Monthly Archives: March 2014

USB data Sniffing and recreating similar behaviour

Sniff.. Sniff…

Recently I had to work on a USB camera device for Linux. The vendor has just given the example code for Windows. That example code also uses some pre-compiled library and dll file. So there is no way to know what exactly is happening when the software is run and device is controlled via the software. Basically I have to make filter switcher of the camera work in Linux. For windows vendor has provided with one filter switching application.

Usblyzer ( ) is a great tool for sniffing USB traffic. It gives you almost everything required to re-create the scenario. I used this to see the USB packets and then used libusb for windows to re-create the scenario.

libusb: A Great Open source usb library

Making windows work with libusb:

Download most recent version of libusb. I used :

go to bin folder and run the install-filter exe. Now you need to copy the dll and sys file. I did below for my PC:
x86\libusb0_x86.dll: x86 32-bit library. Must be renamed to libusb0.dll
On 32 bit, Installs to Windows\system32\libusb0.dll.

x86\libusb0.sys: x86 32-bit driver.
Installs to Windows\system32\drivers\libusb0.sys

After above steps you will be able to able to see your device info when you run testlibusb-win.exe from bin folder.

Get to work

Now create an empty Visual studio project.

Add proper libusb.lib in Linker => Input additional dependency. For my PC it was in lib/msvc/libusb.lib.

Include lusb0_usb.h in your main file.

Now you can write code to get device handle and send data. I am pasting my code for reference:

#include <stdio.h>
#include "lusb0_usb.h"
#include <iostream>
#include <windows.h>

using namespace std;

int main(int argc, char** argv)
usb_dev_handle *my_dev_hndl = NULL; /* the device handle */
struct usb_device *my_dev;

struct usb_bus *busses;

void usb_init(void);
usb_find_busses(); /* find all busses */
usb_find_devices(); /* find all connected devices */
busses = usb_get_busses();
struct usb_bus *bus;

/* ... */

for (bus = busses; bus; bus = bus->next)

struct usb_device *dev;

for (dev = bus->devices; dev; dev = dev->next)

/* Check if this device is a printer */
if (dev->descriptor.bDeviceClass == 239) {//you can find this in info of testlibusb
/* Open the device, claim the interface and do your processing */
printf("I am so happy \n");
my_dev = dev;
cout<<"Number of possible configurations: "<descriptor.bnumconfigurations<<" "<<<span="" class="hiddenSpellError" pre="">endl;
cout<<"VendorID: "
cout<<"ProductID: "
my_dev_hndl = usb_open(dev);
/* only one configuration: #1 */
int ret = usb_set_configuration(my_dev_hndl, 1);
if (ret < 0)
printf("usb_set_configuration failed ret code: %d.\n", ret);
printf("%s\n", usb_strerror());

/* configuration #1, interface #0 */
ret = usb_claim_interface(my_dev_hndl, 0);
if (ret < 0)
printf("usb_claim_interface failed ret code: %d\n", ret);
printf("%s\n", usb_strerror());
char bmRequestType= 0x21;

unsigned char bRequest = 0x01;
unsigned short wValue = 0x400;
unsigned short wIndex = 0x400;
unsigned short wLength = 4;
unsigned int timeout = 1000;

char data_rec[2] = { 0x04, 0x00 };//20 32 B0 22
usb_control_msg(my_dev_hndl, 0xA1, 0x85, wValue, wIndex, data_rec, 2, timeout);

char data_init[4] = { 0x00, 0x00, 0x00, 0x00 };//20 32 B0 22
usb_control_msg(my_dev_hndl, bmRequestType, bRequest, wValue, wIndex, data_init,  wLength, timeout);

usb_control_msg(my_dev_hndl, 0xA1, 0x85, wValue, wIndex, data_rec, 2, timeout);

usb_control_msg(my_dev_hndl, 0xA1, 0x85, wValue, wIndex, data_rec, 2, timeout);

char data_init1[4] = { 0x00, 0x00, 0x00, 0xAA };//20 32 B0 22
usb_control_msg(my_dev_hndl, 0xA1, 0x81, wValue, wIndex, data_init1, wLength, timeout);
Sleep( 3 );

if (dev->descriptor.bDeviceClass == 239) {//you can find this in info of testlibusb

What I noticed here is when you are recreating the scenario you have to be careful about timing also otherwise it may result in “Bulk or Interrupt Transfer failure”

To get the info about usb_control_msg parameters you can check USBLYZER output. More info is displayed at bottom in summary and Analysis section.

Offset Field Size Value Description
0 bmRequestType 1 40h
4..0: Recipient ...00000 Device
6..5: Type .10..... Vendor
7: Direction 0....... Host-to-Device
1 bRequest 1 01h
2 wValue 2 0400h
4 wIndex 2 0400h
6 wLength 2 0004h

Now I recreated the same message sequence passing in Linux using libusb. I was able to achieve the same result on Linux without any help from device vendor. ūüôā

In linux I faced the issue where device was always busy error code -6. This can be resolved by

libusb_detach_kernel_driver(h, 0);

h is device handle 0 is interface.

The sequence is same here also first list the device and find your device of interest. After this open your device and get dev handle detach the device to make sure no one else is using it. cal set_configuration and claim_interface. Prepare required data and send.


For debugging in Linux you can use usbmon. It comes with linux so nothing is required. Commands to see usbmon output:

sudo mount -t debugfs none_debugs /sys/kernel/debug

sudo modprobe usbmon

sudo cat /sys/kernel/debug/usb/devices


ls /sys/kernel/debug/usb/usbmon

sudo cat /sys/kernel/debug/usb/usbmon/2u > ~/2u.mon.out

After above command see the output in file 2u.mon.out

2u is my device you can see output of all usb with 0u otherwise you need to search for your device bus with lsusb and sudo cat /sys/kernel/debug/usb/devices commands.

How I write these posts

When I am doing something interesting or new, I usually take notes as I tend to forget¬† things and it is good so that I don’t have to redo same thing again at least not within one-two months time frame and then the blog is also kind of same so that I can remember even more. Writing makes it remain with me even longer and then it gives me this feeling that somehow it is present in my mind ūüôā ..
So I write notes and when I start on a blog I put the notes in Scratch pad of the blog.
I construct user-friendly writeup based on scratch pad notes. Finally when I am bored or things are already forgotten I keep those things in scratch pad as it is. Whatever I write about I delete from scratchpad.

Windows Programming Multi language

Now a days I am doing some windows application development and I am loving it :).

I was not such a big fan of windows ever. I can understand the reasons for most of the issues which make windows not so great. Like they have to support so many verities of hardware so many versions and so many applications and all.

Anyhow I noticed that windows has very user-friendly development environment. There is less open source projects and less help for obvious reasons. This is kind of bottleneck but when I learned about dllimport I was like… ahhh great now I can do whatever I want. Developing GUI and simple stuff in C# and then using dllexport for existing libraries by just writing a wrapper file around the library. From there onward I have used it so much in all kind of development.

To explain usefulness of  dllexport I will use an example where I have to do some Video encoding and streaming. You already have great open source project for that. I want to integrate this with my C# application. For X264 encoding for sending data from network programming in C++. Used libavcodec libavformat to convert between formats muxing video data.

C/C++ Part

I will explain with one simple example how to use dllexport to create cool windows project here.

Let us first take a simple example, say I want to use a C function defined below:

int func(int arg)
  int result = 0;
//some kind of processing
  //may call other defined C functions
  return result;

Say above function call along with all useful stuff is in some file example.c. It may be in multiple files also. We just want to use the func call in C#. We will redefine the function as below:

__declspec(dllexport) int  __cdecl func(int arg)
//same stuff

To be user-friendly we can define two macros as below:

#define DLLEXPORT __declspec(dllexport)
#define CDECL __cdecl

Now our function will look pretty good:

DLLEXPORT int  CDECL func(int arg)
  //same stuff

by //same stuff I mean the function body of func
Now we compile all c code as we were doing earlier but this time we compile it to create a dll library. GCC provides command to do so:
First compile all the files including example.c file and get the object files

gcc -c -o example.o example.c

gcc <strong>-shared</strong> -o library.dll example.o other_files.o other_libraries.a

other_files.o other_libraries.a are optional only required if your C project is big and uses multiple files and libraries. We will see it in next example when using X264 for encoding from C# project.

C# Part

We are almost done Now we just need to write our C# code and wherever in C# we want to use the function(func) from example.c we first declare the function as below:

static extern int func(int arg);

Now we are free to use this function in our C# code just like any other function.
That’s all so simple.
Now let us check one example where we will use libx264.¬†We can do the same for ffmpeg by creating the ffmpeg dll.¬†Sometime when there is problem of passing one struct variable from one C function to another C function. Say you want to use ffmpeg from one side while you also want to use X264. Since in C# we can’t just define these struct we will use IntPtr whenever there is any such requirement. This generally comes very handy in some cases.
I guess I will do another post for this as this post is already long.
Scratch Pad:

gcc -shared -o libmpegts.dll main.o libmpegts.a
gcc -I. -c -o tsmuxer.o tsmuxer.c

gcc -shared -o tsmuxer.dll tsmuxer.o -L. -lavformat -lavcodec -lavutil -lWs2
_32 -liconv


static extern Boolean Beep(UInt32 frequency, UInt32 duration);

[DllImport("libx264", CallingConvention = CallingConvention.Cdecl)]
private static extern IntPtr initializePicOut();

DLLEXPORT x264_picture_t* CDECL initializePicOut()

DLLEXPORT x264_t* CDECL setX264Params(int width, int height, int FPS)
printf("setX264Params width: %d, height: %%d FPS: %d.\n", width, height, FPS);
x264_param_t param;
int res = 0;
res = x264_param_default_preset(¶m, "veryfast", "zerolatency");
if(res != 0) {
printf("error: cannot set the default pre-set on x264.\n");
return -1;
param.i_threads = 1;
param.i_width = width;
param.i_height = height;
param.i_fps_num = FPS;
param.i_fps_den = 1;
// Intra refres:
param.i_keyint_max = FPS;
param.b_intra_refresh = 1;
//Rate control:
param.rc.i_rc_method = X264_RC_CRF;
param.rc.f_rf_constant = FPS-5;
param.rc.f_rf_constant_max = FPS + 5;
//For streaming:
param.b_repeat_headers = 1;
param.b_annexb = 1;
res = x264_param_apply_profile(¶m, "baseline");
if(res != 0) {
printf("error: cannot set the baseline profile on x264.\n");
return -2;

Android JNI

It is not like I hate java so much. I mean who wants to write all those verbose and repetitive stuff  all throw your code that’s all. That been said I always thought JNI as a mystery box and never tried it.

Now that I have tried JNI it seems so handy. Feels like I will transfer all the logic to JNI and just bother about small stuff and GUI for java code. Anyhow in this post I just want to iterate through how easy it is to use JNI. There are so many help page to do so. I just want to write so that I will remember it.
Step 1:

You just need to create a folder name jni in your eclipse(android) project. In this jni folder keep all your c or c++ files. ndk-tool is used to build these files inside jni folder. Just download ndk tool and add the “ndk-build” batch file path in your PATH environment variable so that you can use this command to compile jni folder content anywhere.

Step 2:
In Java program where you want to call the native c code function declare the function definition like this :
public static native return_type func(args);

public static native int add_two_nums(int first_num, int second_num);

To tell java where these functions are defined import the C/C++ library using below statement:
This is how you load the c library:

/** Load jni .so on initialization */
static {
System.loadLibrary("jni_module_library_name"); /* Note the name written here is without .so extension */
Step 3:

Now create the c file with the functions you want to call and other c helper functions: imported functions has special name signature which always starts with JNIEXPORT

JNIEXPORT j_appended_return_type JNICALL Java_package_name_class_name_func(JNIEnv *, jclass, args);
JNIEXPORT j_appended_return_type JNICALL Java_com_example_hello_jni_MainActivity_add_two_nums(JNIEnv *, jclass, jint first, jint second);

com.example.hello_jni is the name of the package dot(.) is replaced by underscore(_). Next name is the class name where you want to call the function from rest is actual function name.
jstring, jint etc are data types.
Above part is little bit complex but this is just needed for one or two function calls where you want the interaction from java to C/C++ rest is complete C/C++ as you like it. You can create server/client with C/C++ netdb socket includes use OpenMX AL to play audio video. include  #include for threads assert.h for assert debugging.
Always remember to include #include <jni.h> for macro definition and jni magic
#include <android/log.h>
#define TAG “MyAppTag”
#define LOGVERBOSE(…) __android_log_print(ANDROID_LOG_VERBOSE, TAG, __VA_ARGS__)
Now you can just add LOGVERBOSE(“Any string message if you need to print integer use %u”, integer);
Step 4:
You will also need to write one make file so that ndk-build can actually go through all the c files and build your project. Java program will be build separately.
create file inside jni folder like this:

LOCAL_PATH := $(call my-dir)

include $(CLEAR_VARS)

LOCAL_MODULE    := jni_module_library_name

LOCAL_SRC_FILES := file_name.c


Other useful flags in make file which you can use:

LOCAL_CFLAGS    := -Werror

LOCAL_LDLIBS    := -llog
Step 5:
Finally you will need to compile jni folder code by command ndk-build from root folder of the project. Don’t compile from inside the jni folder but one directory up. This is because ndk-build read information from AndroidManifest.xml and This will create obj folder with architecture type .o and .so it will also create one libs folder.


What ndk tool does for you? It compiles the architecture dependent C/C++ code for you for the architecture you need it for

You can run any c/c++ program from android shell. You just need to cross compile it with ndk-build and then push the executable in android device using adb push command. By default sdcard is mounted in non-executable format so it is good to push in /data/local and change the permission of the executable to x (execute) then just run.

chmod 755 /data/local/executable_name.out


You can remount sdcard in execute mode using

mount -o remount,rw /mnt/sdcard

To create executable using ndk tool you will need to change the file:


You can also change the LOCAL_MODULE line to the name you want for your executable(executable_name)

Scratch pad:

# for native multimedia
# for logging
# for native windows
LOCAL_LDLIBS += -landroid


Only required directories and files are: jni folder, AndroidManifest.xml, which is created automatically and has android target ndk information
libs and obj will be created
Good JNI tutorial: