Hi,
Is there any good tools to intercept what data are transferred throgh the USB port. We are debugging an application, and we have tried using tools like USB Monitor, USBLyzer etc…, but they were not successful. If no good tools are not available, where should we start to write our own USB interceptor?
Thanks,
Lloyd
Scanned and protected by Email scanner
> Hi,
Is there any good tools to intercept what data are transferred throgh
the USB
port. We are debugging an application, and we have tried using tools
like USB
Monitor, USBLyzer etc…, but they were not successful. If no good
tools are
not available, where should we start to write our own USB interceptor?
In what way were they not successful? Did they not capture all the data
or did they not show it to you in a useful way?
I’ve used snoopy before, but it’s probably more the same than different
compared to other tools around.
James
On 06/29/2010 08:14 AM, Lloyd wrote:
Is there any good tools to intercept what data are transferred throgh
the USB port.
Yes, there are a number of inexpensive external hardware USB analyzers.
See the “USB Analyzer Shoot-Out” from “The NT Insider, Volume 16, Issue
2, May-June 2009”: http://www.osronline.com/article.cfm?article=533
>
In what way were they not successful? Did they not capture all the data
or did they not show it to you in a useful way?
Thanks a lot. They are not showing inforamtion in a useful way.
Scanned and protected by Email scanner
Elaborate a bit. What is “useful” to you?
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lloyd
Sent: Tuesday, June 29, 2010 9:00 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Intercepting usb data
In what way were they not successful? Did they not capture all the
data or did they not show it to you in a useful way?
Thanks a lot. They are not showing inforamtion in a useful way.
Scanned and protected by Email scanner
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> Elaborate a bit. What is “useful” to you?
Sorry for the short answer.
We are developing a mobile forensics application to read the data available
in the mobile phone. We would like to analyse the communication protocol
used thorough the usb interface, betwen the application in computer (eg.
Nokia PC suite) and the mobile phone. So that by analysing the data passing
thorough the usb interface it may be possible to know what are all the
protocols (command and response) the application in computer is using…
Thanks a lot,
Lloyd
Scanned and protected by Email scanner
Buy a decent USB bus analyzer and be done with it. Check the shoot-out, previously cited.
USB Full Speed models can be purchased starting at US$400… And a whole range of ones that support High Speed for less than US$1200 – I can’t understand why every USB dev doesn’t simply have one of these in their toolbox. It costs more then $400 for you to spend time downloading and installing an executable, and discovering it doesn’t work.
Even if you use it for ONE BUG and ONE PROJECT the bus analyzer has got to be a good idea.
Just my personal opinion,
Peter
OSR
> Buy a decent USB bus analyzer and be done with it. Check the shoot-out,
previously cited.
USB Full Speed models can be purchased starting at US$400… And a whole
range of ones that support High Speed for less than US$1200 – I can’t
understand why every USB dev doesn’t simply have one of these in their
toolbox. It costs more then $400 for you to spend time downloading and
installing an executable, and discovering it doesn’t work.Even if you use it for ONE BUG and ONE PROJECT the bus analyzer has got to
be a good idea.Just my personal opinion,
Peter
OSR
Thanks a lot. As we are from India, $400 is a little big for us 
…
Thanks,
Lloyd
Scanned and protected by Email scanner
At 15:40 29/06/2010, Lloyd wrote:
Thanks a lot. As we are from India, $400 is a little big for us
So instead you’re willing to waste a few thousand dollars of
engineer/developer time ?
And that is above all the lamest excuse you can mutter. If you cannot afford
to be in the business then get your ass out of it. Proper diagnostic tools,
software or hardware, is part of the cost, and if the free software tools
are not adequate then get the hardware tools. Above all DO NOT come here and
expect sympathy because your butt is in “poor poor India”.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Lloyd
Sent: Tuesday, June 29, 2010 9:40 AM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] Intercepting usb data
Buy a decent USB bus analyzer and be done with it. Check the
shoot-out, previously cited.USB Full Speed models can be purchased starting at US$400… And a
whole range of ones that support High Speed for less than US$1200 – I
can’t understand why every USB dev doesn’t simply have one of these in
their toolbox. It costs more then $400 for you to spend time
downloading and installing an executable, and discovering it doesn’t work.Even if you use it for ONE BUG and ONE PROJECT the bus analyzer has
got to be a good idea.Just my personal opinion,
Peter
OSR
Thanks a lot. As we are from India, $400 is a little big for us …
Thanks,
Lloyd
Scanned and protected by Email scanner
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
USB monitor or bushound can do it
Lloyd wrote:
We are developing a mobile forensics application to read the data available
in the mobile phone. We would like to analyse the communication protocol
used thorough the usb interface, betwen the application in computer (eg.
Nokia PC suite) and the mobile phone. So that by analysing the data passing
thorough the usb interface it may be possible to know what are all the
protocols (command and response) the application in computer is using…
None of the analyzers – even hardware analyzers – can possibly
understand and decode every proprietary data protocol used by every
device in the world. If you know what the bytes mean, then surely you
can write your own tools to parse the raw data captures produced by one
of the software analyzers you already have. That’s a relatively simple
task, using any of the text-oriented scripting languages (Python, Perl,
Ruby, Awk). If you don’t know what the bytes mean, then no analyzer
will help.
However, unless you have specs already, what you’re doing is called
“reverse engineering” and is not necessarily legal in all venues. Do be
careful.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Let us remember that engineer/developer time doesn’t cost the same in all locations.
This is a very good and useful observation. However THIS:
…was an unnecessarily intemperate comment, and sounds to me more xenophobic than technical. I didn’t perceive the OP asking for any “sympathy”-- Recall that *I* said:
I perceive that the OP was simply answering my point, indicating what his constraints are in solving the problem, and trying to explain WHY. And he’s appropriately asking if we can help him WITHIN those constraints.
For the record: OSR *will not* accept ethnically biased posts on this list. So, folks, let’s keep things “nice” for everyone, all over the world, OK?
Now, if you want to pound on devs who have managers that won’t buy them equipment, that’s different.
Quick Story: Over the past two years, I’ve done some relatively complicated USB work for a large US-based software company. A very successful software company. This company has an ongoing need to modify, maintain, diagnose, and enhance the USB drivers I’ve written. And to write more USB drivers. DESPITE these facts, the engineering manager (who is a vice president, and has a signature limit of at LEAST $100K) absolutely refuses to buy a USB hardware analyzer. In fact, his refusal is so steadfast that when tasked with reproducing and debugging a PRIORITY 1 USB driver problem recently, I got so frustrated I had to send them one of OUR USB hardware analyzers to use in trying to diagnose the problem. This group can spend $400 on LUNCH. But they will NOT buy a USB hardware analyzer. I don’t know why. I’ve repeatedly asked. I’ve never gotten an answer.
So, you see, it takes all kinds.
Peter
OSR
----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Wednesday, June 30, 2010 12:07 AM
Subject: RE:[ntdev] Intercepting usb data
>
>
>
> Let us remember that engineer/developer time doesn’t cost the same in all
> locations.
>
>
>
> This is a very good and useful observation. However THIS:
>
>
>
> …was an unnecessarily intemperate comment, and sounds to me more
> xenophobic than technical. I didn’t perceive the OP asking for any
> “sympathy”-- Recall that I said:
>
>
>
> I perceive that the OP was simply answering my point, indicating what his
> constraints are in solving the problem, and trying to explain WHY. And
> he’s appropriately asking if we can help him WITHIN those constraints.
>
Thanks a lot Peter and Tim Robers for giving me valuable points. I think,
Garry G. Little has misinterpreted what I have said, sorry for that. I will
do my best in solving this problem.
Thanks a lot,
Lloyd
______________________________________
Scanned and protected by Email scanner
I think the OP’s problem is not resolved by donating $400 to his cause. He
wants a high level protocol analyzer that perhaps doesn’t really exist, in
hardware or software form, from commercial products. As this appears to be
his product’s core technology, perhaps they should in fact invest
engineering resources in post processing the output from a software analyzer
to do what they need done. It would seem that investment in India might
actually be less than the $400 he can’t spend on a hardware analyzer that
probably won’t solve his problem anyway, but I doubt it.
Mark Roddy
On Wed, Jun 30, 2010 at 12:44 AM, Lloyd wrote:
>
> ----- Original Message ----- From:
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, June 30, 2010 12:07 AM
> Subject: RE:[ntdev] Intercepting usb data
>
>
>
>
>>
>>
>> Let us remember that engineer/developer time doesn’t cost the same in all
>> locations.
>>
>>
>>
>> This is a very good and useful observation. However THIS:
>>
>>
>>
>> …was an unnecessarily intemperate comment, and sounds to me more
>> xenophobic than technical. I didn’t perceive the OP asking for any
>> “sympathy”-- Recall that I said:
>>
>>
>>
>> I perceive that the OP was simply answering my point, indicating what his
>> constraints are in solving the problem, and trying to explain WHY. And he’s
>> appropriately asking if we can help him WITHIN those constraints.
>>
>>
>
> Thanks a lot Peter and Tim Robers for giving me valuable points. I think,
> Garry G. Little has misinterpreted what I have said, sorry for that. I will
> do my best in solving this problem.
>
> Thanks a lot,
>
> Lloyd
>
>
>
> ______________________________________
> Scanned and protected by Email scanner
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
----- Original Message -----
From: Mark Roddy
To: Windows System Software Devs Interest List
Sent: Wednesday, June 30, 2010 8:03 PM
Subject: Re: RE:[ntdev] Intercepting usb data
I think the OP’s problem is not resolved by donating $400 to his cause. He wants a high level protocol analyzer that perhaps doesn’t really exist, in hardware or software form, from commercial products. As this appears to be his product’s core technology, perhaps they should in fact invest engineering resources in post processing the output from a software analyzer to do what they need done. It would seem that investment in India might actually be less than the $400 he can’t spend on a hardware analyzer that probably won’t solve his problem anyway, but I doubt it.
Mark Roddy
Yes you are right. Our problem really lies in the high level analysis of data. I think this really need some reverse engineering skill.
Thanks a lot,
Lloyd
Scanned and protected by Email scanner