROM...........
  11. 31 2E 30 00 1.0.
  12. 000014: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  13. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  14. Get 0xd bytes from the device
  15. 55 53 42 53 00 00 00 00 00 00 00 00 00 USBS.........
  17. 000015: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.711 +0.0 (1. Device: Unknown)
应该是最后一个USBC才是真正的messagecontent,我猜的。
前几个messagecontent可能是网卡驱动做的几次尝试,因为我们知道一款驱动软件往往支持好几个3G终端的硬件型号,它也不知道插上来的是哪个型号的终端,于是就一个一个试,那么应该就是
 55 53 42 43 02 00 00 00 00 00 00 00 00 00 06 1B   USBC............
 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00      ...............
这个就是真的messagecontent了,放到ubuntu下的usb-modeswitch下试了试
把TargetVerderID,TargetProductID和messagecontent加入到/etc/usb-modeswitch.conf下
点击(此处)折叠或打开
  1. sudo usb_modeswitch -W -c /etc/usb_modeswitch.conf -I
就会发现3G终端模式已经成功转化了!

然后自然就是登陆usb-modeswitch的论坛,告诉大家这个喜讯了



阅读(4845) | 评论(0) | 转发(0) |
0

上一篇:树莓派2B利用SPI驱动OLED

下一篇:怎样把cyanogenmod移植到你自己的设备

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6