Sannu kowa da kowa.
Mu, Viktor Antipov da Ilya Aleshin, a yau za mu yi magana game da kwarewarmu ta yin aiki tare da na'urorin USB ta hanyar Python PyUSB da kadan game da aikin injiniya na baya.
prehistory
A cikin 2019, Dokar Gwamnatin Tarayyar Rasha No. 224 "A kan amincewa da Dokokin don lakafta kayan sigari tare da hanyoyin tantancewa da fasalulluka na aiwatar da tsarin bayanan jihar don kula da yaduwar kayayyaki da ke ƙarƙashin lakabi na wajibi tare da hanyoyin tantancewa. dangane da kayayyakin taba” ya fara aiki.
Takardar ta bayyana cewa daga ranar 1 ga Yuli, 2019, ana buƙatar masana'antun su yi wa kowane fakitin taba. Kuma dole ne masu rarraba kai tsaye su karɓi waɗannan samfuran tare da aiwatar da takaddar canja wuri ta duniya (UDD). Stores, bi da bi, suna buƙatar yin rajistar siyar da samfuran da aka lakafta ta hanyar rajistar kuɗi.
Hakanan, daga ranar 1 ga Yuli, 2020, an haramta yaɗuwar samfuran taba marasa alamar. Wannan yana nufin cewa duk fakitin taba dole ne a yi masa alama da lambar sirri ta Datamatrix na musamman. Haka kuma - wani muhimmin batu - ya juya cewa Datamatrix ba zai zama talakawa ba, amma juyi. Wato, ba black code akan fari ba, amma akasin haka.
Mun gwada na'urorin mu, kuma ya zama cewa yawancinsu suna buƙatar sake kunnawa / sake horar da su, in ba haka ba kawai ba za su iya yin aiki akai-akai tare da wannan lambar ba. Wannan juyi na al'amuran ya ba mu tabbacin ciwon kai mai tsanani, saboda kamfaninmu yana da shaguna da yawa waɗanda suka warwatse a kan wani yanki mai faɗi. Dubun dubatar tsabar kuɗi da yawa - kuma kaɗan kaɗan.
Me za a yi? Akwai zaɓuɓɓuka biyu. Na farko: Injiniyoyin kan yanar gizo da hannu sun sake kunnawa da daidaita na'urorin daukar hoto. Na biyu: muna aiki daga nesa kuma, zai fi dacewa, rufe na'urori masu yawa a lokaci ɗaya a cikin juzu'i ɗaya.
Zaɓin farko, a fili, bai dace da mu ba: dole ne mu kashe kuɗi akan injiniyoyi masu ziyara, kuma a wannan yanayin zai zama da wuya a sarrafa da daidaita tsarin. Amma abu mafi mahimmanci shi ne mutane za su yi aiki, wato, za mu yi yuwuwar samun kurakurai da yawa kuma, mai yuwuwa, ba za mu cika wa'adin ba.
Zaɓin na biyu yana da kyau ga kowa, idan ba don abu ɗaya ba. Wasu dillalai ba su da kayan aikin walƙiya nesa da muke buƙata don duk tsarin aiki da ake buƙata. Kuma tunda wa'adin ya kare, sai na yi tunani da kaina.
Bayan haka, za mu gaya muku yadda muka ƙirƙira kayan aikin na'urar daukar hotan takardu don Debian 9.x OS (duk masu rijistar kuɗin mu suna kan Debian).
Magance kacici-kacici: yadda ake filasha da na'urar daukar hoto
Victor Antipov ya ruwaito.
Aikin hukuma wanda mai siyar ya bayar yana aiki a ƙarƙashin Windows, kuma tare da IE kawai. Mai amfani zai iya walƙiya kuma saita na'urar daukar hotan takardu.
Tunda tsarin mu shine Debian, mun shigar da uwar garken usb-redirector akan Debian da abokin ciniki mai jujjuya usb akan Windows. Ta amfani da abubuwan amfani da kebul-redirector, mun tura na'urar daukar hotan takardu daga na'urar Linux zuwa injin Windows.
Wani mai amfani daga mai siyar da Windows ya ga na'urar daukar hotan takardu har ma ya haska shi akai-akai. Don haka, mun yanke shawarar farko: babu abin da ya dogara da OS, lamari ne na ka'idar walƙiya.
KO. Mun gudu da walƙiya a kan na'urar Windows, kuma mun cire juji a kan na'urar Linux.
Mun cusa juji cikin WireShark kuma ... na yi baƙin ciki (Zan bar wasu cikakkun bayanai na juji, ba su da wani sha'awa).
Abin da juji ya nuna mana:
Adireshi 0000-0030, yin hukunci ta Wireshark, bayanan sabis na USB ne.
Muna sha'awar sashi na 0040-0070.
Babu wani abu da ya bayyana daga firam ɗin watsawa ɗaya sai ga haruffan MOCFT. Waɗannan haruffan sun zama haruffa daga fayil ɗin firmware, da sauran haruffa har zuwa ƙarshen firam (fayil ɗin firmware yana haskaka):
Abin da alamomin fd 3e 02 01 fe ke nufi, Ni da kaina, kamar Ilya, ba ni da masaniya.
Na kalli firam mai zuwa (an cire bayanin sabis anan, an haskaka fayil ɗin firmware):
Me ya fito fili? Cewa bytes biyu na farko wasu nau'i ne na dindindin. Duk tubalan da suka biyo baya sun tabbatar da hakan, amma kafin ƙarshen toshewar watsawa:
Hakanan wannan firam ɗin yana da ban tsoro, tunda akai-akai ya canza (wanda aka haskaka) kuma, abin ban mamaki, akwai ɓangaren fayil ɗin. Girman abubuwan da aka canjawa wuri na fayil ɗin ya nuna cewa an canza bytes 1024. Ban sake sanin abin da ragowar bytes ke nufi ba.
Da farko, a matsayin tsohon sunan barkwanci na BBS, na sake duba daidaitattun ka'idojin watsa labarai. Babu yarjejeniya da aka watsa 1024 bytes. Na fara nazarin kayan aikin kuma na ci karo da ka'idar Xmodem 1K. Ya ba da izinin watsa 1024, amma tare da faɗakarwa: a farkon 128 kawai, kuma idan babu kurakurai, ƙa'idar ta ƙara yawan adadin bytes. Nan da nan na sami canja wurin 1024 bytes. Na yanke shawarar yin nazarin ka'idojin watsawa, kuma musamman X-modem.
Akwai nau'ikan modem guda biyu.
Na farko, tsarin fakitin XMODEM tare da tallafin CRC8 (ainihin XMODEM):
Na biyu, tsarin fakitin XMODEM tare da tallafin CRC16 (XmodemCRC):
Yana kama da kama, banda SOH, lambar kunshin da CRC da tsawon kunshin.
Na kalli farkon shingen watsawa na biyu (kuma na sake ganin fayil ɗin firmware, amma an riga an shigar da shi ta 1024 bytes):
Na ga saba da fd 3e 02, amma bytes biyu na gaba sun riga sun canza: 01 fe, kuma ya zama 02 fd. Sa'an nan na lura cewa block na biyu yanzu an ƙidaya 02 kuma ta haka ne aka fahimta: a gabana akwai lambar tashar watsawa. Kayan 1024 na farko shine 01, na biyu shine 02, na uku shine 03 da sauransu (amma a cikin hex, ba shakka). Amma menene canjin daga fe zuwa fd yake nufi? Idanu sun ga raguwa da 1, kwakwalwa ta tuna cewa masu shirye-shiryen suna ƙidaya daga 0, ba 1 ba. To amma me yasa block na farko ya zama 1, ba 0 ba? Har yanzu ban sami amsar wannan tambayar ba. Amma na fahimci yadda ake kirga block na biyu. Toshe na biyu ba kome ba ne face FF – (rasa) adadin tubalan farko. Don haka, toshe na biyu an sanya shi azaman = 02 (FF-02) = 02 FD. Karatun juji na gaba ya tabbatar da hasashena.
Daga nan sai hoto mai zuwa na watsawa ya fara fitowa:
Fara watsawa
fd 3e 02 - Fara
01 FE - counter watsawa
Canja wuri (tubalan 34, 1024 bytes canjawa wuri)
fd 3e 1024 bytes na bayanai (kasu kashi 30 byte tubalan).
Ƙarshen watsawa
fd 25
Sauran bayanan da za a daidaita su zuwa 1024 bytes.
Menene block watsa karshen frame yayi kama:
fd 25 – sigina don kawo karshen toshe watsawa. 2f 52 na gaba - sauran fayil ɗin har zuwa 1024 bytes a girman. 2f 52, yin hukunci ta hanyar yarjejeniya, jimlar CRC ce 16-bit.
Domin tsohon lokaci, na yi wani shiri a cikin C wanda ya ciro 1024 bytes daga fayil kuma na ƙididdige CRC 16-bit. Ƙaddamar da shirin ya nuna cewa wannan ba 16-bit CRC ba ne. Stupor kuma - kimanin kwanaki uku. Duk wannan lokacin ina ƙoƙarin fahimtar abin da zai iya zama, idan ba checksum ba. Yayin da nake nazarin rukunin yanar gizon Ingilishi, na gano cewa X-modem yana amfani da nasa lissafin checksum - CRC-CCITT (XModem). Ban sami wani aiki na C na wannan lissafin ba, amma na sami wani rukunin yanar gizon da ya ƙididdige wannan checksum akan layi. Bayan canja wurin 1024 bytes na fayil na zuwa shafin yanar gizon, rukunin yanar gizon ya nuna mani checksum wanda ya yi daidai da checksum daga fayil ɗin.
Hooray! An warware kacici-kacici na ƙarshe, yanzu ina buƙatar yin firmware na. Bayan haka, na ba da ilimina (kuma ya kasance a cikin kaina kawai) ga Ilya, wanda ya saba da kayan aikin Python mai ƙarfi.
Ƙirƙirar shirin
Ilya Aleshin ya ruwaito.
Bayan na karɓi umarnin da suka dace, na yi “farin ciki sosai.”
A ina za a fara? Haka ne, tun daga farko. Daga ɗaukar juji daga tashar USB.
Kaddamar da USB-pcap
Zaɓi tashar jiragen ruwa wanda aka haɗa na'urar da fayil ɗin da za mu ajiye juji.
Muna haɗa na'urar daukar hotan takardu zuwa na'ura inda aka shigar da software na asali na EZConfigScanning na Windows.
A ciki mun sami abu don aika umarni zuwa na'urar. Amma menene game da ƙungiyoyi? A ina zan iya samun su?
Lokacin da shirin ya fara, kayan aikin za a jefa su ta atomatik (za mu ga wannan kadan daga baya). Kuma akwai lambobin horo daga takardun kayan aiki na hukuma. DEFALT. Wannan ita ce ƙungiyarmu.
An karɓi bayanan da suka dace. Buɗe dump.pcap ta hanyar wayashark.
Toshe lokacin fara EZConfigScanning. Wuraren da kuke buƙatar kulawa ana yiwa alama da ja.
Ganin wannan duka a karon farko, sai na karaya. Ba a bayyana inda za a tono na gaba ba.
Ƙarfafa tunani da-da-da... Aha! A cikin juji daga - shi ne inda kuma in shi daga.
Na google abin da URB_INTERRUPT yake. Na gano cewa wannan hanyar canja wurin bayanai ce. Kuma akwai irin waɗannan hanyoyin guda 4: sarrafawa, katsewa, isochronous, girma. Kuna iya karanta game da su daban.
Kuma ana iya samun adireshin ƙarshen a cikin kebul na na'urar USB ta hanyar umarnin "lsusb -v" ko ta amfani da pyusb.
Yanzu muna buƙatar nemo duk na'urori masu wannan VID. Kuna iya bincika musamman ta VID:PID.
Ga alama kamar haka:
Don haka, muna da mahimman bayanan: umarnin P_INFO. ko DEFALT, adireshin inda za a rubuta umarni ƙarshen = 03 da kuma inda za a sami ƙarshen amsa = 86. Duk abin da ya rage shine canza umarni zuwa hex.
Tun da mun riga mun samo na'urar, bari mu cire haɗin ta daga kernel ...
... kuma rubuta zuwa ƙarshen ƙarshen tare da adireshin 0x03,
... sannan karanta amsa daga ƙarshen ƙarshen tare da adireshin 0x86.
Amsa da aka tsara:
P_INFOfmt: 1
mode: app
app-present: 1
boot-present: 1
hw-sn: 18072B44CA
hw-rev: 0x20
cbl: 4
app-sw-rev: CP000116BBA
boot-sw-rev: CP000014BAD
flash: 3
app-m_name: Voyager 1450g
boot-m_name: Voyager 1450g
app-p_name: 1450g
boot-p_name: 1450g
boot-time: 16:56:02
boot-date: Oct 16 2014
app-time: 08:49:30
app-date: Mar 25 2019
app-compat: 289
boot-compat: 288
csum: 0x6986Muna ganin wannan bayanan a cikin dump.pcap.
Mai girma! Maida tsarin barcodes zuwa hex. Shi ke nan, aikin horarwa yana shirye.
Me game da firmware? Komai yana da alama iri ɗaya ne, amma akwai nuance.
Bayan mun jujjuya tsarin walƙiya, mun fahimci kusan abin da muke hulɗa da shi. Anan akwai labarin game da XMODEM, wanda ya taimaka sosai wajen fahimtar yadda wannan sadarwar ke faruwa, ko da yake a jumlace: Ina ba da shawarar karanta shi.
Duban juji, zaku iya ganin girman firam ɗin shine 1024, kuma girman bayanan URB shine 64.
Saboda haka - 1024/64 - muna samun layi 16 a cikin toshe, karanta fayil ɗin firmware 1 harafin a lokaci guda kuma ƙirƙirar toshe. Haɓaka layin 1 a cikin toshe tare da haruffa na musamman fd3e02 + lambar toshe.
Layukan 14 na gaba an ƙara su tare da fd25 +, ta amfani da XMODEM.calc_crc () muna ƙididdige ƙididdige ƙididdiga na duka block (ya ɗauki lokaci mai yawa don fahimtar cewa "FF - 1" shine CSUM) kuma na ƙarshe, an ƙara layin 16th. da fd3e.
Da alama shi ke nan, karanta fayil ɗin firmware, buga tubalan, cire haɗin na'urar daukar hotan takardu daga kwaya kuma aika zuwa na'urar. Amma ba haka ba ne mai sauki. Ana buƙatar canza na'urar daukar hoto zuwa yanayin firmware,
отправив ему NEWAPP = ‘\xfd\x0a\x16\x4e\x2c\x4e\x45\x57\x41\x50\x50\x0d’.
Daga ina wannan tawagar?? Daga juji.
Amma ba za mu iya aika gaba ɗaya toshe zuwa na'urar daukar hotan takardu ba saboda iyaka 64:
To, na'urar daukar hotan takardu a cikin NEWAPP yanayin walƙiya baya karɓar hex. Don haka, dole ne ku fassara kowane layi bytes_array
[253, 10, 22, 78, 44, 78, 69, 87, 65, 80, 80, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Sannan aika wannan bayanan zuwa na'urar daukar hotan takardu.
Muna samun amsar:
[2, 1, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Idan ka duba labarin game da XMODEM, zai bayyana: an karɓi bayanan.
Bayan an canza duk tubalan, mun kammala canja wuri END_TRANSFER = 'xfdx01x04'.
To, tunda waɗannan tubalan ba sa ɗaukar wani bayani ga talakawa, za mu shigar da firmware a cikin yanayin ɓoye ta tsohuwa. Kuma kawai idan akwai, za mu tsara mashaya ci gaba ta hanyar tqdm.
A gaskiya, to, abu ne na ƙananan abubuwa. Abin da ya rage shi ne a nannade maganin a cikin rubutun don yin kwafin taro a daidai lokacin da aka ƙayyade, don kada a rage aikin aiki a wurin biya, da ƙara shiga.
Sakamakon
Bayan da muka yi amfani da lokaci mai yawa da ƙoƙari da gashi a kan mu, mun sami damar samar da mafita da muke bukata, kuma mun hadu da ranar ƙarshe. A lokaci guda, na'urar daukar hoto yanzu an sake kunnawa kuma an sake horar da su a tsakiya, muna sarrafa dukkan tsari a fili. Kamfanin ya adana lokaci da kuɗi, kuma mun sami kwarewa mai mahimmanci a cikin kayan aikin injiniya na irin wannan.
source: www.habr.com