I need to reverse engineer a driver for custom made HID USB device (some buttons and leds on an control panel). The driver is only available on Windows and we need a *nix implementation.
The device apparently is a HID device although not of a particular class. It provides two interfaces each with a single interrupt endpoint.
My setup currently involves a VirtualBox running Windows on a Ubuntu host to capture the USB traffic via Wireshark. The protocol is rather simple and I already gained a rather good understanding.
I am using libusb-1.0 in a simple C++ console program for prototyping. I already managed to toggle LEDs by issuing a SET_REPORT control transfer but struggle in receiving button presses via interrupt in transfers.
In fact the following call blocks forever:
unsigned char bytes[8] = { 0 };
int len = 0;
int ret = libusb_interrupt_transfer(handle, 0x81, bytes, 8, &len, 0);
When inspecting the resulting URB in Wireshark it looks exactly like the equivalent captured at the Windows session. Still I never get a reply from the device.
I fell I am missing some setting. Note that the device is properly opened and both interfaces provided by the device have been sucessfully claimed. Input reports by means of control transfers are coming trough, even in my linux application.
Thanks for any pointer! Arne
Addendum I:
I am wondering how am I supposed to specify which report id I want to receive when using libusb_interrupt_transfer()
?
Addendum II: When comparing the requests made by the windows driver to the one generated by the above code in Wireshark I don't see any difference (same values in URB). But still, only when issued by the Windows driver the interrupt transfer returns.
When inspecting the Windows driver communication in Wireshark I dont see any control transfers other than various GET_DESCRIPTOR(...)
. Most important: no SET_INTERFACE
or SET_CONFIGURATION
Thus I suspect the problem is related to the library or how I use it and is not related to the device.
Usage Buttons
. – Basculelibusb_interrupt_transfer
were blocking forever, even though I had set a timeout for 500ms. But when my simple driver hung up after I commented out that line; So I inserted some debug-prints here and there and found out thatlibusb_open
locks up forever, no matter which device I issued it on. Dammit, should it really need to be this hard to getint x,y,pressure,button_state;
from a digital pen tablet? Seriously, that's overkill :) – Trussing