Skip to main content

Replay captured USB packets from .pcap file.

Project description

# usbrply

Convert a .pcap file (captured USB packets) to Python or C code that replays the captured USB commands.

Supported packet sources are: * Linux Wireshark (via usbmon) * Windows Wireshark (via USBPcap)

Supported output formats are: * libusb Python (primary) * (libusb C: fixme) * (Linux Kernel C: fixme) * JSON

Example applications: * Rapidly reverse engineer and re-implement USB protocols * Record a proprietary Windows programming sequence and replay on an embedded Linux device * Snoop USB-serial packets

Questions? Please reach out on github or join #usbrply on Freenode IRC

# Installation Its currenlty only tested under Ubuntu Linux, but probably works under Windows. If someone sends instructions I’ll add them here

` # Do one of these # Easier to setup, but slower sudo pip install python-pcapng # Much faster, but no longer maintained sudo apt-get install -y python-libpcap git clone https://github.com/JohnDMcMaster/usbrply.git cd usbrply sudo python setup.py install `

# Sample workflows

Sample workflow for capturing Windows traffic and replaying traffic in Python: * Install Wireshark. Make sure you install the USBPcap library * Start Wireshark * Connect USB device to computer * Start catpure * Start your application, do your thing, etc to generate packets * Close application * Stop capture * Save capture. Save in pcap-ng format (either should work) * Close Wireshark * Run: “usbrply –device-hi -p my.pcapng >replay.py” * Linux: run “python replay.py” * Verify expected device behavior. Did an LED blink? Did you get expected data back?

Sample workflow for capturing Windows VM traffic from Linux host and replaying traffic in Python: * Example: program a Xilinx dev board under Linux without knowing anything about the JTAG adapter USB protocol * Linux: Install Wireshark * Linux: Enable usbmon so Wireshark can capture USB (sudo modprobe usbmon, see http://wiki.wireshark.org/CaptureSetup/USB) * Linux: Boot Windows VM (ie through VMWare) * Linux: Start Wireshark. Make sure you have USB permissions (ie you may need to sudo) * Connect USB device to computer * Linux: use lsusb to determine which device bus is on. Try to choose a bus (port) with no other devices * Linux: start catpure on bus from above * Linux: attach USB device to Windows guest * Windows: start your application, do your thing, etc to generate packets * Linux: stop capture * Linux: save capture. Save in pcap-ng format (either should work) * Linux: run: “usbrply –device-hi -p my.pcapng >replay.py” * Linux: detatch USB device from Windows guest * Linux: run “python replay.py” * Verify expected device behavior. Did an LED blink? Did you get expected data back?

You may need to filter out USB devices. There are two ways to do this: * –device-hi: use the last device enumerated. This works well in most cases, including FX2 renumeration * –device DEVICE: manually specify the USB device used. Get this from lsusb output or Wireshark view

Other useful switches: * –rel-pkt: intended to easier allow diffing two outputs. Ex: what changed in trace for LED on vs LED off? * –no-packet-numbers: alternative to above * –fx2: decode common FX2 commands (ex: CPU reset) * –range RANGE: only decode a specific packet range. Use along with Wireshark GUI or refine a previous decode * see –help for more

# JSON output

use -j switch to output a parsing intermediate representation that should resemble original USB requests along with associated metadata. This can be used in more advanced applications, such as if you need to decode a complicated protocol or convert USB output to higher level API calls. An example can be found here: https://github.com/ProgHQ/bpmicro/blob/master/scrape.py This example first aggregates USB packets into application specific packets, and then decodes these into API calls

# USB serial decoder

usbrply-serial supported adapters:
  • FT2232C: data rx/tx

TODO: write doc

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

usbrply-2.0.1.tar.gz (27.4 kB view details)

Uploaded Source

Built Distributions

usbrply-2.0.1-py3.8.egg (68.2 kB view details)

Uploaded Egg

usbrply-2.0.1-py3-none-any.whl (33.6 kB view details)

Uploaded Python 3

File details

Details for the file usbrply-2.0.1.tar.gz.

File metadata

  • Download URL: usbrply-2.0.1.tar.gz
  • Upload date:
  • Size: 27.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.2

File hashes

Hashes for usbrply-2.0.1.tar.gz
Algorithm Hash digest
SHA256 30005c807d7f577d5fc378e0c0944e32b00fffe9a21feaa6055ebb5c6041f479
MD5 5d8d0e113ac0bc7ff7af1fcc28f7028c
BLAKE2b-256 264295ffb99e25a52adc0539e74fd2a1b423e70a3652e7fcfd8610f1f0557d93

See more details on using hashes here.

File details

Details for the file usbrply-2.0.1-py3.8.egg.

File metadata

  • Download URL: usbrply-2.0.1-py3.8.egg
  • Upload date:
  • Size: 68.2 kB
  • Tags: Egg
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.2

File hashes

Hashes for usbrply-2.0.1-py3.8.egg
Algorithm Hash digest
SHA256 5cdbd0a3311ec2ad1bf8982b31df6ce936a9ea0f3a3856feeb52b6d73ed2829a
MD5 3b71f79080b02bf2ab78c54af0e3a028
BLAKE2b-256 a5979d65f48965eab91464606d5f0a5fe8b4c1970329dc90f8b68d0f6fd9e1a4

See more details on using hashes here.

File details

Details for the file usbrply-2.0.1-py3-none-any.whl.

File metadata

  • Download URL: usbrply-2.0.1-py3-none-any.whl
  • Upload date:
  • Size: 33.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.2

File hashes

Hashes for usbrply-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6adedaf6fbbc18bef876512a3e8b881b41fc8b4b3663cfa4ea8acca4f8147cda
MD5 a643f40303d210c0c26a5d7ce54c736a
BLAKE2b-256 27d14f0976398d64fb3c1cc30cf6624ebf70175f9642940277d9387b85727de0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page