PDA

View Full Version : How to directly talk to USB device?


cEnginEEr
June 1st, 2009, 21:55
Hi,

I got a problem which has kept me busy for few days, don't know if this is right place for this post..it is a bit programming-related rather than RE.

After hacking and analyzing the firmware of a security device I found that it has some very interesting but hidden functions, the interface driver does not provide any code (i.e API) for calling these functions and also due to some reasons I can't patch or replace this driver; So my question is if there is any way to talk to this USB device via user mode program without using the interface driver? Is it possible to directly send out a URB to this device and then read the answer?

Any help, hint is greatly appreciated;

Regards

bilbo
June 2nd, 2009, 01:06
http://libusb.sourceforge.net

Best regards, bilbo

cEnginEEr
June 2nd, 2009, 01:49
I had come across that link before, problem is that this lib is coded for linux; I'm using win xp; of course there is windows version of that lib (http://libusb-win32.sourceforge.net), however it installs driver for accessing USB devices; That is what I'm having problem with..no messing with drivers.

Thanks for the reply;

BanMe
June 2nd, 2009, 03:08
inject the App then do a search in the handletable for a handle with a name that describes a usb device??? though im unsure if this is a good solution...

and maybe a little digging in this o0...

http://www.nirsoft.net/utils/usb_devices_view.html

reverser
June 2nd, 2009, 03:35
http://www.microsoft.com/whdc/connect/usb/winusb_howto.mspx

bilbo
June 2nd, 2009, 23:06
obviously the two suggested solutions (nirsoft and winusb) require a driver too... and the USB handle, which BanMe mentioned, is nothing more than a reference to the underlying kernel driver... furthermore, all these kind of drivers (including libusb) are just the top layer of what is called the USB stack
I do not see how you can bypass, in Windows, the whole stack of drivers... and what is the use of doing it

best regards, bilbo

cEnginEEr
June 3rd, 2009, 01:07
Yesterday I checked those link, all require driver installation; I was hoping to find some windows API like those of HID devices which allows reading & writing to device with some usermode code;

About the use of doing this..well, it is about the problem I have; As I said before, I'm not allowed to mess with the driver interface of device (i.e no patching, no installation, no replacing);

apparently you're right..it is not possible in windowz;

Thanks for the replies.
__________________________
Regards

disavowed
June 3rd, 2009, 09:44
According to http://www.powerbasic.com/support/pbforums/showthread.php?t=36733, it looks like you can communicate with a USB device via DeviceIoControl by using CreateFile to open the USB device with a filename like \\?\USB#ROOT_HUB20#4&26681169&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8 ("file://\\?\USB#ROOT_HUB20#4&26681169&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8")}
Check the thread for details.