Unable to change: SubClass, Firmware Revision and USB Protocol

Hey guys,
As usual tech-hobbyist I love to play with new stuff and features.
At the moment I am trying to fully clone my mouse by using an atmega 32u4 and spoofing VID & PID.

So far, I successfully managed to modify boards.txt and spoof VID/PID.

mymouse.build.mcu=atmega32u4
mymouse.build.f_cpu=16000000L
mymouse.build.vid=0x1111
mymouse.build.pid=0x2222
mymouse.build.usb_product="my mouse"
mymouse.build.board=AVR_LILYPAD_USB
mymouse.build.core=arduino
mymouse.build.variant=arduino
mymouse.extra_flags={build.usb_flags}

However... I still see some values that must be cloned as well:

  • Firmware Revision (original Mouse==1.09 / Cloned==1.00)
  • USB SubClass (original Mouse==00 / Cloned==01)
  • USB Protocol (original Mouse==00 / Cloned==01)

1) Do you have any hint where I can find more info about? :slight_smile:
2) Maybe there are more option available for the boards.txt?
3) Maybe I need to change/recompile the boatloader?

On Github I found this sources. I believe that maybe those values must be changed in here?!

/** Device descriptor structure. This descriptor, located in SRAM memory, describes the overall
 *  device characteristics, including the supported USB version, control endpoint size and the
 *  number of device configurations. The descriptor is read out by the USB host when the enumeration
 *  process begins.
 */
const USB_Descriptor_Device_t DeviceDescriptor =
{
	.Header                 = {.Size = sizeof(USB_Descriptor_Device_t), .Type = DTYPE_Device},

	.USBSpecification       = VERSION_BCD(01.10),
	.Class                  = CDC_CSCP_CDCClass,
	.SubClass               = CDC_CSCP_NoSpecificSubclass,
	.Protocol               = CDC_CSCP_NoSpecificProtocol,

	.Endpoint0Size          = FIXED_CONTROL_ENDPOINT_SIZE,

	.VendorID               = DEVICE_VID,
	.ProductID              = DEVICE_PID,
	.ReleaseNumber          = VERSION_BCD(00.01),

	.ManufacturerStrIndex   = 0x02,
	.ProductStrIndex        = 0x01,
	.SerialNumStrIndex      = NO_DESCRIPTOR,

	.NumberOfConfigurations = FIXED_NUM_CONFIGURATIONS
};

I don't know much about this stuff but I think you're on the wrong track with the bootloader. The bootloader only runs for several seconds after the ATmega32U4 resets. I think you would be better to look at the files USBCore.h and USBCore.cpp in the hardware core you're using for your mouse. They will be found in the cores/arduino folder, relative to the boards.txt file where your mymouse entry is.

What looks promising to me is line 73-74 of USBCore.cpp:

const DeviceDescriptor USB_DeviceDescriptorIAD =
 D_DEVICE(0xEF,0x02,0x01,64,USB_VID,USB_PID,0x100,IMANUFACTURER,IPRODUCT,ISERIAL,1);

That is a bit less cryptic if you look at the definition of the D_DEVICE macro at USBCore.h lines 266-267:

#define D_DEVICE(_class,_subClass,_proto,_packetSize0,_vid,_pid,_version,_im,_ip,_is,_configs) \
 { 18, 1, USB_VERSION, _class,_subClass,_proto,_packetSize0,_vid,_pid,_version,_im,_ip,_is,_configs }

Yeah, from those snippets you pasted, looks quite promising! Thanks for the insights! :slight_smile:

I tried to modify:

  • subClass
  • _proto
  • _version

In order to clone the original values accordingly:

  • Firmware Revision (original Mouse==1.09 / Cloned==1.00)
  • USB SubClass (original Mouse==01 / Cloned==00)
  • USB Protocol (original Mouse==01 / Cloned==00)

Sadly, only _version works.
The other values are not changing...

I will have to dig more into sources I guess.
If someone know why this behaviour or have some precious hints as before... your are more than welcome! :slight_smile:

Well, at least it's a little progress. Which values did you change them to?

Original:

const DeviceDescriptor USB_DeviceDescriptorIAD =
 D_DEVICE(0xEF,0x02,0x01,64,USB_VID,USB_PID,0x100,IMANUFACTURER,IPRODUCT,ISERIAL,1);

Modified:

const DeviceDescriptor USB_DeviceDescriptorIAD =
 D_DEVICE(0xEF,0x01,0x01,64,USB_VID,USB_PID,0x109,IMANUFACTURER,IPRODUCT,ISERIAL,1);

In order to clone the original values accordingly:

Firmware Revision (original Mouse==1.09 / Cloned==1.00)
USB SubClass (original Mouse==01 / Cloned==00)
USB Protocol (original Mouse==01 / Cloned==00)

I need to follow this USB_DeviceDescriptorIAD up into the sources flow to figure out what's wrong...

I think I am getting closer...

This thread confirms my assumptions about Descriptors.c .... Redirecting to Google Groups

According to:

http://www.fourwalledcubicle.com/files/LUFA/Doc/151115/html/group___group___u_s_b_class_c_d_c_common.html

enum  	CDC_Descriptor_ClassSubclassProtocol_t {
  CDC_CSCP_CDCClass = 0x02,
  CDC_CSCP_NoSpecificSubclass = 0x00,
  CDC_CSCP_ACMSubclass = 0x02,
  CDC_CSCP_ATCommandProtocol = 0x01,
  CDC_CSCP_NoSpecificProtocol = 0x00,
  CDC_CSCP_VendorSpecificProtocol = 0xFF,
  CDC_CSCP_CDCDataClass = 0x0A,
  CDC_CSCP_NoDataSubclass = 0x00,
  CDC_CSCP_NoDataProtocol = 0x00
}

Therefore I might need to change the code in Descriptors.c and replace CDC_CSCP_NoSpecificSubclass & CDC_CSCP_NoSpecificProtocol occurences (within Descriptors.c) with CDC_CSCP_ATCommandProtocol (since is the only value == 0x01).

Tried my assumption:
"Therefore I might need to change the code in Descriptors.c and replace CDC_CSCP_NoSpecificSubclass & CDC_CSCP_NoSpecificProtocol occurences (within Descriptors.c) with CDC_CSCP_ATCommandProtocol (since is the only value == 0x01)."

But didn't work.

Looking forward to new ideas.

Are you trying to change the parameters of the bootloader, or of the running application? They are two completely different sets of USB code...

I changed all occurences within all Descriptors.c around Arduino directories.
Just to be sure.
No works.