Downtown Doug Brown » Constructing Alex Taradov’s open-source USB sniffer
A few months in the past I stumbled upon a post on Hackaday about a reasonable open-source USB 2.0 sniffer created by Alex Taradov. It is a actually cool mission! Usually, USB sniffers like this may price hundreds of {dollars}, particularly if you happen to’re paying for fancy protocol decoding and in addition need high-speed 480 Mbps help. This one prices about $50 in elements to assemble your self, though it’ll take hours to solder and you’ll need some expertise with scorching air (or reflow oven) soldering for the reason that USB PHY is a QFN chip with an uncovered pad beneath.
I even have an Ellisys USB Tracker 110b that I purchased on eBay a few years in the past, however it solely does low-/full-speed decoding. I believed this may be an excellent alternative to improve my capabilities to additionally have the ability to deal with high-speed USB sniffing, whereas additionally offering some good soldering follow.
Right here’s my (very lengthy) video in regards to the technique of increase one in all these and programming it. I left in all of the errors I made alongside the way in which. Why not present the world that it’s regular to make dumb errors once you construct stuff?
I believed I’d use this put up to elucidate in a little bit extra element what precisely a USB sniffer is. Why would I purchase (or make) a {hardware} USB sniffer when Wireshark already has software program USBPcap help in Home windows?
The reply to that query is difficult, however the backside line is that for a lot of wants, USB packet seize inside your working system works completely wonderful and also you don’t have to purchase a {hardware} sniffer. Folks use software program USB packet seize strategies to reverse-engineer USB drivers on a regular basis.
The place {hardware} sniffers come in useful is if you happen to’re a firmware developer who’s diagnosing a problem with a USB device or host you’re creating, or possibly you’re a driver developer engaged on a driver for a USB host controller. You could see precisely what’s occurring on the USB knowledge wires to be sure that each packet appears appropriate. Maybe you believe you studied your gadget’s firmware has a bug the place the DATA0/1 toggle isn’t behaving because it ought to. Or possibly you simply wish to study extra about USB and the way it works underneath the hood. Software program USB seize mechanisms like USBPcap don’t present you each particular person low-level packet, however you really want to see them within the conditions I described above.
You possibly can at all times simply hook an oscilloscope or logic analyzer as much as the D+ and D- traces and decode the packets your self by trying on the waveform:
I assure that may get previous actually quick. You’ll additionally want a fairly fancy oscilloscope or logic analyzer with a view to decode 480 Mbps high-speed site visitors whereas additionally having sufficient reminiscence to document every little thing you wish to see. No one really does that although.
That is precisely the place {hardware} USB sniffers come into play. They’re primarily specialised logic analyzers that solely know how one can decode USB site visitors. They do one factor, they usually do this one factor very nicely: document uncooked USB site visitors and stream it to your pc as quick as attainable.
The opposite factor that’s good about {hardware} USB sniffers is you’ll be able to sniff a totally different USB host’s site visitors. Let’s say I wish to work out how a TiVo talks to its USB to Wi-Fi adapter. OK, that is likely to be a little bit of a dated reference. What am I pondering? It’s the 2020s. Let me strive developing with a extra fashionable situation as a substitute: possibly I wish to see how a Nintendo Change talks to a keyboard I’ve plugged in. Or how an iPhone talks to a USB-Ethernet adapter. {Hardware} sniffers, together with Alex’s, are able to doing this as a result of the pc capturing the sniffed knowledge may be totally different from the pc/gadget that’s really performing the USB communication.
The actually cool factor about this sniffer is that it integrates with Wireshark. You can also make use of protocol decoders already constructed into Wireshark for decoding USB packets, in addition to its fancy filtering functionality. Ellisys gadgets, compared, use a proprietary USB evaluation program. Protocol decoding is unlocked for an extra charge of thousands of dollars.
I’m not right here to criticize Ellisys, Complete Section, and Teledyne LeCroy although. I get it. These are very fancy instruments and the fee might be not a giant deal to an organization that may already afford to construct USB gadgets and undergo the entire essential certifications. Heck, the price of a kind of analyzers is probably going value it only for the help you get from the corporate. Nonetheless, I need everybody else to know that there are cheaper alternate options on the market. If you happen to’re making USB gadgets for enjoyable by yourself time as a hobbyist, you most likely already know how one can solder anyway, and there are answers on the market that received’t break the financial institution. Thanks for making such a cool mission and releasing it as open supply, Alex!