USB HID设备分析工具与方法记录

编译库或工具

编译 hidapi

编译 hidapi，不成功，报错缺少 libudev

git clone https://github.com/libusb/hidapi.git
cd hidapi
mkdir build
cd build
cmake -DCMAKE_C_COMPILER=aarch64-xilinx-linux-gnu-gcc \
-DCMAKE_FIND_ROOT_PATH=/opt/Xilinx/PetaLinux/2021.2/sysroots/cortexa72-cortexa53-xilinx-linux/ \
-DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY \
-DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY \
-DCMAKE_INSTALL_PREFIX=/home/leih/work/usb/hidapi/build/install ..

编译 hidrd

git clone https://github.com/DIGImend/hidrd.git
cd hidrd
bootstrap
mkdir install

按下面这样配置，configure会失败，因为 lib/item/.libs/ 等目录不存在
./configure --prefix=/home/leih/work/usb/hid/hidrd/install \
--host=aarch64-xilinx-linux-gnu CC=aarch64-xilinx-linux-gnu-gcc
CFLAGS=-I/home/leih/work/usb/hid/hidrd/include/ \
LIBS="-lhidrd_item -lhidrd_fmt -lhidrd_usage" \
LDFLAGS="-L/home/leih/work/usb/hid/hidrd/lib/item/.libs/ -L/home/leih/work/usb/hid/hidrd/lib/usage/.libs/"

按下面这样配置可以执行成功：
./configure --prefix=/home/leih/work/usb/hid/hidrd/install \
--host=aarch64-xilinx-linux-gnu CC=aarch64-xilinx-linux-gnu-gcc

先执行 make，会失败，但是会编译出 lib/item/.libs/ 等目录下的库
make -j12

再执行下面的命令就会成功。上一步 make 是必须的，否则这里无法编译成功。
make -j12 \
LIBS="-lhidrd_item -lhidrd_fmt -lhidrd_usage" \
LDFLAGS="-L/home/leih/work/usb/hid/hidrd/lib/item/.libs/ -L/home/leih/work/usb/hid/hidrd/lib/usage/.libs/"

make install

Linux 常用工具的使用

lsusb 查看 usb 设备

查看鼠标设备，得知其 VID:PID 是 09da:c10a

root@zynqmp:~/usb/hid/hidrd# lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 007: ID 09da:c10a A4Tech Co., Ltd. USB2.0 Hub
Bus 001 Device 002: ID 05e3:0608 Genesys Logic, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

usbhid-dump 查看原始报文描述符

查看鼠标设备的 HID 描述符原始数据：usbhid-dump 是通过 apt 在线安装的

root@zynqmp:~/usb/hid/hidrd# usbhid-dump -d 09da:c10a -i 255
001:007:000:DESCRIPTOR         1699500708.241051
 05 01 09 02 A1 01 09 01 A1 00 85 01 05 09 19 01
 29 08 15 00 25 01 75 01 95 08 81 02 05 01 09 30
 09 31 09 38 09 B8 15 81 25 7F 75 08 95 04 81 06
 C0 C0 06 A0 FF 09 A5 A1 01 85 04 09 A6 15 80 25
 7F 75 08 95 05 81 02 C0

hidrd-convert 查看友好报文描述符

将原始 HID 描述符通过 hidrd-convert 转换为容易理解的内容：

root@zynqmp:~/usb/hid/hidrd# usbhid-dump -m 09da:c10a -i 255 | grep -v : | xxd -r -p | hidrd-convert -o spec
Usage Page (Desktop),               ; Generic desktop controls (01h)
Usage (Mouse),                      ; Mouse (02h, application collection)
Collection (Application),
    Usage (Pointer),                ; Pointer (01h, physical collection)
    Collection (Physical),
        Report ID (1),
        Usage Page (Button),        ; Button (09h)
        Usage Minimum (01h),
        Usage Maximum (08h),
        Logical Minimum (0),
        Logical Maximum (1),
        Report Size (1),
        Report Count (8),
        Input (Variable),
        Usage Page (Desktop),       ; Generic desktop controls (01h)
        Usage (X),                  ; X (30h, dynamic value)
        Usage (Y),                  ; Y (31h, dynamic value)
        Usage (Wheel),              ; Wheel (38h, dynamic value)
        Usage (B8h),
        Logical Minimum (-127),
        Logical Maximum (127),
        Report Size (8),
        Report Count (4),
        Input (Variable, Relative),
    End Collection,
End Collection,
Usage Page (FFA0h),                 ; FFA0h, vendor-defined
Usage (A5h),
Collection (Application),
    Report ID (4),
    Usage (A6h),
    Logical Minimum (-128),
    Logical Maximum (127),
    Report Size (8),
    Report Count (5),
    Input (Variable),
End Collection
root@zynqmp:~/usb/hid/hidrd# 

通过内核 debug 接口查看报文描述符

在内核 debug 接口查看 HID 报文描述符：

root@zynqmp:~# cat /sys/kernel/debug/hid/0003\:09DA\:C10A.0009/
events  rdesc   
root@zynqmp:~# cat /sys/kernel/debug/hid/0003\:09DA\:C10A.0009/rdesc 
05 01 09 02 a1 01 09 01 a1 00 85 01 05 09 19 01 29 08 15 00 25 01 75 01 95 08 81 02 05 01 09 30 09 31 09 38 09 b8 15 81 25 7f 75 08 95 04 81 06 c0 c0 06 a0 ff 09 a5 a1 01 85 04 09 a6 15 80 25 7f 75 08 95 05 81 02 c0 

  INPUT(1)[INPUT]
    Field(0)
      Physical(GenericDesktop.Pointer)
      Application(GenericDesktop.Mouse)
      Usage(8)
        Button.0001
        Button.0002
        Button.0003
        Button.0004
        Button.0005
        Button.0006
        Button.0007
        Button.0008
      Logical Minimum(0)
      Logical Maximum(1)
      Report Size(1)
      Report Count(8)
      Report Offset(0)
      Flags( Variable Absolute )
    Field(1)
      Physical(GenericDesktop.Pointer)
      Application(GenericDesktop.Mouse)
      Usage(4)
        GenericDesktop.X
        GenericDesktop.Y
        GenericDesktop.Wheel
        GenericDesktop.00b8
      Logical Minimum(-127)
      Logical Maximum(127)
      Report Size(8)
      Report Count(4)
      Report Offset(8)
      Flags( Variable Relative )
  INPUT(4)[INPUT]
    Field(0)
      Application(ffa0.00a5)
      Usage(5)
        ffa0.00a6
        ffa0.00a6
        ffa0.00a6
        ffa0.00a6
        ffa0.00a6
      Logical Minimum(-128)
      Logical Maximum(127)
      Report Size(8)
      Report Count(5)
      Report Offset(0)
      Flags( Variable Absolute )

Button.0001 ---> Key.LeftBtn
Button.0002 ---> Key.RightBtn
Button.0003 ---> Key.MiddleBtn
Button.0004 ---> Key.SideBtn
Button.0005 ---> Key.ExtraBtn
Button.0006 ---> Key.ForwardBtn
Button.0007 ---> Key.BackBtn
Button.0008 ---> Key.TaskBtn
GenericDesktop.X ---> Relative.X
GenericDesktop.Y ---> Relative.Y
GenericDesktop.Wheel ---> Relative.?
GenericDesktop.00b8 ---> Sync.Report
ffa0.00a6 ---> Absolute.Misc
ffa0.00a6 ---> Sync.Report
ffa0.00a6 ---> Sync.Report
ffa0.00a6 ---> Sync.Report
ffa0.00a6 ---> Sync.Report
root@zynqmp:~# 
root@zynqmp:~# 

usbhid-dump 抓取 hid 报文

在 Linux 上抓取 HID 报文：

root@zynqmp:~# usbhid-dump -es -d 09da:c10a
Starting dumping interrupt transfer stream
with 1 minute timeout.

001:010:000:STREAM             1699515706.740689
 01 00 00 FF 00 00

001:010:000:STREAM             1699515706.748587
 01 00 FD FC 00 00

001:010:000:STREAM             1699515706.756521
 01 00 FF FF 00 00

001:010:000:STREAM             1699515706.764456
 01 00 FC FD 00 00

tcpdump + usbmon 抓取 usb 包

linux usb 抓包

root@wellav-nuc:~# tcpdump -D      
1.enp89s0 [Up, Running, Connected]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.wlo1 [Up, Wireless, Not associated]
5.docker0 [Up, Disconnected]
6.bluetooth0 (Bluetooth adapter number 0) [Wireless, Association status unknown]
7.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless]
8.usbmon4 (Raw USB traffic, bus number 4)
9.usbmon3 (Raw USB traffic, bus number 3)
10.usbmon2 (Raw USB traffic, bus number 2)
11.usbmon1 (Raw USB traffic, bus number 1)
12.usbmon0 (Raw USB traffic, all USB buses) [none]
13.nflog (Linux netfilter log (NFLOG) interface) [none]
14.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
15.dbus-system (D-Bus system bus) [none]
16.dbus-session (D-Bus session bus) [none]
root@wellav-nuc:~# 

如果不存在 usbmon，

modprobe usbmon

抓包：

tcpdump -i usbmon1 -w usbmon3.pcap

将生成的 pcap 文件拖到 windows 上用 wireshark 分析。

Windows 常用工具的使用

hid 报文分析

hid 报文在线分析工具首推：hid报文在线分析

抓包工具

USBlyzer，BusHound, Wireshark，三个工具都有必要安装

UsbView 查看设备信息

UsbView 是 Windows 系统自带的工具
Windows 中的通用串行总线查看器

UsbTreeView 查看设备信息

这个工具和系统自带的 UsbView 非常像，但功能更强大，推荐使用。可以显示设备详解信息，可以重启设备或端口，重启设备或端口与重新插拔 USB 接口类似。
UsbTreeView介绍
UsbTreeView下载
UsbTreeView官网

查看历史设备

在调试 usb 设备驱动时，可能会遇到一个问题，设备的 vid 和 pid 没变，但设备属性修改了，插入 Windows 主机 usb 口，驱动看似正常加载了，但是无法收法数据，这是 Windows 使用了之前识别到的 vid:pid 设备的设备属性和驱动导致的，通过下面 UsbDevicesView 卸载掉历史设备驱动即可。
UsbDevicesView官网