PoC get Firmware Version and Serial Number

2019-11-22 19:48:06 +01:00 · 2019-11-22 19:48:06 +01:00 · 4e9ba0a14f
parent a5e034fbf5
commit 4e9ba0a14f
1 changed files with 91 additions and 57 deletions
--- a/8051.c
+++ b/8051.c
@ -1,5 +1,6 @@
 #include <stdlib.h>
 #include <stdio.h>
+#include <unistd.h>

 #include <libusb-1.0/libusb.h>

@ -73,71 +74,104 @@ Device Status:     0x0065
  Debug Mode
 */

-libusb_context *ctx;
-libusb_device_handle *dev;
+static libusb_device_handle *devh = NULL;
+
+libusb_device_handle *open_ezp2010()
+{
+    ssize_t devc;
+    libusb_device **dev_list;
+    static libusb_device *dev = NULL;
+    struct libusb_device_descriptor dev_desc;
+    struct libusb_config_descriptor *dev_cfg = NULL;
+    const struct libusb_interface *intf = NULL;
+    const struct libusb_interface_descriptor *intf_desc = NULL;
+
+    int r = 0;
+
+    devc = libusb_get_device_list(NULL, &dev_list);
+    if (devc < 1)
+        return NULL;
+
+    for (int i = 0; i < devc; i++) {
+        dev = dev_list[i];
+        if (libusb_get_device_descriptor(dev, &dev_desc))
+            continue;
+
+        if ((dev_desc.idVendor != EZP2010_VID || dev_desc.idProduct != EZP2010_PID))
+            continue;
+
+        r = libusb_open(dev, &devh);
+        if (r < 0) {
+            perror("libusb_open");
+            return NULL;
+        }
+
+        for (int j = 0; j < dev_desc.bNumConfigurations; j++) {
+            if (libusb_get_config_descriptor(dev, j, &dev_cfg))
+                continue;
+
+            for (int k = 0; k < dev_cfg->bNumInterfaces; k++) {
+                intf = &dev_cfg->interface[k];
+                for (int l = 0; l < intf->num_altsetting; l++) {
+                    intf_desc = &intf->altsetting[l];
+                    if (libusb_kernel_driver_active(devh, intf_desc->bInterfaceNumber))
+                        libusb_detach_kernel_driver(devh, intf_desc->bInterfaceNumber);
+
+                    libusb_set_configuration(devh, dev_cfg->bConfigurationValue);
+                    libusb_claim_interface(devh, intf_desc->bInterfaceNumber);
+
+                    int e = 0;
+                    while (libusb_claim_interface(devh, intf_desc->bInterfaceNumber) \
+                            && (e < 10)) {
+                        sleep(1);
+                        e++;
+                    }
+                }
+            }
+
+            libusb_free_config_descriptor(dev_cfg);
+        }
+        return devh;
+    }
+
+    devh = NULL;
+    return NULL;
+}

 int main(int argc, char *argv[])
 {
    int r = 0;
-    int transfered = 0;
+    int transferred = 0;
+    unsigned char buf[256];

-    libusb_init(&ctx);
-    libusb_set_option(ctx, LIBUSB_OPTION_LOG_LEVEL, LIBUSB_LOG_LEVEL_DEBUG);
+    r = libusb_init(NULL);
+    if (r < 0)
+        return 1;

-    dev = libusb_open_device_with_vid_pid(ctx, EZP2010_VID, EZP2010_PID);
-    if (dev) {
-        /*r = libusb_set_configuration(dev, 0);
-        if (r > 0) {
-            perror("libusb_set_configuration");
-        }*/
+    open_ezp2010();

-        r = libusb_claim_interface(dev, 0);
-        if (r > 0) {
-            perror("libusb_claim_interface");
-        }
-
-        r = libusb_set_interface_alt_setting(dev, 0, 0);
-        if (r > 0) {
-            perror("libusb_set_configuration");
-        }
-
-        // LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_OUT = 0x40
-        r = libusb_control_transfer(dev,
-                LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_OUT,
-                0, 0xffff, 0, NULL, 0, 500);
-        if (r > 0) {
-            perror("libusb_control_transfer");
-        }
-
-        r = libusb_control_transfer(dev,
-                LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_OUT,
-                1, 0x2000, 0, NULL, 0, 500);
-        if (r > 0) {
-            perror("libusb_control_transfer");
-        }
-
-        unsigned char bufferOut[2] = {'\x17', '\0'};
-        r = libusb_bulk_transfer(dev, 0x03, bufferOut, 2, &transfered, 500);
-        if (r > 0) {
-            perror("libusb_bulk_transfer");
-        }
-        printf("Bytes sent: %d\n", transfered);
-
-        unsigned char bufferIn[256] = {0};
-        r = libusb_bulk_transfer(dev, 0x81, bufferIn, 0x20, &transfered, 500);
-        if (r > 0) {
-            perror("libusb_bulk_transfer");
-        }
-        printf("Bytes received: %d\n", transfered);
-        printf("Packet: %s\n", bufferIn);
-
-        r = libusb_release_interface(dev, 0);
-        if (r > 0) {
-            perror("libusb_release_interface");
-        }
-        libusb_close(dev);
+    buf[0] = '\x17';
+    buf[1] = '\x0';
+    r = libusb_bulk_transfer(devh, 0x2, buf, 2, &transferred, 500);
+    if (r < 0) {
+        perror("libusb_claim_interface");
+        fprintf(stderr, "Error: %s\n", libusb_strerror(r));
+    } 
+    printf("Bytes sent: %d\n", transferred);
+    
+    r = libusb_bulk_transfer(devh, 0x81, buf, 0x20, &transferred, 500);
+    if (r < 0) {
+        perror("libusb_claim_interface");
+        fprintf(stderr, "Error: %s\n", libusb_strerror(r));
    }
+    printf("Bytes received: %d\n", transferred);
+    printf("Packet: %s\n", buf);

-    libusb_exit(ctx);
+    libusb_release_interface(devh, 0);
+    libusb_reset_device(devh);
+    libusb_close(devh);

+    libusb_exit(NULL);
+
+    return 0;
 }