I am working on a software only USB device for the STM8 as part of my work on HID Multimedia Dial. Windows fails to recognize the device as there are some low level bugs.
I tried a software based USB logger, but the software cannot capture the packet unless it is recognize by the operating system. These software based solutions relies on install additional low level drivers onto the target for capturing packets. What if the target system is a non-PC? What if the packet is malformed and rejected by the PC USB controller? A logic anaylzer is the closest solution right now, but it has limited support for protocols or exports. Traffic analyzer tools exists but are priced outside of hobbyist's budget.
One of the hurdles of open source software based solution under Windows - code signing for low level driver. This is the fate of USBPcap that ran into a BSOD bug and requires code signing certificate for a bug fix.
A transparent hardware device does not relies on additional software installed on the test system nor does it interfere. I am thinking of dumping raw USB packet onto a PC and exporting traffic log to wireshark files for additional analysis.
3D modelling of dongle:
Logging software on Windows: (work in progress)
The problem with USB is that it is a half duplex protocol and there are no receive only USB SIE (serial interface engine) for snooping the traffic. One could probably use a high end microcontroller with both Host and Device ports for transparently passing through packet while snooping. It is also possible to implement a custom SIE using hardware or software. e.g. V-USB is a pure software implementation, but is limited to Low Speed (1.5Mbps).
This project will focus on Low or Full speed USB and use a microcontroller with minimum of additional components. This project relaxes some of the hard real time requirements as it does not interact with the traffic. My initial thought was to take advantage of the SPI for sampling the serial stream and introduce a phase shift to sample the closer to the center of the data window. As I let my mind ponder the question while running some errant, I realized that I could simply sample the signal at 2X the data rate and worry about recovering the data afterwards.
While the datasheet specifies an upper limit of 18Mbps data rate, I have successfully overclock the SPI MOSI of the STM32F030 to 25Mbps in "Low Cost VGA Terminal Module". I hope the same would be true of the MISO input. DMA is require to capture data at 24Mbps (3M bytes/s).
USB waveforms looks something like this:
Source: AN57294 - USB 101: An Introduction to Universal Serial Bus 2.0
The signals for 1.5Mbps/12Mbps are full swing 3.3V logic level, so they can be interfaced to GPIO. A brief Single Ended Zero (SE0) state is used to indicate End Of Packet (EOP).
To detect this using an external interrupt, we would need to add an external logic gate. (I have also considered making a missing pulse detector out of a timer.) The interrupt would then terminate the DMA transfer. We have no way of knowing what packet type and length will be received until the PID field is decoded.
I have decided to use MOSI as the other data pin. It can be used for figuring out the connection speed.
For capturing, we have up to 32 clock cycles during the SYNC. According to ARM, the interrupt latency is 16 cycles which already includes pushing a few registers onto the stack.
This is an optimistic number as:
- The ARM core will be running from FLASH with 1 wait state.
- This latency applies to the core. There are additional cycles for external signals - synchronization crossing clock boundary, delays inside peripherals