1 / 30

Programmable USB Human Interface Device

Programmable USB Human Interface Device. - Akshit Maurya UIET, Panjab University, Chandigarh. Introduction. A USB Human Interface Device is a computer device that takes input directly from human by establishing its connection to a computer over USB

snana
Download Presentation

Programmable USB Human Interface Device

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Programmable USB Human Interface Device -AkshitMaurya UIET, PanjabUniversity, Chandigarh

  2. Introduction • A USB Human Interface Device is a computer device that takes input directly from human by establishing its connection to a computer over USB • Example USB Keyboard, USB Mouse, USB Joystic/Gamepad. • What if we could program an HID? Let’s say a keyboard

  3. Why would we want it? • Annoy user • Types faster ,without errors • Execute series of stored (chained)commands • Compromise security

  4. How does it works? • Hardware setup • AVR Atmega8 MCU-8bit microcontroller-provides maximum MIPS in 8-bit category(1MIPS/Mhz)-vast peripherals timer/counter, SPI, ADC, UART -cheaper (INR.90-120) • Only Problem:Atmega8 does not has a USB peripheral • One option :To use FT232 USB to UART converter chipDownfall :Costly(INR.600)

  5. V-USB library: Answer to our Problem “V-USB is a software-only implementation of a low-speed USB device for Atmel’s AVR® microcontrollers, making it possible to build USB hardware with almost any additional chip.” All we have do is • Compile Firmware AVR studio4 with appropriate Configuration . • Set appropriate fuse Bits. • Burn the Firmware into MCU Via programmer (ponyprog in my case)and MCU would take care of rest.

  6. Circuit Diagram

  7. Configuring V-USB according to Hardware #define USB_CFG_IOPORTNAME D #define USB_CFG_DMINUS_BIT 3 #define USB_CFG_DPLUS_BIT 2 #define USB_CFG_CLOCK_KHZ 16000 #define USB_CFG_IS_SELF_POWERED 0 #define USB_CFG_MAX_BUS_POWER 50 #define USB_CFG_HAVE_INTRIN_ENDPOINT 1 #define USB_CFG_IMPLEMENT_FN_WRITE 1 #define USB_CFG_VENDOR_ID 0x42, 0x42 #define USB_CFG_DEVICE_ID 0x31, 0xe1 #define USB_CFG_DEVICE_CLASS 0 #define USB_CFG_DEVICE_SUBCLASS 0 #define USB_CFG_INTERFACE_CLASS 0x03 // HID #define USB_CFG_INTERFACE_SUBCLASS 0x01 // Boot #define USB_CFG_INTERFACE_PROTOCOL 0x01//Keyboard #define USB_CFG_HID_REPORT_DESCRIPTOR_LENGTH 63

  8. USB Transaction • A device may send or receive a transaction every USB frame (1 ms) • A transaction may be made up of multiple packets (token, data, handshake) but is limited in size to 8 bytes for low-speed devices

  9. Data in DATA PACKET: REPORT • Report actually reflects input given by user Such as Key stroke, X/Y pointer of Mouse etc.

  10. Implemented Structure Since Input Report’s size is 8-bytes hence structure defined is as follows typedefstruct { uint8_t modifier; //1 byte for bit mapped modifier uint8_t reserved; //1 byte reserved uint8_t keycode[6]; //array of 6 bytes for key codes } keyboard_report_t; • Hence 1+1+6=8 bytes report data is transferred to host • Sent Over Interrupt IN Pipe

  11. Output Report Sent over Control Pipe

  12. PIPES USED • The Control pipe is used for: • Receiving and responding to requests for USB control and class data. • Transmitting data when polled by the HID class driver (using the Get_Report request). • Receiving data from the host. such as Out Report/Feature Report. • The Interrupt pipe are used for: Transmitting low latency data to the device

  13. Main Code working • Build the report with keycode of “r” character and modifier as “Window” to obtain run box. • Wait till an IN Token is encountered • Push current report to Interrupt IN Endpoint Buffer • Make Null Report( all fields zero) • Repeat steps 2 and 3. • Make report with keycode of first character of string • Repeat steps 2 and 3 until last character of string is encountered • Repeats steps 2 and 3 continuously.

  14. Functions Used: • usbFunctionSetup() :gets called every time our device receives an OUT transfer at its endpoint. Thus this function handles USB requests. • usbInit():called to initialize V-USB. • usbDeviceDisconnect() and usbDeviceConnect():these are macros used to Disconnect and Connect USB device. • usbPoll():it polls the USB transfers and calls usbFunctionSetup() automatically if an OUT transfer is received. This function should be called at regular intervals.usbFunctionWrite(uchar *data, ucharlen):If the control transfer contains payload data (other than that sent in wValue and wIndex) sent to the device, that payload data is passed to the function usbFunctionWrite() in chunks of up to 8 bytes. • usbsetInterrupt():This Function is called to pass interrupt and bulk data. Up to 8 bytes may be passed in one call. The driver keeps the data in a buffer until it is requested by the host. • usbInterruptIsReady(uchar *, uchar length):To check if the buffer is available before calling usbSetInterrupt(). • wdt_enable(WDTO_1S) and wdt_reset():to enable and reset watch dog time respectively. Watchdog timer is enabled so that if somehow our code freezes then after 1 second, controller would reset itself. Thus watchdog timer is called at regular intervals • sei():to set global interrupts._delay_ms(uint8_t):to provide a delay. Other than above Functions provided by V-USB library, other functions used are: • buildReport(char):to convert the characters into corresponding characters and build the report. • buildCustomReport(uint8_t,uint8_t):This function builds a report directly from its parameters without conversion of characters into scancodes. • printstring(char *):to output a string. This function uses a simple do while mechanism to extract a character from string and sends it to builReport() function for conversion. after this it sends the report and repeats above procedure again for a NULL report to reflect only one key stroke. The whole procedure is repeated till NULL terminator of string is encountered.

  15. The actual fabricated device • TOP VIEW

  16. The actual fabricated device • BOTTOM VIEW

  17. Estimated Cost

  18. Possible Improvements Addition of • EEPROM to store more commands using SPI interface

  19. Possible Improvements Addition of • DIP switch to select among stored commands

  20. Possible Improvements Addition of • RF reciever module (Suggested by classmate Mr. Navroop Singh Sandhu )

  21. Possible Improvements Addition of • DS1307 RTC for Time specific tasks/attacks

  22. Possible Improvements Addition of • Commands to download and execute vfwgrab.exe for Video camera uplink support Vfwgrab.exe is an application to post jpeg images to a web site via FTP or to any UNC filename from any Video from Windows device you may have installed on your computer.  • Features of vfwgrab • Small compact program(56kb) customized via a simple ini file. • Allows the size, quality, location of the jpeg file to be specified. • Runs in Silent mode continuously

  23. Applications • Business Card-by Frank Zhao (frank-zhao.com)

  24. Applications: Continued • USB password generator-by Frank Zhao (codeandlife.com.com)Runs on ATtiny85

  25. Applications: Continued • Chenillard is a device that you secretly plug into a victim's computer.After that, the LEDs of the keyboard will flash in sequence. http://vusb.wikidot.com/project:chenillard

  26. Other Projects similar to this one PHUKD-by Adrian Crenshaw (ironGeek.com) • Runs on Teensy Board • 1.2 by 0.7 inch • Costs INR 800-1000/- • Atmega32@16Mhz • Uses arduinoBootloader(Extra Flash space required)

  27. Devices currently available in market. • USB Rubber Duck: Cost INR 3000/-

  28. Questions?

  29. Followups • Project URLhttp://code.google.com/p/programmable-usb-hid-dongle • Email Id-gurdeepmaurya@gmail.com

  30. Thank you!!

More Related