Author Topic: Sniffing USB LS/FS with microcontroller only  (Read 1376 times)

0 Members and 1 Guest are viewing this topic.

Offline zzattackTopic starter

  • Regular Contributor
  • *
  • Posts: 136
  • Country: nl
Sniffing USB LS/FS with microcontroller only
« on: November 01, 2019, 10:22:46 pm »
I'm looking to do some hardware-based sniffing of communication between a USB 1.1 device and a host not under my control. There's a fair bit of info out there (openviszla, ultraembedded, lambdaconcept) when it comes to elaborate solutions involving FPGAs and possibly fast external memories for buffering USB HS data. That far exceeds my needs, so I'm looking for some advice for the path of least resistance.

It seems there's generally 2 approaches: using a USB PHY in non-driving mode which will unburden me from low level stuff like bit-stuffing and NRZI encoding. The alternative is to operate directly on the D+/D- signals. If possible I would implement this with only a microcontroller. For simplicitly the USB PHY seems preferable. It seems that all current USB PHY's support 480Mbps USB HS which is not necessarily beneficial to me. Such devices are clocked at 60MHz with an 8-bit databus (ULPI, i.e. USB3300) and there's also 16-bit versions implementing the UTMI interface which can run at 30MHz. I wonder if dealing with such a 60/30MHz bus will be problematic. Will I be able to sample and transmit data using a DMA transfer clocked by the PHY? Will I be able to react in time to changes on NXT, DIR and STP pins?

Another idea seems to be to use i.e. a STM32F405 with an external PHY, although I believe this only supports device, host and OTG roles. I just want the microcontroller to be a passive entity monitoring the data, remaining minimally stateful. This approach doesn't seem helpful, but perhaps I'm overlooking things here.

Any tips for either approach are welcomed.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: Sniffing USB LS/FS with microcontroller only
« Reply #1 on: November 01, 2019, 10:35:45 pm »
There is no way a generic MCU can deal with ULP without having a direct support. And microcontrollers with USB peripheral will hide a lot of details and are not really useful as a sniffer.

FPGA is realistically the only way to go for FS and HS modes. LS mode you may be able to decode on the MCU by sampling D+/D-, but it will still require quite a bit of engineering.
Alex
 

Offline jhpadjustable

  • Frequent Contributor
  • **
  • Posts: 295
  • Country: us
  • Salt 'n' pepper beard
Re: Sniffing USB LS/FS with microcontroller only
« Reply #2 on: November 02, 2019, 12:17:54 am »
sigrok + EZ-USB FX2 + fx2lafw might be a good choice for passive monitoring up to FS.
"There are more things in heaven and earth, Arduino, than are dreamt of in your philosophy."
 

Offline bson

  • Supporter
  • ****
  • Posts: 2497
  • Country: us
Re: Sniffing USB LS/FS with microcontroller only
« Reply #3 on: November 02, 2019, 06:23:39 pm »
I don't think it's possible to passively monitor USB by just clipping onto it; the reason being you don't know who's pulling D+/D- up/down, or who is doing the talking.  So you really need a pass-through analyzer, and this is far more complicated.  If you're looking to debug USB traffic for your projects, then go buy an analyzer as it's a significant project in itself to make one.  You really also need fairly complete protocol decoding of descriptors and commands for it to be of much use.

I have a LeCroy Mercury t2 which handles my USB 2 needs well; I use it for pretty much every project with USB for a once-over even if it seemingly works flawlessly - the analyzer often reveals minor snags and oddities, like inexplicable retries or bus resets during enumeration that are purely timing related.  (It can highlight transactions that violate the timing specs, which is VERY nice as I can't be bothered to rote memorize them.)

Also, basic device class decoding is suuuper nice.
« Last Edit: November 02, 2019, 06:25:27 pm by bson »
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: Sniffing USB LS/FS with microcontroller only
« Reply #4 on: November 02, 2019, 06:28:26 pm »
I don't think it's possible to passively monitor USB by just clipping onto it; the reason being you don't know who's pulling D+/D- up/down, or who is doing the talking.  So you really need a pass-through analyzer, and this is far more complicated.
Normal USB sniffers also just listen on the bus. You don't need to differentiate who is talking on the electrical level. Each packet has a synchronization sequence, you just look for those and receive the data.  It is up to the software or a person to know what that data means and infer who would be sending it at this time.
Alex
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf