【原创】抓取4G、3G的USB上网卡的messagecontent

经过几天的努力,终于成功抓取并且分析出来了我的4G无线上网卡的Messagecontent,很高兴,和大家分享下

为了让3G4G上网卡、终端能够在Ubuntu下使用,互联网上的教程大概都是说要不在制造商网站下载linux下的驱动,要不用usb-modeswitch进行模式切换。可惜的是我用的这一款MF832S没有linux的驱动,于是我只能用usb-modeswitch来进行模式切换了
然而我查了一下由于这个设备比较新,连usb-modeswitch都没有它的资料,没办法,只能自己抓包了。由于网上没有详细的教程,这个过程中遇到了很多的坑,所以把我的经验写下来

我用的是win7x64不支持snifferUSB,我用的是Device Monitoring Studio 7.21,只有15天的试用期,不知道有没有破解版的,反正能用就行
http://blog.chinaunix.net/attachment/201509/1/29764914_1441109436I2pF.jpg

选择Next connected device(就是下一个连接的设备),右键选择start monitoring(抓包)
http://blog.chinaunix.net/attachment/201509/1/29764914_1441109663kL27.jpg
视图选择只要选一个URB视图就可以了,当然你选一个RAW原始数据视图也可以。然后点击开始就会开始监视USB口,只要检测到第一个新连接的设备就会开始抓包
插上4G终端,就会抓到一系列的usb数据
http://blog.chinaunix.net/attachment/201509/1/29764914_1441109970QC6K.jpg
所有的数据如下
点击(此处)折叠或打开

  1. 000000: PnP Event: Device Connected (UP), 01.09.2015 20:17:29.678 (1. Device: Unknown)
  2. The USB device has just been connected to the system.
  3. 000001: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.678 +0.0 (1. Device: Unknown)
  4. Descriptor Type: Device
  5. Descriptor Index: 0x0
  6. Transfer Buffer Size: 0x12 bytes
  7. 000002: Control Transfer (UP), 01.09.2015 20:17:29.679 +0.001. (1. Device: Unknown) Status: 0x00000000
  8. Pipe Handle: Control Pipe
  9. 12 01 00 02 EF 02 01 40 D2 19 98 01 00 01 01 02 ….?.@??……0
  10. 03 02 0
  11. Setup Packet
  12. 80 06 00 01 00 00 12 00 ?…….
  13. Recipient: Device
  14. Request Type: Standard
  15. Direction: Device->Host
  16. Request: 0x6 (GET_DESCRIPTOR)
  17. Value: 0x100
  18. Index: 0x0
  19. Length: 0x12
  20. 000003: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.679 +0.0 (1. Device: Unknown)
  21. Descriptor Type: Configuration
  22. Descriptor Index: 0x0
  23. Transfer Buffer Size: 0x9 bytes
  24. 000004: Control Transfer (UP), 01.09.2015 20:17:29.680 +0.001. (1. Device: Unknown) Status: 0x00000000
  25. Pipe Handle: Control Pipe
  26. 09 02 20 00 01 01 00 A0 FA .. ….狕.
  27. Setup Packet
  28. 80 06 00 02 00 00 09 00 ?…….
  29. Recipient: Device
  30. Request Type: Standard
  31. Direction: Device->Host
  32. Request: 0x6 (GET_DESCRIPTOR)
  33. Value: 0x200
  34. Index: 0x0
  35. Length: 0x9
  36. 000005: Get Descriptor Request (DOWN), 01.09.2015 20:17:29.680 +0.0 (1. Device: Unknown)
  37. Descriptor Type: Configuration
  38. Descriptor Index: 0x0
  39. Transfer Buffer Size: 0x20 bytes
  40. 000006: Control Transfer (UP), 01.09.2015 20:17:29.681 +0.001. (1. Device: Unknown) Status: 0x00000000
  41. Pipe Handle: Control Pipe
  42. 09 02 20 00 01 01 00 A0 FA 09 04 00 00 02 08 06 .. ….狕……..
  43. 50 04 07 05 86 02 00 02 00 07 05 06 02 00 02 00 P…?…R…….
  44. Setup Packet
  45. 80 06 00 02 00 00 20 00 ?….. .
  46. Recipient: Device
  47. Request Type: Standard
  48. Direction: Device->Host
  49. Request: 0x6 (GET_DESCRIPTOR)
  50. Value: 0x200
  51. Index: 0x0
  52. Length: 0x20
  53. 000007: Select Configuration (DOWN), 01.09.2015 20:17:29.681 +0.0 (1. Device: Unknown)
  54. Configuration Index: 1
  55. 000008: Select Configuration (UP), 01.09.2015 20:17:29.708 +0.0. (1. Device: Unknown) Status: 0x00000000
  56. Configuration Index: 1
  57. Configuration Handle: 0x986b370
  58. 000009: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.710 +0.002 (1. Device: Unknown)
  59. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  60. Send 0x1f bytes to the device
  61. 55 53 42 43 00 00 00 00 24 00 00 00 80 00 06 12 USBC….$…?…
  62. 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 …$………..
  63. 000012: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  64. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  65. Get 0x24 bytes from the device
  66. 05 80 00 02 1F 00 00 00 5A 54 45 00 00 00 00 00 .?……ZTE…..
  67. 43 44 52 4F 4D 00 00 00 00 00 00 00 00 00 00 00 CDROM………..
  68. 31 2E 30 00 1.0.
  69. 000014: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  70. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  71. Get 0xd bytes from the device
  72. 55 53 42 53 00 00 00 00 00 00 00 00 00 USBS………
  73. 000015: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.711 +0.0 (1. Device: Unknown)
  74. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  75. Send 0x1f bytes to the device
  76. 55 53 42 43 01 00 00 00 00 00 00 00 00 00 06 00 USBC…………
  77. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………
  78. 000018: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.712 +0.0. (1. Device: Unknown) Status: 0x00000000
  79. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  80. Get 0xd bytes from the device
  81. 55 53 42 53 01 00 00 00 00 00 00 00 01 USBS………
  82. 000019: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.719 +0.007 (1. Device: Unknown)
  83. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  84. Send 0x1f bytes to the device
  85. 55 53 42 43 03 00 00 00 12 00 00 00 80 00 0C 03 USBC……..?…
  86. 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 ……………
  87. 000022: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.723 +0.0. (1. Device: Unknown) Status: 0x00000000
  88. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  89. Get 0x12 bytes from the device
  90. 70 00 06 00 00 00 00 0A 00 00 00 00 28 00 00 00 p………..(…
  91. 00 00 ..
  92. 000024: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.723 +0.0. (1. Device: Unknown) Status: 0x00000000
  93. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  94. Get 0xd bytes from the device
  95. 55 53 42 53 03 00 00 00 00 00 00 00 00 USBS………
  96. 000025: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.724 +0.001 (1. Device: Unknown)
  97. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  98. Send 0x1f bytes to the device
  99. 55 53 42 43 02 00 00 00 00 00 00 00 00 00 06 1B USBC…………
  100. 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ……………
  101. 000028: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.724 +0.0. (1. Device: Unknown) Status: 0x00000000
  102. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  103. Get 0xd bytes from the device
  104. 55 53 42 53 02 00 00 00 00 00 00 00 00 USBS………
  105. 000029: PnP Event: Surprise Removal (UP), 01.09.2015 20:17:29.850 +0.126 (1. Device: Unknown)
  106. The USB device has just been disconnected from the system.
  107. 000030: PnP Event: Device Disconnected (UP), 01.09.2015 20:17:29.856 +0.006 (1. Device: Unknown)
  108. The USB device has just been removed from the system, all drivers unloaded.

我们着重分析55 53 42 43 开头的31字节的数据,我们知道这就是messagecontent的内容(就是以ANSCII码”USBC”开头的数据)。然而问题是怎么这么多的USBC开头的数据,究竟哪个是

点击(此处)折叠或打开

  1. )
  2. Pipe Handle: 0x9cc8f10 (Endpoint Address: 0x6)
  3. Send 0x1f bytes to the device
  4. 55 53 42 43 00 00 00 00 24 00 00 00 80 00 06 12 USBC….$…?…
  5. 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 …$………..
  6. 000012: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  7. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  8. Get 0x24 bytes from the device
  9. 05 80 00 02 1F 00 00 00 5A 54 45 00 00 00 00 00 .?……ZTE…..
  10. 43 44 52 4F 4D 00 00 00 00 00 00 00 00 00 00 00 CDROM………..
  11. 31 2E 30 00 1.0.
  12. 000014: Bulk or Interrupt Transfer (UP), 01.09.2015 20:17:29.711 +0.0. (1. Device: Unknown) Status: 0x00000000
  13. Pipe Handle: 0x9cc8ef0 (Endpoint Address: 0x86)
  14. Get 0xd bytes from the device
  15. 55 53 42 53 00 00 00 00 00 00 00 00 00 USBS………
  16. 000015: Bulk or Interrupt Transfer (DOWN), 01.09.2015 20:17:29.711 +0.0 (1. Device: Unknown)

应该是最后一个USBC才是真正的messagecontent,我猜的。
前几个messagecontent可能是网卡驱动做的几次尝试,因为我们知道一款驱动软件往往支持好几个3G终端的硬件型号,它也不知道插上来的是哪个型号的终端,于是就一个一个试,那么应该就是
55 53 42 43 02 00 00 00 00 00 00 00 00 00 06 1B   USBC…………
00 00 00 02 00 00 00 00 00 00 00 00 00 00 00      ……………
这个就是真的messagecontent了,放到ubuntu下的usb-modeswitch下试了试
把TargetVerderID,TargetProductID和messagecontent加入到/etc/usb-modeswitch.conf下
点击(此处)折叠或打开

  1. sudo usb_modeswitch -W -c /etc/usb_modeswitch.conf -I

就会发现3G终端模式已经成功转化了!

然后自然就是登陆usb-modeswitch的论坛,告诉大家这个喜讯了
原文链接:,转发请注明来源!

小礼物走一走,梦想失落乐园爱你么么哒!

赞赏支持

发表评论