Mhoroi munhu wese.
Isu, Viktor Antipov naIlya Aleshin, nhasi tichataura nezve chiitiko chedu chekushanda nemidziyo ye USB kuburikidza nePython PyUSB uye zvishoma nezve reverse engineering.
prehistory
Muna 2019, Chirevo cheHurumende yeRussian Federation No. maererano nezvinogadzirwa nefodyaβ yakatanga kushanda.
Gwaro iri rinotsanangura kuti kubva musi waChikunguru 1, 2019, vagadziri vefodya vanosungirwa kuti vanyore pakiti rega rega refodya. Uye vanogovanisa vakananga vanofanirwa kugashira zvigadzirwa izvi nekuitwa kwedhipatimendi rekuchinjisa pasi rose (UDD). Zvitoro, zvakare, zvinoda kunyoresa kutengeswa kwezvigadzirwa zvakanyorwa kuburikidza nerejista yemari.
Zvakare, kubva munaChikunguru 1, 2020, kutenderera kwezvigadzirwa zvefodya zvisina kunyorwa kunorambidzwa. Izvi zvinoreva kuti mapakeji ese emidzanga anofanirwa kuve akaiswa chiratidzo cheDatamatrix barcode. Uyezve - chinhu chinokosha - zvakazoitika kuti Datamatrix haizove yakajairika, asi inverse. Kureva kuti, kwete dema kodhi pamuchena, asi zvakasiyana.
Takaedza ma scanner edu, uye zvakazoitika kuti mazhinji acho anofanirwa kudzokororwa / kudzidziswazve, zvikasadaro ivo havagone kushanda zvakajairwa neiyi barcode. Kuchinja kwezviitiko uku kwakativimbisa kurwadza kwemusoro, nekuti kambani yedu ine zvitoro zvakawanda zvakapararira munzvimbo yakakura. Makumi akati wandei ezviuru zvemarejista emari - uye nguva shoma kwazvo.
Chii chaifanira kuitwa? Pane zvingasarudzwa zviviri. Chekutanga: pa-saiti mainjiniya nemaoko anovheneka uye gadzirisa ma scanner. Chechipiri: isu tinoshanda kure uye, zviri nani, tinovhara ma scanner akawanda kamwechete mune imwe iteration.
Sarudzo yekutanga, zviri pachena, yakanga isina kukodzera kwatiri: taizofanira kushandisa mari pakushanyira mainjiniya, uye munyaya iyi zvingava zvakaoma kudzora uye kurongedza nzira. Asi chinonyanya kukosha ndechekuti vanhu vashande, ndiko kuti, isu tingangowana zvikanganiso zvakawanda uye, kazhinji, kusasangana nenguva yakatarwa.
Yechipiri sarudzo yakanaka kune wese munhu, kana isiri yechinhu chimwe. Vamwe vatengesi vanga vasina maturusi ekuvheneka ari kure ataida kune ese anodiwa masisitimu ekushandisa. Uye sezvo nguva dzakange dzave kupera, ndaifanira kufunga nemusoro wangu.
Tevere, tichakuudza kuti takagadzira sei maturusi ezvikena zvinobatwa nemaoko zveDebian 9.x OS (ese marejista emari edu ari paDebian).
Gadzirisa chirahwe: sei kupenya scanner
Victor Antipov anoshuma.
Iyo yepamutemo yekushandisa yakapihwa nemutengesi inoshanda pasi peWindows, uye chete neIE. Iyo yekushandisa inogona kupenya uye kugadzirisa scanner.
Sezvo isu takananga sisitimu iri Debian, isu takaisa usb-redirector server paDebian uye usb-redirector mutengi paWindows. Tichishandisa usb-redirector utilities, takatumira scanner kubva kumuchina weLinux kuenda kumuchina weWindows.
Chishandiso kubva kumutengesi weWindows chakaona scanner uye yakatovheneka zvakajairwa. Nokudaro, takaita mhedziso yekutanga: hapana chinoenderana neOS, inyaya yeprotocol inopenya.
OK. Takamhanyisa kupenya pamushini weWindows, uye tikabvisa dump pamushini weLinux.
Isu takaisa dump muWireShark uye...
Zvatakaratidzwa nekuraswa:
Kero 0000-0030, kutonga neWireshark, ruzivo rwesevhisi ye USB.
Isu taifarira chikamu 0040-0070.
Hapana chaive chakajeka kubva kune imwe yekufambisa furemu kunze kweiyo MOCFT mavara. Aya mavara akazoita mavara kubva kufaira re firmware, pamwe neasara mavara kusvika pakupera kwefuremu (iyo firmware file inosimbiswa):
Izvo zviratidzo fd 3e 02 01 fe zvaireva, ini pachedu, saIlya, ndakanga ndisingazivi.
Ndakatarisa iyo inotevera furemu (ruzivo rwesevhisi rwakabviswa pano, iyo firmware file yakasimbiswa):
Chii chakava pachena? Kuti mabheti maviri ekutanga mamwe marudzi ekugara. Ese mabhuroko akatevera akasimbisa izvi, asi isati yapera yekutapurirana block:
Iyi furemu zvakare yaishamisa, sezvo nguva dzose yakanga yachinja (yakasimudzwa) uye, zvisingaite, pakanga paine chikamu chefaira. Saizi yemabhaiti akatamiswa efaira airatidza kuti 1024 bytes dzakatamiswa. Ndakashaya zvakare kuti mabytes asara airevei.
Chekutanga pane zvese, sezita rekare reBBS remadunhurirwa, ndakaongorora akajairwa ekufambisa mapuroteni. Hapana protocol inofambiswa 1024 bytes. Ndakatanga kudzidza hardware ndikasangana ne1K Xmodem protocol. Yakabvumira kutumira 1024, asi ne caveat: pakutanga chete 128, uye chete kana pakanga pasina zvikanganiso, iyo protocol yakawedzera nhamba yemabheti akatumirwa. Ndakabva ndangove nekuchinjirwa kwe1024 bytes. Ndakafunga kudzidza transmission protocol, uye kunyanya X-modemu.
Paive nemhando mbiri dzemodem.
Kutanga, iyo XMODEM pasuru fomati ine CRC8 rutsigiro (iyo yekutanga XMODEM):
Kechipiri, iyo XMODEM packet fomati ine CRC16 rutsigiro (XmodemCRC):
Inotaridzika zvakafanana, kunze kweSOH, nhamba yepakiti uye CRC uye kureba kwepakeji.
Ndakatarisa pakutanga kwechipiri chekutumira block (uye zvakare ndakaona iyo firmware faira, asi yatove indented ne1024 bytes):
Ndakaona musoro unozivikanwa fd 3e 02, asi mabheti maviri anotevera akanga atochinja: yaiva 01 fe, uye ikava 02 fd. Ipapo ndakaona kuti bhuroko rechipiri rakanga rave nhamba 02 uye nokudaro yakanzwisiswa: pamberi pangu pakanga paine manhamba evhavha yekutapurirana. Yekutanga 1024 giya 01, yechipiri 02, yechitatu 03 zvichingodaro (asi muhex, hongu). Asi kuchinja kubva kufe kuenda kufd kunorevei? Maziso akaona kuderera ne1, uropi hwakayeuchidza kuti vagadziri vanoverenga kubva ku0, kwete 1. Asi saka nei yekutanga block 1, uye kwete 0? Handisati ndawana mhinduro yemubvunzo uyu. Asi ini ndakanzwisisa kuti bhokisi rechipiri rinoverengwa sei. Chechipiri chivharo hachisi chinhu chinopfuura FF - (minus) nhamba yebhuroko rekutanga. Nokudaro, bhokisi rechipiri rakasarudzwa se = 02 (FF-02) = 02 FD. Kuverenga kwakatevera kwekurasirwa kwakasimbisa fungidziro yangu.
Ipapo mufananidzo unotevera wekutapurirana wakatanga kubuda:
Kutanga kwekutumira
fd 3e 02 β Kutanga
01 FE - kutapurirana counter
Kutamisa (34 zvidhinha, 1024 bytes kutamiswa)
fd 3e 1024 bytes yedata (yakakamurwa kuita 30 byte blocks).
Kupera kwekutapurirana
fd25
Yasara data kuti ienderane ne1024 bytes.
Iyo block transmission end frame inotaridzika sei:
fd 25 - chiratidzo chekugumisa kutapurirana kwe block. Inotevera 2f 52 - iyo yakasara yefaira inosvika 1024 bytes muhukuru. 2f 52, tichitonga neprotocol, ndeye 16-bit CRC checksum.
Nekuda kwekare, ndakagadzira chirongwa muC chakadhonza 1024 bytes kubva pafaira uye ndikaverenga 16-bit CRC. Kutangisa chirongwa kwakaratidza kuti iyi haisi 16-bit CRC. Stupor zvakare - kweanenge mazuva matatu. Nguva yese iyi ndaiedza kunzwisisa kuti chingave chii, kana isiri cheki. Ndichiri kudzidza mawebhusaiti emutauro weChirungu, ndakaona kuti X-modemu inoshandisa yayo yekuongorora kuverenga - CRC-CCITT (XModem). Ini handina kuwana chero C yekushandiswa kwekuverenga uku, asi ndakawana saiti yakaverenga iyi checksum online. Sezvo ndaendesa 1024 bytes yefaira rangu kune peji rewebhu, saiti yakandiratidza cheki yakanyatsoenderana necheki kubva mufaira.
Hooray! Chirahwe chekupedzisira chakapedzwa, zvino ndaifanira kugadzira firmware yangu. Zvadaro, ndakapfuudza ruzivo rwangu (uye rwakaramba rwuri mumusoro mangu chete) kuna Ilya, uyo anoziva nezvekushandisa zvine simba Python.
Kugadzira chirongwa
Ilya Aleshin anoshuma.
Sezvo ndagamuchira mirayiridzo yakakodzera, ndakaβfaraβ zvikuru.
Ndotangira papi? Ndizvozvo, kubva pakutanga. ο Kubva pakutora dump kubva pa USB port.
Vhura USB-pcap
Sarudza chiteshi kune iyo mudziyo wakabatana uye faira kwatichachengetedza dump.
Isu tinobatanidza scanner kumuchina uko iyo yemuno EZConfigScanning software yeWindows yakaiswa.
Mariri tinowana chinhu chekutumira mirairo kumudziyo. Asi zvakadini nezvikwata? Ndozviwanepi?
Kana chirongwa chatanga, michina yacho inovhoterwa otomatiki (tichaona izvi zvishoma gare gare). Uye kwaive nekudzidziswa barcode kubva kumagwaro emidziyo yepamutemo. DEFALT. Ichi ndicho chikwata chedu.
Iyo data inodiwa yakagamuchirwa. Vhura dump.pcap kuburikidza newireshark.
Vimba paunotanga EZConfigScanning. Nzvimbo dzaunoda kutarisisa dzakaiswa mutsvuku.
Ndichiona zvose izvi kekutanga, ndakaora mwoyo. Hazvina kujeka kwekuchera kunotevera.
Kufunga zvishoma uye-uye-uye... Aha! Mudump panze - izvi inuye in izvozvo panze.
Ndakatsvaga kuti URB_INTERRUPT chii. Ndakaona kuti iyi inzira yekuendesa data. Uye kune 4 nzira dzakadaro: kutonga, kukanganisa, isochronous, yakawanda. Iwe unogona kuverenga pamusoro pavo zvakasiyana.
Uye kero dzekupedzisira mu USB mudziyo interface inogona kuwanikwa kuburikidza ne "lsusb -v" kuraira kana kushandisa pyusb.
Iye zvino tinoda kuwana zvese zvishandiso zvine VID iyi. Unogona kutsvaga zvakananga neVID:PID.
Zvinoita seizvi:
Saka, isu tine ruzivo rwunodiwa: iyo P_INFO mirairo. kana DEFALT, kero dzekunyora mirairo endpoint=03 uye kwekuwana mhinduro endpoint=86. Chasara kushandura mirairo kuita hex.
Sezvo tatowana chishandiso, ngatichibvise kubva ku kernel...
... uye nyorera kumagumo nekero 0x03,
... uye woverenga mhinduro kubva kumagumo nekero 0x86.
Mhinduro yakarongeka:
P_INFOfmt: 1
mode: app
app-present: 1
boot-present: 1
hw-sn: 18072B44CA
hw-rev: 0x20
cbl: 4
app-sw-rev: CP000116BBA
boot-sw-rev: CP000014BAD
flash: 3
app-m_name: Voyager 1450g
boot-m_name: Voyager 1450g
app-p_name: 1450g
boot-p_name: 1450g
boot-time: 16:56:02
boot-date: Oct 16 2014
app-time: 08:49:30
app-date: Mar 25 2019
app-compat: 289
boot-compat: 288
csum: 0x6986Isu tinoona iyi data mu dump.pcap.
Hukuru! Shandura system barcode kuita hex. Ndizvozvo, basa rekudzidzira rakagadzirira.
Zvakadini neiyo firmware? Zvose zvinoratidzika zvakafanana, asi pane nuance.
Sezvo tatora kuraswa kwakazara kwemaitiro ekupenya, takanzwisisa zvatakanga tichibata nazvo. Heino chinyorwa nezve XMODEM, iyo yakabatsira zvakanyanya mukunzwisisa kuti kutaurirana uku kunoitika sei, kunyangwe mune zvakajairika: Ndinokurudzira kuiverenga.
Ukatarisa pakurasa, unoona kuti saizi yefuremu i1024, uye saizi yeURB-data i64.
Saka - 1024/64 - tinowana mitsara ye16 mubhokisi, verenga firmware file 1 character panguva uye gadzira block. Kuzadzisa 1 mutsetse mubhuroka ine akakosha mavara fd3e02 + block nhamba.
Mitsetse gumi nemina inotevera inowedzerwa ne fd14 +, tichishandisa XMODEM.calc_crc() tinoverenga checksum yebhuroko rese (zvakatora nguva yakawanda kuti tinzwisise kuti "FF - 25" ndiyo CSUM) uye yekupedzisira, mutsara wechigumi nematanhatu unowedzerwa. pamwe fd1e.
Zvingaita sekuti ndizvozvo, verenga faira re firmware, rova ββββzvivharo, bvisa scanner kubva ku kernel uye utumire kumudziyo. Asi hazvisi nyore kudaro. Iyo scanner inoda kuchinjirwa kune firmware mode,
ΠΎΡΠΏΡΠ°Π²ΠΈΠ² Π΅ΠΌΡ NEWAPP = β\xfd\x0a\x16\x4e\x2c\x4e\x45\x57\x41\x50\x50\x0dβ.
Team irikupi?? Kubva pakuraswa.
Asi isu hatigone kutumira block yakazara kune scanner nekuda kweiyo 64 muganho:
Zvakanaka, scanner muNEWAPP inopenya modhi haigamuchire hex. Naizvozvo, unozofanirwa kushandura mutsetse wega wega bytes_array
[253, 10, 22, 78, 44, 78, 69, 87, 65, 80, 80, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Uye wozotumira iyi data kune scanner.
Tinowana mhinduro:
[2, 1, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]Kana iwe ukatarisa chinyorwa nezve XMODEM, zvichava pachena: iyo data yakagamuchirwa.
Kana mabhuroko ese atamiswa, tinopedzisa kutamisa END_TRANSFER = 'xfdx01x04'.
Zvakanaka, sezvo zvidhinha izvi zvisingatakure chero ruzivo rwevanhuwo zvavo, isu tichaisa iyo firmware mune yakavanzika mode nekukasira. Uye kana zvikaitika, isu ticharonga kufambira mberi bar kuburikidza netqdm.
Chaizvoizvo, zvino inyaya yezvinhu zvidiki. Chinosara ndechekuputira mhinduro muzvinyorwa zvekudzokorora kwevazhinji panguva yakanyatsotsanangurwa, kuti usanonoke maitiro ekushanda pacheckouts, uye kuwedzera matanda.
Mugumisiro
Sezvo takapedza nguva yakawanda nesimba uye nebvudzi mumisoro yedu, takakwanisa kugadzira mhinduro dzataida, uye zvakare takasangana nenguva yakatarwa. Panguva imwecheteyo, ma scanner ave kudzokororwa uye akadzidziswazve pakati, isu tinonyatso kudzora maitiro ese. Iyo kambani yakachengetedza nguva nemari, uye isu takawana ruzivo rwakakosha mune reverse engineering michina yerudzi urwu.
Source: www.habr.com