Bus Hound是一款在pc上就可以抓包的usb辅助工具,做usb开始手头没有专用抓包工具时可以偶尔一用。
这里把几个需要注意的地方:
1.自动检测设备的插入拔出
Devices->Auto select host plugged devices
2.设置抓包的长度和缓冲大小
Settings ->Limits->Capture Capacity
Settings ->Limits->Max Record Length
3.这里可以设置启动和停止
Capture->Run
Capture->Stop
4.点击保存可以导出数据
5.抓取分析的一段数据
- Bus Hound 6.01 capture on Windows Vista (x86). Complements of www.perisoft.net
- 333
- Device - Device ID (followed by the endpoint for USB devices)
- (23) USB 大容量存储设备
- (24) hp v229g [ROM=1100]
- (25) USB Composite Device
- (26) USB 输入设备
- (27) USB 输入设备
- (28) HID Keyboard Device
- (29) 符合 HID 标准的用户控制设备
- (30) HID-compliant device
- (31) 符合 HID 标准的用户控制设备
- (32) USB Composite Device
- (33) Webcam C170
- (34) Webcam C170
- Phase - Phase Type
- CTL USB control transfer
- IN Data in transfer
- OUT Data out transfer
- Data - Hex dump of the data transferred
- Descr - Description of the phase
- Cmd... - Position in the captured data
- Device Phase Data Description Cmd.Phase.Ofs(rep)
- ------ ----- -------------------------------------------------- ---------------- ------------------
- 25.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 1.1.0
- //requesttype 0x80:设备到主机,标准请求,请求对象是设备
- //request 0x06:获取设备描述符
- //value 0x0100:小端模式,索引号0,获取设备描述符01
- //index 0x0000:小端模式,
- //length 0x0012:小端模式,获取18个字节
- 25.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 1.2.0
- 00 01 .. 1.2.16
- //bLength 0x12:描述符长度
- //bDescriptorType 0x01:设备描述符
- //bcdUSB 0x0110:usb1.1
- //bDeviceClass 0x00:类代码
- //bDeviceSubClass 0x00:子类代码
- //bDeviceProtocol 0x00:设备使用的协议
- //bMaxPacketSize0 0x08:端点0的最大包长
- //idVendor 0x046d:厂商ID
- //idProduct 0xc31c:产品ID
- //bcdDevice 0x6400:设备版本号
- //iManufacturer 0x01:厂商字符串索引值
- //iProduct 0x02:产品字符串索引值
- //iSerialNumber 0x00:序列号,无序列号索引字符串
- //bNumConfigurations0x01:一种配置
- 25.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 2.1.0
- //获取9个字节的配置描述符
- 25.0 IN 09 02 3b 00 02 01 03 a0 2d ..;.....- 2.2.0
- //bLength 长度为9
- //bDescriptorType 类型为配置描述符02
- //wTotalLength 总长度为59
- //bNumInterfaces 接口数2
- //bConfigurationValue 配置值1
- //iConfiguration 字符串索引3
- //bmAttributes 总线供电,支持远程唤醒
- //MaxPower 45*2mA
- 25.0 CTL 80 06 00 02 00 00 3b 00 GET DESCRIPTOR 3.1.0
- //获取59个字节的配置描述符
- 25.0 IN 09 02 3b 00 02 01 03 a0 2d 09 04 00 00 01 03 01 ..;.....-....... 3.2.0
- 01 02 09 21 10 01 00 01 22 41 00 07 05 81 03 08 ...!...."A...... 3.2.16
- 00 0a 09 04 01 00 01 03 00 00 02 09 21 10 01 00 ............!... 3.2.32
- 01 22 9f 00 07 05 82 03 04 00 ff ."......... 3.2.48
- //09 02 3b 00 02 01 03 a0 2d配置描述符
- //09 04 00 00 01 03 01 01 02 接口描述符
- //长度0x09 接口描述符类型0x04 该接口编号0 该接口备用编号0 使用端点数1 接口类3 接口子类1 协议1 字符串索引2
- //09 21 10 01 00 01 22 41 00 HID描述符
- //长度0x09 HID描述符类型0x21 HID协议版本0x0110 国家代码00 下级描述符数量01 下级描述符类型0x22(报告描述符) 下级描述符长度0x41
- //07 05 81 03 08 00 0a端点描述符
- //长度为07 类型为05端点描述符 端点地址为1方向为输入 最大包长为08 查询间隔10
- //09 04 01 00 01 03 00 00 02 接口描述符
- //长度0x09 接口描述符类型0x04 该接口编号1 该接口备用编号0 使用端点数1 接口类3 接口子类0 协议0 字符串索引2
- //09 21 10 01 00 01 22 9f 00
- //长度0x09 HID描述符类型0x21 HID协议版本0x0110 国家代码00 下级描述符数量01 下级描述符类型0x22(报告描述符) 下级描述符长度0x9f
- //07 05 82 03 04 00 ff
- //长度为07 类型为05端点描述符 端点地址为2方向为输入 最大包长为04 查询间隔ff
- 25.0 CTL 81 06 00 22 00 00 00 04 GET DESCRIPTOR 4.1.0
- //获取4个字节的HID描述符
- 25.0 IN 05 01 09 06 a1 01 05 07 19 e0 29 e7 15 00 25 01 ..........)...%. 4.2.0
- 75 01 95 08 81 02 95 01 75 08 81 01 95 05 75 01 u.......u.....u. 4.2.16
- 05 08 19 01 29 05 91 02 95 01 75 03 91 01 95 06 ....).....u..... 4.2.32
- 75 08 15 00 26 ff 00 05 07 19 00 2a ff 00 81 00 u...&......*.... 4.2.48
- c0 . 4.2.64
- //65字节的HID Report描述符
- //0x 5,0x 1// USAGE_PAGE (Generic Desktop)
- //0x 9,0x 6// USAGE(Keyboard)
- //0xa1,0x 1// COLLECTION (Application)
- //0x 5,0x 7// USAGE_PAGE (Keyboard/keypad)
- //0x19,0x e0//USAGE_MINIMUM// USAGE(See the spec)
- //0x29,0x e7//USAGE_MAXIMUM// USAGE(See the spec)
- //0x15,0x 0//LOGICAL_MINIMUM (0)
- //0x25,0x 1//LOGICAL_MAXIMUM (1)
- //0x75,0x 1//REPORT_SIZE (1)
- //0x95,0x 8//REPORT_COUNT (8)
- //0x81,0x 2//Input(Data Var Abs )
- /*E0~E7:Control Alt Shift等,一个按键对应一个report counte*/
- //0x95,0x 1//REPORT_COUNT (1)
- //0x75,0x 8//REPORT_SIZE (8)
- //0x81,0x 1//Input(Con Arr Abs )
- /*8个bit填充*/
- //0x95,0x 5//REPORT_COUNT (5)
- //0x75,0x 1//REPORT_SIZE (1)
- //0x 5,0x 8// USAGE_PAGE (LEDs)
- //0x19,0x 1//USAGE_MINIMUM// USAGE(See the spec)
- //0x29,0x 5//USAGE_MAXIMUM// USAGE(See the spec)
- //0x91,0x 2//Ouput(Data Var Abs )
- /*输出5个bit*/
- //0x95,0x 1//REPORT_COUNT (1)
- //0x75,0x 3//REPORT_SIZE (3)
- //0x91,0x 1//Ouput(Con Arr Abs )
- /*输出3个bit填充*/
- //0x95,0x 6//REPORT_COUNT (6)
- //0x75,0x 8//REPORT_SIZE (8)
- //0x15,0x 0//LOGICAL_MINIMUM (0)
- //0x26,0x ff//LOGICAL_MAXIMUM (255)
- //0x 5,0x 7// USAGE_PAGE (Keyboard/keypad)
- //0x19,0x 0//USAGE_MINIMUM// USAGE(See the spec)
- //0x2a,0x ff//USAGE_MAXIMUM// USAGE(See the spec)
- //0x81,0x 0//Input(Data Arr Abs )
- /*6个字节,每个字节从usagemin和usagemax中选择*/
- //0xc0,//END_COLLECTION
- //input
- //data[0]:一一对应
- //data[1]:填充
- //data[2]:set
- //data[3]:set
- //data[4]:set
- //data[5]:set
- //data[6]:set
- //data[7]:set
- //output
- //data[0]
- 25.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 5.1.0
- 25.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 5.2.0
- 00 01 .. 5.2.16
- 25.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 6.1.0
- 25.0 IN 09 02 3b 00 02 01 03 a0 2d ..;.....- 6.2.0
- 25.0 CTL 80 06 00 02 00 00 3b 00 GET DESCRIPTOR 7.1.0
- 25.0 IN 09 02 3b 00 02 01 03 a0 2d 09 04 00 00 01 03 01 ..;.....-....... 7.2.0
- 01 02 09 21 10 01 00 01 22 41 00 07 05 81 03 08 ...!...."A...... 7.2.16
- 00 0a 09 04 01 00 01 03 00 00 02 09 21 10 01 00 ............!... 7.2.32
- 01 22 9f 00 07 05 82 03 04 00 ff ."......... 7.2.48
- 25.0 CTL 00 09 01 00 00 00 00 00 SET CONFIG 8.1.0
- //设置配置描述符为00
- 25.0 CTL 80 06 02 03 09 04 04 00 GET DESCRIPTOR 9.1.0(2)
- 25.0 IN 1a 03 55 00 ..U. 9.2.0
- 25.0 CTL 80 06 02 03 09 04 1a 00 GET DESCRIPTOR 10.1.0(2)
- //获取字符串描述符,索引号为02,语言ID为0409
- 25.0 IN 1a 03 55 00 53 00 42 00 20 00 4b 00 65 00 79 00 ..U.S.B. .K.e.y. 10.2.0
- 62 00 6f 00 61 00 72 00 64 00 b.o.a.r.d. 10.2.16
- //字符串长度为1a,字符串描述符类型为03,数据
- 27.0 CTL 80 06 00 01 00 00 12 00 GET DESCRIPTOR 19.1.0
- 27.0 IN 12 01 10 01 00 00 00 08 6d 04 1c c3 00 64 01 02 ........m....d.. 19.2.0
- 00 01 .. 19.2.16
- 27.0 CTL 80 06 00 02 00 00 09 00 GET DESCRIPTOR 20.1.0
- 27.0 IN 09 02 22 00 01 01 03 a0 2d ..".....- 20.2.0
- 27.0 CTL 80 06 00 02 00 00 22 00 GET DESCRIPTOR 21.1.0
- 27.0 IN 09 02 22 00 01 01 03 a0 2d 09 04 01 00 01 03 00 ..".....-....... 21.2.0
- 00 02 09 21 10 01 00 01 22 9f 00 07 05 82 03 04 ...!...."....... 21.2.16
- 00 ff .. 21.2.32
- 27.0 CTL 00 09 01 00 00 00 00 00 SET CONFIG 22.1.0
- 27.0 CTL 21 0a 00 00 01 00 00 00 SET IDLE 23.1.0
- 27.0 CTL 81 06 00 22 01 00 df 00 GET DESCRIPTOR 24.1.0
- 27.0 IN 05 0c 09 01 a1 01 85 01 09 e0 15 e8 25 18 75 07 ............%.u. 24.2.0
- 95 01 81 06 15 00 25 01 75 01 09 e2 81 06 c0 06 ......%.u....... 24.2.16
- 01 00 09 80 a1 01 85 02 25 01 15 00 75 01 0a 81 ........%...u... 24.2.32
- 00 0a 82 00 0a 83 00 95 03 81 06 95 05 81 01 c0 ................ 24.2.48
- 06 0c 00 09 01 a1 01 85 03 25 01 15 00 75 01 0a .........%...u.. 24.2.64
- b5 00 0a b6 00 0a b7 00 0a b8 00 0a cd 00 0a e2 ................ 24.2.80
- 00 0a e9 00 0a ea 00 95 08 81 02 0a 83 01 0a 8a ................ 24.2.96
- 01 0a 92 01 0a 94 01 0a 21 02 0a 23 02 0a 24 02 ........!..#..$. 24.2.112
- 0a 25 02 95 08 81 02 0a 26 02 0a 27 02 0a 2a 02 .%......&..'..*. 24.2.128
- 0a b3 00 0a b4 00 95 05 81 02 95 03 81 01 c0 ............... 24.2.144
- 0x 5,0x c// USAGE_PAGE (Consumer)
- 0x 9,0x 1// USAGE(See the spec)
- 0xa1,0x 1// COLLECTION (Application)
- 0x85,0x 1//REPORT_ID (1)//Sean
- 0x 9,0x e0// USAGE(See the spec)
- 0x15,0x e8//LOGICAL_MINIMUM (232)
- 0x25,0x 18//LOGICAL_MAXIMUM (24)
- 0x75,0x 7//REPORT_SIZE (7)
- 0x95,0x 1//REPORT_COUNT (1)
- 0x81,0x 6//Input(Data Var Rel )
- /*第1个字节*/
- 0x15,0x 0//LOGICAL_MINIMUM (0)
- 0x25,0x 1//LOGICAL_MAXIMUM (1)
- 0x75,0x 1//REPORT_SIZE (1)
- 0x 9,0x e2// USAGE(See the spec)
- 0x81,0x 6//Input(Data Var Rel )
- /*第1个字节*/
- 0xc0,//END_COLLECTION
- 0x 6,0x 1// USAGE_PAGE (Generic Desktop)
- 0x 9,0x 80// USAGE(See the spec___________-:128)
- 0xa1,0x 1// COLLECTION (Application)
- 0x85,0x 2//REPORT_ID (2)//Sean
- 0x25,0x 1//LOGICAL_MAXIMUM (1)
- 0x15,0x 0//LOGICAL_MINIMUM (0)
- 0x75,0x 1//REPORT_SIZE (1)
- 0x a,0x 81// USAGE(See the spec___________-:129)
- 0x a,0x 82// USAGE(See the spec___________-:130)
- 0x a,0x 83// USAGE(See the spec___________-:131)
- 0x95,0x 3//REPORT_COUNT (3)
- 0x81,0x 6//Input(Data Var Rel )
- /*第2个字节*/
- 0x95,0x 5//REPORT_COUNT (5)
- 0x81,0x 1//Input(Con Arr Abs )
- /*第2个字节*/
- 0xc0,//END_COLLECTION
- 0x 6,0x c// USAGE_PAGE (Consumer)
- 0x 9,0x 1// USAGE(See the spec)
- 0xa1,0x 1// COLLECTION (Application)
- 0x85,0x 3//REPORT_ID (3)//Sean
- 0x25,0x 1//LOGICAL_MAXIMUM (1)
- 0x15,0x 0//LOGICAL_MINIMUM (0)
- 0x75,0x 1//REPORT_SIZE (1)
- 0x a,0x b5// USAGE(See the spec)
- 0x a,0x b6// USAGE(See the spec)
- 0x a,0x b7// USAGE(See the spec)
- 0x a,0x b8// USAGE(See the spec)
- 0x a,0x cd// USAGE(See the spec)
- 0x a,0x e2// USAGE(See the spec)
- 0x a,0x e9// USAGE(See the spec)
- 0x a,0x ea// USAGE(See the spec)
- 0x95,0x 8//REPORT_COUNT (8)
- 0x81,0x 2//Input(Data Var Abs )
- /*第3个字节*/
- 0x a,0x 183// USAGE(See the spec)
- 0x a,0x 18a// USAGE(See the spec)
- 0x a,0x 192// USAGE(See the spec)
- 0x a,0x 194// USAGE(See the spec)
- 0x a,0x 221// USAGE(See the spec)
- 0x a,0x 223// USAGE(See the spec)
- 0x a,0x 224// USAGE(See the spec)
- 0x a,0x 225// USAGE(See the spec)
- 0x95,0x 8//REPORT_COUNT (8)
- 0x81,0x 2//Input(Data Var Abs )
- /*第4个字节*/
- 0x a,0x 226// USAGE(See the spec)
- 0x a,0x 227// USAGE(See the spec)
- 0x a,0x 22a// USAGE(See the spec)
- 0x a,0x b3// USAGE(See the spec)
- 0x a,0x b4// USAGE(See the spec)
- 0x95,0x 5//REPORT_COUNT (5)
- 0x81,0x 2//Input(Data Var Abs )
- 0x95,0x 3//REPORT_COUNT (3)
- 0x81,0x 1//Input(Con Arr Abs )
- 0xc0,//END_COLLECTION
- /*第5个字节*/
- 略若干字节
- 26.1 IN 00 00 2c 00 00 00 00 00 ..,..... 1.1.0
- 28 IN 01 00 39 00 00 00 00 00 00 00 00 00 ..9......... 2.1.0(189)
- //按下空格键(2c)
- //下面的这个怎么是12个字节,理论推断是5个,
- //usage_consumer只针对特定设备的,
- 26.1 IN 00 00 00 00 00 00 00 00 ........ 191.1.0
- 28 IN 01 00 39 00 01 00 00 00 00 00 00 00 ..9......... 192.1.0
- //松开空格键
- //