Reverse engineering USB drivers

luxeed_keyboard

When [Jespersaur] purchased a Luxeed LED keyboard, he was disappointed to find that the drivers were not open source and didn’t support all the features he wanted. His solution? Hack the drivers that come with it, and implement his own. In his article, he gives a basic rundown of beginning reverse engineering by multiple methods and a brief introduction to libusb. For the Linux drivers, check out [Kurt Stephens]‘s site, where he supplies a link to the source code, instructions on building it, and a tutorial on sending commands to the keyboard.

17 thoughts on “Reverse engineering USB drivers

  1. Hey I can write a subroutine to change the color of each key pressed, and have it stay lit a little bit longer and steel peoples passwords. WIN!

  2. Nice hack.
    He can now easily make the keyboard adapt to the environment he is working on.
    I would love to integrate one of these with VIM. Make it highlight the bracket close key when a function was left open for example. fade out less important keys for programming in C. Change color of keys regarding the syntax highlighting color of the keyword it is being typed.

    One can also edit the gnome sourcecode to grab a list of all accelerators for a given window and highlight them in the keyboard.

    The possibilities are endless.

  3. mrx –>

    or show the gray scale from an optical mouse ;)
    or a zoom around the cursor point ;)

    i better stop . . . the possibilities are endless

  4. i have used this to gain control of my nikon D40 to make quick HDR images before i got my D90 … i used a slightly diffrent approch tho

  5. @mrx: It wouldn’t even have to stop at vim. Tied in with Gnome or another desktop manager, this could be a powerful tool for application-specific scripts and shortcut key coloring. Color packs could even be provided in a method similar to TextMate’s bundles.

  6. Slightly off topic, but is it possible to change the device name of a USB device?
    Like when I plug in my USB flash drive it identifies itself as Lenovo USB flash drive, or my Seagate drive identifies itself as a Seagate Free Agent Drive (strange usb enclosure doesn’t show the hard drive model number)

    Is it possible to change that?

  7. drake – Or, since you have root access to the machine (to install drivers), you can set up a keylogger which will work better and is less obtrusive. your idea = fail.

  8. @aw

    You have to check which usb controller the device has. For simple devices (like HID) the name is most probably hardcoded on the chip. For more complex usb devices, there is a chance it is firmware driven so you might be able to re-flash the microcontroller or external rom.

  9. kernel code under Linux and BSD is blatantly simple not matter what type of driver it is. In windows you have to deal with poorly documented hooks and data structures.

    I would of just used syser, softice or modified ollydbg for it, but that’s being naive. Anything to do with reversing on NT at a assembler level is usually aggravating.

    If you know the pe structure good enough you can usually unpack and modify fairly easy targets, but the kernel level is nasty, and even more of a headache on vista and 7.

  10. maybe this approach can be used to have access
    also to xbox 360 chatpad device ?

    Lot of people try to have this working
    in PC without luck…

    m.

  11. I’m with myspacee, please point me in the right direction to get the ms chatpad working in windows or show how it is impossible, so that I can stop looking!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s