[usbproxy] get usb-mitm running on BeagleBone Black

  • From: "Tr.Hawk" <tr.hawk@xxxxxx>
  • To: usbproxy@xxxxxxxxxxxxx
  • Date: Thu, 8 Oct 2015 12:14:59 +0200

Dear list!

I tried to get usb-mitm running on an Beaglebone Black via a description
I found here:
http://gimx.fr/wiki/index.php?title=Bbb_sniffer

After some struggles (newer compiler version for USBProxy mainly) I seem
to get things compiled but not really up and running. Please find
outputs of two examples of problems at the end of my email.

Does USBProxy together with gadgetfs and libusb (v1.0.19) need some
special linux kernel version/initrd image for the BeagleBone Black?

The description above uses a build tool set from Robert Nelson and
running a debian image on the BBB:

root@beaglebone:~# uname -a
Linux beaglebone 3.8.13-bone50 #1 SMP Tue May 13 13:24:52 UTC 2014
armv7l GNU/Linux
root@beaglebone:~# cat /etc/debian_version
7.5

Can you please give me any advise on how to get usb-mitm running on a
beaglebone-black?

Thank you very much for your efforts

Cheers
Hawk

--

Two symptons of problems with usb-mitm and the BBB:

1. HID devices do not communicate properly with usb-mitm, resulting in
"Device unresponsive":

root@beaglebone:~# usb-mitm -d -v 046a -p 0023
CP: String vendorId = 046a
CP: String productId = 0023
Version ShmooCon_2015-75-g9b1e
Running under kernel 3.8.13-bone50
CP: String DeviceProxy = DeviceProxy_LibUSB
CP: String HostProxy = HostProxy_GadgetFS
Loading plugins from /usr/local/lib/USBProxy/
vendorId=046a
productId=0023
cleaning up /tmp
removing 1
Made directory /tmp/gadget-llbcaf for gadget
[ 71.239703] nop musb-hdrc.0.auto: failed to start (null): -120
Printing Config data
Strings: 4
DeviceProxy: DeviceProxy_LibUSB
HostProxy: HostProxy_GadgetFS
productId: 0023
vendorId: 046a
Vectors: 0
Pointer: 0
Device unresponsive: Operation timed outUnable to connect to device proxy.
done
with a result of rc == -9 (LIBUSB_ERROR_PIPE) return value from
libusb_get_string_descriptor() in DeviceProxy_LibUSB.cpp:240
rc = libusb_get_string_descriptor(dev_handle, 0, 0, unused,
sizeof(unused));
if (rc < 0) {
cerr << "Device unresponsive: " <<
libusb_strerror((libusb_error) rc);
return rc;
}

2. Trying another test device at hand (FTDI FT2232H minimodule, dual
ttyUSB) at least the USB descriptors get transfered to the host
controller but after this I get a kernel freeze:

root@beaglebone:~/sniffer/libusb-1.0.19/examples# usb-mitm -v 0x0403
-p 0x6010
Loading plugins from /usr/local/lib/USBProxy/
vendorId=0403
productId=6010
cleaning up /tmp
removing 1
Made directory /tmp/gadget-syvSrw for gadget
Printing Config data
Strings: 4
DeviceProxy: DeviceProxy_LibUSB
HostProxy: HostProxy_GadgetFS
productId: 0x6010
vendorId: 0x0403
Vectors: 0
Pointer: 0
Device: 12 01 00 02 00 00 00 40 03 04 10 60 00 07 01 02 03 01
Manufacturer: FTDI
Product: FT2232H MiniModule
Serial: FTS2NSI5
*Config(1): 09 02 37 00 02 01 00 a0 4b
Interface(0):
*Alt(0): 09 04 00 00 02 ff ff ff 02
Name: FT2232H MiniModule
EP(81): 07 05 81 02 00 02 00
EP(02): 07 05 02 02 00 02 00
Interface(1):
*Alt(0): 09 04 01 00 02 ff ff ff 02
Name: FT2232H MiniModule
EP(83): 07 05 83 02 00 02 00
EP(04): 07 05 04 02 00 02 00
HS Qualifier: 0a 06 00 02 00 00 00 40 01 00
Config(1): 09 07 37 00 02 01 00 a0 4b
Interface(0):
*Alt(0): 09 04 00 00 02 ff ff ff 02
Name: FT2232H MiniModule
EP(81): 07 05 81 02 40 00 00
EP(02): 07 05 02 02 40 00 00
Interface(1):
*Alt(0): 09 04 01 00 02 ff ff ff 02
Name: FT2232H MiniModule
EP(83): 07 05 83 02 40 00 00
EP(04): 07 05 04 02 40 00 00
searching in [/tmp/gadget-syvSrw]
Starting setup reader thread (6824) for EP00.
Starting setup writer thread (6825) for EP00.
Opened EP81
Opened EP02
Error writing to EP 0x
Opened EP83
Error writing to EP 0x
Opened EP04
and on the serial console:
[ 99.375684] BUG: spinlock recursion on CPU#0, usb-mitm/1319
[ 99.381650] lock: 0xde6dc200, .magic: dead4ead, .owner:
usb-mitm/1319, .owner_cpu: 0
[ 99.389996] [<c00111f1>] (unwind_backtrace+0x1/0x9c) from
[<c025ebdd>] (do_raw_spin_lock+0xf9/0x114)
[ 99.399706] [<c025ebdd>] (do_raw_spin_lock+0xf9/0x114) from
[<c04ce809>] (_raw_spin_lock_irqsave+0xd/0x10)
[ 99.409972] [<c04ce809>] (_raw_spin_lock_irqsave+0xd/0x10) from
[<bf8d61f9>] (ep0_complete+0x10/0x90 [gadgetfs])
[ 99.420786] [<bf8d61f9>] (ep0_complete+0x10/0x90 [gadgetfs]) from
[<c0343069>] (musb_g_giveback+0x45/0x50)
[ 99.431030] [<c0343069>] (musb_g_giveback+0x45/0x50) from
[<c034225f>] (musb_g_ep0_queue+0xd7/0xec)
[ 99.440634] [<c034225f>] (musb_g_ep0_queue+0xd7/0xec) from
[<bf8d6f79>] (ep0_read+0x310/0x35c [gadgetfs])
[ 99.450793] [<bf8d6f79>] (ep0_read+0x310/0x35c [gadgetfs]) from
[<c00bafbd>] (vfs_read+0x65/0xf8)
[ 99.460203] [<c00bafbd>] (vfs_read+0x65/0xf8) from [<c00bb079>]
(sys_read+0x29/0x48)
[ 99.468436] [<c00bb079>] (sys_read+0x29/0x48) from [<c000c841>]
(ret_fast_syscall+0x1/0x46)
[ 112.386284] BUG: spinlock lockup suspected on CPU#0, usb-mitm/1319
[ 112.392835] lock: 0xde6dc200, .magic: dead4ead, .owner:
usb-mitm/1319, .owner_cpu: 0
[ 112.401150] [<c00111f1>] (unwind_backtrace+0x1/0x9c) from
[<c025eb9d>] (do_raw_spin_lock+0xb9/0x114)
[ 112.410845] [<c025eb9d>] (do_raw_spin_lock+0xb9/0x114) from
[<c04ce809>] (_raw_spin_lock_irqsave+0xd/0x10)
[ 112.421101] [<c04ce809>] (_raw_spin_lock_irqsave+0xd/0x10) from
[<bf8d61f9>] (ep0_complete+0x10/0x90 [gadgetfs])
[ 112.431901] [<bf8d61f9>] (ep0_complete+0x10/0x90 [gadgetfs]) from
[<c0343069>] (musb_g_giveback+0x45/0x50)
[ 112.442132] [<c0343069>] (musb_g_giveback+0x45/0x50) from
[<c034225f>] (musb_g_ep0_queue+0xd7/0xec)
[ 112.451733] [<c034225f>] (musb_g_ep0_queue+0xd7/0xec) from
[<bf8d6f79>] (ep0_read+0x310/0x35c [gadgetfs])
[ 112.461883] [<bf8d6f79>] (ep0_read+0x310/0x35c [gadgetfs]) from
[<c00bafbd>] (vfs_read+0x65/0xf8)
[ 112.471288] [<c00bafbd>] (vfs_read+0x65/0xf8) from [<c00bb079>]
(sys_read+0x29/0x48)
[ 112.479498] [<c00bb079>] (sys_read+0x29/0x48) from [<c000c841>]
(ret_fast_syscall+0x1/0x46)


Other related posts: