Bus Hound的简单介绍
Bus Hound是一款在pc上就可以抓包的usb辅助工具,做usb开始手头没有专用抓包工具时可以偶尔一用。
这里把几个需要注意的地方:
1.自动检测设备的插入拔出
Devices->Auto select host plugged devices
2.设置抓包的长度和缓冲大小
Settings ->Limits->Capture Capacity
Settings ->Limits->Max Record Length
3.这里可以设置启动和停止
Capture->Run
Capture->Stop
4.点击保存可以导出数据
5.抓取分析的一段数据
Bus Hound 6.01 capture on Windows Vista (x86). Complements of www.perisoft.net
333
Device - Device ID (followed by the endpoint for USB devices)
(23) USB 大容量存储设备
(24) hp v229g [ROM=1100]
(25) USB Composite Device
(26) USB 输入设备
(27) USB 输入设备
(28) HID Keyboard Device
(29) 符合 HID 标准的用户控制设备
(30) HID-compliant device
(31) 符合 HID 标准的用户控制设备
(32) USB Composite Device
(33) Webcam C170
(34) Webcam C170
Phase - Phase Type
CTL USB control transfer
IN Data in transfer
OUT Data out transfer
Data - Hex dump of the data transferred
Descr - Description of the phase
Cmd... - Position in the captured data
Device Phase Data Description Cmd.Phase.Ofs(rep)
------ ----- -------------------------------------------------- ---------------- ------------------
25.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 1.1.0
//requesttype 0x80:设备到主机,标准请求,请求对象是设备
//request 0x06:获取设备描述符
//value 0x0100:小端模式,索引号0,获取设备描述符01
//index 0x0000:小端模式,
//length 0x0012:小端模式,获取18个字节
25.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 1.2.0
00 01 .. 1.2.16
//bLength 0x12:描述符长度
//bDescriptorType 0x01:设备描述符
//bcdUSB 0x0110:usb1.1
//bDeviceClass 0x00:类代码
//bDeviceSubClass 0x00:子类代码
//bDeviceProtocol 0x00:设备使用的协议
//bMaxPacketSize0 0x08:端点0的最大包长
//idVendor 0x046d:厂商ID
//idProduct 0xc31c:产品ID
//bcdDevice 0x6400:设备版本号
//iManufacturer 0x01:厂商字符串索引值
//iProduct 0x02:产品字符串索引值
//iSerialNumber 0x00:序列号,无序列号索引字符串
//bNumConfigurations0x01:一种配置
25.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 2.1.0
//获取9个字节的配置描述符
25.0 IN 09 02 3b 00 02 01 03 a0 2d ..;.....- 2.2.0
//bLength 长度为9
//bDescriptorType 类型为配置描述符02
//wTotalLength 总长度为59
//bNumInterfaces 接口数2
//bConfigurationValue 配置值1
//iConfiguration 字符串索引3
//bmAttributes 总线供电,支持远程唤醒
//MaxPower 45*2mA
25.0 CTL 80 06 00 02 00 00 3b 00 GET DESCRIPTOR 3.1.0
//获取59个字节的配置描述符
25.0 IN 09 02 3b 00 02 01 03 a0 2d 09 04 00 00 01 03 01 ..;.....-....... 3.2.0
01 02 09 21 10 01 00 01 22 41 00 07 05 81 03 08 ...!...."A...... 3.2.16
00 0a 09 04 01 00 01 03 00 00 02 09 21 10 01 00 ............!... 3.2.32
01 22 9f 00 07 05 82 03 04 00 ff ."......... 3.2.48
//09 02 3b 00 02 01 03 a0 2d配置描述符
//09 04 00 00 01 03 01 01 02 接口描述符
//长度0x09 接口描述符类型0x04 该接口编号0 该接口备用编号0 使用端点数1 接口类3 接口子类1 协议1 字符串索引2
//09 21 10 01 00 01 22 41 00 HID描述符
//长度0x09 HID描述符类型0x21 HID协议版本0x0110 国家代码00 下级描述符数量01 下级描述符类型0x22(报告描述符) 下级描述符长度0x41
//07 05 81 03 08 00 0a端点描述符
//长度为07 类型为05端点描述符 端点地址为1方向为输入 最大包长为08 查询间隔10
//09 04 01 00 01 03 00 00 02 接口描述符
//长度0x09 接口描述符类型0x04 该接口编号1 该接口备用编号0 使用端点数1 接口类3 接口子类0 协议0 字符串索引2
//09 21 10 01 00 01 22 9f 00
//长度0x09 HID描述符类型0x21 HID协议版本0x0110 国家代码00 下级描述符数量01 下级描述符类型0x22(报告描述符) 下级描述符长度0x9f
//07 05 82 03 04 00 ff
//长度为07 类型为05端点描述符 端点地址为2方向为输入 最大包长为04 查询间隔ff
25.0 CTL 81 06 00 22 00 00 00 04 GET DESCRIPTOR 4.1.0
//获取4个字节的HID描述符
25.0 IN 05 01 09 06 a1 01 05 07 19 e0 29 e7 15 00 25 01 ..........)...%. 4.2.0
75 01 95 08 81 02 95 01 75 08 81 01 95 05 75 01 u.......u.....u. 4.2.16
05 08 19 01 29 05 91 02 95 01 75 03 91 01 95 06 ....).....u..... 4.2.32
75 08 15 00 26 ff 00 05 07 19 00 2a ff 00 81 00 u...&......*.... 4.2.48
c0 . 4.2.64
//65字节的HID Report描述符
//0x 5,0x 1// USAGE_PAGE (Generic Desktop)
//0x 9,0x 6// USAGE(Keyboard)
//0xa1,0x 1// COLLECTION (Application)
//0x 5,0x 7// USAGE_PAGE (Keyboard/keypad)
//0x19,0x e0//USAGE_MINIMUM// USAGE(See the spec)
//0x29,0x e7//USAGE_MAXIMUM// USAGE(See the spec)
//0x15,0x 0//LOGICAL_MINIMUM (0)
//0x25,0x 1//LOGICAL_MAXIMUM (1)
//0x75,0x 1//REPORT_SIZE (1)
//0x95,0x 8//REPORT_COUNT (8)
//0x81,0x 2//Input(Data Var Abs )
/*E0~E7:Control Alt Shift等,一个按键对应一个report counte*/
//0x95,0x 1//REPORT_COUNT (1)
//0x75,0x 8//REPORT_SIZE (8)
//0x81,0x 1//Input(Con Arr Abs )
/*8个bit填充*/
//0x95,0x 5//REPORT_COUNT (5)
//0x75,0x 1//REPORT_SIZE (1)
//0x 5,0x 8// USAGE_PAGE (LEDs)
//0x19,0x 1//USAGE_MINIMUM// USAGE(See the spec)
//0x29,0x 5//USAGE_MAXIMUM// USAGE(See the spec)
//0x91,0x 2//Ouput(Data Var Abs )
/*输出5个bit*/
//0x95,0x 1//REPORT_COUNT (1)
//0x75,0x 3//REPORT_SIZE (3)
//0x91,0x 1//Ouput(Con Arr Abs )
/*输出3个bit填充*/
//0x95,0x 6//REPORT_COUNT (6)
//0x75,0x 8//REPORT_SIZE (8)
//0x15,0x 0//LOGICAL_MINIMUM (0)
//0x26,0x ff//LOGICAL_MAXIMUM (255)
//0x 5,0x 7// USAGE_PAGE (Keyboard/keypad)
//0x19,0x 0//USAGE_MINIMUM// USAGE(See the spec)
//0x2a,0x ff//USAGE_MAXIMUM// USAGE(See the spec)
//0x81,0x 0//Input(Data Arr Abs )
/*6个字节,每个字节从usagemin和usagemax中选择*/
//0xc0,//END_COLLECTION
//input
//data[0]:一一对应
//data[1]:填充
//data[2]:set
//data[3]:set
//data[4]:set
//data[5]:set
//data[6]:set
//data[7]:set
//output
//data[0]
25.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 5.1.0
25.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 5.2.0
00 01 .. 5.2.16
25.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 6.1.0
25.0 IN 09 02 3b 00 02 01 03 a0 2d ..;.....- 6.2.0
25.0 CTL 80 06 00 02 00 00 3b 00 GET DESCRIPTOR 7.1.0
25.0 IN 09 02 3b 00 02 01 03 a0 2d 09 04 00 00 01 03 01 ..;.....-....... 7.2.0
01 02 09 21 10 01 00 01 22 41 00 07 05 81 03 08 ...!...."A...... 7.2.16
00 0a 09 04 01 00 01 03 00 00 02 09 21 10 01 00 ............!... 7.2.32
01 22 9f 00 07 05 82 03 04 00 ff ."......... 7.2.48
25.0 CTL 00 09 01 00 00 00 00 00 SET CONFIG 8.1.0
//设置配置描述符为00
25.0 CTL 80 06 02 03 09 04 04 00 GET DESCRIPTOR 9.1.0(2)
25.0 IN 1a 03 55 00 ..U. 9.2.0
25.0 CTL 80 06 02 03 09 04 1a 00 GET DESCRIPTOR 10.1.0(2)
//获取字符串描述符,索引号为02,语言ID为0409
25.0 IN 1a 03 55 00 53 00 42 00 20 00 4b 00 65 00 79 00 ..U.S.B. .K.e.y. 10.2.0
62 00 6f 00 61 00 72 00 64 00 b.o.a.r.d. 10.2.16
//字符串长度为1a,字符串描述符类型为03,数据
27.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 19.1.0
27.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 19.2.0
00 01 .. 19.2.16
27.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 20.1.0
27.0 IN 09 02 22 00 01 01 03 a0 2d ..".....- 20.2.0
27.0 CTL 80 06 00 02 00 00 22 00 GET DESCRIPTOR 21.1.0
27.0 IN 09 02 22 00 01 01 03 a0 2d 09 04 01 00 01 03 00 ..".....-....... 21.2.0
00 02 09 21 10 01 00 01 22 9f 00 07 05 82 03 04 ...!...."....... 21.2.16
00 ff .. 21.2.32
27.0 CTL 00 09 01 00 00 00 00 00 SET CONFIG 22.1.0
27.0 CTL 21 0a 00 00 01 00 00 00 SET IDLE 23.1.0
27.0 CTL 81 06 00 22 01 00 df 00 GET DESCRIPTOR 24.1.0
27.0 IN 05 0c 09 01 a1 01 85 01 09 e0 15 e8 25 18 75 07 ............%.u. 24.2.0
95 01 81 06 15 00 25 01 75 01 09 e2 81 06 c0 06 ......%.u....... 24.2.16
01 00 09 80 a1 01 85 02 25 01 15 00 75 01 0a 81 ........%...u... 24.2.32
00 0a 82 00 0a 83 00 95 03 81 06 95 05 81 01 c0 ................ 24.2.48
06 0c 00 09 01 a1 01 85 03 25 01 15 00 75 01 0a .........%...u.. 24.2.64
b5 00 0a b6 00 0a b7 00 0a b8 00 0a cd 00 0a e2 ................ 24.2.80
00 0a e9 00 0a ea 00 95 08 81 02 0a 83 01 0a 8a ................ 24.2.96
01 0a 92 01 0a 94 01 0a 21 02 0a 23 02 0a 24 02 ........!..#..$. 24.2.112
0a 25 02 95 08 81 02 0a 26 02 0a 27 02 0a 2a 02 .%......&..'..*. 24.2.128
0a b3 00 0a b4 00 95 05 81 02 95 03 81 01 c0 ............... 24.2.144
0x 5,0x c// USAGE_PAGE (Consumer)
0x 9,0x 1// USAGE(See the spec)
0xa1,0x 1// COLLECTION (Application)
0x85,0x 1//REPORT_ID (1)//Sean
0x 9,0x e0// USAGE(See the spec)
0x15,0x e8//LOGICAL_MINIMUM (232)
0x25,0x 18//LOGICAL_MAXIMUM (24)
0x75,0x 7//REPORT_SIZE (7)
0x95,0x 1//REPORT_COUNT (1)
0x81,0x 6//Input(Data Var Rel )
/*第1个字节*/
0x15,0x 0//LOGICAL_MINIMUM (0)
0x25,0x 1//LOGICAL_MAXIMUM (1)
0x75,0x 1//REPORT_SIZE (1)
0x 9,0x e2// USAGE(See the spec)
0x81,0x 6//Input(Data Var Rel )
/*第1个字节*/
0xc0,//END_COLLECTION
0x 6,0x 1// USAGE_PAGE (Generic Desktop)
0x 9,0x 80// USAGE(See the spec___________-:128)
0xa1,0x 1// COLLECTION (Application)
0x85,0x 2//REPORT_ID (2)//Sean
0x25,0x 1//LOGICAL_MAXIMUM (1)
0x15,0x 0//LOGICAL_MINIMUM (0)
0x75,0x 1//REPORT_SIZE (1)
0x a,0x 81// USAGE(See the spec___________-:129)
0x a,0x 82// USAGE(See the spec___________-:130)
0x a,0x 83// USAGE(See the spec___________-:131)
0x95,0x 3//REPORT_COUNT (3)
0x81,0x 6//Input(Data Var Rel )
/*第2个字节*/
0x95,0x 5//REPORT_COUNT (5)
0x81,0x 1//Input(Con Arr Abs )
/*第2个字节*/
0xc0,//END_COLLECTION
0x 6,0x c// USAGE_PAGE (Consumer)
0x 9,0x 1// USAGE(See the spec)
0xa1,0x 1// COLLECTION (Application)
0x85,0x 3//REPORT_ID (3)//Sean
0x25,0x 1//LOGICAL_MAXIMUM (1)
0x15,0x 0//LOGICAL_MINIMUM (0)
0x75,0x 1//REPORT_SIZE (1)
0x a,0x b5// USAGE(See the spec)
0x a,0x b6// USAGE(See the spec)
0x a,0x b7// USAGE(See the spec)
0x a,0x b8// USAGE(See the spec)
0x a,0x cd// USAGE(See the spec)
0x a,0x e2// USAGE(See the spec)
0x a,0x e9// USAGE(See the spec)
0x a,0x ea// USAGE(See the spec)
0x95,0x 8//REPORT_COUNT (8)
0x81,0x 2//Input(Data Var Abs )
/*第3个字节*/
0x a,0x 183// USAGE(See the spec)
0x a,0x 18a// USAGE(See the spec)
0x a,0x 192// USAGE(See the spec)
0x a,0x 194// USAGE(See the spec)
0x a,0x 221// USAGE(See the spec)
0x a,0x 223// USAGE(See the spec)
0x a,0x 224// USAGE(See the spec)
0x a,0x 225// USAGE(See the spec)
0x95,0x 8//REPORT_COUNT (8)
0x81,0x 2//Input(Data Var Abs )
/*第4个字节*/
0x a,0x 226// USAGE(See the spec)
0x a,0x 227// USAGE(See the spec)
0x a,0x 22a// USAGE(See the spec)
0x a,0x b3// USAGE(See the spec)
0x a,0x b4// USAGE(See the spec)
0x95,0x 5//REPORT_COUNT (5)
0x81,0x 2//Input(Data Var Abs )
0x95,0x 3//REPORT_COUNT (3)
0x81,0x 1//Input(Con Arr Abs )
0xc0,//END_COLLECTION
/*第5个字节*/
略若干字节
26.1 IN 00 00 2c 00 00 00 00 00 ..,..... 1.1.0
28 IN 01 00 39 00 00 00 00 00 00 00 00 00 ..9......... 2.1.0(189)
//按下空格键(2c)
//下面的这个怎么是12个字节,理论推断是5个,
//usage_consumer只针对特定设备的,
26.1 IN 00 00 00 00 00 00 00 00 ........ 191.1.0
28 IN 01 00 39 00 01 00 00 00 00 00 00 00 ..9......... 192.1.0
//松开空格键
//