From 9aa180d4477c2125eb87ee8cc2b0461c5d9aadb7 Mon Sep 17 00:00:00 2001 From: Nicolas VIVIEN Date: Wed, 14 Jan 2009 19:36:10 -0500 Subject: [PATCH] Applied bjavaloader patch from Nicolas Vivien --- doc/cod-format | 137 ++++++++++ doc/javaloader | 723 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/Makefile.am | 5 +- src/barry.h | 1 + src/cod.h | 78 ++++++ src/controller.h | 4 +- src/convo.awk | 8 + src/m_javaloader.cc | 362 ++++++++++++++++++++++++++ src/m_javaloader.h | 91 +++++++ src/protocol.h | 7 + src/protostructs.h | 9 +- src/socket.cc | 107 +++++++- src/socket.h | 13 + tools/Makefile.am | 5 +- tools/bjavaloader.cc | 374 ++++++++++++++++++++++++++ 15 files changed, 1913 insertions(+), 11 deletions(-) create mode 100644 doc/cod-format create mode 100644 doc/javaloader create mode 100644 src/cod.h create mode 100644 src/m_javaloader.cc create mode 100644 src/m_javaloader.h create mode 100644 tools/bjavaloader.cc diff --git a/doc/cod-format b/doc/cod-format new file mode 100644 index 00000000..dcdfa7cf --- /dev/null +++ b/doc/cod-format @@ -0,0 +1,137 @@ +COD file structure +================== + +To write the javeloader application, I need to understand the format of COD file. + + +C structures : +-------------- + +typedef struct { + +} codfile_header_t; + +typedef struct { + int flashid; + uint section_number; //always 0 + uint vtable_pointer; //always 0 + time_t timestamp; + uint user_version; + uint fieldref_pointer; + ushort maxtype_list_size; + short reserved; //always 0xFF + int data_section; //always 0xFFFF + int module_info; //always 0xFFFF + ushort version; + ushort code_size; + ushort data_size; + ushort flags; +} code_header_t; + +sizeof(code_header_t) = 0×2C; + + +typedef struct { + ubyte flags; + ubyte version; + ushort num_icalls; + ubyte num_modules; + ubyte num_classes ; + ushort exported_string_offset; + ushort data_bytes_offset; + ushort empty_field; + ushort class_definitions; + ushort array_of_unknow_fields[14]; + ushort aliases; + ushort array_of_unknow_fields[22]; +} data_header_t; + +sizeof(data_header_t) = 0×34; + + +Scheme : +-------- + ++------------------------------------------+ +| COD file header (1) | ++------------------------------------------+ +| Code segment header | +| size = sizeof(code_header_t) = 0x2C | ++------------------------------------------+ +| Code segment | +| size = code_header_t.code_size | ++------------------------------------------+ +| Data segment header | +| size = sizeof(data_header_t) = 0x34 | ++------------------------------------------+ +| Data segment | +| size = code_header_t.data_size | ++------------------------------------------+ ++------------------------------------------+ +| COD file header (2) | ++------------------------------------------+ +| Code segment header | +. . +. . +. . ++------------------------------------------+ + + +Sample (from Opera.cod) : +------------------------- + +00000000 50 4B 03 04 0A 00 00 00 00 00-AB 5C 6A 39-BE 5C 58 D1 CC 0D PK.........\j9.\X... + COD size ^^^^^ +00000014 01 00 CC 0D 01 00 19 00 04 00 .......... + ^^^^^ ^^^^^^^^^^^^ ^^ empty byte (after the string) + COD size ^^ size of string +00000014 6F 70 65 72 65 74 74 65 2D 68 operette-h + [.............................. +00000028 69 66 69 2D 34 2E 32 62 65 74 61 2E 63 6F 64 FE CA 00 00 ifi-4.2beta.cod.... + ................string........................] [..........] empty +00000028 DE . +0000003C C0 FF FF 00 00 00 00 00 00 00 00 E0 0E 18 49 00 00 00 00 00 ..............I..... +00000050 00 00 00 22 00 FF FF FF FF FF FF FF FF FF FF 4E 00 08 DC 98 ..."...........N.... + +[...] + +00010DD8 A2 03 0C 0E 08 02 04 FD A2 03 4E 08 00 07 96 A3 03 1D 48 34 ..........N.......H4 +00010DEC 12 08 01 03 B5 A3 03 08 04 04 E8 A3 03 25 08 05 03 A7 A4 03 .............%...... +00010E00 00 00 00 00 00 00 00 ....... +00010E00 50 4B 03 04 0A 00 00 00 00 00 AB 5C 6A PK.........\j +00010E14 39-D1 BD FC C9-1C DD 00 00-1C DD 00 00-1B 00 00 00 9................ + ^^ size of string +00010E14 6F 70 65 ope +00010E28 72 65 74 74 65 2D 68 69 66 69 2D 34 2E 32 62 65 74 61 2D 31 rette-hifi-4.2beta-1 +00010E3C 2E 63 6F 64 .cod +00010E3C DE C0 FF FF 00 00 00 00 00 00 00 00 E0 0E 18 49 ...............I +00010E50 00 00 00 00 00 00 00 00 1F 00 FF FF FF FF FF FF FF FF FF FF .................... +00010E64 4E 00 D8 A1 18 3B 01 00 50 29 DE 29 06 80 F8 01 15 0D FF 00 N....;..P).)........ +00010E78 00 20 0C FF FF 4D 0C 46 2F 15 0D FF FF 79 0E FF FF 82 0E FF . ...M.F/....y...... +00010E8C FF 62 07 50 29 50 29 23 11 18 00 05 13 00 08 0E 6E 02 01 0A .b.P)P)#........n... +00010EA0 00 28 CC 0C 01 FF FF 02 69 00 03 00 6D 00 03 00 A0 04 DF A1 .(......i...m....... +00010EB4 0A 6D 00 03 00 04 FF 01 00 01 55 28 1C 17 07 00 AE 11 CF 56 .m........U(.......V + +[...] + +0001EB54 00 00 00 00 00 00 00 00 50 4B 03 04 0A 00 00 00 00 00 AB 5C ........PK.........\ +0001EB68 6A 39-24 41 BE 50 5C B0 00 00 5C B0 00-00-1B-00- 00-00 6F 70 j9$A.P\...\.......op +0001EB7C 65 72 65 74 74 65 2D 68 69 66 69 2D 34 2E 32 62 65 74 61 2D erette-hifi-4.2beta- +0001EB90 32 2E 63 6F 64 DE C0 FF FF 00 00 00 00 00 00 00 00 E0 0E 18 2.cod............... + + +Sample (from Metro.cod) : +------------------------- + +00000000 50 4B 03 04 0A 00 00 00 00 00-A0 00 51 35-BA 9F 99 5D-30 CE PK..........Q5...]0. +00000014 00 00-30 CE 00-00-15-00--04-00-4D 65 74 72 6F 56 69 65 77 65 ..0.......MetroViewe +00000028 72 2E 50 61 72 69 73 2E 63 6F 64 FE CA 00 00 DE C0 FF FF 00 r.Paris.cod......... +0000003C 00 00 00 00 00 00 00 0F 10 34 45 00 00 00 00 00 00 00 00 21 .........4E........! + + +0000CE54 6F 90 02 03 0F 03 A8 0F 03 04 00 02 AA 10 00 00 00 00 00 50 o..................P +0000CE68 4B 03 04 0A 00 00 00 00 00 A0 00 51 35 7A C4 FE 22-34 B3-00 K..........Q5z.."4.. +0000CE7C 00-34 B3-00--00-17-00-00--00-4D 65 74 72 6F 56 69 65 77 65 72 .4.......MetroViewer +0000CE90 2E 50 61 72 69 73 2D 31 2E 63 6F 64 DE C0 FF FF 00 00 00 00 .Paris-1.cod........ +0000CEA4 00 00 00 00 0F 10 34 45 00 00 00 00 00 00 00 00 05 00 FF FF ......4E............ + diff --git a/doc/javaloader b/doc/javaloader new file mode 100644 index 00000000..e2accf9d --- /dev/null +++ b/doc/javaloader @@ -0,0 +1,723 @@ +JavaLoader reverse +================== + +After Probe process, we have the JavaLoader command + +Legend : + >>> : Sent + <<< : Received + +Open Socket with BlackBerry device, then select the JavaLoader mode. + +URB 22 : >>> + 00000000: 00 00 0c 00 05 ff 00 07 04 00 0a 00 ............ + +URB 23 : <<< + 00000000: 00 00 10 00 06 ff 00 07 04 00 0a 00 20 f9 04 80 ............ ... + +URB 25 : >>> + 00000000: 00 00 0c 00 05 ff 00 08 04 00 0b 00 ............ + +URB 24 : <<< + 00000000: 00 00 10 00 06 ff 00 08 04 00 0b 00 00 00 00 00 ................ + +URB 27 : >>> + 00000000: 00 00 18 00 07 ff 00 09 52 49 4d 5f 4a 61 76 61 ........RIM_Java + 00000010: 4c 6f 61 64 65 72 00 00 Loader.. + +URB 26 : <<< + 00000000: 00 00 30 00 08 04 00 09 52 49 4d 5f 4a 61 76 61 ..0.....RIM_Java + 00000010: 4c 6f 61 64 65 72 00 00 00 00 00 00 01 00 08 00 Loader.......... + 00000020: 02 00 08 00 03 01 00 00 04 01 00 00 05 10 01 00 ................ + +URB 29 : >>> + 00000000: 00 00 0c 00 0a 04 00 0a 10 03 00 00 ............ + +URB 28 : <<< + 00000000: 00 00 08 00 10 04 00 0a ........ + +URB 30 : <<< + 00000000: 00 00 0c 00 13 04 01 00 00 00 00 00 ............ + +URB 31 : <<< + 00000000: 04 00 05 00 01 ..... + + +Specific command for JavaLoder. + +URB 33 : >>> + 00000000: 04 00 08 00 64 00 00 00 ....d... +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 32 : <<< + 00000000: 00 00 0c 00 13 04 01 00 01 00 00 00 ............ + +URB 34 : <<< + 00000000: 04 00 08 00 65 00 00 00 ....e... + +URB 36 : >>> + 00000000: 04 00 08 00 70 00 01 00 ....p... +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 35 : <<< + 00000000: 00 00 0c 00 13 04 01 00 02 00 00 00 ............ + +URB 38 : >>> + 00000000: 04 00 05 00 00 ..... +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 37 : <<< + 00000000: 00 00 0c 00 13 04 01 00 03 00 00 00 ............ + +URB 39 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +URB 41 : >>> + 00000000: 04 00 08 00 67 01 04 00 ....g... +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 40 : <<< + 00000000: 00 00 0c 00 13 04 01 00 04 00 00 00 ............ + +Start of data stream. + +URB 43 : >>> + 00000000: 04 00 08 00 00 00 1e d0 ........ + ?? ^^^^^ : Application size (maybe 3 bytes) +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 42 : <<< + 00000000: 00 00 0c 00 13 04 01 00 05 00 00 00 ............ + +URB 44 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +Data header packet. + +URB 46 : >>> + 00000000: 04 00 08 00 68 00 f8 07 ....h... + ^^^^^ : data size for the next packet + ^^ : always 0x00 +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 45 : <<< + 00000000: 00 00 0c 00 13 04 01 00 06 00 00 00 ............ + +Data packet. + +URB 48 : >>> + 00000000: 04 00 fc 07 de c0 ff ff 00 00 00 00 00 00 00 00 ................ + ^^ ..... : content of file + ^^^^^ : packet size (0x07F8 = 0x07FC - 0x02) + ^^^^^ : socket ID + 00000010: c8 fe 59 49 00 00 00 00 00 00 00 00 08 00 ff ff ..YI............ + 00000020: ff ff ff ff ff ff ff ff 4e 00 8c 01 18 1d 00 00 ........N....... + 00000030: 93 19 7b 1b 58 1b 0f 00 19 00 00 02 01 02 0e b8 ..{.X........... + 00000040: 00 cf 05 26 00 01 56 40 01 ff ff 01 1f 58 1b 60 ...&..V@.....X.` + 00000050: 1b 16 82 48 18 17 dd 3f 06 ff ff ff 01 3f b8 03 ...H...?.....?.. + 00000060: cf 05 4b 01 01 01 ff ff 02 1f 48 18 66 1b 58 1b ..K.......H.f.X. + 00000070: 14 00 81 00 00 01 01 04 0e 3f 6d 01 04 00 6d 01 .........?m...m. + 00000080: 05 00 6d 01 06 00 06 ff ff ff 04 1f 4a 18 58 1b ..m.........J.X. + 00000090: 58 1b 6f 00 18 01 00 00 00 03 0e bb ff ff 13 01 X.o............. + 000000a0: 14 b9 ff ff cf 24 09 06 ff ff ff 02 69 01 04 00 .....$......i... + 000000b0: 2d 02 01 00 c8 00 69 01 08 00 2d 02 05 00 88 0c -.....i...-..... + 000000c0: 69 01 09 00 2d 02 12 00 90 00 69 01 0a 00 2d 02 i...-.....i...-. + 000000d0: b4 0b d0 00 69 01 06 00 2d 02 02 00 7c 00 69 01 ....i...-...|.i. + 000000e0: 07 00 2d 02 01 00 74 00 69 01 0b 00 2d 02 05 00 ..-...t.i...-... + 000000f0: 84 00 69 01 0c 00 2d 02 19 00 a8 00 69 01 0d 00 ..i...-.....i... + 00000100: 6d 01 04 00 07 02 e2 00 20 58 1b 5d 1b 3e 18 a2 m....... X.].>.. + 00000110: 19 27 dd 2d 02 b0 0b 94 0c 56 3f 28 28 1a 40 01 .'.-.....V?((.@. + 00000120: ff ff 03 cd 3f 28 40 1a 40 01 ff ff 03 cd b9 ff ....?(@.@....... + 00000130: ff cf 23 06 ff ff ff 02 56 3f 28 28 1a 40 01 ff ..#.....V?((.@.. + 00000140: ff 03 cd 3f 28 40 1a 40 01 ff ff 03 cd 1f 58 1b ...?(@.@......X. + 00000150: 63 1b 18 09 44 18 15 dd 28 e0 19 08 ff ff ff ff c...D...(....... + 00000160: 23 08 ff ff ff ff 3f 06 ff ff ff 01 1f 48 18 63 #.....?......H.c + 00000170: 1b 58 1b 3e 00 80 00 00 02 01 06 0e 3f 06 ff ff .X.>........?... + 00000180: ff 01 b9 ff ff cf 28 f0 19 27 40 00 00 00 00 00 ......(..'@..... + 00000190: 00 10 06 ff ff ff 04 56 3f 40 01 ff ff 02 3f b9 .......V?@....?. + 000001a0: ff ff cf 28 08 1a 27 00 00 00 00 00 00 80 00 06 ...(..'......... + 000001b0: ff ff ff 04 01 ff ff 02 1f 00 00 00 00 06 00 00 ................ + 000001c0: 02 04 46 00 70 00 64 1a 64 1a 58 1b c0 1b c0 1b ..F.p.d.d.X..... + 000001d0: 40 1c 9c 1c b6 1c f2 1c 46 00 0e 1d 10 1d 12 1d @.......F....... + 000001e0: 14 1d 12 00 c0 1b 93 19 7b 1b 00 00 00 00 00 00 ........{....... + 000001f0: 64 1a 90 1a 02 1b 2c 1b 15 1a 57 1a ce 19 d2 19 d.....,...W..... + 00000200: 15 1a 4a 19 05 00 88 0c 57 19 01 00 74 00 5f 19 ..J.....W...t._. + 00000210: b4 0b d0 00 67 19 12 00 90 00 6f 19 02 00 7c 00 ....g.....o...|. + 00000220: 79 19 01 00 c8 00 8e 19 19 00 a8 00 01 00 04 d0 y............... + 00000230: 00 00 00 00 02 00 04 d0 00 00 00 00 05 00 04 d0 ................ + 00000240: 00 03 30 2e 39 00 00 00 12 00 04 d0 00 10 48 65 ..0.9.........He + 00000250: 6c 6c 6f 20 57 6f 72 6c 64 20 44 65 6d 6f 00 00 llo World Demo.. + 00000260: 19 00 04 d0 00 17 52 65 73 65 61 72 63 68 20 49 ......Research I + 00000270: 6e 20 4d 6f 74 69 6f 6e 20 4c 74 64 2e 00 00 00 n Motion Ltd.... + 00000280: 01 00 04 d0 01 00 00 00 b4 0b 04 d0 0b b2 0b b0 ................ + 00000290: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 .PNG........IHDR + 000002a0: 00 00 00 30 00 00 00 24 08 06 00 00 00 cf 45 b9 ...0...$......E. + 000002b0: 0a 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b .....pHYs....... + 000002c0: 13 01 00 9a 9c 18 00 00 00 04 67 41 4d 41 00 00 ..........gAMA.. + 000002d0: b1 8e 7c fb 51 93 00 00 00 20 63 48 52 4d 00 00 ..|.Q.... cHRM.. + 000002e0: 7a 25 00 00 80 83 00 00 f9 ff 00 00 80 e9 00 00 z%.............. + 000002f0: 75 30 00 00 ea 60 00 00 3a 98 00 00 17 6f 92 5f u0...`..:....o._ + 00000300: c5 46 00 00 0b 26 49 44 41 54 78 da d4 99 7b 70 .F...&IDATx...{p + 00000310: 56 e5 9d c7 3f cf 39 e7 7d df e4 7d 73 83 37 17 V...?.9.}..}s.7. + 00000320: de 84 04 12 88 20 01 22 b8 08 52 14 a5 0a d2 2e ..... ."..R..... + 00000330: 5e a8 2c 14 44 d1 16 84 ca ba 45 f7 a6 5b 76 70 ^.,.D.....E..[vp + 00000340: 57 b7 33 76 d8 11 2c d6 e2 14 58 cb 00 4a a1 5d W.3v..,...X..J.] + 00000350: d8 41 83 8c 5a 5b 45 a1 24 c4 00 11 04 42 6e e4 .A..Z[E.$....Bn. + 00000360: 9e 37 c9 7b 3d b7 e7 d9 3f 88 19 9d ce 8e 44 e2 .7.{=...?.....D. + 00000370: 3a fd ce 3c 33 e7 f2 3b e7 f9 7d cf 73 7e d7 47 :..<3..;..}.s~.G + 00000380: 28 a5 f8 4b 86 71 35 42 42 88 cf 0e d3 7c 3e df (..K.q5BB....|>. + 00000390: 82 89 13 27 7e 37 14 0a e5 65 67 67 67 e8 ba ae ...'~7...eggg... + 000003a0: 0d e6 23 b8 ae 2b 3b 3b 3b 7b 5b 5b 5b db 6a 6a ..#..+;;;{[[[.jj + 000003b0: 6a fe db b2 ac 43 40 fc 6a 9f ff b3 b9 94 52 5f j....C@.j.....R_ + 000003c0: 3a 00 bc 5e ef b2 b5 6b d7 d6 54 57 57 ab a1 42 :..^...k..TWW..B + 000003d0: 75 75 b5 5a bd 7a f5 29 c3 30 16 0d 86 c0 e7 87 uu.Z.z.).0...... + 000003e0: b8 9a af e7 f3 f9 16 6c df be fd c0 d2 a5 4b 01 .......l......K. + 000003f0: 78 f6 d9 67 59 b2 64 09 a7 4e 9d 42 08 41 4d 4d x..gY.d..N.B.AMM + 00000400: 0d 00 b9 b9 b9 dc 73 cf 3d bc f0 c2 0b ac 5e bd ......s.=.....^. + 00000410: 9a 51 a3 46 b1 7b f7 6e 5c d7 e5 81 07 1e 00 e0 .Q.F.{.n\....... + 00000420: d5 57 5f e5 dc b9 73 a4 a6 a6 f2 e4 93 4f 92 92 .W_...s......O.. + 00000430: 92 c2 f6 ed db 9d 95 2b 57 ce 77 5d f7 c8 60 57 .......+W.w]..`W + 00000440: 40 bb 1a d6 f3 e7 cf 7f e2 33 e5 01 ce 9c 39 c3 @........3....9. + 00000450: b6 6d db d8 bd 7b 37 ed ed ed d4 d6 d6 22 a5 24 .m...{7......".$ + 00000460: 14 0a 91 96 96 46 75 75 35 b1 58 0c 80 86 86 06 .....Fuu5.X..... + 00000470: 1a 1a 1a 00 b8 78 f1 22 7b f7 ee 65 c3 86 0d 04 .....x."{..e.... + 00000480: 02 01 b6 6c d9 02 c0 c3 0f 3f 6c dc 79 e7 9d 7f ...l.....?l.y... + 00000490: ff b5 d9 40 71 71 71 c1 17 58 6b 1a e3 c6 8d c3 ...@qqq..Xk..... + 000004a0: b6 6d 94 52 e8 ba ce e4 c9 93 99 3a 75 2a 1e 8f .m.R.......:u*.. + 000004b0: 07 5d d7 f1 fb fd 03 b2 1e 8f 07 00 29 25 52 4a .]..........)%RJ + 000004c0: 0c c3 20 10 08 d0 d6 d6 36 f0 ce d1 a3 47 17 01 .. .....6....G.. + 000004d0: 02 18 94 57 b9 aa 15 a8 a8 a8 38 dc d7 d7 37 70 ...W......8...7p + 000004e0: 9e 9b 9b 4b 79 79 39 13 27 4e 24 2d 2d 8d 9c 9c ...Kyy9.'N$--... + 000004f0: 1c aa aa aa 38 78 f0 20 cd cd cd 04 83 41 76 ec ....8x. .....Av. + 00000500: d8 c1 be 7d fb 08 06 83 54 56 56 b2 79 f3 66 02 ...}....TVV.y.f. + 00000510: 81 00 77 dc 71 07 eb d7 af a7 b6 b6 96 15 2b 56 ..w.q.........+V + 00000520: 00 10 0e 87 39 7c f8 f0 a1 c1 2a 3f 18 23 ce 5f ....9|....*?.#._ + 00000530: b0 60 41 55 63 63 e3 ff 69 90 1d 1d 1d aa b5 b5 .`AUcc..i....... + 00000540: 55 99 a6 a9 a4 94 2a 12 89 a8 78 3c ae 94 52 2a U.....*...x<..R* + 00000550: 99 4c aa 9e 9e 9e 01 d9 68 34 3a 70 5c 57 57 a7 .L......h4:p\WW. + 00000560: e6 cd 9b 77 14 c8 f9 da 8c b8 df 8d 66 14 14 14 ...w........f... + 00000570: ac 5b bc 78 f1 b2 b9 73 e7 96 86 42 21 7c 3e 1f .[.x...s...B!|>. + 00000580: 8e e3 90 97 97 47 76 76 f6 80 7c 32 99 a4 be be .....Gvv..|2.... + 00000590: 7e 60 42 4d d3 3e 73 a1 08 21 b0 6d 9b a6 a6 26 ~`BM.>s..!.m...& + 000005a0: bb a2 a2 e2 e2 eb af bf be ab a5 a5 e5 e7 40 f7 ..............@. + 000005b0: 57 71 a3 83 21 f0 19 02 c0 44 21 44 c8 e7 f3 a5 Wq..!....D!D.... + 000005c0: 39 8e 63 af 5a b5 ea a7 5b b6 6c 29 06 d8 b5 6b 9.c.Z...[.l)...k + 000005d0: 57 df 73 cf 3d b7 eb fc f9 f3 ef 02 b6 74 a5 e3 W.s.=........t.. + 000005e0: ba 6e 86 80 91 42 88 a0 10 9a df 91 4e 3b 50 05 .n...B......N;P. + 000005f0: 1c 02 9c c1 fe 31 d7 4a e0 cf 30 61 c2 84 97 4e .....1.J..0a...N + 00000600: 9f 3e bd e6 d4 a9 53 4c 9a 34 69 39 b0 b3 ff 56 .>....SL.4i9...V + 00000610: 61 6a 66 60 61 e1 f8 d1 0b f3 c7 8d 2a 0c 04 03 ajf`a.......*... + 00000620: 59 7a 8a ee b3 93 66 32 d9 95 08 db 75 89 8b 27 Yz....f2....u..' + 00000630: ab 2a 7f 1b 8d 46 f6 03 6d df 18 01 60 cc c6 8d .*...F..m...`... + 00000640: 1b 4f 2e 5f be 3c ad a4 a4 64 6d 34 1a dd 93 95 .O._.<...dm4.... + 00000650: 17 7c e6 96 fb ee 7c a8 fc d6 69 69 c3 f2 82 a0 .|....|...ii.... + 00000660: 49 4c 27 41 c2 49 10 b3 a3 cc 1b ff 5d a6 87 6e IL'A.I......]..n + 00000670: a4 b6 f6 0c af ed f9 75 cb 8e 6d 5b 5f ec e9 09 .......u..m[_... + 00000680: 6f 04 ac 6f 82 00 42 88 65 9b 37 6f da a4 83 ef o..o..B.e.7o.... + 00000690: a7 9b 5e 6a 59 fc 4f 3f 2c 9d 34 b9 0c af d0 71 ..^jY.O?,.4....q + 000006a0: 1c 9b b8 15 23 66 47 e8 88 b5 33 26 78 1d f7 4e ....#fG...3&x..N + 000006b0: 5c 88 d0 c0 9f 0a 29 1e 38 76 fc 63 9e 78 e2 ef \.....).8v.c.x.. + 000006c0: de 78 ff 8f ef ae 02 9a fe df 09 f4 e3 be 15 2b .x.............+ + 000006d0: d7 ee cf 4c 4f 21 e9 17 dc fe ed f9 14 8c 08 11 ...LO!.......... + 000006e0: b7 62 84 13 5d 74 c4 da 89 db 09 ee 9d b8 84 e1 .b..]t.......... + 000006f0: fe 74 84 00 a9 1c fc 5e 83 40 00 c2 3d 71 d6 ac .t.....^.@..=q.. + 00000700: 79 b4 f1 b5 3d 3b e7 00 e7 af 86 80 c1 d0 21 af y...=;........!. + 00000710: ec a6 79 ff 12 9a f2 20 66 ef 39 ac cb 1f 92 22 ..y.... f.9...." + 00000720: 7d 14 66 15 d1 1e 69 25 6e c7 70 95 64 6c f0 7a }.f...i%n.p.dl.z + 00000730: 86 a7 a6 a3 09 78 f3 93 43 9c ed aa a5 20 23 9f .....x..C.... #. + 00000740: c2 ac 91 dc 5a 3a 93 57 b6 be 52 d8 de de b6 f5 ....Z:.W..R..... + 00000750: 9d b7 df fa eb ab 49 f2 86 6c 05 86 e5 8c dc f2 ......I..l...... + 00000760: c8 53 ff f5 a3 8c 60 3a 26 67 29 ca 1b ce f8 50 .S....`:&g)....P + 00000770: 29 39 e9 59 f4 58 61 9a 7b 9b 68 ee 6b a6 2f d9 )9.Y.Xa.{.h.k./. + 00000780: 87 26 74 e2 76 94 fa 9e 3a 7c ba 81 d7 f0 32 6a .&t.v...:|....2j + 00000790: 78 11 ab 66 ac 62 58 86 8f da 33 17 98 33 e7 5b x..f.bX...3..3.[ + 000007a0: ff d8 de de f6 b3 21 c9 85 ae 02 b3 a6 df b1 ec ......!......... + 000007b0: d1 cc cc 1c 2e 5c 7e 9b 96 ee 5a 7a a2 61 2e f7 .....\~...Zz.a.. + 000007c0: 36 71 29 7c 89 b6 48 2b bd 89 3e a2 56 8c d6 48 6q)|..H+..>.V..H + 000007d0: 2b c7 1b 3f e2 68 fd 51 22 c9 08 09 c7 22 6a 46 +..?.h.Q"...."jF + 000007e0: 31 84 87 14 c3 47 3c 0e 65 65 63 78 ec b1 75 1b 1....G<.eecx..u. + 000007f0: 80 e2 21 49 25 be 0c 59 d9 05 cb c6 ..!I%..Y.... + +URB 47 : <<< + 00000000: 00 00 0c 00 13 04 01 00 07 00 00 00 ............ + +URB 49 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +Data header packet. + +URB 51 : >>> + 00000000: 04 00 08 00 68 00 f8 07 ....h... + ^^^^^ : data size for the next packet + ^^ : always 0x00 +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 50 : <<< + 00000000: 00 00 0c 00 13 04 01 00 08 00 00 00 ............ + +Data packet. + +URB 53 : >>> + 00000000: 04 00 fc 07 94 cd d4 5d 2b 89 df 3b 8c 88 19 a5 .......]+..;.... + ^^ ..... : content of file + ^^^^^ : packet size (0x07F8 = 0x07FC - 0x02) + ^^^^^ : socket ID + 00000010: 3b de c1 e5 de 66 ea c3 f5 34 f7 36 d3 16 6d a5 ;....f...4.6..m. + 00000020: 2b da 49 6f a2 97 b8 95 40 4a 45 cc 8c d3 d2 d7 +.Io....@JE..... + 00000030: 42 c4 8c 31 21 af 0c 4d 80 52 e0 3a b0 7c d9 c3 B..1!..M.R.:.|.. + 00000040: fe ec ec 9c bf 19 92 64 ee 4b 90 31 ea ba bf 9a .......d.K.1.... + 00000050: ef 4b 4d 47 3a 26 79 e9 45 34 b4 1e a7 3d da 8a .KMG:&y.E4...=.. + 00000060: ad 27 49 31 bd 48 5c a2 56 94 70 a2 87 ce 58 17 .'I1.H\.V.p...X. + 00000070: 31 2b 8a 54 12 5b 68 2c 28 bb 9b 1b 0a ca b9 a5 1+.T.[h,(....... + 00000080: 78 3a 96 03 1e 1d 3a 23 71 6a dd 06 4a 67 95 3f x:....:#qj..Jg.? + 00000090: da f9 bb 23 2f 03 bd 5f 27 81 e9 23 0a c7 17 29 ...#/.._'..#...) + 000000a0: 25 91 ca 26 27 90 87 c7 48 a5 a9 af 81 a4 88 e3 %..&'...H....... + 000000b0: f1 19 48 25 89 3b 71 22 c9 3e a2 fd ca f7 26 7a ..H%.;q".>....&z + 000000c0: 79 e4 a6 1f f0 f8 ac 47 70 24 d8 0e e8 06 f4 24 y......Gp$.....$ + 000000d0: 62 6c 3f f9 1b ba dc 30 05 53 c6 16 f3 bb 23 e5 bl?....0.S....#. + 000000e0: c0 7b 5f 1b 01 8f 2f 75 74 66 30 24 70 5d 04 82 .{_.../utf0$p].. + 000000f0: 14 c3 c7 f5 23 a6 70 e0 dc 76 2c 61 62 78 0d 14 ....#.p..v,abx.. + 00000100: 92 a4 93 a4 cf ec 43 2a 17 cb b6 b8 bd 74 0e 2b ......C*.....t.+ + 00000110: a6 3d 48 dc 02 a9 40 d3 40 57 10 4e f4 d1 d0 d3 .=H...@.@W.N.... + 00000120: 8c 3f d5 8f 3f 3b 03 c3 eb 29 71 2c 7b 88 08 dc .?..?;...)q,{... + 00000130: bf 69 29 70 17 30 09 88 02 27 a8 dc 13 17 9a 86 .i)p.0...'...... + 00000140: 42 02 0a cb 4d 32 a3 68 36 f5 b1 53 54 77 1c 27 B...M2.h6..STw.' + 00000150: 20 03 28 a1 d0 35 9d b9 a5 f3 48 f3 05 08 78 02 .(..5....H...x. + 00000160: 2c 2a 5f 8c 47 33 70 5c 10 fd 96 e8 2a 08 78 fc ,*_.G3p\....*.x. + 00000170: 08 a1 13 31 63 48 8f 86 66 e8 59 58 f6 35 da c0 ...1cH..f.YX.5.. + 00000180: fd 9b 16 03 6b 16 df 3c 76 f6 dc f2 42 26 15 05 ....k......'~7.. + 00000760: e5 65 67 67 67 e8 ba ae 0d e6 23 b8 ae 2b 3b 3b .eggg.....#..+;; + 00000770: 3b 7b 5b 5b 5b db 6a 6a 6a fe db b2 ac 43 40 fc ;{[[[.jjj....C@. + 00000780: 6a 9f ff b3 b9 94 52 5f 3a 00 bc 5e ef b2 b5 6b j.....R_:..^...k + 00000790: d7 d6 54 57 57 ab a1 42 75 75 b5 5a bd 7a f5 29 ..TWW..Buu.Z.z.) + 000007a0: c3 30 16 0d 86 c0 e7 87 b8 9a af e7 f3 f9 16 6c .0.............l + 000007b0: df be fd c0 d2 a5 4b 01 78 f6 d9 67 59 b2 64 09 ......K.x..gY.d. + 000007c0: a7 4e 9d 42 08 41 4d 4d 0d 00 b9 b9 b9 dc 73 cf .N.B.AMM......s. + 000007d0: 3d bc f0 c2 0b ac 5e bd 9a 51 a3 46 b1 7b f7 6e =.....^..Q.F.{.n + 000007e0: 5c d7 e5 81 07 1e 00 e0 d5 57 5f e5 dc b9 73 a4 \........W_...s. + 000007f0: a6 a6 f2 e4 93 4f 92 92 92 c2 f6 ed .....O...... + +URB 52 : <<< + 00000000: 00 00 0c 00 13 04 01 00 09 00 00 00 ............ + +URB 54 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +Data header packet. + +URB 56 : >>> + 00000000: 04 00 08 00 68 00 f8 07 ....h... + ^^^^^ : data size for the next packet + ^^ : always 0x00 +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 55 : <<< + 00000000: 00 00 0c 00 13 04 01 00 0a 00 00 00 ............ + +Data packet. + +URB 58 : >>> + 00000000: 04 00 fc 07 db 9d 95 2b 57 ce 77 5d f7 c8 60 57 .......+W.w]..`W + ^^ ..... : content of file + ^^^^^ : packet size (0x07F8 = 0x07FC - 0x02) + ^^^^^ : socket ID + 00000010: 40 bb 1a d6 f3 e7 cf 7f e2 33 e5 01 ce 9c 39 c3 @........3....9. + 00000020: b6 6d db d8 bd 7b 37 ed ed ed d4 d6 d6 22 a5 24 .m...{7......".$ + 00000030: 14 0a 91 96 96 46 75 75 35 b1 58 0c 80 86 86 06 .....Fuu5.X..... + 00000040: 1a 1a 1a 00 b8 78 f1 22 7b f7 ee 65 c3 86 0d 04 .....x."{..e.... + 00000050: 02 01 b6 6c d9 02 c0 c3 0f 3f 6c dc 79 e7 9d 7f ...l.....?l.y... + 00000060: ff b5 d9 40 71 71 71 c1 17 58 6b 1a e3 c6 8d c3 ...@qqq..Xk..... + 00000070: b6 6d 94 52 e8 ba ce e4 c9 93 99 3a 75 2a 1e 8f .m.R.......:u*.. + 00000080: 07 5d d7 f1 fb fd 03 b2 1e 8f 07 00 29 25 52 4a .]..........)%RJ + 00000090: 0c c3 20 10 08 d0 d6 d6 36 f0 ce d1 a3 47 17 01 .. .....6....G.. + 000000a0: 02 18 94 57 b9 aa 15 a8 a8 a8 38 dc d7 d7 37 70 ...W......8...7p + 000000b0: 9e 9b 9b 4b 79 79 39 13 27 4e 24 2d 2d 8d 9c 9c ...Kyy9.'N$--... + 000000c0: 1c aa aa aa 38 78 f0 20 cd cd cd 04 83 41 76 ec ....8x. .....Av. + 000000d0: d8 c1 be 7d fb 08 06 83 54 56 56 b2 79 f3 66 02 ...}....TVV.y.f. + 000000e0: 81 00 77 dc 71 07 eb d7 af a7 b6 b6 96 15 2b 56 ..w.q.........+V + 000000f0: 00 10 0e 87 39 7c f8 f0 a1 c1 2a 3f 18 23 ce 5f ....9|....*?.#._ + 00000100: b0 60 41 55 63 63 e3 ff 69 90 1d 1d 1d aa b5 b5 .`AUcc..i....... + 00000110: 55 99 a6 a9 a4 94 2a 12 89 a8 78 3c ae 94 52 2a U.....*...x<..R* + 00000120: 99 4c aa 9e 9e 9e 01 d9 68 34 3a 70 5c 57 57 a7 .L......h4:p\WW. + 00000130: e6 cd 9b 77 14 c8 f9 da 8c b8 df 8d 66 14 14 14 ...w........f... + 00000140: ac 5b bc 78 f1 b2 b9 73 e7 96 86 42 21 7c 3e 1f .[.x...s...B!|>. + 00000150: 8e e3 90 97 97 47 76 76 f6 80 7c 32 99 a4 be be .....Gvv..|2.... + 00000160: 7e 60 42 4d d3 3e 73 a1 08 21 b0 6d 9b a6 a6 26 ~`BM.>s..!.m...& + 00000170: bb a2 a2 e2 e2 eb af bf be ab a5 a5 e5 e7 40 f7 ..............@. + 00000180: 57 71 a3 83 21 f0 19 02 c0 44 21 44 c8 e7 f3 a5 Wq..!....D!D.... + 00000190: 39 8e 63 af 5a b5 ea a7 5b b6 6c 29 06 d8 b5 6b 9.c.Z...[.l)...k + 000001a0: 57 df 73 cf 3d b7 eb fc f9 f3 ef 02 b6 74 a5 e3 W.s.=........t.. + 000001b0: ba 6e 86 80 91 42 88 a0 10 9a df 91 4e 3b 50 05 .n...B......N;P. + 000001c0: 1c 02 9c c1 fe 31 d7 4a e0 cf 30 61 c2 84 97 4e .....1.J..0a...N + 000001d0: 9f 3e bd e6 d4 a9 53 4c 9a 34 69 39 b0 b3 ff 56 .>....SL.4i9...V + 000001e0: 61 6a 66 60 61 e1 f8 d1 0b f3 c7 8d 2a 0c 04 03 ajf`a.......*... + 000001f0: 59 7a 8a ee b3 93 66 32 d9 95 08 db 75 89 8b 27 Yz....f2....u..' + 00000200: ab 2a 7f 1b 8d 46 f6 03 6d df 18 01 60 cc c6 8d .*...F..m...`... + 00000210: 1b 4f 2e 5f be 3c ad a4 a4 64 6d 34 1a dd 93 95 .O._.<...dm4.... + 00000220: 17 7c e6 96 fb ee 7c a8 fc d6 69 69 c3 f2 82 a0 .|....|...ii.... + 00000230: 49 4c 27 41 c2 49 10 b3 a3 cc 1b ff 5d a6 87 6e IL'A.I......]..n + 00000240: a4 b6 f6 0c af ed f9 75 cb 8e 6d 5b 5f ec e9 09 .......u..m[_... + 00000250: 6f 04 ac 6f 82 00 42 88 65 9b 37 6f da a4 83 ef o..o..B.e.7o.... + 00000260: a7 9b 5e 6a 59 fc 4f 3f 2c 9d 34 b9 0c af d0 71 ..^jY.O?,.4....q + 00000270: 1c 9b b8 15 23 66 47 e8 88 b5 33 26 78 1d f7 4e ....#fG...3&x..N + 00000280: 5c 88 d0 c0 9f 0a 29 1e 38 76 fc 63 9e 78 e2 ef \.....).8v.c.x.. + 00000290: de 78 ff 8f ef ae 02 9a fe df 09 f4 e3 be 15 2b .x.............+ + 000002a0: d7 ee cf 4c 4f 21 e9 17 dc fe ed f9 14 8c 08 11 ...LO!.......... + 000002b0: b7 62 84 13 5d 74 c4 da 89 db 09 ee 9d b8 84 e1 .b..]t.......... + 000002c0: fe 74 84 00 a9 1c fc 5e 83 40 00 c2 3d 71 d6 ac .t.....^.@..=q.. + 000002d0: 79 b4 f1 b5 3d 3b e7 00 e7 af 86 80 c1 d0 21 af y...=;........!. + 000002e0: ec a6 79 ff 12 9a f2 20 66 ef 39 ac cb 1f 92 22 ..y.... f.9...." + 000002f0: 7d 14 66 15 d1 1e 69 25 6e c7 70 95 64 6c f0 7a }.f...i%n.p.dl.z + 00000300: 86 a7 a6 a3 09 78 f3 93 43 9c ed aa a5 20 23 9f .....x..C.... #. + 00000310: c2 ac 91 dc 5a 3a 93 57 b6 be 52 d8 de de b6 f5 ....Z:.W..R..... + 00000320: 9d b7 df fa eb ab 49 f2 86 6c 05 86 e5 8c dc f2 ......I..l...... + 00000330: c8 53 ff f5 a3 8c 60 3a 26 67 29 ca 1b ce f8 50 .S....`:&g)....P + 00000340: 29 39 e9 59 f4 58 61 9a 7b 9b 68 ee 6b a6 2f d9 )9.Y.Xa.{.h.k./. + 00000350: 87 26 74 e2 76 94 fa 9e 3a 7c ba 81 d7 f0 32 6a .&t.v...:|....2j + 00000360: 78 11 ab 66 ac 62 58 86 8f da 33 17 98 33 e7 5b x..f.bX...3..3.[ + 00000370: ff d8 de de f6 b3 21 c9 85 ae 02 b3 a6 df b1 ec ......!......... + 00000380: d1 cc cc 1c 2e 5c 7e 9b 96 ee 5a 7a a2 61 2e f7 .....\~...Zz.a.. + 00000390: 36 71 29 7c 89 b6 48 2b bd 89 3e a2 56 8c d6 48 6q)|..H+..>.V..H + 000003a0: 2b c7 1b 3f e2 68 fd 51 22 c9 08 09 c7 22 6a 46 +..?.h.Q"...."jF + 000003b0: 31 84 87 14 c3 47 3c 0e 65 65 63 78 ec b1 75 1b 1....G<.eecx..u. + 000003c0: 80 e2 21 49 25 be 0c 59 d9 05 cb c6 94 cd d4 5d ..!I%..Y.......] + 000003d0: 2b 89 df 3b 8c 88 19 a5 3b de c1 e5 de 66 ea c3 +..;....;....f.. + 000003e0: f5 34 f7 36 d3 16 6d a5 2b da 49 6f a2 97 b8 95 .4.6..m.+.Io.... + 000003f0: 40 4a 45 cc 8c d3 d2 d7 42 c4 8c 31 21 af 0c 4d @JE.....B..1!..M + 00000400: 80 52 e0 3a b0 7c d9 c3 fe ec ec 9c bf 19 92 64 .R.:.|.........d + 00000410: ee 4b 90 31 ea ba bf 9a ef 4b 4d 47 3a 26 79 e9 .K.1.....KMG:&y. + 00000420: 45 34 b4 1e a7 3d da 8a ad 27 49 31 bd 48 5c a2 E4...=...'I1.H\. + 00000430: 56 94 70 a2 87 ce 58 17 31 2b 8a 54 12 5b 68 2c V.p...X.1+.T.[h, + 00000440: 28 bb 9b 1b 0a ca b9 a5 78 3a 96 03 1e 1d 3a 23 (.......x:....:# + 00000450: 71 6a dd 06 4a 67 95 3f da f9 bb 23 2f 03 bd 5f qj..Jg.?...#/.._ + 00000460: 27 81 e9 23 0a c7 17 29 25 91 ca 26 27 90 87 c7 '..#...)%..&'... + 00000470: 48 a5 a9 af 81 a4 88 e3 f1 19 48 25 89 3b 71 22 H.........H%.;q" + 00000480: c9 3e a2 fd ca f7 26 7a 79 e4 a6 1f f0 f8 ac 47 .>....&zy......G + 00000490: 70 24 d8 0e e8 06 f4 24 62 6c 3f f9 1b ba dc 30 p$.....$bl?....0 + 000004a0: 05 53 c6 16 f3 bb 23 e5 c0 7b 5f 1b 01 8f 2f 75 .S....#..{_.../u + 000004b0: 74 66 30 24 70 5d 04 82 14 c3 c7 f5 23 a6 70 e0 tf0$p]......#.p. + 000004c0: dc 76 2c 61 62 78 0d 14 92 a4 93 a4 cf ec 43 2a .v,abx........C* + 000004d0: 17 cb b6 b8 bd 74 0e 2b a6 3d 48 dc 02 a9 40 d3 .....t.+.=H...@. + 000004e0: 40 57 10 4e f4 d1 d0 d3 8c 3f d5 8f 3f 3b 03 c3 @W.N.....?..?;.. + 000004f0: eb 29 71 2c 7b 88 08 dc bf 69 29 70 17 30 09 88 .)q,{....i)p.0.. + 00000500: 02 27 a8 dc 13 17 9a 86 42 02 0a cb 4d 32 a3 68 .'......B...M2.h + 00000510: 36 f5 b1 53 54 77 1c 27 20 03 28 a1 d0 35 9d b9 6..STw.' .(..5.. + 00000520: a5 f3 48 f3 05 08 78 02 2c 2a 5f 8c 47 33 70 5c ..H...x.,*_.G3p\ + 00000530: 10 fd 96 e8 2a 08 78 fc 08 a1 13 31 63 48 8f 86 ....*.x....1cH.. + 00000540: 66 e8 59 58 f6 35 da c0 fd 9b 16 03 6b 16 df 3c f.YX.5......k..< + 00000550: 76 f6 dc f2 42 26 15 05 89 99 0e 55 75 9d b3 b6 v...B&.....Uu... + 00000560: 15 05 a9 ec e8 e2 b6 3c 9b 34 9f 8e eb d8 08 a5 .......<.4...... + 00000570: f3 fd 1b 1e e1 c2 ef cf e2 48 93 a4 6b f2 83 e9 .........H..k... + 00000580: 3f 64 cd cd 0f e2 c8 2b af b4 5c ae 28 df 5f c2 ?d.....+..\.(._. + 00000590: 28 ae 18 b0 10 06 4a 2a a2 6e 02 33 11 43 4a 99 (.....J*.n.3.CJ. + 000005a0: bc 26 23 16 8b 36 af 19 39 3c f0 d2 2b ab 66 73 .&#..6..9<..+.fs + 000005b0: eb f5 f9 08 21 10 42 a0 69 1a df 1a 17 e2 47 f3 ....!.B.i.....G. + 000005c0: 26 f1 fc 81 4a 9e d9 7b 8c d5 53 8a c9 72 5c 62 &...J..{..S..r\b + 000005d0: 66 9c c2 ac 6c 0a 33 8b 38 d5 51 85 ae 1b d8 ae f...l.3.8.Q..... + 000005e0: 8d 54 90 b0 af 94 5d 88 fe f1 39 98 2e 48 95 8a .T....]...9..H.. + 000005f0: 47 4b 25 9a 68 27 da d9 8d 6b 39 2d 5f 99 80 58 GK%.h'...k9-_..X + 00000600: b4 39 2d c5 a3 bf f4 fa e3 df c6 55 92 07 5e 3c .9-........U..^< + 00000610: 84 10 82 19 a5 21 fe 76 fe 54 34 4d 43 13 82 a7 .....!.v.T4MC... + 00000620: ee bd 11 5d d3 d8 ff 4e 2d f9 c3 d2 89 27 93 98 ...]...N-....'.. + 00000630: a6 cb c2 09 4b b8 f4 fe 05 fa ec 1e de fc e4 10 ....K........... + 00000640: f7 94 dd 4b f1 f0 20 49 07 2c 47 7d 16 25 11 80 ...K.. I.,G}.%.. + 00000650: 2d 21 62 2a 6c 57 c3 d0 fc f4 58 bd 84 2f 5d 46 -!b*lW....X../]F + 00000660: 49 79 fe 5a e2 c0 9a 95 b7 8f 63 7c 7e 26 87 aa Iy.Z......c|~&.. + 00000670: ea f8 ed f1 f3 ec 3f f6 29 bf 3c f2 31 4a 29 a4 ......?.).<.1J). + 00000680: 94 03 95 d1 8f bf 53 4e b7 94 b4 f7 c5 88 c7 4d ......SN.......M + 00000690: 3a 7b 7b 29 ce 28 63 fd 9c ff a0 64 d8 58 ea 3a :{{).(c....d.X.: + 000006a0: eb 78 f6 ad 67 f8 d5 b1 3d 9c 69 3d 07 08 a4 94 .x..g...=.i=.... + 000006b0: b8 ae 4b dc 96 84 13 6e ff 80 a0 bf 14 69 7b 68 ..K....n.....i{h + 000006c0: ad be 70 11 a8 bf 96 5f 68 e9 f7 a6 8d 46 29 45 ..p...._h....F)E + 000006d0: a6 df cb dc c9 45 a4 78 3c 3c 36 af 9c 7d 1f 9d .....E.x<<6..}.. + 000006e0: 63 e3 ff 9c 00 60 d1 cd e3 f8 87 bb 6f 62 e1 f4 c....`......ob.. + 000006f0: 31 9c a8 6e 24 2f c3 8f cf 67 d0 62 74 32 32 bb 1..n$/...g.bt22. + 00000700: 98 a7 67 3f c7 f3 bf df c0 db 9f 1c e1 ad da 0a ..g?............ + 00000710: f2 33 0b d8 b6 78 27 05 99 f9 84 13 16 7d a6 4b .3...x'......}.K + 00000720: c4 94 c4 4c 45 d4 81 92 e0 6d 8c fb 53 13 47 4f ...LE....m..S.GO + 00000730: 6f fd 49 bf b3 f8 ca 04 26 8c cd 4b 47 29 45 71 o.I.....&..KG)Eq + 00000740: 4e 06 8b a6 97 12 4c 4f 65 c6 d8 11 7c ff c5 37 N.....LOe...|..7 + 00000750: 38 79 a9 fd 4a d7 22 37 13 a5 14 d7 85 32 a9 f8 8y..J."7.....2.. + 00000760: f0 02 b1 a4 89 de a7 21 10 b8 52 32 22 6b 18 2b .......!..R2"k.+ + 00000770: a7 ae e3 97 d6 7f 82 50 64 a7 e7 10 8b 3b fc a1 .......Pd....;.. + 00000780: e9 63 bc be 0c 30 d2 89 5b 06 31 5b 10 73 20 92 .c...0..[.1[.s . + 00000790: e8 e4 dd 5d 2f 1f c2 55 bb af 35 12 5b 96 e3 7a ...]/..U..5.[..z + 000007a0: bd 86 c6 43 bf 78 8b a4 7d a5 fa 7b f3 a9 fb 58 ...C.x..}..{...X + 000007b0: 30 b5 84 92 dc 4c b2 02 29 3c 34 bb 0c 29 25 a6 0....L..)<4..)%. + 000007c0: ed 62 68 3a 09 d3 42 00 52 29 2c db 26 91 34 c9 .bh:..B.R),.&.4. + 000007d0: f4 a7 b1 66 da 4f d0 35 9d d4 94 74 0e 7f f4 0e ...f.O.5...t.... + 000007e0: 3b 2a b6 91 3b 6c 04 c1 8c 11 a4 a4 66 91 91 59 ;*..;l......f..Y + 000007f0: 40 30 6f 32 27 0e ed ec bc 74 e6 fd @0o2'....t.. + +URB 57 : <<< + 00000000: 00 00 0c 00 13 04 01 00 0b 00 00 00 ............ + +URB 59 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +Data header packet. + +URB 61 : >>> + 00000000: 04 00 08 00 68 00 e8 06 ....h... + ^^^^^ : data size for the next packet + ^^ : always 0x00 +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 60 : <<< + 00000000: 00 00 0c 00 13 04 01 00 0c 00 00 00 ............ + +Data packet. + +URB 63 : >>> + 00000000: 04 00 ec 06 1f 0f 45 5f e8 64 4d 63 78 d6 8c b1 ......E_.dMcx... + ^^ ..... : content of file + ^^^^^ : packet size (0x06E8 = 0x06EC - 0x02) + ^^^^^ : socket ID + 00000010: 39 48 a5 f0 1a 3a 37 8c ca 26 94 99 4a e5 c5 36 9H...:7..&..J..6 + 00000020: 32 fd 5e 82 69 29 64 a4 7a 50 4a 71 aa a1 0b b7 2.^.i)d.zPJq.... + 00000030: bb 1e ad 78 04 89 a4 89 e3 4a 4c cb 26 1a 37 e9 ...x.....JL.&.7. + 00000040: f4 c4 31 0c 2f 68 1e 5c d5 c3 81 f7 0e e2 24 2d ..1./h.\......$- + 00000050: da da 9a 69 69 6d 44 68 a0 7b bd 58 ed 3f a7 ed ...iimDh.{.X.?.. + 00000060: 83 3f 3d 0d 7c 3a 14 04 7e b5 eb 83 0b b3 a6 8f .?=.|:..~....... + 00000070: c9 e6 0f eb 17 22 04 8c 0c a6 73 ba a9 9b a7 5f ....."....s...._ + 00000080: fb 60 40 28 7f 58 80 db ca 8a d8 7f ec 22 3d 87 .`@(.X......."=. + 00000090: b7 fe 7b 8e d9 be ee fa a9 73 d3 2c 09 d1 44 12 ..{......s.,..D. + 000000a0: a1 5b 08 4d 43 d3 3c 18 1e 1f 35 67 df a1 a5 a5 .[.MC.<...5g.... + 000000b0: 01 8f e1 01 0d 0c c3 8b d0 04 d1 8b 4d 4e 77 cd ............MNw. + 000000c0: e9 75 4a ca 57 86 aa 33 f7 eb df 1c af df 7e ff .uJ.W..3......~. + 000000d0: 4d a3 b9 65 5c de 40 0c 38 dd dc 8d cf a3 a3 09 M..e\.@.8....... + 000000e0: c1 e4 a2 6c a6 8d c9 e3 9f 77 7f 48 67 24 f9 33 ...l.....w.Hg$.3 + 000000f0: ba 1a ff f5 ed fd 2f 56 d4 9d ad 7a 7e d2 cc ef ....../V...z~... + 00000100: cd cc ca 2d 01 4d 07 01 ae 8c 73 a1 ee 30 9f 5e ...-.M....s..0.^ + 00000110: fa 23 86 c7 8b 94 57 42 81 15 ee 25 5a 57 57 19 .#....WB...%ZWW. + 00000120: 6f 69 5d 0b 1c 1d 4c 72 f0 a5 05 8d 58 b4 f9 fe oi]...Lr....X... + 00000130: 80 cf d8 bb e5 a1 19 dc 35 b9 e0 0b 81 4c 08 81 ........5....L.. + 00000140: e9 48 36 ec ab 64 eb 1b 27 76 72 f0 e9 4d 40 56 .H6..d..'vr..M@V + 00000150: bf 7b ce d5 3d be 05 a1 e2 29 b3 f2 4a a6 8d 48 .{..=....)..J..H + 00000160: c9 c8 d6 9a db ab 08 f7 d5 63 e8 1e 94 94 b8 89 .........c...... + 00000170: 04 56 77 57 57 b2 a3 e3 3d e5 ba 07 81 16 40 07 .VwWW...=.....@. + 00000180: 62 40 a4 3f 0b ed ed 3f 37 af 98 d5 17 15 be ba b@.?...?7....... + 00000190: 8a 6c d1 e6 bb 80 35 37 8f cd b9 7b 66 69 2e e5 .l....57...{fi.. + 000001a0: 45 c3 e9 49 58 54 d5 77 f3 66 75 33 2d ed 9d 2f E..IXT.w.fu3-../ + 000001b0: f3 c6 bf 6d c5 4e e4 f7 77 d8 32 00 0f e0 02 69 ...m.N..w.2....i + 000001c0: fd d7 72 81 0c a1 eb 06 a0 50 2a a1 a4 ec ec 6f ..r......P*....o + 000001d0: a7 44 01 5f bf f2 36 90 ec 27 d0 06 34 02 cd 40 .D._..6..'..4..@ + 000001e0: 0f 60 2a a5 e4 a0 09 7c 8e c8 6c 60 36 70 63 7f .`*....|..l`6pc. + 000001f0: 27 ed 18 70 40 ed 7d bc f9 9b da a1 11 7f e9 5b '..p@.}........[ + 00000200: 4c ff 3b 00 0a 79 0a c5 3c 71 69 d1 00 00 00 00 L.;..y..>> + 00000000: 04 00 08 00 8d 00 00 00 ........ +     ^^ : command + ^^^^^ : packet size + ^^^^^ : socket ID + +URB 65 : <<< + 00000000: 00 00 0c 00 13 04 01 00 0e 00 00 00 ............ + +URB 67 : <<< + 00000000: 04 00 08 00 64 00 00 00 ....d... + +URB 69 : >>> + 00000000: 00 00 08 00 0b 04 00 0b ........ + +URB 68 : <<< + 00000000: 00 00 08 00 0c 04 00 0b ........ + diff --git a/src/Makefile.am b/src/Makefile.am index aa29f5a1..4aeb624f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -69,6 +69,7 @@ include_barry_HEADERS = barry.h \ m_desktoptmpl.h \ m_ipmodem.h \ m_serial.h \ + m_javaloader.h \ data.h \ error.h \ ldif.h \ @@ -98,7 +99,8 @@ include_barry_HEADERS = barry.h \ pppfilter.h \ sha1.h \ iconv.h \ - s11n-boost.h + s11n-boost.h \ + cod.h libbarry_la_SOURCES = time.cc \ @@ -128,6 +130,7 @@ libbarry_la_SOURCES = time.cc \ m_desktop.cc \ m_ipmodem.cc \ m_serial.cc \ + m_javaloader.cc \ version.cc \ pppfilter.cc \ sha1.cc \ diff --git a/src/barry.h b/src/barry.h index a2c45c5e..e9794630 100644 --- a/src/barry.h +++ b/src/barry.h @@ -63,6 +63,7 @@ #include "m_desktop.h" #include "m_ipmodem.h" #include "m_serial.h" +#include "m_javaloader.h" #include "version.h" #include "log.h" #include "sha1.h" diff --git a/src/cod.h b/src/cod.h new file mode 100644 index 00000000..24d31aab --- /dev/null +++ b/src/cod.h @@ -0,0 +1,78 @@ +/// +/// \file code.h +/// COD structure +/// + +/* + Copyright (C) 2005-2009, Net Direct Inc. (http://www.netdirect.ca/) + Copyright (C) 2008-2009, Nicolas VIVIEN + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License in the COPYING file at the + root directory of this project for more details. +*/ + +#ifndef __BARRY_COD_H__ +#define __BARRY_COD_H__ + +#include +#include + + +typedef struct { + uint16_t type; // Type // 50 4B + uint8_t unknown1[8]; // // 03 04 0A 00 00 00 00 00 + uint8_t unknown2[4]; // // AB 5C 6A 39 + uint8_t unknown3[4]; // // BE 5C 58 D1 + uint32_t size1; // COD size 0x0DCC // CC 0D 01 00 + uint32_t size2; // COD size 0x0DCC // CC OD 01 00 + uint8_t strsize; // Size of string // 19 + uint8_t reserved2; // Reserved 0x00 // 00 + uint8_t strfree; // Empty uint8_t // 04 + uint8_t reserved3; // Reserved 0x00 // 00 +} __attribute__ ((packed)) codfile_header_t; + + +typedef struct { + uint32_t flashid; + uint32_t section_number; //always 0 + uint32_t vtable_pointer; //always 0 + time_t timestamp; + uint32_t user_version; + uint32_t fieldref_pointer; + uint16_t maxtype_list_size; + uint16_t reserved; //always 0xFF + int32_t data_section; //always 0xFFFF + int32_t module_info; //always 0xFFFF + uint16_t version; + uint16_t code_size; + uint16_t data_size; + uint16_t flags; +} __attribute__ ((packed)) code_header_t; + + +typedef struct { + uint8_t flags; + uint8_t version; + uint16_t num_icalls; + uint8_t num_modules; + uint8_t num_classes ; + uint16_t exported_string_offset; + uint16_t data_uint8_ts_offset; + uint16_t empty_field; + uint16_t class_definitions; + uint16_t array_of_unknow1_fields[14]; + uint16_t aliases; + uint16_t array_of_unknow2_fields[22]; +} __attribute__ ((packed)) data_header_t; + +#endif + diff --git a/src/controller.h b/src/controller.h index c760e594..cec06d99 100644 --- a/src/controller.h +++ b/src/controller.h @@ -39,6 +39,7 @@ namespace Mode { class Desktop; class IpModem; class Serial; + class JavaLoader; } // @@ -69,6 +70,7 @@ class BXEXPORT Controller friend class Barry::Mode::Desktop; friend class Barry::Mode::IpModem; friend class Barry::Mode::Serial; + friend class Barry::Mode::JavaLoader; public: /// Handheld mode type @@ -77,7 +79,7 @@ public: Bypass, //< unsupported, unknown Desktop, //< desktop mode required for database //< operation - JavaLoader, //< unsupported + JavaLoader, //< experimental UsbSerData, //< GPRS modem support over USB UsbSerCtrl //< internally used behind the scenes }; diff --git a/src/convo.awk b/src/convo.awk index b3836caa..005c4bee 100644 --- a/src/convo.awk +++ b/src/convo.awk @@ -24,6 +24,14 @@ BEGIN { print $0; } +/endpoint 0x00000002/ { + # only copy data going to the output endpoint + if( direction == 0 ) { + docopy = 1; + printf "\nsep: 2\n"; + } +} + /endpoint 0x00000005/ { # only copy data going to the output endpoint if( direction == 0 ) { diff --git a/src/m_javaloader.cc b/src/m_javaloader.cc new file mode 100644 index 00000000..c2642913 --- /dev/null +++ b/src/m_javaloader.cc @@ -0,0 +1,362 @@ +/// +/// \file m_javaloader.cc +/// Mode class for the JavaLoader mode +/// + +/* + Copyright (C) 2005-2009, Net Direct Inc. (http://www.netdirect.ca/) + Copyright (C) 2008-2009, Nicolas VIVIEN + + Some parts are inspired from m_desktop.h + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License in the COPYING file at the + root directory of this project for more details. +*/ + +#include "m_javaloader.h" +#include "data.h" +#include "protocol.h" +#include "protostructs.h" +#include "packet.h" +#include "endian.h" +#include "error.h" +#include "usbwrap.h" +#include "controller.h" +#include +#include + +#include "debug.h" + +namespace Barry { namespace Mode { + + +/////////////////////////////////////////////////////////////////////////////// +// JavaLoader Mode class + +JavaLoader::JavaLoader(Controller &con) + : m_con(con) + , m_ModeSocket(0) +{ +} + +JavaLoader::~JavaLoader() +{ +} + +/////////////////////////////////////////////////////////////////////////////// +// protected members + + +/////////////////////////////////////////////////////////////////////////////// +// public API + +// +// Open +// +/// Select device mode. This is required before using any other mode-based +/// operations, such as GetDBDB() and LoadDatabase(). +/// +/// This function opens a socket to the device for communicating in Desktop +/// mode. If the device requires it, specify the password with a const char* +/// string in password. The password will not be stored in memory +/// inside this class, only a hash will be generated from it. After +/// using the hash, the hash memory will be set to 0. The application +/// is responsible for safely handling the raw password data. +/// +/// You can retry the password by catching Barry::BadPassword and +/// calling RetryPassword() with the new password. +/// +/// \exception Barry::Error +/// Thrown on protocol error. +/// +/// \exception std::logic_error() +/// Thrown if unsupported mode is requested, or if socket +/// already open. +/// +/// \exception Barry::BadPassword +/// Thrown when password is invalid or if not enough retries +/// left in the device. +/// +void JavaLoader::Open(const char *password) +{ + if( m_ModeSocket ) { + m_socket->Close(); + m_socket.reset(); + m_ModeSocket = 0; + } + + m_ModeSocket = m_con.SelectMode(Controller::JavaLoader); + RetryPassword(password); +} + +// +// RetryPassword +// +/// Retry a failed password attempt from the first call to Open(). +/// Only call this function in response to Barry::BadPassword exceptions +/// that are thrown from Open(). +/// +/// \exception Barry::Error +/// Thrown on protocol error. +/// +/// \exception std::logic_error() +/// Thrown if in unsupported mode, or if socket already open. +/// +/// \exception Barry::BadPassword +/// Thrown when password is invalid or if not enough retries +/// left in the device. +/// +void JavaLoader::RetryPassword(const char *password) +{ + if( m_socket.get() != 0 ) + throw std::logic_error("Socket alreay open in RetryPassword"); + + m_socket = m_con.m_zero.Open(m_ModeSocket, password); + + { + Data response; + m_socket->Receive(response, -1); + } +} + + +// These commands are sent to prepare the data stream +void JavaLoader::StartStream() +{ + // 1°/ + char rawCommand1[] = { 4, 0, 0x08, 0, 0x64, 0, 0, 0 }; + *((uint16_t*) rawCommand1) = htobs(m_socket->GetSocket()); + + Data command1(rawCommand1, sizeof(rawCommand1)); + Data response1; + + try { + m_socket->Packet(command1, response1); + + MAKE_PACKET(rpack, response1); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command1, response1); + throw; + } + + // 2°/ + char rawCommand2[] = { 4, 0, 0x08, 0, 0x70, 0, 0x01, 0 }; + *((uint16_t*) rawCommand2) = htobs(m_socket->GetSocket()); + + Data command2(rawCommand2, sizeof(rawCommand2)); + Data response2; + + try { + m_socket->SetSequencePacket(false); + m_socket->Packet(command2, response2); + m_socket->SetSequencePacket(true); + + MAKE_PACKET(rpack, response2); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command2, response2); + throw; + } + + // 3°/ + char rawCommand3[] = { 4, 0, 0x05, 0, 0 }; + *((uint16_t*) rawCommand3) = htobs(m_socket->GetSocket()); + + Data command3(rawCommand3, sizeof(rawCommand3)); + Data response3; + + try { + m_socket->Packet(command3, response3); + + MAKE_PACKET(rpack, response3); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command1, response1); + throw; + } +} + + +// This function permits to send a COD application +// WARNING : Before, you have to call the "Start" function, +// After, you have to call the "Stop" function. +// +// From the USB traces, the max size of packet is : 0x07FC +// Packet header : +// 04 00 08 00 68 00 F8 07 +// ^^^^^ : about size +// ^^ : command +// ^^ : size of packet header +// ^^^^^ : socket +// Response : +// 00 00 0C 00 13 04 01 00 0A 00 00 00 +// Packet format : +// 04 00 FC 07 DB 9D 95 2B 57 .... E6 FD +// ^^^^^ ............. ^^^^^ : data (the file content) +// ^^^^^ : packet size +// ^^^^^ : socket +// +// +// WARNING : A COD file starts with the integer 0xDEC0FFFF (FIXME) +// An application can contain several COD parts. In this case we can read a header (start with PK) +// In this sample, we have to skip the file header : +// 00000000 50 4B 03 04 0A 00 00 00 00 00 A0 00 51 35 BA 9F 99 5D 30 CE PK..........Q5...]0. +// 00000014 00 00 30 CE 00 00 15 00 04 00 4D 65 74 72 6F 56 69 65 77 65 ..0.......MetroViewe +// 00000028 72 2E 50 61 72 69 73 2E 63 6F 64 FE CA 00 00 DE C0 FF FF 00 r.Paris.cod......... +// ^^ Start of data sent ! +// 0000003C 00 00 00 00 00 00 00 0F 10 34 45 00 00 00 00 00 00 00 00 21 .........4E........! +// 00000050 00 FF FF FF FF FF FF FF FF FF FF 4E 00 9C 08 68 C5 00 00 F0 ...........N...h.... +// 00000064 B8 BC C0 A1 C0 14 00 81 00 00 01 01 04 0E 3F 6D 00 02 00 6D ..............?m...m +void JavaLoader::SendStream(char *buffer, int buffsize) +{ + int size; + int bytesent = 0; + + char rawCommand6[] = { 4, 0, 0x08, 0, 0x68, 0, 0xf8, 0x07 }; + char rawCommand7[2044]; + + + // 4°/ + char rawCommand4[] = { 4, 0, 0x08, 0, 0x67, 0x01, 0x04, 0 }; + *((uint16_t*) rawCommand4) = htobs(m_socket->GetSocket()); + + Data command4(rawCommand4, sizeof(rawCommand4)); + Data response4; + + try { + m_socket->SetSequencePacket(false); + m_socket->Packet(command4, response4); + m_socket->SetSequencePacket(true); + + MAKE_PACKET(rpack, response4); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command4, response4); + throw; + } + + // 5°/ + size = 0xFF & (buffsize >> 24); + size |= 0xFF00 & (buffsize >> 8); + size |= 0xFF0000 & (buffsize << 8); + size |= 0xFF000000 & (buffsize << 24); + + char rawCommand5[] = { 4, 0, 0x08, 0, 0, 0, 0x00, 0x00 }; + *((uint16_t*) rawCommand5) = htobs(m_socket->GetSocket()); + *(((uint32_t*) rawCommand5) + 1) = htobs(size); + + Data command5(rawCommand5, sizeof(rawCommand5)); + Data response5; + + try { + m_socket->Packet(command5, response5); + + MAKE_PACKET(rpack, response5); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command5, response5); + throw; + } + + + // Read the buffer... + while (bytesent < buffsize) { + // Read data buffer + size = 0; + + if (buffsize - bytesent > 0x7f8) + size = 0x7f8; + else + size = buffsize - bytesent; + + memcpy(&rawCommand7[4], buffer, size); + + + // 1st packet + //------------ + // Packet Header + *((uint16_t*) rawCommand6) = htobs(m_socket->GetSocket()); + *(((uint16_t*) rawCommand6) + 3) = htobs(size); + + Data command6(rawCommand6, sizeof(rawCommand6)); + Data response6; + + try { + m_socket->SetSequencePacket(false); + m_socket->Packet(command6, response6); + m_socket->SetSequencePacket(true); + + MAKE_PACKET(rpack, response6); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command6, response6); + throw; + } + + // 2nd packet + //------------ + // Packet data + *((uint16_t*) rawCommand7) = htobs(m_socket->GetSocket()); + *(((uint16_t*) rawCommand7) + 1) = htobs(size + 4); + + Data command7(rawCommand7, size + 4); //sizeof(rawCommand7)); + Data response7; + + try { + m_socket->PacketData(command7, response7); + + MAKE_PACKET(rpack, response7); + } + catch( Usb::Error & ) { + eout("JavaLoader: error getting command table"); + eeout(command7, response7); + throw; + } + + // Next... + bytesent += size; + buffer += size; + } +} + + +// This command is sent to avert that the data stream is finished +void JavaLoader::StopStream(void) +{ + // 7°/ + char rawCommand7[] = { 4, 0, 0x08, 0, 0x8d, 0, 0, 0 }; + *((uint16_t*) rawCommand7) = htobs(m_socket->GetSocket()); + + Data command7(rawCommand7, sizeof(rawCommand7)); + Data response7; + + try { + m_socket->Packet(command7, response7); + + MAKE_PACKET(rpack, response7); + } + catch( Usb::Error & ) { + eout("Desktop: error getting command table"); + eeout(command7, response7); + throw; + } +} + +}} // namespace Barry::Mode + diff --git a/src/m_javaloader.h b/src/m_javaloader.h new file mode 100644 index 00000000..64d274f4 --- /dev/null +++ b/src/m_javaloader.h @@ -0,0 +1,91 @@ +/// +/// \file m_javaloader.h +/// Mode class for the JavaLoader mode +/// + +/* + Copyright (C) 2005-2009, Net Direct Inc. (http://www.netdirect.ca/) + Copyright (C) 2008-2009, Nicolas VIVIEN + + Some parts are inspired from m_desktop.h + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License in the COPYING file at the + root directory of this project for more details. +*/ + +#ifndef __BARRY_M_JAVALOADER_H__ +#define __BARRY_M_JAVALOADER_H__ + +#include "dll.h" +#include "socket.h" +#include "record.h" + +namespace Barry { + +// forward declarations +class Parser; +class Builder; +class Controller; + +namespace Mode { + +// +// Desktop class +// +/// The main interface class to the device databases. +/// +/// To use this class, use the following steps: +/// +/// - Create a Controller object (see Controller class for more details) +/// - Create this Mode::JavaLoader object, passing in the Controller +/// object during construction +/// - Call Open() to open database socket and finish constructing. +/// - Call LoadDatabase() to retrieve and store a database +/// +class BXEXPORT JavaLoader +{ +public: + enum CommandType { Unknown, DatabaseAccess }; + +private: + Controller &m_con; + + SocketHandle m_socket; + + CommandTable m_commandTable; + + uint16_t m_ModeSocket; // socket recommended by device + // when mode was selected + +protected: + +public: + JavaLoader(Controller &con); + ~JavaLoader(); + + ////////////////////////////////// + // primary operations - required before anything else + + void Open(const char *password = 0); + void RetryPassword(const char *password); + + ////////////////////////////////// + // API + void StartStream(); + void SendStream(char *buffer, int size); + void StopStream(void); +}; + +}} // namespace Barry::Mode + +#endif + diff --git a/src/protocol.h b/src/protocol.h index 63189ef5..b3770ffb 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -38,6 +38,13 @@ #define SB_COMMAND_DB_DATA 0x40 #define SB_COMMAND_DB_FRAGMENTED 0x60 #define SB_COMMAND_DB_DONE 0x41 +#define SB_COMMAND_JL_UNKOWN1 0x64 +#define SB_COMMAND_JL_UNKOWN2 0x70 +#define SB_COMMAND_JL_UNKOWN3 0x63 +#define SB_COMMAND_JL_UNKOWN4 0x00 +#define SB_COMMAND_JL_UNKOWN5 0x67 +#define SB_COMMAND_JL_UNKOWN6 0x68 +#define SB_COMMAND_JL_UNKOWN7 0x8d // mode constants diff --git a/src/protostructs.h b/src/protostructs.h index 1f1c70f5..8ae3318d 100644 --- a/src/protostructs.h +++ b/src/protostructs.h @@ -556,12 +556,15 @@ struct Packet #define SB_PACKET_HEADER_SIZE (sizeof(Barry::Protocol::Packet) - sizeof(Barry::Protocol::Packet::PacketData)) // minimum required sizes for various responses -#define MIN_PACKET_SIZE 6 +//#define MIN_PACKET_SIZE 6 +// WARNING : For JavaLoader we have some packet with 5 size ! +#define MIN_PACKET_SIZE 5 +#define MIN_PACKET_DATA_SIZE 4 // maximum sizes -#define MAX_PACKET_SIZE 0x400 // anything beyond this needs to be - // fragmented +#define MAX_PACKET_SIZE 0x400 // anything beyond this needs to be fragmented +#define MAX_PACKET_DATA_SIZE 0x7FF // for data packet (JavaLoader) ///////////////////////////////////////////////////////////////////////////// // diff --git a/src/socket.cc b/src/socket.cc index 18c411a3..b83fe2c3 100644 --- a/src/socket.cc +++ b/src/socket.cc @@ -51,7 +51,8 @@ SocketZero::SocketZero( SocketRoutingQueue &queue, m_sequenceId(0), m_halfOpen(false), m_challengeSeed(0), - m_remainingTries(0) + m_remainingTries(0), + m_sequencePacket(true) { } @@ -66,7 +67,8 @@ SocketZero::SocketZero( Device &dev, m_sequenceId(0), m_halfOpen(false), m_challengeSeed(0), - m_remainingTries(0) + m_remainingTries(0), + m_sequencePacket(true) { } @@ -339,6 +341,12 @@ void SocketZero::RawReceive(Data &receive, int timeout) /// bool SocketZero::SequencePacket(const Data &data) { + // Begin -- Test quiet durty :( + if (m_sequencePacket == false) { + return false; + } + // End -- Test quiet durty :( + if( data.GetSize() >= MIN_PACKET_SIZE ) { if( IS_COMMAND(data, SB_COMMAND_SEQUENCE_HANDSHAKE) ) { CheckSequence(0, data); @@ -676,6 +684,75 @@ void Socket::Receive(Data &receive, int timeout) } } + +// sends the send packet down to the device +// Blocks until response received or timed out in Usb::Device +// This function sends only Data (and not a command) +// 04 00 FC 07 DE CO FF FF 00 00 00 +// ^^^^^............... data +// ^^^^^ size +// ^^^^^ socket +void Socket::PacketData(Data &send, Data &receive, int timeout) +{ + MAKE_PACKET(spack, send); + + if( ( send.GetSize() < MIN_PACKET_DATA_SIZE ) || + ( send.GetSize() > MAX_PACKET_DATA_SIZE ) ) { + // we don't do that around here + throw std::logic_error("Socket: unknown send data in PacketData()"); + } + + Data inFrag; + receive.Zap(); + + // send non-fragmented + Send(send, inFrag, timeout); + + bool done = false; + int blankCount = 0; + while( !done ) { + MAKE_PACKET(rpack, inFrag); + + // check the packet's validity + if( inFrag.GetSize() > 0 ) { + blankCount = 0; + + Protocol::CheckSize(inFrag); + + switch( rpack->command ) + { + case 0x1: // To wait a friendly name :) + case 0x64: // To wait a friendly name :) + case 0x65: // To wait a friendly name :) + done = true; + break; + + default: { + std::ostringstream oss; + oss << "Socket: (b) unhandled packet in PacketData() (read): 0x" << std::hex << (unsigned int)rpack->command; + eout(oss.str()); + throw Error(oss.str()); + } + break; + } + } + else { + blankCount++; + //std::cerr << "Blank! " << blankCount << std::endl; + if( blankCount == 10 ) { + // only ask for more data on stalled sockets + // for so long + throw Error("Socket: 10 blank packets received"); + } + } + + if( !done ) { + // not done yet, ask for another read + Receive(inFrag); + } + } +} + // sends the send packet down to the device, fragmenting if // necessary, and returns the response in receive, defragmenting // if needed @@ -694,13 +771,22 @@ void Socket::Packet(Data &send, Data &receive, int timeout) */ MAKE_PACKET(spack, send); +// Begin -- I comment the code. Indeed, for JavaLoader we have new unknown command... if( send.GetSize() < MIN_PACKET_SIZE || (spack->command != SB_COMMAND_DB_DATA && - spack->command != SB_COMMAND_DB_DONE) ) + spack->command != SB_COMMAND_DB_DONE && + spack->command != SB_COMMAND_JL_UNKOWN1 && + spack->command != SB_COMMAND_JL_UNKOWN2 && + spack->command != SB_COMMAND_JL_UNKOWN3 && + spack->command != SB_COMMAND_JL_UNKOWN4 && + spack->command != SB_COMMAND_JL_UNKOWN5 && + spack->command != SB_COMMAND_JL_UNKOWN6 && + spack->command != SB_COMMAND_JL_UNKOWN7)) { // we don't do that around here throw std::logic_error("Socket: unknown send data in Packet()"); } +// End -- I comment the code. Indeed, for JavaLoader we have new unknown command... Data inFrag; receive.Zap(); @@ -728,13 +814,16 @@ void Socket::Packet(Data &send, Data &receive, int timeout) switch( rpack->command ) { + case 0x1: // To wait a friendly name :) + break; + case SB_COMMAND_SEQUENCE_HANDSHAKE: CheckSequence(inFrag); break; default: { std::ostringstream oss; - oss << "Socket: unhandled packet in Packet() (send): 0x" << std::hex << (unsigned int)rpack->command; + oss << "Socket: (a) unhandled packet in Packet() (send): 0x" << std::hex << (unsigned int)rpack->command; eout(oss.str()); throw Error(oss.str()); } @@ -761,6 +850,8 @@ void Socket::Packet(Data &send, Data &receive, int timeout) { case SB_COMMAND_SEQUENCE_HANDSHAKE: CheckSequence(inFrag); + if (m_zero->GetSequencePacket() == false) + done = true; break; case SB_COMMAND_DB_DATA: @@ -783,9 +874,15 @@ void Socket::Packet(Data &send, Data &receive, int timeout) done = true; break; + case 0x1: // To wait a friendly name :) + case 0x64: // To wait a friendly name :) + case 0x65: // To wait a friendly name :) + done = true; + break; + default: { std::ostringstream oss; - oss << "Socket: unhandled packet in Packet() (read): 0x" << std::hex << (unsigned int)rpack->command; + oss << "Socket: (b) unhandled packet in Packet() (read): 0x" << std::hex << (unsigned int)rpack->command; eout(oss.str()); throw Error(oss.str()); } diff --git a/src/socket.h b/src/socket.h index f7546979..613c801a 100644 --- a/src/socket.h +++ b/src/socket.h @@ -57,6 +57,8 @@ class BXEXPORT SocketZero uint32_t m_challengeSeed; unsigned int m_remainingTries; + bool m_sequencePacket; + private: static void AppendFragment(Data &whole, const Data &fragment); static unsigned int MakeNextFragment(const Data &whole, Data &fragment, @@ -73,6 +75,8 @@ private: protected: bool SequencePacket(const Data &data); + void SetSequencePacket(bool flag) { m_sequencePacket = flag; } + bool GetSequencePacket() { return m_sequencePacket; } public: explicit SocketZero(SocketRoutingQueue &queue, int writeEndpoint, @@ -157,6 +161,10 @@ public: void Packet(Data &send, Data &receive, int timeout = -1); void Packet(Barry::Packet &packet, int timeout = -1); + // Use this function to send data packet instead of Packet function + // Indeed, Packet function is used to send command (and not data) + void PacketData(Data &send, Data &receive, int timeout = -1); + // some handy wrappers for the Packet() interface void NextRecord(Data &receive); @@ -165,6 +173,11 @@ public: // that has a SocketRoutingQueue, otherwise throws logic_error. void RegisterInterest(SocketRoutingQueue::SocketDataHandler handler, void *context); void UnregisterInterest(); + + + // This function is quickly written + // It's very durty :( (but it's usefull to test...) + void SetSequencePacket(bool flag) { m_zero->SetSequencePacket(flag); } }; diff --git a/tools/Makefile.am b/tools/Makefile.am index 77a3de0f..ce2262f9 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -5,7 +5,7 @@ INCLUDES = $(LIBUSB_CFLAGS) #AM_CXXFLAGS = -ansi -Wall -fno-strict-aliasing -g AM_CXXFLAGS = -ansi -Wall -g -bin_PROGRAMS = btool bidentify upldif btranslate bktrans brecsum +bin_PROGRAMS = btool bidentify bjavaloader upldif btranslate bktrans brecsum if WITH_BOOST bin_PROGRAMS += bs11nread endif @@ -41,6 +41,9 @@ endif bidentify_SOURCES = bidentify.cc bidentify_LDADD = ../src/libbarry.la $(LIBUSB_LIBS) -lpthread +bjavaloader_SOURCES = bjavaloader.cc +bjavaloader_LDADD = ../src/libbarry.la $(LIBUSB_LIBS) -lpthread + upldif_SOURCES = upldif.cc upldif_LDADD = ../src/libbarry.la $(LIBUSB_LIBS) -lpthread diff --git a/tools/bjavaloader.cc b/tools/bjavaloader.cc new file mode 100644 index 00000000..bcbf6d04 --- /dev/null +++ b/tools/bjavaloader.cc @@ -0,0 +1,374 @@ +/* + Copyright (C) 2008-2009, Nicolas VIVIEN + + Some parts are inspired from btools.cc + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License in the COPYING file at the + root directory of this project for more details. +*/ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +using namespace std; +using namespace Barry; + +void Usage() +{ + int major, minor; + const char *Version = Barry::Version(major, minor); + + cerr + << "bjavaloader - Command line USB Blackberry Java Loader\n" + << " Copyright 2009-2010, Nicolas VIVIEN.\n" + << " Some parts are inspired from btools.\n" + << " Using: " << Version << "\n" + << " Compiled " +#ifdef __BARRY_BOOST_MODE__ + << "with" +#else + << "without" +#endif + << " Boost support\n" + << "\n" + << " -B bus Specify which USB bus to search on\n" + << " -N dev Specify which system device, using system specific string\n" + << "\n" + << " -e epp Override endpoint pair detection. 'epp' is a single\n" + << " string separated by a comma, holding the read,write\n" + << " endpoint pair. Example: -e 83,5\n" + << " Note: Endpoints are specified in hex.\n" + << " You should never need to use this option.\n" + << " -h This help\n" + << " -l List devices\n" + << " -p pin PIN of device to talk with\n" + << " If only one device is plugged in, this flag is optional\n" + << " -P pass Simplistic method to specify device password\n" + << " -f file Load a new application\n" + << " -v Dump protocol data during operation\n" + << " -X Reset device\n" + << " -z Use non-threaded sockets\n" + << " -Z Use threaded socket router (default)\n" + << "\n" + << endl; +} + + +struct StateTableCommand +{ + char flag; + bool clear; + unsigned int index; + + StateTableCommand(char f, bool c, unsigned int i) + : flag(f), clear(c), index(i) {} +}; + + +bool ParseEpOverride(const char *arg, Usb::EndpointPair *epp) +{ + int read, write; + char comma; + istringstream iss(arg); + iss >> hex >> read >> comma >> write; + if( !iss ) + return false; + epp->read = read; + epp->write = write; + return true; +} + + +int SendAppFile(Barry::Mode::JavaLoader *javaloader, const char *filename) +{ + FILE *fp; + + char *data = NULL; + char buffer[255]; + + codfile_header_t header; + + int n; + int skip; + int filesize; + struct stat sb; + + + // Get file size + if (stat(filename, &sb) == -1) + return 1; + + filesize = sb.st_size; + + + // Open file + fp = fopen(filename, "rb"); + + if (fp == NULL) + return -1; + + // Start + javaloader->StartStream(); + + // Read the file + while (!feof(fp)) { + n = fread(&header, sizeof(codfile_header_t), 1, fp); + + if (n != 1) + continue; + + // Is a COD file packed (a big COD file) ? + if (header.type == 0x4B50) { + skip = header.strsize + header.strfree; + + fread(buffer, sizeof(char), skip, fp); + + if (header.size1 != header.size2) + continue; + + data = (char *) realloc(data, header.size1 * sizeof(char)); + + fread(data, sizeof(char), header.size1, fp); + + javaloader->SendStream(data, (int) header.size1); + } + // Is a simple COD file (a small COD file) ? + else if (header.type == 0xC0DE) { + rewind(fp); + + data = (char *) malloc(filesize * sizeof(char)); + + fread(data, sizeof(char), filesize, fp); + + // Open stream + javaloader->SendStream(data, filesize); + } + } + + // Stop + javaloader->StopStream(); + + fclose(fp); + + return 0; +} + + +int main(int argc, char *argv[]) +{ + cout.sync_with_stdio(true); // leave this on, since libusb uses + // stdio for debug messages + + try { + + uint32_t pin = 0; + bool load = false, + list_only = false, + data_dump = false, + epp_override = false, + threaded_sockets = true; + string password; + string filename; + string busname; + string devname; + string iconvCharset; + vector stCommands; + Usb::EndpointPair epOverride; + + // process command line options + for(;;) { + int cmd = getopt(argc, argv, "B:e:f:hlN:p:P:R:vzZ"); + if( cmd == -1 ) + break; + + switch( cmd ) + { + case 'B': // busname + busname = optarg; + break; + + case 'e': // endpoint override + if( !ParseEpOverride(optarg, &epOverride) ) { + Usage(); + return 1; + } + epp_override = true; + break; + + case 'N': // Devname + devname = optarg; + break; + + case 'p': // Blackberry PIN + pin = strtoul(optarg, NULL, 16); + break; + + case 'P': // Device password + password = optarg; + break; + + case 'f': // Filename + load = true; + filename = optarg; + break; + + case 'l': // list only + list_only = true; + break; + + case 'v': // data dump on + data_dump = true; + break; + + case 'z': // non-threaded sockets + threaded_sockets = false; + break; + + case 'Z': // threaded socket router + threaded_sockets = true; + break; + + case 'h': // help + default: + Usage(); + return 0; + } + } + + // Initialize the barry library. Must be called before + // anything else. + Barry::Init(data_dump); + + // Probe the USB bus for Blackberry devices and display. + // If user has specified a PIN, search for it in the + // available device list here as well + Barry::Probe probe(busname.c_str(), devname.c_str()); + int activeDevice = -1; + + // show any errors during probe first + if( probe.GetFailCount() ) { + cout << "Blackberry device errors with errors during probe:" << endl; + for( int i = 0; i < probe.GetFailCount(); i++ ) { + cout << probe.GetFailMsg(i) << endl; + } + } + + + // show all successfully found devices + cout << "Blackberry devices found:" << endl; + for( int i = 0; i < probe.GetCount(); i++ ) { + if( data_dump ) + probe.Get(i).DumpAll(cout); + else + cout << probe.Get(i); + cout << endl; + if( probe.Get(i).m_pin == pin ) + activeDevice = i; + } + + if( list_only ) + return 0; // done + + if( activeDevice == -1 ) { + if( pin == 0 ) { + // can we default to single device? + if( probe.GetCount() == 1 ) + activeDevice = 0; + else { + cerr << "No device selected" << endl; + return 1; + } + } + else { + cerr << "PIN " << setbase(16) << pin + << " not found" << endl; + return 1; + } + } + + cout << "Using device (PIN): " << setbase(16) + << probe.Get(activeDevice).m_pin << endl; + + // Override device endpoints if user asks + Barry::ProbeResult device = probe.Get(activeDevice); + if( epp_override ) { + device.m_ep.read = epOverride.read; + device.m_ep.write = epOverride.write; + device.m_ep.type = 2; // FIXME - override this too? + cout << "Endpoint pair (read,write) overridden with: " + << hex + << (unsigned int) device.m_ep.read << "," + << (unsigned int) device.m_ep.write << endl; + } + + + // + // Create our controller object + // + // Order is important in the following auto_ptr<> objects, + // since Controller must get destroyed before router. + // Normally you'd pick one method, and not bother + // with auto_ptr<> and so the normal C++ constructor + // rules would guarantee this safety for you, but + // here we want the user to pick. + // + auto_ptr router; + auto_ptr pcon; + if( threaded_sockets ) { + router.reset( new SocketRoutingQueue ); + router->SpinoffSimpleReadThread(); + pcon.reset( new Barry::Controller(device, *router) ); + } + else { + pcon.reset( new Barry::Controller(device) ); + } + + Barry::Controller &con = *pcon; + Barry::Mode::JavaLoader javaloader(con); + + // + // execute each mode that was turned on + // + javaloader.Open(password.c_str()); + + // Send the file + if (load == true) + SendAppFile(&javaloader, filename.c_str()); + } + catch( Usb::Error &ue) { + std::cerr << "Usb::Error caught: " << ue.what() << endl; + return 1; + } + catch( Barry::Error &se ) { + std::cerr << "Barry::Error caught: " << se.what() << endl; + return 1; + } + catch( std::exception &e ) { + std::cerr << "std::exception caught: " << e.what() << endl; + return 1; + } + + return 0; +} + -- 2.11.4.GIT