Sometimes you run into a few problems when developing your own hardware, and to solve these problems you have to build your own tools. This is exactly how [KC Lee]’s USB Packet Snooper was created. It’s a small device that allows for capturing and analyzing Full Speed USB traffic to debug one of [KC]’s other Hackaday Prize entries.
[KC] is building an HID Multimedia Dial for this year’s Hackaday Prize. It’s kind of like the Microsoft Surface Dial or the ubiquitous Griffin PowerMate that has been on the market for the better part of two decades. This multimedia dial is bitbanging USB with an STM8, which means [KC] needs a tool to capture raw USB packets.
The design of this USB Packet Snooper is split up into two parts. The first is either a dongle or a pass-through device that simply serves as a tap between a USB device and a USB host. The logging and analysis board attaches to this dongle, and uses a rather fast ARM microcontroller to listen in on USB packets and send everything over serial to a PC.
This is a rather novel device; V-USB is limited to Low Speed USB, and other USB capture tools are far out of reach of the hobbyist budget. Software solutions on a PC obviously won’t work because [KC] doesn’t even know if he’s sending valid USB packets. This is a great tool that finally brings hobbyist-level USB analysis up to Full Speed USB.
Well, commercial USB analyzers are expensive, but not necessarily “far out of reach”. The Beagle full-speed analyzer is $400, the high-speed one is $1200, while super-speed is $5000. Indeed, some other brands can be much more expensive, but you also tend to get better analysis tools with them.
The Beagle. Ellisys, etc. are not expensive because of expensive parts. They are expensive because the vendors know that they sell to a niche market where one hour of one developer costs XXX US$.
Both devices are essentially:
– a USB PHY
– an FPGA
– a chip to transfer the data to the PC, f.ex. a Cypress FX2
Plus Total Phase’s Beagle analyzers have a really awesome software suite to view the data. It’s got some good packet filtering options, plus will actually decode the traffic instead of just showing you raw packets.
The expense is totally worth it if you’re on the clock needing to debug some issue and don’t want to have to screw with rolling your own hardware and software. I’ve used the Beagle for I2C and it has been crazy useful (try setting up a scope to capture rapid I2C traffic, guaranteeing that you won’t miss any transactions…it’s worth the $330 to just get a beagle).
How can you ever hope to send full speed packets over serial to a PC?
Full speed USB is only 12Mbit/s.
It is just out of reach of a USD 5 logic analyser, but it can easily be captured with an USD30 Logic analyser.
And Sigrok / Pulseview has built in support for USB.
I’ve captured some low-speed usb (2.5Mbit/s) myself with the Salaea clone.
Works beautifully.
Sigrok-cli extracts the text/packets into easiily & scriptable format.
Somewhere halfway this video there is an introduction with working with sigrok-cli
https://www.youtube.com/watch?v=dobU-b0_L1I
Sigrok/Pulseview handles 12Mbit/sec, too, and a 24MS/sec capture using an inexpensive FX2-based test board is fine for this specific purpose.
I thought of a device like this today at work; to sniff a phone LED device on a work PC where I don’t have admin rights. And then this pops up at HaD, an enjoyable coincidence!
Happened to me quite a few times now that sometimes I feel like I’m being watched. Articles that I’ve recently read or watched suddenly appear here the next day, or a few hours later.
This.
And also you can imagine lots of watched us are so interested in fidget spinners and Arduino, that we get a constant feed of articles about those topics here. Invaluable scrutiny !
Low speed is 1.5Mbit/s, sorry for the typo.
https://en.wikipedia.org/wiki/USB
With Pulseview you also have lots of extra visual information.
Keep alive packets, special conditions, checksums, just to name a few.
I wonder how much EMI, those nice long antenna leads on the crystal are putting out…
I assume the production version would have the correct crystal part for the footprint. ;)
If you look close enough, you can see dust on his workspace and possibly even smell a burrito he ate. I really cannot believe that a human drinks water to stay alive these days…
After re-reading I only get more confused.
First V-usb works with AVR processors
Bit-banging Full-speed USB wit an STM8?
But he already has a “rather fast” ARM uC?
Why bitbang at all?
It is error- prone, eats cpu cycles, cpu needs to attend every ms.
And STM32 boards whit a 72MHZ (Slow for arm) processor cost < USD2 and they have hardware USB.
Had another quick peek at the USB packet decoder. Unfortunately not much specific info of this particular decoder on the Sigrok site. but the "getting started site:
http://sigrok.org/wiki/Getting_started_with_a_logic_analyzer
Additionally, it is possible to run analyzers with a live capture such as in this example utilizing the fx2lafw driver and monitoring one side of a SPI transaction:
sigrok-cli –config samplerate=1M –driver=fx2lafw –continuous -P spi:mosi=1:clk=3:cs=4
When combined with tools such as grep, egrep, sed, perl, python, and many others, all kinds of powerful analysis becomes possible.
Whilst this initially looked imilar to something we may have seen before… certainly USB sniffers have been blogged on HaD.
This guy [KC Lee] seems to be doing a good job at bringing an otherwise inaccessible yet useful tool to the masses, Whats more is that this is his own work and research that has brought such a wonder.
Brian,
You went from Epic-fail of entering a Plagiarist into the prize to epic recovery with this post in less than a day and thus you’ve likely earned a lot of your respect back.
Try to keep this up instead. ;)
Oh, correcting myself:
Recovery in roughly just over a day, Still good work however.
https://www.youtube.com/watch?v=plZRe1kPWZw
> thus you’ve likely earned a lot of your respect back
I don’t need or want your respect.
But can you have it even if you did want it? That is the relevant question, are people prepared to forget all the things you have done and are you really capable of maturing, evolving?
Eeeew, he did what?!!!
As you wish…. So it has been granted.
So far you have a group following of haters and therefor a following of trolls.
Once apon a time Hackaday had a bit of a following,
Comment generating posts climbed up to nearly (or was it over) 1000+ comments at times,
People looked elsewhere, therefore comment generating posts rarely exceed 500 comments,
even though said posts should of hit well above the old score of 1K comments.
This explains that there must be less than half the visitors here than back then…
Statistics (Excluding Bots, pingbacks, etc) should give some of the story.
Lets make Hackaday great again!
Part of the demise of Hackaday is because they post way to many articles and the average content has gone down.
Recently I was looking for a way to start with ESP8266 and I searched hackaday.
Over a 100 articles and lots of them with low content.
So it’s better to search for tutorials on the ‘net directly.
I also stopped giving tips to Hackaday after I noticed that the tips I gave were put on Hackaday under the name of one of their (paid?) moderators a few weeks later.
I’m afraid there won’t be a going back from a Mega Buck Corporation to a community place by and for hackers. Too much money involved.
@Paul,
I haven’t noticed…. It depends on whom it is writing the article, I suppose.
There used to be a forum that still exists if one was to google for the forums and find it…. Otherwise it is a hidden feature that was probably hidden for a select elite few whilst HackADay.io is being promoted heavily.
Brian’s last epic-fail article was a result of not checking his sources.
The trolling of said post was a reminder as to maintain quality of his work.
He won’t have to put up with seeing my handle on his articles anymore… If and when I do finally document some of my own work… Brian won’t be posting an article about it… He’s banned.
A crow that befriends you is a rare thing,
A crow that forgives you after you then turn against it: is rarer, if not extremely rare,
It is unheard of for a crow to try and be social with said human after further escalation!
A snooper is handy for writing drivers for *nix kernels for devices that only have Windows support. Not so common these days but still a handy tool to have when needed.
For that, I’ve had a friend run Windows in a VM on a Linux machine, and capture the USB data for me, using the Linux tools (usbmon, Wireshark etc.). Worked fine, no external hardware needed.
Ah, because the VM just passes the raw USB right through to Windows so you can tap the data stream. Neat, and yeah obviously a superior solution, but are there any gotchas all?
Is this the same KC who wrote some awesome DIY Christmas light show software?
I’ve done some stuff that needed USB snooping myself and used a Beaglebone Black to man-in-the-middle the USB connection.
Here’s some links that might be helpful to you:
https://github.com/dominicgs/USBProxy
https://n0where.net/usbproxy/
https://github.com/woodenphone/usbproxy_for_idiots
As seen on Hackaday: http://hackaday.com/2015/12/23/usb-proxy-rats-out-your-devices-secrets/ :)
That’s a great resource for USB debugging / converting.
You can also just use a BeagleBone to do this with High-speed (480Mbps) USB using the gadget drivers.
One way to do it: http://essentialscrap.com/dsoquad/usb.html
Sigrok also works, though I’ve had some trouble with 24 MHz logic analyzer not always being fast enough for 12 MHz USB traffic.
For software side analyzing, Windows 10 now has “Microsoft Message Analyzer” that works somewhat ok. On Linux there is Wireshark, and it sometimes works on windows also. But often a hardware analyzer is more useful for debugging low-level issues
Acutally I’m supprised you can catch a 12MHz signal with a 24MHz logic analyser reliably enough to be usefull.
There is also a discrepancy between MHz and Msps…
But a rule of thumb is that you need at least 4 times the sample rate of your signal for reliable results.
Also:
What hardware did you use with sigrok?
http://www.sigrok.org/wiki/Supported_hardware
Did you use a USD 5 Salaea clone (Cypress CY7…) or did you use more “serious” hardware?
Those CY7’s also use full-speed (12Mbps) USB to send the data to the PC and such a signal would be on the limit of such cheap hardware.
I am very curious…
But I’m very happy with those FX2lafw based clones. They are fast enough for me because I only work with low-end microcontrollers and never work with signals of > 1Mbit/s
(Maybe I’ll catch some S/Pdif audio soon. That’s over a Mbit/s.)
Yeah, FX2/CY7C68xxx; but it uses high-speed USB (480 Mbit/s) so it is plenty fast if you only need 2 bits per sample. Not sure if fx2lafw supports less than 8-bit sampling yet though.
And yeah, usually you’d need oversampling but when the samplerate is closely enough divisible by signal frequency it also kind-of works without. But whether it is reliable enough to be useful varies; it wasn’t reliable enough for me, though other people have said it works for them.
I couldn’t find it yesterday, but today I bumped into a post of the screenshot I made of a low-speed USB capture with Sigrok:
http://www.avrfreaks.net/sites/default/files/forum_attachments/Screenshot_Pulseview_USB_Capture_2017-07-20_00-37-12.png
which I posted in this thread:
http://www.avrfreaks.net/forum/controlling-mouse-cursor-pushbuttons
Where can you buy this?
Does anyone know where it can be purchased?