• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    C
  • Created over 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

USB HID device dumping utility

Usbhid-dump

Usbhid-dump is a USB HID dumping utility based on libusb 1.0. It dumps USB HID device report descriptors and reports themselves as they are being sent, for all or specific device interfaces.

Installation

Run ./configure && make to build and make install to install. If building from a Git tree, run ./bootstrap first. Usbhid-dump can also be run directly from the source directory as src/usbhid-dump, without installation.

Usage

Here is the output of usbhid-dump --help:

$ usbhid-dump --help
Usage: usbhid-dump [OPTION]...
Dump USB device HID report descriptor(s) and/or stream(s).

Options:
  -h, --help                       output this help message and exit
  -v, --version                    output version information and exit

  -s, -a, --address=bus[:dev]      limit interfaces by bus number
                                   (1-255) and device address (1-255),
                                   decimal; zeroes match any
  -d, -m, --model=vid[:pid]        limit interfaces by vendor and
                                   product IDs (0001-ffff), hexadecimal;
                                   zeroes match any
  -i, --interface=NUMBER           limit interfaces by number (0-254),
                                   decimal; 255 matches any

  -e, --entity=STRING              what to dump: either "descriptor",
                                   "stream" or "all"; value can be
                                   abbreviated

  -t, --stream-timeout=NUMBER      stream interrupt transfer timeout, ms;
                                   zero means infinity
  -p, --stream-paused              start with the stream dump output
                                   paused
  -f, --stream-feedback            enable stream dumping feedback: for
                                   every transfer dumped a dot is
                                   printed to stderr

Default options: --stream-timeout=60000 --entity=descriptor

Signals:
  USR1/USR2                        pause/resume the stream dump output

Warning: please be careful running usbhid-dump as a superuser without limiting your device selection with options. Usbhid-dump will try to dump every device possible and If you're using a USB keyboard to control your terminal, it will be detached and you will be unable to terminate usbhid-dump and regain control.

If that happens just don't touch your keyboard for the duration of the interrupt transfer timeout (1 minute by default) and the dumping will be aborted.

Here is an example of a report descriptor and stream dump from a mouse:

$ sudo usbhid-dump --entity=all --address=2:3
002:003:000:DESCRIPTOR         1290272184.081322
 05 01 09 02 A1 01 09 01 A1 00 05 09 19 01 29 03
 15 00 25 01 75 01 95 03 81 02 75 05 95 01 81 01
 05 01 09 30 09 31 09 38 15 81 25 7F 75 08 95 03
 81 06 C0 C0

Starting dumping interrupt transfer stream
with 1 minute timeout.

002:003:000:STREAM             1290272185.210022
 00 FF 00 00

002:003:000:STREAM             1290272185.217988
 00 FE 00 00

002:003:000:STREAM             1290272185.225985
 00 FC 01 00

002:003:000:STREAM             1290272185.233995
 00 FE 01 00

002:003:000:STREAM             1290272185.241992
 00 FF 01 00

002:003:000:STREAM             1290272185.249995
 00 FE 02 00

002:003:000:STREAM             1290272185.257993
 00 FF 01 00

^C

In the output above "002" is the bus number, "003" is the device address and "000" is the interface number. "DESCRIPTOR" indicates descriptor chunk and "STREAM" - stream chunk. The number to the right is the timestamp in seconds since epoch. The hexadecimal numbers below is the chunk dump itself. Usually every stream chunk includes a whole report, but if the report is bigger than endpoint's wMaxPacketSize, it will span several chunks.

You can use usbhid-dump along with hidrd-convert to dump report descriptors in human-readable format. Like this:

$ sudo usbhid-dump -a2:3 -i0 | grep -v : | xxd -r -p | hidrd-convert -o spec
Usage Page (Desktop),               ; Generic desktop controls (01h)
Usage (Mouse),                      ; Mouse (02h, application collection)
Collection (Application),
    Usage (Pointer),                ; Pointer (01h, physical collection)
    Collection (Physical),
        Usage Page (Button),        ; Button (09h)
        Usage Minimum (01h),
        Usage Maximum (03h),
        Logical Minimum (0),
        Logical Maximum (1),
        Report Size (1),
        Report Count (3),
        Input (Variable),
        Report Size (5),
        Report Count (1),
        Input (Constant),
        Usage Page (Desktop),       ; Generic desktop controls (01h)
        Usage (X),                  ; X (30h, dynamic value)
        Usage (Y),                  ; Y (31h, dynamic value)
        Usage (Wheel),              ; Wheel (38h, dynamic value)
        Logical Minimum (-127),
        Logical Maximum (127),
        Report Size (8),
        Report Count (3),
        Input (Variable, Relative),
    End Collection,
End Collection