Close

Hack Chat Transcript, Part 1

A event log for Hacking USB Hack Chat

Flip three times for best results

lutetiumLutetium 02/26/2020 at 21:060 Comments

OK, let's get started. We're happy to have Kate Temkin here today to talk about USB hacking. Kate gave half of a great talk at Supercon on Everything SDR, so we wanted to ask her to drop by to keep the conversation going, and get more specific about USB

Kate Temkin12:00 PM
Hi, everyone!

Welcome, Kate - can you tell us a little about yourself?

de∫hipu12:01 PM
@Nicolas Tremblay do you have a lathe of turn undead?

Kate Temkin12:01 PM
Sure! I lead the software team -- and create all kinds of digital things -- over at Great Scott Gadgets. I like to work on all kinds of tools and educational materials; the kind of things that let people interact with and understand little pieces of technology.

Jeff Trull joined  the room.12:01 PM

Matti Virkkunen12:01 PM
In that case I've written a USB stack once from scratch (for microcontrollers with USB peripherals) so I guess that's low level

Kate Temkin12:01 PM
I do a fair amount of USB stuff -- I'm actively working on hardware and software for USB analysis/emulation/hacking. I also do a bunch of other things -- of late, I've been doing a lot of work with Lattice FPGAs, since they now have open-source tooling.

ThanhTran joined  the room.12:02 PM

Nicolas Tremblay12:02 PM
@de∫hipu nope, we have a mill to churn out more at a decent pace

kaaliakahn12:02 PM
@Kate Temkin How can a beginner start with USB?

kaaliakahn12:03 PM
@Kate Temkin What should be the steps to learn and code USB?

Mark J Hughes12:03 PM
@Kate Temkin Do you run into any enumeration issues with USB3.0 and Windows 10?

epix joined  the room.12:03 PM

Kate Temkin12:04 PM
A lot of the "getting started" depends on what kind of things you want to do with USB -- there's a pretty wide range of stuff, from "writing USB code for microcontrollers" to "writing host drivers" to "creating the raw hardware/gateware that talks USB".

Eugene joined  the room.12:04 PM

dan joined  the room.12:05 PM

kaaliakahn12:06 PM
@Kate Temkin Aren't these already available? I didn't have to do anything with my ucontroller and my pc (windows and Linux). So where does USB development comes handy. Sorry if these are very basic questions

Paul Stoffregen12:06 PM
@Kate Temkin - Is Rhododendron shipping? Or if not, any idea of when it will become available for sale?

TenoTrash12:06 PM
@Kate Temkin , wich basic tools do you use to code USB for microcontrollers? Wich language, IDE, etc ?

And cheers from Argentina!

alexwhittemore12:06 PM
For my money - WHAT ABOUT HOST DRIVERS!? Like, ok, I've got a gadget, it needs to blast data over usb at 1GB/s. I know USB is a good choice, I know it has to be USB3, I know it can't be usb serial/virtual COM. Where do I start?

kaaliakahn12:07 PM
@alexwhittemore What about 1G or 10G ethernet? Why USB?

Kate Temkin12:07 PM
@Paul Stoffregen I'm actually not sure if Rhododendron is going to be released, or if we're going to go straight to LUNA -- which is kind of my follow-on project to Rhododendron.

alexwhittemore12:08 PM
Ok, hypothetically speaking, call it 1.5GBps. And no 10Gig ethernet because who has that?

Yannick (Gigawipf)12:08 PM
@Kate Temkin did you ever work with ST microcontrollers and usb? If yes what is your opinion about their HAL functions vs low level calls directly? Spent weeks on my current projects getting a composite device to enumerate correctly and it was quite a battle until everything worked... There were many half baked things that caused some confusion.

I feel that it might have been better to learn it from the beginning on with lower level implementations.

Kate Temkin12:08 PM
For reference, Rhododendron is a super-low-cost USB analyzer I've worked with that rides atop the GreatFET platform. LUNA is a standalone USB multitool that I'm designing with similar low-cost goals; and which supports analysis.

de∫hipu12:09 PM
@alexwhittemore I thought pretty much all modern ethernet cards are 10G?

brianredbeard joined  the room.12:09 PM

RichardCollins12:10 PM
@Mark J Hughes I spent the last couple of years looking at global sensor networks and many devices start out as USB.

What is missing for the mostly Internet browser community is a localhost server that can talk to the device and be access through websocket or http requests from browsers (javascript) and remote sites.

Windows can't do it, ChromeOS refuees to, Mac no, Android no, Linux no. Too many dialect and philosophies. So after hammering it to death, I think a compiled application running as service in any of these environments that gives read write to devices is the simplest and fastest way to serve the largest number of people.

Are there specialized requirements yes. But "read a file or directory". "Save sensor data to disk". Send data to that device. Compare these two cameras.

alexwhittemore12:10 PM
@de∫hipu well, for one, it's the USB hack chat - so the hypothetical is contrived for the purpose here :). But also, absolutely not. No way.

Paul Stoffregen12:10 PM
Oh, hadn't heard of LUNA. Clearly I've not kept up. Is any info published about it at this point?

Dee Pond12:10 PM
I'm working on a system on module PCB for integrating a TI Sitara AM4377 onto some EtherCat devices we're developing for work so we can hand-solder the various iterations of prototypes..... The AM4377 is ARM9 based. Does anyone in the group have experience writing the drivers for the ARM9?

de∫hipu12:11 PM
@RichardCollins I thought that browsers have USB support already?

alexwhittemore12:11 PM
@de∫hipu 10gig-e is now attainably-priced, but absolutely not ubiquitous. Think like $150 for a dongle or card.

baldrick (NE2Z)12:11 PM
@Kate Temkin Thank you for all your contributions and inspiration to the community. What USB bus challenges does one have to be cognizant of in design of USB SDR like devices

Kate Temkin12:11 PM
@alexwhittemore If your device is something other than e.g. a flash drive or image capture device, and you're not producing Lots (TM), your choices tend to be pretty limited in terms of "ways to implement SuperSpeed USB without a headache". The common hobbyist ways are to use something like an FX3 (an expensive Cypress USB3 microcontroller) or to use a FIFO chip like a FT601.

RichardCollins12:11 PM
@de∫hipu Individualized and crude and incomplete.

Matti Virkkunen12:12 PM
@de∫hipu If by browsers you mean "just Chrome" (and its children like Edge nowadays) then yes

de∫hipu12:12 PM
@alexwhittemore that sounds like a reasonable price for an industrial use case

Kate Temkin12:12 PM
@Paul Stoffregen LUNA is open-source; and there's _some_ information about it in the repository: https://github.com/greatscottgadgets/luna ; but mostly I've been keeping quiet about it until it's more ready. :)

de∫hipu12:12 PM
@Matti Virkkunen of course I didn't mean lynx

Matti Virkkunen12:12 PM
@de∫hipu Firefox doesn't support WebUSB for one.

de∫hipu12:13 PM
@Matti Virkkunen I'm sure you can write a plugin

morgan joined  the room.12:13 PM

Matti Virkkunen12:13 PM
Of course but that beats the point. Might as well write a standalone service at that point.

Prof. Fartsparkle12:13 PM
webusb is coming to firefox eventually, its just not a finalised standard yet

WRR12:13 PM
How important are the "low-power sleep mode" requirements in practice? It sounds like bus-powered devices are only supposed to draw up to 2.5mA when they aren't being addressed, which seems hard to manage

Kate Temkin12:13 PM
@Paul Stoffregen The short version is: it's an ECP5, FPGA-based toolkit for creating open USB devices in gateware -- which lets you use it as a specialized FaceDancer or analysis board that actually builds the gateware you're interested in on the fly. :)

Matti Virkkunen12:13 PM
WebUSB support in Chrome is spotty at best as well, for instance on Linux it often doesn't have the necessary permissions so it's not exactly "Plug and play"

alexwhittemore12:13 PM
@Kate Temkin Interesting point. I haven't ever tried to implement a custom USB SS controller. Ok, so re-contrive my example to drive better at USB device drivers. I want to implement something faster than virtual COM, perhaps still only HS. Where do I start writing a driver? Or how do I shoehorn a generic get-data-from-A-to-B into an off-the-shelf HID device or something? What even is the menu of options?

de∫hipu12:14 PM
I think they are too busy adding support for oculus rift to care about web standards

Kate Temkin12:14 PM
@alexwhittemore Depends -- do you need to support Windows, specifically?

Matti Virkkunen12:14 PM
For what it's worth you can have USB serial (CDC ACM) over HS USB as well as far as I know. And Windows supports that automatically now.

Paul Stoffregen12:14 PM
sounds very interesting ;)

Kate Temkin12:14 PM
@baldrick (NE2Z) For something like an SDR, usually figuring out how to squeeze throughput from the bus is the hard part.

alexwhittemore12:15 PM
@Kate Temkin Let's say yes, but then, why ask the question? What's the difference?

Matti Virkkunen12:15 PM
However if it's real time data then USB serial isn't the best option. You'll want isochronous transfers.

morgan12:16 PM
I made it! @Kate Temkin I really enjoyed your talk at Teardown last year, excited to hear what you've been up to since

Kate Temkin12:16 PM
@WRR Lots and lots of devices completely violate the low-power mode current-draw specifications. :)

brianredbeard12:16 PM
@Kate Temkin meta question, which it seems you're touching on. Where are things at with the work that GSG has been doing around USB FBGA cores? (i.e.is it still best to get a separate IC for the PHY layer and implement protocol on the FPGA or would you recommend users still, for the time being, going with a fully integrated USB answer and solely focus on interfacing that way)

Kate Temkin12:17 PM
@alexwhittemore You can pretty easily get very high throughput using libusb's asynchronous transfers; but they're more of a pain on Windows than on other platforms. So, the degree of Windows support determines a lot of what's "easiest".

erneut joined  the room.12:17 PM

alexwhittemore12:17 PM
Like, if I'm implementing a generic widget, the one thing I KNOW works is a USB serial adapter, and then I can simply shuffle data over UART. But that's limited in 1) speed (like, ~1mbps, or i guess maybe more if you're using a device with a native USB phy? I'm not sure what the practical limit of a virtual COM port is on an embedded device with native HS PHY), but also "device shows up as a virtual COM port" is not the cleanest from the software side. On both windows and mac, how do you figure out "which serial port"? So like, what are the other options?

alexwhittemore12:18 PM
I guess it sounds like "libusb" is your goto - what does that entail?

Prof. Fartsparkle12:18 PM
same question, writing device drivers for anything but hid is a mystery to me, would love to know a bit of detail what writing a driver with libusb entails, even if its linux only

Kate Temkin12:19 PM
@brianredbeard For low speed or full speed, you can operate completely PHY-less pretty darned well with nearly all FPGAs. For high speed, you're probably best off adding a ULPI PHY, since 480Mbps clock recovery is non-trivial, and they're cheap.

alexwhittemore12:19 PM
@Prof. Fartsparkle writing drivers even for HID is a mystery to me :)

Kate Temkin12:20 PM
@brianredbeard SuperSpeed, on the other hand, has a PCIe-like-fronend enough that it shares a PHY communications standard (PIPE, the PHY interface for PCIe); which means you can actually use FPGAs with built in SerDes modules to talk USB 3.0.

Kate Temkin12:21 PM
Florent / enjoy_digital actually has wrappers that provide a PIPE interface to FPGA SerDes's, so they look like USB3 PHYs. :)

Prof. Fartsparkle12:21 PM
@alexwhittemore I guess driver is the wrong word in this case I guess, lets rather say get data through HID :D

there are some nice examples for TinyUSB Arduino lib if you want to give it a try, I wrote the PC side example for it

Matti Virkkunen12:21 PM
Yes libusb isn't "drivers" in the "kernel driver" sense at least. Entirely in user space. In the end it's not much more complicated than using, say, sockets. Find a device, claim it, transfer some data back and forth.

Prof. Fartsparkle12:21 PM
oh nice so can we expect USB3.0 IP cores for something like the ECP5 at some point?

brianredbeard12:22 PM
@Kate Temkin i'll need to dig into some of those specifics. Thanks for the breadcrumbs on a new trail to explore.

Kate Temkin12:22 PM
@Prof. Fartsparkle There's actually an already existing one; though it's in Verilog -- https://github.com/mossmann/daisho

erneut12:22 PM
@Kate Temkin Have you ever worked with stm32 usb stack or cypress microcontroller?

Prof. Fartsparkle12:22 PM
oha

alexwhittemore12:23 PM
@Kate Temkin "*though* it's in verilog"?

Kate Temkin12:23 PM
If you use that with https://github.com/enjoy-digital/usb3_pipe, you can already talk USB 3 using an ECP5's SerDes. :)

Kate Temkin12:24 PM
@alexwhittemore Contrasted to a new technology like nMigen.

alexwhittemore12:24 PM
Ah

Twisted Pair in my Hair12:24 PM
@Kate Temkin I once designed a 7-port USB 2.0 hub. For every D+/D- I routed differential pairs. Then I was told that I did unnecessary work as the transfer speed is so low. Was it really unnecessary or not?

RichardCollins12:24 PM
I am recommending to write a Service that is just a compiled App in any of these OSs

It simply can speak to any device, or call modules to do so. It replaces the device drivers in all the OSs

Built for speed and interoperability and universal ease of use.

The behavior is controlled by an open community, not any one of the browsers or IDEs or libraries or OSs that have their own agendas, biases and limitations.

Paul Stoffregen12:25 PM
yeah, like Microsoft is ever going to do for anything like that!

kaaliakahn12:25 PM
@RichardCollins I didn't get your idea. Please elaborate

RichardCollins12:25 PM
How much time are you (all USB users) wasted just trying to get things to work in one OS, let alone be able to run in any?

Mark J Hughes12:25 PM
@Twisted Pair in my Hair Don't confuse "transfer" speed with rise/fall times. It's not the speed that causes EMI -- it's short rise/fall times. But in a broad sense, USB-2.0 forgives a lot, and I mean a lot of sins.

Kate Temkin12:26 PM
For USB 2, routing things differentially was definitely the way to go. Even if the mutual inductance wasn't necessary for noise immunity; you'll probably have a lot better a time with EMI with those traces routed properly. :)

alexwhittemore12:26 PM
@Twisted Pair in my Hair I've done mean things routing USB2.0 that still worked, but "completely ignore differential impedance entirely" sounds like garbage advice.

Kate Temkin12:29 PM
@alexwhittemore Re: a bit ago: once you have a USB device capable of doing e.g. bulk transactions, it's actually not that bad to grab chunks of raw data using libusb. If you use their synchronous API, you can e.g. read data a chunk at a time just by calling API functions.

alexwhittemore12:29 PM
Plus, the fact that shooting yourself in the foot is SURVIVABLE isn't good reason to shoot yourself in the foot.

Prof. Fartsparkle12:29 PM
yea especially for high speed usb2.0 saying it doesn't matter at all how you route is definitely wrong

erneut12:29 PM
How about writing usb2.0 stack for spartan6? I think I should start with a book of Jan Axelson. Can you advice some additional materials?

Prof. Fartsparkle12:29 PM
that is a fair amount of data you push there, it will still work but it might be degraded

Matti Virkkunen12:30 PM
Plus routing just one differential pair shouldn't be that hard so "why not"

Matti Virkkunen12:30 PM
...one to each destination anyways

Kate Temkin12:30 PM
@alexwhittemore What gets complicated is when you want to really push your throughput -- because you don't want your software to effectively be reading, doing something with the data, and then reading again; since all that data processing time is time that your device isn't grabbing data.

Michael Mogenson12:30 PM
Has anyone here played around with USB-C Power Delivery? I'm working on a product that is a Power Delivery source, but a USB 2.0 Upwards Facing Port / device. My understanding of the spec is that there's no way for USB 2.0 Downwards Facing Ports / hosts or non-USB / no-data devices to pull 5V. You have to negotiate Power Delivery via the CC pins or nothing at all. It would be ideal if there were a way to fall back as a dumb 5V charger.

Mark J Hughes12:30 PM
@Twisted Pair in my Hair The reason that diff-pair are routed so closely is to keep the fields confined, as much as possible, between the traces. If you have different signal line lengths, or changing impedances, theres a good chance that one signal can propagate in front of another -- and where the lines are no longer truly differential (e.g. opposite polarity), you'll get a ton of EMI noise.

RichardCollins12:31 PM
Hire professional or volunteers to write rock-solid, work anywhere, never break, easy to talk to, service.

I am old enough that I am way older than Microsoft. The earliest operating systems were clean and stable compared to today. The USB community should fund its own service in each of these OSs. PAY someone to do it. Raise money from donors. Ask for support from Open communities.Quit trying to maintain every toolkit in every environment where the OSs and browsers are all change according to their own whims and marketing ideas.

Kate Temkin12:32 PM

Discussions