Looking at the windows drivers provided by the manufacturer I can find the usbinit byte sequences inside the files Drivers/Lhloader.sys and DriversXP/Drivers/Lqloader.sys
The match seems to be exact for the XP driver sys file. There are some minor differences in the other file (is that a driver for what version of Windows?)
I guess that we may have some insight by looking at these differences... What do you think?
Another thing that I've noticed is the presence of a file called EZUSB.SYS. By googling that I have found this interesting page: http://www.linux-usb.org/ezusb/
It mentions 8051 microcontrollers natively capable of USB communications. Sounds very similar to what we have in hands! And there seems to be some routines used to upload firmware to EZUSB in the linux sourcecode. So we may take a look at the kernel to see if the protocol implemented there matches the patterns in our usb sniffer log.
Happy Hacking, Felipe Sanches
good news!
official documentation on the EZUSB (8051+USB) microcontroller in english: www.keil.com/dd/docs/datashts/cypress/an21xx_trm.pdf
Source code of a linux driver for a device that uses the same microcontroller: http://lxr.free-electrons.com/source/drivers/usb/serial/keyspan.c (look at the function called keyspan_fake_startup - it is loading the firmware just like we see in our usb sniffer log)
This Keyspan device also has the behaviour of changing deviceId after firmware loading.
I am absolutely sure that our initialization is valid 8051 code. Next step is to study the ezusb documentation and implement some experimental free firmware, yay!
Felipe "Juca" Sanches
On Sat, Dec 18, 2010 at 8:30 AM, Felipe Sanches juca@members.fsf.org wrote:
Looking at the windows drivers provided by the manufacturer I can find the usbinit byte sequences inside the files Drivers/Lhloader.sys and DriversXP/Drivers/Lqloader.sys
The match seems to be exact for the XP driver sys file. There are some minor differences in the other file (is that a driver for what version of Windows?)
I guess that we may have some insight by looking at these differences... What do you think?
Another thing that I've noticed is the presence of a file called EZUSB.SYS. By googling that I have found this interesting page: http://www.linux-usb.org/ezusb/
It mentions 8051 microcontrollers natively capable of USB communications. Sounds very similar to what we have in hands! And there seems to be some routines used to upload firmware to EZUSB in the linux sourcecode. So we may take a look at the kernel to see if the protocol implemented there matches the patterns in our usb sniffer log.
Happy Hacking, Felipe Sanches
-
Felipe Sanches