Moni nonse.
Ife, Victor Antipov ndi Ilya Aleshin, lero tikambirana zomwe takumana nazo pogwira ntchito ndi zida za USB kudzera pa Python PyUSB komanso pang'ono za reverse engineering.
prehistory
Mu 2019, Decree of the Government of the Russian Federation No. 224 "Povomereza Malamulo olembera fodya ndi njira zozindikiritsira ndi mawonekedwe a kukhazikitsa dongosolo lazidziwitso la boma pakuwunika kayendetsedwe kazinthu zomwe zimalembedwa movomerezeka ndi zizindikiritso. mogwirizana ndi zinthu za fodyaβ inayamba kugwira ntchito.
Chikalatacho chikufotokoza kuti kuyambira pa Julayi 1, 2019, opanga akuyenera kulemba paketi iliyonse ya fodya. Ndipo ogawa mwachindunji ayenera kulandira zinthuzi pogwiritsa ntchito chikalata chosinthira (UDD). Masitolo nawonso amayenera kulembetsa kugulitsa kwazinthu zolembedwa kudzera mu kaundula wa ndalama.
Komanso, kuyambira pa Julayi 1, 2020, kufalitsa kwa fodya wopanda zilembo ndikoletsedwa. Izi zikutanthauza kuti mapaketi onse a ndudu ayenera kulembedwa ndi barcode yapadera ya Datamatrix. Komanso - mfundo yofunika - kunapezeka kuti Datamatrix sadzakhala wamba, koma mosiyana. Ndiko kuti, osati code yakuda pa zoyera, koma mosiyana.
Tidayesa ma scanner athu, ndipo zidapezeka kuti ambiri amayenera kusinthidwanso / kuphunzitsidwanso, apo ayi sangathe kugwira ntchito bwino ndi barcode iyi. Kusintha kumeneku kunatitsimikizira kuti mutu wathu umakhala wovuta kwambiri, chifukwa kampani yathu ili ndi masitolo ambiri omwe ali omwazikana m'gawo lalikulu. Makumi angapo masauzande a zolembera ndalama - ndi nthawi yochepa kwambiri.
Kodi chinayenera kuchitidwa chiyani? Pali njira ziwiri. Choyamba: mainjiniya omwe ali pamalowo amawunikiranso ndikusintha masikelo. Chachiwiri: timagwira ntchito patali ndipo, makamaka, timaphimba ma scanner ambiri nthawi imodzi.
Chosankha choyamba, mwachiwonekere, sichinali choyenera kwa ife: tinkayenera kugwiritsa ntchito ndalama zoyendera mainjiniya, ndipo pankhaniyi zingakhale zovuta kuwongolera ndikugwirizanitsa ndondomekoyi. Koma chofunikira kwambiri ndichakuti anthu azigwira ntchito, ndiye kuti, titha kupeza zolakwika zambiri ndipo, mwina, osakwaniritsa nthawi yake.
Njira yachiwiri ndi yabwino kwa aliyense, ngati si chinthu chimodzi. Ogulitsa ena analibe zida zowunikira zakutali zomwe timafunikira pamakina onse ofunikira. Ndipo popeza kuti masiku omalizira anali kutha, ndinayenera kuganiza ndi mutu wanga.
Kenako, tikuuzani momwe tinapangira zida zojambulira pamanja za Debian 9.x OS (zolembera zathu zonse zandalama zili pa Debian).
Sungunulani mwambi: momwe mungayatse scanner
Victor Antipov akuti.
Ntchito yovomerezeka yoperekedwa ndi wogulitsa imagwira ntchito pansi pa Windows, komanso ndi IE yokha. Zomwe zimagwiritsidwa ntchito zimatha kuwunikira ndikusintha scanner.
Popeza dongosolo lathu lomwe tikufuna ndi Debian, tidayika seva ya usb-redirector pa Debian ndi kasitomala wa usb-redirector pa Windows. Pogwiritsa ntchito zida za usb-redirector, tidatumiza sikani kuchokera pamakina a Linux kupita pamakina a Windows.
Chida chochokera kwa ogulitsa Windows chinawona chojambuliracho ndipo chinawunikiranso bwino. Choncho, tinapanga mfundo yoyamba: palibe chomwe chimadalira OS, ndi nkhani ya protocol yowunikira.
CHABWINO. Tinayendetsa kuwunikira pamakina a Windows, ndikuchotsa zotayira pamakina a Linux.
Tidayika zotayirapo mu WireShark ndipo ... tinali ndi chisoni (ndisiya zina mwazinthu zotayirapo, sizosangalatsa).
Zomwe tayiyi idatiwonetsa:
Maadiresi 0000-0030, kuweruza ndi Wireshark, ndi chidziwitso chautumiki wa USB.
Tidachita chidwi ndi gawo 0040-0070.
Palibe chomwe chinali chowonekera pa chimango chimodzi chotumizira kupatula zilembo za MOCFT. Izi zidakhala zilembo za fayilo ya firmware, komanso zilembo zotsalira mpaka kumapeto kwa chimango (fayilo ya firmware ikuwonetsedwa):
Zomwe zizindikiro fd 3e 02 01 fe zimatanthauza, ine ndekha, monga Ilya, ndinalibe lingaliro.
Ndinayang'ana chimango chotsatirachi (chidziwitso chautumiki chachotsedwa apa, fayilo ya firmware yasonyezedwa):
Kodi nβchiyani chinadziwika bwino? Kuti ma byte awiri oyamba ndi mtundu wina wokhazikika. Ma block onse otsatira adatsimikizira izi, koma asanafike kumapeto kwa chipika chotumizira:
Chimango ichi chinalinso chododometsa, popeza nthawi zonse zidasintha (zowunikira) ndipo, modabwitsa, panali gawo la fayilo. Kukula kwa ma byte omwe adasamutsidwa a fayilo adawonetsa kuti ma byte 1024 adasamutsidwa. Sindinadziwenso kuti ma byte otsalawo amatanthauza chiyani.
Choyamba, monga dzina lakale la BBS, ndinayang'ananso ndondomeko zotumizira. Palibe protocol yofalitsidwa ndi 1024 byte. Ndidayamba kuphunzira zaukadaulo ndikupeza protocol ya 1K Xmodem. Zinalola kusamutsidwa kwa 1024, koma ndi chenjezo: poyamba 128 okha, ndipo pokhapokha ngati panalibe zolakwika, ndondomekoyi inawonjezera chiwerengero cha ma byte omwe anasamutsidwa. Nthawi yomweyo ndidasintha ma byte 1024. Ndinaganiza zophunzira njira zotumizira, makamaka X-modemu.
Pali mitundu iwiri ya modemu.
Choyamba, mawonekedwe a phukusi la XMODEM ndi chithandizo cha CRC8 (XMODEM yoyambirira):
Kachiwiri, mtundu wa paketi wa XMODEM wokhala ndi chithandizo cha CRC16 (XmodemCRC):
Zikuwoneka mofanana, kupatulapo SOH, nambala ya phukusi ndi CRC ndi kutalika kwa phukusi.
Ndidayang'ana koyambirira kwa chipika chachiwiri chotumizira (ndikuwonanso fayilo ya firmware, koma idalowetsedwa kale ndi 1024 bytes):
Ndinawona mutu wodziwika bwino fd 3e 02, koma ma byte awiri otsatirawa anali atasintha kale: anali 01 fe, ndipo anakhala 02 fd. Kenako ndinazindikira kuti chipika chachiwiri chinali chitawerengedwa 02 ndipo ndinamvetsetsa: kutsogolo kwanga kunali chiwerengero cha chipika chotumizira. Zoyamba za 1024 ndi 01, zachiwiri ndi 02, zachitatu ndi 03 ndi zina zotero (koma mu hex, ndithudi). Koma kusintha kuchoka ku fe kupita ku fd kumatanthauza chiyani? Maso adawona kuchepa kwa 1, ubongo unakumbutsa kuti olemba mapulogalamu amawerengera kuchokera ku 0, osati 1. Koma ndiye chifukwa chiyani chipika choyamba ndi 1, osati 0? Sindinapezebe yankho la funsoli. Koma ndinamvetsetsa momwe chipika chachiwiri chikuwerengedwa. Chida chachiwiri sichinthu choposa FF - (kuchotsera) chiwerengero cha chipika choyamba. Chifukwa chake, chipika chachiwiri chidasankhidwa kukhala = 02 (FF-02) = 02 FD. Kuwerenga kotsatira kwa zotayirako kunatsimikizira malingaliro anga.
Kenako chithunzi chotsatira cha kufalikira chidayamba kuwonekera:
Kuyamba kwa kufala
fd 3e 02 - Yambani
01 FE - kauntala
Kusamutsa (ma block 34, ma byte 1024 asinthidwa)
fd 3e 1024 bytes ya data (yogawidwa mu 30 byte blocks).
Kutha kwa kufalitsa
pa fd25
Zomwe zatsala ziyenera kulumikizidwa ku 1024 byte.
Kodi chimango chakumapeto kwa block transmission chimawoneka bwanji:
fd 25 - chizindikiro chothetsa kufalikira kwa block. Chotsatira 2f 52 - fayilo yonseyo mpaka 1024 byte mu kukula. 2f 52, kutengera protocol, ndi 16-bit CRC checksum.
Chifukwa cha nthawi zakale, ndidapanga pulogalamu mu C yomwe imakoka ma byte 1024 kuchokera pafayilo ndikuwerengera 16-bit CRC. Kukhazikitsa pulogalamuyi kunawonetsa kuti iyi si CRC ya 16-bit. Stupor kachiwiri - kwa masiku atatu. Nthawi yonseyi ndimayesa kumvetsetsa chomwe chingakhale, ngati sichoncho. Ndikuphunzira mawebusayiti achingerezi, ndidazindikira kuti X-modemu imagwiritsa ntchito ma cheke ake - CRC-CCITT (XModem). Sindinapeze kukhazikitsidwa kulikonse kwa C pakuwerengera uku, koma ndapeza tsamba lomwe limawerengera cheke ichi pa intaneti. Nditasamutsa ma byte 1024 a fayilo yanga patsamba, tsambalo linandiwonetsa cheke chomwe chimafanana ndi chequesum kuchokera pafayilo.
Uwu! Mwambi wotsiriza unathetsedwa, tsopano ndinafunika kupanga firmware yanga. Kenaka, ndinapereka chidziwitso changa (ndipo chinangokhala m'mutu mwanga) kwa Ilya, yemwe amadziwa bwino zida zamphamvu za Python.
Kupanga pulogalamu
Ilya Aleshin akuti.
Popeza ndinalandira malangizo oyenerera, ndinali βwosangalalaβ kwambiri.
Kuti tiyambire? Ndiko kulondola, kuyambira pachiyambi. ο Kuchokera pakutaya ku doko la USB.
Yambitsani USB-pcap
Sankhani doko lomwe chipangizocho chikugwirizana ndi fayilo yomwe tidzasungira kutaya.
Timalumikiza makina ojambulira ku makina komwe pulogalamu ya EZConfigScanning ya Windows imayikidwa.
Mmenemo timapeza chinthu chotumizira malamulo ku chipangizocho. Koma bwanji matimu? Kodi ndingazipeze kuti?
Pulogalamuyo ikayamba, zidazo zimasankhidwa zokha (tidzawona izi posachedwa). Ndipo panali ma barcode ophunzitsira kuchokera ku zikalata zovomerezeka za zida. KUSINTHA. Iyi ndi timu yathu.
Deta yofunikira yalandiridwa. Tsegulani dump.pcap kudzera pa wireshark.
Tsekani mukayamba EZConfigScanning. Malo omwe muyenera kulabadira amalembedwa zofiira.
Nditaona zonsezi kwa nthawi yoyamba, ndinataya mtima. Sizikudziwika komwe mungakumbire.
Kulingalira pang'ono ndi-n-n-n^Aha! M'dambo kunja - ndi inndi in izo kunja.
Ndayang'ana google kuti URB_INTERRUPT ndi chiyani. Ndinapeza kuti iyi ndi njira kusamutsa deta. Ndipo pali 4 njira zotere: kuwongolera, kusokoneza, isochronous, chochuluka. Mukhoza kuwerenga za iwo mosiyana.
Ndipo ma adilesi omalizira mu mawonekedwe a chipangizo cha USB atha kupezeka kudzera mu lamulo la "lsusb -v" kapena kugwiritsa ntchito pyusb.
Tsopano tiyenera kupeza zipangizo zonse ndi VID iyi. Mutha kusaka mwachindunji ndi VID:PID.
Zikuwoneka motere:
Chifukwa chake, tili ndi chidziwitso chofunikira: malamulo a P_INFO. kapena DEFALT, maadiresi pomwe mungalembe malamulo endpoint=03 ndi komwe mungapeze yankho endpoint=86. Chotsalira ndikutembenuza malamulo kukhala hex.
Popeza tapeza kale chipangizocho, tiyeni tichitsegule ku kernel...
...ndipo lembani mpaka kumapeto ndi adilesi 0x03,
... ndiyeno werengani yankho kuchokera kumapeto ndi adilesi 0x86.
Yankho lokhazikika:
P_INFOfmt: 1
mode: app
app-present: 1
boot-present: 1
hw-sn: 18072B44CA
hw-rev: 0x20
cbl: 4
app-sw-rev: CP000116BBA
boot-sw-rev: CP000014BAD
flash: 3
app-m_name: Voyager 1450g
boot-m_name: Voyager 1450g
app-p_name: 1450g
boot-p_name: 1450g
boot-time: 16:56:02
boot-date: Oct 16 2014
app-time: 08:49:30
app-date: Mar 25 2019
app-compat: 289
boot-compat: 288
csum: 0x6986Timawona izi mu dump.pcap.
Zabwino! Sinthani ma barcode a system kukhala hex. Ndi zimenezo, ntchito yophunzitsa ndi wokonzeka.
Nanga bwanji firmware? Chilichonse chikuwoneka chofanana, koma pali nuance.
Popeza tataya kwathunthu kuthwanima, tinamvetsetsa bwino zomwe timakumana nazo. Nayi nkhani yokhudzana ndi XMODEM, yomwe idathandizira kwambiri kumvetsetsa momwe kulumikizanaku kumachitikira, ngakhale munjira zambiri: Ndikupangira kuwerenga.
Kuyang'ana kutayira, mutha kuwona kuti kukula kwake ndi 1024, ndipo kukula kwa data ya URB ndi 64.
Chifukwa chake - 1024/64 - timapeza mizere 16 mu chipika, werengani fayilo ya firmware 1 khalidwe panthawi imodzi ndikupanga chipika. Kuthandizira mzere umodzi mu block yokhala ndi zilembo zapadera fd1e3 + block number.
Mizere yotsatira ya 14 ikuphatikizidwa ndi fd25 +, pogwiritsa ntchito XMODEM.calc_crc () timawerengera checksum ya chipika chonse (zinatenga nthawi yochuluka kuti timvetse kuti "FF - 1" ndi CSUM) ndipo chomaliza, mzere wa 16 wawonjezeredwa. ndi fd3e.
Zikuwoneka kuti ndi choncho, werengani fayilo ya firmware, gwirani midadada, chotsani chojambulira pa kernel ndikuchitumiza ku chipangizocho. Koma sizophweka. Scanner iyenera kusinthidwa kukhala firmware mode,
ΠΎΡΠΏΡΠ°Π²ΠΈΠ² Π΅ΠΌΡ NEWAPP = β\xfd\x0a\x16\x4e\x2c\x4e\x45\x57\x41\x50\x50\x0dβ.
Timu iyi ndi yakuchokela kuti?? Kuchokera kudzala.
Koma sitingathe kutumiza chipika chonse ku sikani chifukwa cha malire 64:
Chabwino, chojambulira mu NEWAPP chowunikira sichivomereza hex. Chifukwa chake, muyenera kumasulira mzere uliwonse bytes_array
[253, 10, 22, 78, 44, 78, 69, 87, 65, 80, 80, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Kenako tumizani izi ku scanner.
Timapeza yankho:
[2, 1, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Ngati muyang'ana nkhani ya XMODEM, zidzamveka bwino: deta yavomerezedwa.
Mabolodi onse akasamutsidwa, timamaliza kusamutsa END_TRANSFER = 'xfdx01x04'.
Chabwino, popeza midadada iyi sanyamula chidziwitso chilichonse kwa anthu wamba, tidzakhazikitsa firmware munjira yobisika mwachisawawa. Ndipo zikatero, tidzakonza njira yopita patsogolo kudzera mu tqdm.
Kwenikweni, ndi nkhani ya zinthu zazing'ono. Chotsalira ndikukulunga yankho m'malemba obwereza misa pa nthawi yodziwika bwino, kuti musachedwetse ntchito yotuluka, ndikuwonjezera mitengo.
Zotsatira
Titakhala nthawi yambiri ndi khama komanso tsitsi pamutu pathu, tinatha kupanga mayankho omwe timafunikira, komanso tinakumana ndi nthawi yomaliza. Panthawi imodzimodziyo, ma scanner tsopano asinthidwa ndikuphunzitsidwanso pakati, timayendetsa bwino ndondomeko yonseyi. Kampaniyo idapulumutsa nthawi ndi ndalama, ndipo tidapeza chidziwitso chamtengo wapatali pazida zamainjiniya zamtunduwu.
Source: www.habr.com