I'm looking at the _ykusb_write() function from the Yubikey-Personalization package and the first line of code executed is
int rc = usb_claim_interface((usb_dev_handle *)dev, 0);
Why is the zeroth USB interface claimed? From what I can tell from the lsusb output (see below) that interface is an HID and not the smartcard itself. I would had expected the 2nd interface to be claimed instead, but I do not understand this part of Yubikey very well. Where is it documented? Thank you for your help.
bNumInterfaces 3
Interface Descriptor:
bInterfaceNumber 0
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 1 Boot Interface Subclass
bInterfaceProtocol 1 Keyboard
iInterface 0
Interface Descriptor:
bInterfaceNumber 1
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Interface Descriptor:
bInterfaceNumber 2
bInterfaceClass 11 Chip/SmartCard
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
ChipCard Interface Descriptor:
The YubiKey Personalization package referenced dates back to the YubiKey 1/2 models, which did not have CCID/Smart card support. The YubiKey 1/2 devices could only be communicated to via the HID keyboard interface, and identified to host devices as a USB keyboard. As such, the package attempts to connect to a YubiKey as if it was a keyboard.
The YubiKey Personalization package does not communicate over CCID/Smart card, but instead uses the HID keyboard interface. Yubico maintains this project as modern devices which support the touch-triggered OTP functions also can be programmed over the HID keyboard interface, and as such it remains useful for specific cases.
Related
I have been trying out the bluez btmon tool to monitor the bluetooth discovery result on my raspberry pi 4.
The btmon tool returns stdout which is the following:
# MGMT Event: Device Found (0x0012) plen 42 {0x0001} [hci0] 0.207973
LE Address: 61:E1:E1:49:C8:DC (Resolvable)
RSSI: -51 dBm (0xcd)
Flags: 0x00000004
Not Connectable
Data length: 28
16-bit Service UUIDs (complete): 1 entry
Google (0xfe9f)
Service Data (UUID 0xfe9f): 0000000000000000000000000000000000000000
# MGMT Event: Device Found (0x0012) plen 33 {0x0001} [hci0] 0.224956
LE Address: 48:82:8F:DB:5C:65 (Resolvable)
RSSI: -76 dBm (0xb4)
Flags: 0x00000000
Data length: 19
Flags: 0x1a
LE General Discoverable Mode
Simultaneous LE and BR/EDR (Controller)
Simultaneous LE and BR/EDR (Host)
TX power: 5 dBm
Company: Apple, Inc. (76)
Type: Unknown (16)
Data: 491faeca8c8638
# MGMT Event: Device Found (0x0012) plen 43 {0x0001} [hci0] 0.298194
LE Address: 0E:AF:D9:F0:D8:F1 (Non-Resolvable)
RSSI: -68 dBm (0xbc)
Flags: 0x00000004
Not Connectable
Data length: 29
Company: Microsoft (6)
Data: 0109210a065124d7b5c04445534b544f502d44484845413434
# MGMT Event: Device Found (0x0012) plen 43 {0x0001} [hci0] 0.940219
LE Address: 86:2A:FD:9E:57:0D (OUI 86-2A-FD)
RSSI: -77 dBm (0xb3)
Flags: 0x00000000
Data length: 29
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
Service Data (UUID 0xfdf7): 01384a3dd6381b593c74d9369eefaa9b720000000003
Been looking for some official docs on explaining the field "Flags" in each discovered device info (those flag codes: 0x00000004, 0x00000000, 0x1a, 0x06), but I couldn't seem to find one that makes sense.
Would really appreciate if anyone could explain what does the Flags tell, and how to make sense of these codes?
Thanks in advance.
I don't know what you call "official docs", but the Bluetooth Core Specification and the Supplement to the Bluetooth Core Specification certainly explains it. Have a look at chapter 1.3 FLAGS of CSS
In the log you showed, you can see the advertising data of several Bluetooth LE devices. Each of this advertising data contains one ore more fields called AD Types. One of the AD Types is the "Flags" field. It may be zero or more octets long, with the first octet containing the following information:
Octet
Bit
Description
0
0
LE Limited Discoverable Mode
0
1
LE General Discoverable Mode
0
2
BR/EDR Not Supported. Bit 37 of LMP Feature Mask Definitions (Page 0)
0
3
Simultaneous LE and BR/EDR to Same Device Capable (Controller). Bit 49 of LMP Feature Mask Definitions (Page 0)
0
4
Previously Used
0
5..7
Reserved for future use
The given information tells you something about the used Bluetooth radio and about the advertising itself. If you are interested in a deeper understanding of this topic, I recommend reading this Bluetooth blog article: Advertising Works, Part 1
I'm developing a USB device driver for an embedded system, and the host is a Linux system (Ubuntu 21.04 for now). The device is based on an FPGA, a SmartFusion2. I'm using pyusb to test my device, and I check performance with Wireshark + usbmon.
The device is running in high speed mode, have several endpoints, and an interrupt IN endpoint in particular.
On this endpoint:
with an interval setting in the descriptor of 32, my device get tokens every 32 ms (stdev ~50us). That's what is expected for low speed / full speed devices, so there is already something broken here, but otherwise the situation is acceptable.
with an interval setting of 16 (or less), I get a whopping 4096 ms (stdev ~100 us). Very broken.
Those timing are independent of the device, I can reset the device and reconnect, the alignment with the previous 4096ms cycles is nearly perfect. They are also independent of pyusb start time, and timeout settings, so I'm thinking it's due to the linux USB host driver.
Is that normal?
How do I debug that?
I can post some Wireshark captures if needed.
My descriptors looks otherwise ok to me, but maybe I missed something:
sudo lsusb -v
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 3.00
bDeviceClass 9 Hub
bDeviceSubClass 0
bDeviceProtocol 3
bMaxPacketSize0 9
idVendor 0x1d6b Linux Foundation
idProduct 0x0003 3.0 root hub
bcdDevice 5.11
iManufacturer 3 Linux 5.11.0-22-generic xhci-hcd
iProduct 2 xHCI Host Controller
iSerial 1 0000:00:15.0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x001f
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 0mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 9 Hub
bInterfaceSubClass 0
bInterfaceProtocol 0 Full speed (or root) hub
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0004 1x 4 bytes
bInterval 12
bMaxBurst 0
Hub Descriptor:
bLength 12
bDescriptorType 42
nNbrPorts 7
wHubCharacteristic 0x000a
No power switching (usb 1.0)
Per-port overcurrent protection
bPwrOn2PwrGood 10 * 2 milli seconds
bHubContrCurrent 0 milli Ampere
bHubDecLat 0.0 micro seconds
wHubDelay 0 nano seconds
DeviceRemovable 0x00
Hub Port Status:
Port 1: 0000.02a0 5Gbps power Rx.Detect
Port 2: 0000.02a0 5Gbps power Rx.Detect
Port 3: 0000.02a0 5Gbps power Rx.Detect
Port 4: 0000.02a0 5Gbps power Rx.Detect
Port 5: 0000.02a0 5Gbps power Rx.Detect
Port 6: 0000.02a0 5Gbps power Rx.Detect
Port 7: 0000.02a0 5Gbps power Rx.Detect
Binary Object Store Descriptor:
bLength 5
bDescriptorType 15
wTotalLength 0x000f
bNumDeviceCaps 1
SuperSpeed USB Device Capability:
bLength 10
bDescriptorType 16
bDevCapabilityType 3
bmAttributes 0x02
Latency Tolerance Messages (LTM) Supported
wSpeedsSupported 0x0008
Device can operate at SuperSpeed (5Gbps)
bFunctionalitySupport 3
Lowest fully-functional device speed is SuperSpeed (5Gbps)
bU1DevExitLat 10 micro seconds
bU2DevExitLat 512 micro seconds
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0001
Self Powered
-- Other device --
-- Other device --
-- Other device --
Bus 001 Device 083: ID 1514:fff0 Actel CLICK USB bridge
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 255 Vendor Specific Class
bDeviceSubClass 255 Vendor Specific Subclass
bDeviceProtocol 255 Vendor Specific Protocol
bMaxPacketSize0 64
idVendor 0x1514 Actel
idProduct 0xfff0
bcdDevice 0.01
iManufacturer 1 MIT STARLab
iProduct 2 CLICK USB bridge
iSerial 3 V0.1
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x002e
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xc0
Self Powered
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 4
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 255 Vendor Specific Class
bDeviceSubClass 255 Vendor Specific Subclass
bDeviceProtocol 255 Vendor Specific Protocol
bMaxPacketSize0 64
bNumConfigurations 1
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0001
Self Powered
-- Other device --
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 9 Hub
bDeviceSubClass 0
bDeviceProtocol 1 Single TT
bMaxPacketSize0 64
idVendor 0x1d6b Linux Foundation
idProduct 0x0002 2.0 root hub
bcdDevice 5.11
iManufacturer 3 Linux 5.11.0-22-generic xhci-hcd
iProduct 2 xHCI Host Controller
iSerial 1 0000:00:15.0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0019
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 0mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 9 Hub
bInterfaceSubClass 0
bInterfaceProtocol 0 Full speed (or root) hub
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0004 1x 4 bytes
bInterval 12
Hub Descriptor:
bLength 11
bDescriptorType 41
nNbrPorts 9
wHubCharacteristic 0x000a
No power switching (usb 1.0)
Per-port overcurrent protection
TT think time 8 FS bits
bPwrOn2PwrGood 10 * 2 milli seconds
bHubContrCurrent 0 milli Ampere
DeviceRemovable 0x00 0x03
PortPwrCtrlMask 0xff 0xff
Hub Port Status:
Port 1: 0000.0503 highspeed power enable connect
Port 2: 0000.0503 highspeed power enable connect <- *** My device ***
Port 3: 0000.0503 highspeed power enable connect
Port 4: 0000.0100 power
Port 5: 0000.0100 power
Port 6: 0000.0503 highspeed power enable connect
Port 7: 0000.0103 power enable connect
Port 8: 0000.0100 power
Port 9: 0000.0100 power
can't get device qualifier: Resource temporarily unavailable
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0001
Self Powered
It turns out that I cannot read the spec properly. The bInterval setting in the descriptor is a power of 2 of the actual time interval. For high speed mode:
time interval = 2 ** (bInterval - 1) * 0.125.
So for bInterval = 16, 4096 ms, as measured.
Also the maximum value for bInterval is 16, if higher linux sets it to 9 instead, and outputs something in dmesg:
[ 693.295727] usb 1-1.1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
So bInterval = 9 is 32 ms... as measured.
I have a bluetooth HM-10 configured in central mode. I have successfully connected it to another bluetooth device (a hexiwear bluetooth wearable). The problem now is that the hexiwear requires me to provide a 6 digit pin before it will bond with my HM-10.
Would anyone know the AT command that I could use to send the 6 digit pin from the HM-10 to the hexiwear?
Thank you.
Default code of HM 10 is 000000 , you can change it with At+PASS{new_pin} command. However if you match the two pins (the HM10 pin and the hexiwear pin) the devices will connect together! So put 000000 in your peripheral device (hexiwear). Else, if you can't put the pin in the hexiwear, change the default pin on the HM10.
I am using a Raspberry Pi (linux kernel 4.4) and "libusb" to read the steering angle of a Logitech G29 HID Device (PS3 mode). I get only one byte of data for the angle and that is far to little for the steering range of +-450° deg. The HID Device Descriptor shows the problem.
Item(Global): Physical Maximum, data= [ 0xff 0x00 ] 255
How could I change the Physical Maximum to 65535?
Why do you think that a number from 0 to 255 cannot be used to represent angles between -450 and +450? Isn't it possible that a value of 0 corresponds to -450 degrees and a value of 255 corresponds to 455 degrees? It's very unlikely that Logitech made a fatal design flaw in the HID interface of their device.
If you really want to change the HID interface, then, at a minimum, you would have to reprogram the firmware of your G29 device in order to change that descriptor and change the HID report it describes. It is very likely that the device is closed source and that there are no instructions for reprogramming the firmware, so you are probably out of luck. Adding more resolution to that measurement might also require hardware changes, which could be difficult.
I have a temperature sensor, which is connected using an USB-I2C adapter (http://www.robot-electronics.co.uk/htm/usb_i2c_tech.htm)
I attached this device to my linux computer (suse10).
I typed dmesg and saw
usb 3-3: new full speed USB device using ohci_hcd and address 10
usb 3-3: new device found, idVendor=0403, idProduct=6001
usb 3-3: new device strings: Mfr=1, Product=2, SerialNumber=3
usb 3-3: Product: FT232R USB UART
usb 3-3: Manufacturer: FTDI
usb 3-3: SerialNumber: A7007K93
usb 3-3: configuration #1 chosen from 1 choice
ftdi_sio 3-3:1.0: FTDI USB Serial Device converter detected
drivers/usb/serial/ftdi_sio.c: Detected FT232BM
usb 3-3: FTDI USB Serial Device converter now attached to ttyUSB0
But I have no idea how to read the current temperature.
updated 1: Actually the I2C bus can attach up to 127 sensors. But I have no idea how to list the addresses of available sensors.
Can anybody give me some hints? Thanks in advance
Your adapter allows you to send I2C commands over a virtual serial port. A serial port has been created for you. You need to open it and send commands to it. The commands are specific to the device you are connected to. See the example in the link you provided to get an idea.
It is hard to give you correct instructions without a datasheet. Most probably your device will use one byte address and the read procedure is as follows:
[I2C_AD1] [Device I2C address + Read bit] [Device Address register] [Number of bytes to read]
0x55 0xXX 0x00 0x01
You need to send 4 bytes to the serial port. The first one instructs the USB to I2C converter to send a read command. The second one is the address of the device attached to the I2C bus. I2C devices use 7-bit addresses (0-127). Usually these are given with one bit shifted at the left. Therefore you need to scan these addresses (iterate from 0 to 127, shift left one bit, set bit0 to 1):
([0x00 - 0x7F] << 1) | 1
Since we don't have a datasheet I can't tell anything about the last two bytes. You could try to use dummy values. If a device is attached to the scanned I2C address, it should reply with a NACK to an attempt to read a non-existing register. Read commands sent to an I2C address that doesn't correspond to an actual device should be ignored.