Skip to content

Instantly share code, notes, and snippets.

@vitouXY

vitouXY/Configure-Ethernet-RNDIS-PiZero-connection.ps1

Last active May 22, 2023 18:14
Show Gist options
  • Save vitouXY/757270bb51a918969e4e5d1f8d6588af to your computer and use it in GitHub Desktop.
Save vitouXY/757270bb51a918969e4e5d1f8d6588af to your computer and use it in GitHub Desktop.
Download ZIP
Raspberry Pi Zero W - USB Gadget (libcomposite) - TinyCoreLinux (piCore)
Raw
Configure-Ethernet-RNDIS-PiZero-connection.ps1
# copyright Threadsec Inc
# This script auto-configure and ssh auto-connect to RPi ZERO Ethernet gadget VID:0x1d6b PID:0x0137
# This script require admin right to access to adapter conf.
# https://threadsec.wordpress.com/raspberry-pi-zero-usb-composite-gadget/
#
# Edit $user=""
# Windows 10 : As Admin, run:
# powershell -ep bypass -file Configure-Ethernet-RNDIS-PiZero-connection.ps1
#
Clear-Host
$user="<NORMAL USER ACCOUNT>"
$eth_interfaces=Get-NetAdapterAdvancedProperty -Name "Ethernet *" |Select-Object -Property InterfaceAlias,ifDesc -Unique
$n=$($eth_interfaces|Measure-Object).Count
if (( $n -ge 1)){
$i=0
$set=$false
foreach ($if in $eth_interfaces){
if ([string]::Equals($if[$i].ifDesc, "Remote NDIS Compatible Device") -or [string]::Equals($if[$i].ifDesc, "IBM USB Remote NDIS Network Device")){
$set=$true
break
}
$i++
}
if ($set){
$eth_interface=Get-NetIPInterface -InterfaceAlias $eth_interfaces[$i].InterfaceAlias -ConnectionState Connected -AddressFamily IPv4
Write-host "Current config : $($eth_interface.ifAlias)"
Get-NetIPAddress -AddressFamily IPv4 -InterfaceIndex $eth_interface.ifIndex
New-NetIPAddress -InterfaceIndex $eth_interface.ifIndex -AddressFamily IPv4 -IPAddress 10.0.0.2 -PrefixLength 30 -DefaultGateway 10.0.0.1
Write-host "Define IPv4 addr for $($eth_interface.ifAlias)"
Get-NetIPAddress -AddressFamily IPv4 -InterfaceIndex $eth_interface.ifIndex
$creds="${env:COMPUTERNAME}\${user}"
try{ Start-Process ssh -ArgumentList [email protected] -Credential $creds }catch{}
}else{
Write-Warning "Are your sure your gadget is correctly configured or plugged or maybe have you more one gadgets plugged ?"
}
}else{
Write-Warning "Are your sure your gadget is correctly configured or plugged or maybe have you more one gadgets plugged ?"
}
Raw
droidducky.sh
#!/bin/bash
# https://github.com/anbud/DroidDucky
# DroidDucky
# Simple Duckyscript interpreter in Bash. Based on android-keyboard-gadget and hid-gadget-test utility.
#
# Usage: droidducky.sh payload_file.dd
#
# Copyright (C) 2015 - Andrej Budinčević <[email protected]>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# https://github.com/pelya/android-keyboard-gadget/blob/master/hid-gadget-test/jni/hid-gadget-test.c
# Example:
#| REM Loading payload code.
#| GUI r
#| STRING cmd
#| REM Opening command prompt.
#| ENTER
#| DELAY 100
#| REM Sending the message.
#| STRING Hello World! I'm in guys.
defdelay=0
kb="/dev/hidg1 keyboard"
last_cmd=""
last_string=""
line_num=0
function convert()
{
local kbcode=""
if [ "$1" == " " ]
then
kbcode='space'
elif [ "$1" == "!" ]
then
kbcode='left-shift 1'
elif [ "$1" == "." ]
then
kbcode='period'
elif [ "$1" == "\`" ]
then
kbcode='backquote'
elif [ "$1" == "~" ]
then
kbcode='left-shift tilde'
elif [ "$1" == "+" ]
then
kbcode='kp-plus'
elif [ "$1" == "=" ]
then
kbcode='equal'
elif [ "$1" == "_" ]
then
kbcode='left-shift minus'
elif [ "$1" == "-" ]
then
kbcode='minus'
elif [ "$1" == "\"" ]
then
kbcode='left-shift quote'
elif [ "$1" == "'" ]
then
kbcode='quote'
elif [ "$1" == ":" ]
then
kbcode='left-shift semicolon'
elif [ "$1" == ";" ]
then
kbcode='semicolon'
elif [ "$1" == "<" ]
then
kbcode='left-shift comma'
elif [ "$1" == "," ]
then
kbcode='comma'
elif [ "$1" == ">" ]
then
kbcode='left-shift period'
elif [ "$1" == "?" ]
then
kbcode='left-shift slash'
elif [ "$1" == "\\" ]
then
kbcode='backslash'
elif [ "$1" == "|" ]
then
kbcode='left-shift backslash'
elif [ "$1" == "/" ]
then
kbcode='slash'
elif [ "$1" == "{" ]
then
kbcode='left-shift lbracket'
elif [ "$1" == "}" ]
then
kbcode='left-shift rbracket'
elif [ "$1" == "(" ]
then
kbcode='left-shift 9'
elif [ "$1" == ")" ]
then
kbcode='left-shift 0'
elif [ "$1" == "[" ]
then
kbcode='lbracket'
elif [ "$1" == "]" ]
then
kbcode='rbracket'
elif [ "$1" == "#" ]
then
kbcode='left-shift 3'
elif [ "$1" == "@" ]
then
kbcode='left-shift 2'
elif [ "$1" == "$" ]
then
kbcode='left-shift 4'
elif [ "$1" == "%" ]
then
kbcode='left-shift 5'
elif [ "$1" == "^" ]
then
kbcode='left-shift 6'
elif [ "$1" == "&" ]
then
kbcode='left-shift 7'
elif [ "$1" == "*" ]
then
kbcode='kp-multiply'
else
case $1 in
[[:upper:]])
tmp=$1
kbcode="left-shift ${tmp,,}"
;;
*)
kbcode="$1"
;;
esac
fi
echo "$kbcode"
}
while IFS='' read -r line || [[ -n "$line" ]]; do
((line_num++))
read -r cmd info <<< "$line"
if [ "$cmd" == "STRING" ]
then
last_string="$info"
last_cmd="$cmd"
for (( i=0; i<${#info}; i++ )); do
kbcode=$(convert "${info:$i:1}")
if [ "$kbcode" != "" ]
then
echo "$kbcode" | ./hid-gadget-test $kb > /dev/null
fi
done
elif [ "$cmd" == "ENTER" ]
then
last_cmd="enter"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "DELAY" ]
then
last_cmd="UNS"
((info = info*1000))
usleep $info
elif [ "$cmd" == "WINDOWS" -o "$cmd" == "GUI" ]
then
last_cmd="left-meta ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "MENU" -o "$cmd" == "APP" ]
then
last_cmd="menu"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "DOWNARROW" -o "$cmd" == "DOWN" ]
then
last_cmd="down"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "LEFTARROW" -o "$cmd" == "LEFT" ]
then
last_cmd="left"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "RIGHTARROW" -o "$cmd" == "RIGHT" ]
then
last_cmd="right"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "UPARROW" -o "$cmd" == "UP" ]
then
last_cmd="up"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "DEFAULT_DELAY" -o "$cmd" == "DEFAULTDELAY" ]
then
last_cmd="UNS"
((defdelay = info*1000))
elif [ "$cmd" == "BREAK" -o "$cmd" == "PAUSE" ]
then
last_cmd="pause"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "ESC" -o "$cmd" == "ESCAPE" ]
then
last_cmd="escape"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "PRINTSCREEN" ]
then
last_cmd="print"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "CAPSLOCK" -o "$cmd" == "DELETE" -o "$cmd" == "END" -o "$cmd" == "HOME" -o "$cmd" == "INSERT" -o "$cmd" == "NUMLOCK" -o "$cmd" == "PAGEUP" -o "$cmd" == "PAGEDOWN" -o "$cmd" == "SCROLLLOCK" -o "$cmd" == "SPACE" -o "$cmd" == "TAB" \
-o "$cmd" == "F1" -o "$cmd" == "F2" -o "$cmd" == "F3" -o "$cmd" == "F4" -o "$cmd" == "F5" -o "$cmd" == "F6" -o "$cmd" == "F7" -o "$cmd" == "F8" -o "$cmd" == "F9" -o "$cmd" == "F10" -o "$cmd" == "F11" -o "$cmd" == "F12" ]
then
last_cmd="${cmd,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "REM" ]
then
echo "$info"
elif [ "$cmd" == "SHIFT" ]
then
if [ "$info" == "DELETE" -o "$info" == "END" -o "$info" == "HOME" -o "$info" == "INSERT" -o "$info" == "PAGEUP" -o "$info" == "PAGEDOWN" -o "$info" == "SPACE" -o "$info" == "TAB" ]
then
last_cmd="left-shift ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == *"WINDOWS"* -o "$info" == *"GUI"* ]
then
read -r gui char <<< "$info"
last_cmd="left-shift left-meta ${char,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "DOWNARROW" -o "$info" == "DOWN" ]
then
last_cmd="left-shift down"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "LEFTARROW" -o "$info" == "LEFT" ]
then
last_cmd="left-shift left"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "RIGHTARROW" -o "$info" == "RIGHT" ]
then
last_cmd="left-shift right"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "UPARROW" -o "$info" == "UP" ]
then
last_cmd="left-shift up"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
else
echo "($line_num) Parse error: Disallowed $cmd $info"
fi
elif [ "$cmd" == "CONTROL" -o "$cmd" == "CTRL" ]
then
if [ "$info" == "BREAK" -o "$info" == "PAUSE" ]
then
last_cmd="left-ctrl pause"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "F1" -o "$info" == "F2" -o "$info" == "F3" -o "$info" == "F4" -o "$info" == "F5" -o "$info" == "F6" -o "$info" == "F7" -o "$info" == "F8" -o "$info" == "F9" -o "$info" == "F10" -o "$info" == "F11" -o "$info" == "F12" ]
then
last_cmd="left-ctrl ${cmd,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "ESC" -o "$info" == "ESCAPE" ]
then
last_cmd="left-ctrl escape"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "" ]
then
last_cmd="left-ctrl"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
else
last_cmd="left-ctrl ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
fi
elif [ "$cmd" == "ALT" ]
then
if [ "$info" == "END" -o "$info" == "SPACE" -o "$info" == "TAB" \
-o "$info" == "F1" -o "$info" == "F2" -o "$info" == "F3" -o "$info" == "F4" -o "$info" == "F5" -o "$info" == "F6" -o "$info" == "F7" -o "$info" == "F8" -o "$info" == "F9" -o "$info" == "F10" -o "$info" == "F11" -o "$info" == "F12" ]
then
last_cmd="left-alt ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "ESC" -o "$info" == "ESCAPE" ]
then
last_cmd="left-alt escape"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "" ]
then
last_cmd="left-alt"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
else
last_cmd="left-alt ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
fi
elif [ "$cmd" == "ALT-SHIFT" ]
then
last_cmd="left-shift left-alt"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$cmd" == "CTRL-ALT" ]
then
if [ "$info" == "BREAK" -o "$info" == "PAUSE" ]
then
last_cmd="left-ctrl left-alt pause"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "END" -o "$info" == "SPACE" -o "$info" == "TAB" -o "$info" == "DELETE" -o "$info" == "F1" -o "$info" == "F2" -o "$info" == "F3" -o "$info" == "F4" -o "$info" == "F5" -o "$info" == "F6" -o "$info" == "F7" -o "$info" == "F8" -o "$info" == "F9" -o "$info" == "F10" -o "$info" == "F11" -o "$info" == "F12" ]
then
last_cmd="left-ctrl left-alt ${cmd,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "ESC" -o "$info" == "ESCAPE" ]
then
last_cmd="left-ctrl left-alt escape"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "" ]
then
last_cmd="left-ctrl left-alt"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
else
last_cmd="left-ctrl left-alt ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
fi
elif [ "$cmd" == "CTRL-SHIFT" ]
then
if [ "$info" == "BREAK" -o "$info" == "PAUSE" ]
then
last_cmd="left-ctrl left-shift pause"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "END" -o "$info" == "SPACE" -o "$info" == "TAB" -o "$info" == "DELETE" -o "$info" == "F1" -o "$info" == "F2" -o "$info" == "F3" -o "$info" == "F4" -o "$info" == "F5" -o "$info" == "F6" -o "$info" == "F7" -o "$info" == "F8" -o "$info" == "F9" -o "$info" == "F10" -o "$info" == "F11" -o "$info" == "F12" ]
then
last_cmd="left-ctrl left-shift ${cmd,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "ESC" -o "$info" == "ESCAPE" ]
then
last_cmd="left-ctrl left-shift escape"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
elif [ "$info" == "" ]
then
last_cmd="left-ctrl left-shift"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
else
last_cmd="left-ctrl left-shift ${info,,}"
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
fi
elif [ "$cmd" == "REPEAT" ]
then
if [ "$last_cmd" == "UNS" -o "$last_cmd" == "" ]
then
echo "($line_num) Parse error: Using REPEAT with DELAY, DEFAULTDELAY or BLANK is not allowed."
else
for (( i=0; i<$info; i++ )); do
if [ "$last_cmd" == "STRING" ]
then
for (( j=0; j<${#last_string}; j++ )); do
kbcode=$(convert "${last_string:$j:1}")
if [ "$kbcode" != "" ]
then
echo "$kbcode" | ./hid-gadget-test $kb > /dev/null
fi
done
else
echo "$last_cmd" | ./hid-gadget-test $kb > /dev/null
fi
usleep $defdelay
done
fi
elif [ "$cmd" != "" ]
then
echo "($line_num) Parse error: Unexpected $cmd."
fi
usleep $defdelay
done < "$1"
Raw
g_multi.sh
#!/bin/sh
[ $(id -u) = 0 ] || { echo "must be root" ; exit 1; }
set -o errexit
set -o nounset
set -o pipefail
set -o xtrace
# Linux USB gadget configured through configfs
# https://www.kernel.org/doc/Documentation/ABI/testing/configfs-usb-gadget
# https://www.kernel.org/doc/Documentation/usb/gadget_configfs.txt
# https://www.kernel.org/doc/Documentation/usb/gadget_hid.txt //#include <sys/select.h>
### TinyCoreLinux - 11.0 4.19.81-piCore - RPi0W (armv6l)
# tce-load -wil tar wget squashfs-tools
# cd /tmp
# wget http://repo.tinycorelinux.net/11.x/armv6/releases/RPi/src/kernel/modules.tar.gz
# mkdir -p /tmp/gUSB/usr
# cd /tmp/gUSB/usr
# tar tf /tmp/modules.tar.gz | grep -E "dwc2|gadget" | grep -v "/$"> /tmp/gadget.txt
# tar xf /tmp/modules.tar.gz --files-from=/tmp/gadget.txt
# mv modules local
# ls -d /tmp/gUSB/usr/local/lib/modules/4.19.81-piCore/kernel/drivers/usb/gadget/
# cd /tmp
# mksquashfs /tmp/gUSB/ usb-gadget-4.19.81-piCore.tcz
# md5sum usb-gadget-4.19.81-piCore.tcz > usb-gadget-4.19.81-piCore.tcz.md5.txt
# mv usb-gadget-4.19.81-piCore.tc* /mnt/mmcblk0p2/tce/optional/
# echo 'usb-gadget-4.19.81-piCore' >> /mnt/mmcblk0p2/tce/onboot.lst
#
# sudo -s
# mount /dev/mmcblk0p1 /mnt/mmcblk0p1
# echo -e "\n[PI0]\ndtoverlay=dwc2\n" >> /mnt/mmcblk0p1/config.txt
# sed -i 's/rootwait/rootwait modules-load=dwc2/g' /mnt/mmcblk0p1/cmdline.txt
# #sed -i 's/rootwait/rootwait modules-load=dwc2,libcomposite/g' /mnt/mmcblk0p1/cmdline.txt
#
# cp THIS_SCRIPT /opt/
# echo 'opt/THIS_SCRIPT' >> /opt/.filetool.lst
# echo -e "\n# USB HID Keyboard" >> /opt/bootlocal.sh
# echo -e "/bin/sh /opt/THIS_SCRIPT\n\n" >> /opt/bootlocal.sh
# exit
# filetool -b
# exitcheck.sh reboot
GADGETDIR=rpi0w_hid
CFGNUMB=1
## comment this
#[ "$(find /sys/kernel/config -type d -name "${GADGETDIR:?}" 2>&-)z" != "z" ] && \
#exit 1
#/sbin/dtoverlay dwc2
#/sbin/depmod -a
/sbin/modprobe dwc2 || exit 1
#/sbin/modprobe -r g_ether
sleep 1s
#ls /sys/module/usb_storage/parameters/
/sbin/modprobe libcomposite || exit 1
mountpoint /sys/kernel/config || mount -t configfs none /sys/kernel/config
sleep 2s
cd /sys/kernel/config/usb_gadget/ || exit 1
##### *** Create gadget ***
mkdir -p ${GADGETDIR:?}
cd ${GADGETDIR:?}
PREPARE(){
## Add basic information
#echo 0x1d6b > idVendor # Linux Foundation
#echo 0x0104 > idProduct # Multifunction Composite Gadget
## usbmdis6 (IBM USB Remote NDIS Network Device) - RNDIS :Ok
## kbdhid (-) - Keyboard :Fail
#echo 0x04b3 > idVendor
#echo 0x4010 > idProduct
## ?
#echo 0x1d6c > idVendor
#echo 0x1347 > idProduct
## usbmdis6 (Remote NDIS Compatible Device) - RNDIS :Ok
## kbdhid (Peripherique clavier PIH) - Keyboard :Ok
echo 0x1d6b > idVendor
echo 0x0137 > idProduct
#echo 0x0100 > bcdDevice # v1.0.0
VER="0000$(uname -r | grep -oE "^([0-9])+(|\.([0-9])(|[0-9]))")"
VER=${VER/./};VER=${VER:(-4)}
echo 0x${VER:?} > bcdDevice
echo 0x0200 > bcdUSB # USB2
#echo 0x00 > bDeviceClass
#echo 0x02 > bDeviceClass
echo 0xEF > bDeviceClass
echo 0x01 > bDeviceProtocol
echo 0x02 > bDeviceSubClass
echo 0x08 > bMaxPacketSize0
## Create English (US) locale (LCID:https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/)
mkdir -p strings/0x409
echo "$(uname -r)" > strings/0x409/manufacturer
echo "$(hostname -s)" > strings/0x409/product
echo "fedcba9876543210" > strings/0x409/serialnumber
## Create configuration
mkdir -p configs/c.${CFGNUMB:?}
mkdir -p configs/c.${CFGNUMB:?}/strings/0x409
## should be 0x03 for USB_OTG_SRP | USB_OTG_HNP
#echo 0xC0 > configs/c.1/bmAttributes # self powered device
echo 0x80 > configs/c.${CFGNUMB:?}/bmAttributes # Only bus powered
echo 120 > configs/c.${CFGNUMB:?}/MaxPower # XmA # 100 ~ 200 ~ 250 mA || # (X*2)/1000 = YmA ??
echo "HIDConfigs ${CFGNUMB:?}: ALL" > configs/c.${CFGNUMB:?}/strings/0x409/configuration
}
##### *** Create HID function ***
## ************************** Add functions here
## ACM Serial Interface - Provides a serial port over USB
# u_serial usb_f_serial usb_f_acm
G_SERIAL(){ #2
INSTANCE=GS0
mkdir -p functions/acm.${INSTANCE:?}
## Link function to configuration
ln -s functions/acm.${INSTANCE:?} configs/c.${CFGNUMB:?}/
}
## RNDIS - Ethernet over USB for Windows (and some Linux kernels)
# u_ether usb_f_rndis
G_RDNIS(){ #2 # CFGNUMB=1
INSTANCE=usb0
mkdir -p functions/rndis.${INSTANCE:?}
## first byte of address must be even
#HOST="$( sed "s/^.*macaddr=\([0-9A-F:]*\) .*$/\1/" /proc/cmdline )"
#SELF=$(echo $host_addr | sed s/^B8/00/)
HOST="48:6f:73:74:50:43" # "HostPC"
SELF="42:61:64:55:53:42" # "BadUSB"
echo ${HOST:?} > functions/rndis.${INSTANCE:?}/host_addr
echo ${SELF:?} > functions/rndis.${INSTANCE:?}/dev_addr
## Link function to configuration
ln -s functions/rndis.${INSTANCE:?} configs/c.${CFGNUMB:?}/
#
# OS Descriptor for Windows
mkdir -p os_desc
echo 1 > os_desc/use
echo 0xbc > os_desc/b_vendor_code
#echo 0xcd > os_desc/b_vendor_code
echo MSFT100 > os_desc/qw_sign
#
mkdir -p functions/rndis.${INSTANCE:?}/os_desc/interface.rndis
echo RNDIS > functions/rndis.${INSTANCE:?}/os_desc/interface.rndis/compatible_id
echo 5162001 > functions/rndis.${INSTANCE:?}/os_desc/interface.rndis/sub_compatible_id
# Add config ${CFGNUMB:?} to OS descriptors
ln -s configs/c.${CFGNUMB:?}/ os_desc
}
## CDC ECM - Ethernet over USB for Linux, Unix and OSX
G_ETHER(){ #
INSTANCE=usb1
mkdir -p functions/ecm.${INSTANCE:?}
## first byte of address must be even
#HOST="$( sed "s/^.*macaddr=\([0-9A-F:]*\) .*$/\1/" /proc/cmdline )"
#SELF=$(echo $host_addr | sed s/^B8/00/)
HOST="48:6f:73:74:50:43" # "HostPC"
SELF="42:61:64:55:53:42" # "BadUSB"
echo ${HOST:?} > functions/ecm.${INSTANCE:?}/host_addr
echo ${SELF:?} > functions/ecm.${INSTANCE:?}/dev_addr
## Link function to configuration
ln -s functions/ecm.${INSTANCE:?} configs/c.${CFGNUMB:?}/
}
## Mass Storage (UMS) - Emulates USB flash drive or CD-ROM
# usb_f_mass_storage
G_MASS_STORAGE(){ #2
INSTANCE=ms0
FILE=/home/tc/usbdisk.img
## dd if=/dev/zero of=${FILE:?} bs=1M count=8 ; mkdosfs ${FILE:?}
## dd if=/dev/zero of=${FILE:?} bs=1 count=0 seek=8M ; mkdosfs ${FILE:?} -n RPi0W
#[ -f "${FILE:?}" ] || exit 1
mkdir -p ${FILE/img/d}
mount -o loop,ro -t vfat ${FILE:?} ${FILE/img/d}
mkdir -p functions/mass_storage.${INSTANCE:?}
echo 1 > functions/mass_storage.${INSTANCE:?}/stall # allow bulk EPs
echo 0 > functions/mass_storage.${INSTANCE:?}/lun.0/cdrom # don't emulate CD-ROm
echo 0 > functions/mass_storage.${INSTANCE:?}/lun.0/ro # write acces
echo 0 > functions/mass_storage.${INSTANCE:?}/lun.0/nofua # enable Force Unit Access (FUA) to make Windows write synchronously
#echo 1 > functions/mass_storage.${INSTANCE:?}/lun.0/removable
## Note, the next line is important. Host OS will tokenize it as:
## vendor(len 8) + model(len 16) + rev(len 4)
## Example here: vendor = ABCDEFGH model = 123456789ABCDEFG rev = WXYZ
#echo 'ABCDEFGH123456789ABCDEFGWXYZ' > functions/mass_storage.${INSTANCE:?}/lun.0/inquiry_string
cat ${FILE:?} > functions/mass_storage.${INSTANCE:?}/lun.0/file
## Link function to configuration
ln -s functions/mass_storage.${INSTANCE:?} configs/c.${CFGNUMB:?}/
}
## Keyboard - HID Keyboard functionality (needed for HID Script)
G_KEYBOARD(){ #1
INSTANCE=keyboard
mkdir -p functions/hid.${INSTANCE:?}
echo 1 > functions/hid.${INSTANCE:?}/protocol
echo 1 > functions/hid.${INSTANCE:?}/subclass
echo 8 > functions/hid.${INSTANCE:?}/report_length
echo "05010906a101050719e029e71500250175019508810295017508810395057501050819012905910295017503910395067508150025650507190029658100c0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
## Link function to configuration
ln -s functions/hid.${INSTANCE:?} configs/c.${CFGNUMB:?}/
## Get dev name (/dev/hidgX)
#udevadm info --query name --path=/sys/dev/char/$(/sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)
#grep 'DEVNAME' /sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)/uevent
}
## Custom HID device - Raw HID device function, used for covert channel
G_KEYBOARD_RAW(){ #1
INSTANCE=raw
mkdir -p functions/hid.${INSTANCE:?}
echo 1 > functions/hid.${INSTANCE:?}/protocol
echo 1 > functions/hid.${INSTANCE:?}/subclass
echo 64 > functions/hid.${INSTANCE:?}/report_length
echo "0600ff0901a1010901150026ff007508954081020902150026ff00750895409102c0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
## Link function to configuration
ln -s functions/hid.${INSTANCE:?} configs/c.${CFGNUMB:?}/
## Get dev name (hidgX)
#udevadm info --query name --path=/sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)
}
## Joystick - HID device
G_JOYSTICK(){
INSTANCE=joystick
mkdir -p functions/hid.${INSTANCE:?}
echo 0 > functions/hid.${INSTANCE:?}/protocol
echo 0 > functions/hid.${INSTANCE:?}/subclass
echo 3 > functions/hid.${INSTANCE:?}/report_length
# Write report descriptor ( X and Y analog joysticks plus 8 buttons )
# Write report descriptor ( X and Y analog joysticks plus 8 buttons for XAC) XACGamepad
echo "05010904A1011581257F0901A10009300931750895028102C005091901290815002501750195088102C0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
#echo 4 > functions/hid.${INSTANCE}/report_length
# Write report descriptor ( X and Y analog joysticks plus 16 buttons )
#echo "05010904A1011581257F0901A10009300931750895028102C0A10005091901291015002501750195108102C0C0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
# Write report descriptor ( X and Y analog joysticks plus 32 buttons )
#echo "05010904A1011581257F0901A10009300931750895028102C0A10005091901292015002501750195208102C0C0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
#echo 8 > functions/hid.${INSTANCE:?}/report_length
# Write report descriptor ( 2 analog sticks, 1 dpad, 14 buttons ) NSGamepad
#echo "05010905a10115002501350045017501950e05091901290e81029502810105012507463b017504950165140939814265009501810126ff0046ff000930093109320935750895048102750895018101c0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
## Link function to configuration
ln -s functions/hid.${INSTANCE:?} configs/c.${CFGNUMB:?}/
## Get dev name (hidgX)
#udevadm info --query name --path=/sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)
#grep 'DEVNAME' /sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)/uevent
}
## Mouse - HID Mouse functionality (needed for HID Script)
G_MOUSE(){ #1
INSTANCE=mouse
mkdir -p functions/hid.${INSTANCE:?}
echo 2 > functions/hid.${INSTANCE:?}/protocol
echo 1 > functions/hid.${INSTANCE:?}/subclass
echo 6 > functions/hid.${INSTANCE:?}/report_length
echo "05010902a1010901a1008501050919012903150025019503750181029501750581030501093009311581257f750895028106950275088101c0c005010902a1010901a100850205091901290315002501950375018102950175058101050109300931150026ff7f950275108102c0c0" | xxd -r -ps > functions/hid.${INSTANCE:?}/report_desc
## Link function to configuration
ln -s functions/hid.${INSTANCE:?} configs/c.${CFGNUMB:?}/
## Get dev name (hidgX)
#udevadm info --query name --path=/sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)
#grep 'DEVNAME' /sys/dev/char/$(cat /sys/kernel/config/usb_gadget/${GADGETDIR:?}/functions/hid.${INSTANCE:?}/dev)/uevent
}
## ************************** End functions
ENABLE(){
sync
sleep 2s
udevadm settle -t 20 || :
##### *** Enable gadget ***
# UDC (USB Device Controller)
#ls /sys/class/udc > UDC
ls /sys/class/udc | cut -f1 | head -n1 > UDC
}
DISABLE(){
##### *** Disabling gadget ***
echo "" > UDC
}
REMOVE(){
##### *** Removing gadget ***
find configs -type l -exec rm -v {} \;
#rmdir configs/c.${CFGNUMB:?}/strings/0x409
find configs -name 'strings' -exec rmdir -v {}/0x409 \;
#rmdir configs/c.${CFGNUMB:?}
ls -d configs/* | xargs rmdir -v
#rmdir strings/0x409
ls -d strings/* | xargs rmdir -v
#rmdir functions/hid.*
ls -d functions/* | xargs rmdir -v
cd ..
rmdir -v ${GADGETDIR:?}
#/sbin/modprobe -r libcomposite
}
#***************\
PREPARE
#G_SERIAL
#G_RDNIS
#G_ETHER
#G_MASS_STORAGE
#G_KEYBOARD
#G_KEYBOARD_RAW # ?
#G_JOYSTICK # Failed!!CausesReboot?
#G_MOUSE
ENABLE
#DISABLE #&& REMOVE
pwd
#**************/
lsmod
#grep -q "DCFG=0x00000000" /sys/kernel/debug/20980000.usb/state && echo "USB OTG Mode"
#lsusb
exit 0
exit
## EXTRA
## ++ ACM
## /sbin/agetty --keep-baud 115200 38400 9600 ttyGS0 vt102
## /sbin/agetty -w --noclear ttyGS0 vt102
#/sbin/getty -n -l /bin/sh ttyGS0 9600 linux
##! GPIO: v Gnd Rx Tx
##@% screen /dev/ttyACM0 115200
## ++ CDC ECM
##find /sys/class/net/usb1/carrier
#ip addr add 10.0.0.1/30 broadcast 10.0.0.3 dev ${INSTANCE:?}
#ip link set dev ${INSTANCE:?} up
#ip route add default via 10.0.0.2 dev ${INSTANCE:?} # RNDIS interface is priority
##@% ifconfig ethX 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 up
## ++ RNDIS
##find /sys/class/net/usb0/carrier
#ip addr add 10.0.0.1/30 broadcast 10.0.0.3 dev ${INSTANCE:?}
#ip link set dev ${INSTANCE:?} up
#ip route add default via 10.0.0.2 dev ${INSTANCE:?}
## ++ RNDIS + ECM (both without IP). and use a brige interface (with IP)
#brctl addbr br0
#ip link set dev br0 up
#ip link set dev ${INSTANCE:?} up # both ECM,RNDIS
#brctl addif br0 ${INSTANCE:?} # both ECM,RNDIS
#brctl show br0
#ip addr add 10.0.0.1/29 broadcast 10.0.0.7 dev br0
#ip route add default via 10.0.0.2 dev br0
##@% ifconfig ethX 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 up
## Audio: class 0x1
## Human Interface Device (HID): class 0x3
## Mass Storage: class 0x8
## ++ Keyboard (HID)
## http://www.usb.org/developers/hidpage/Hut1_12v2.pdf # pag-53
##
## modkey_left-ctrl = 01 modkey_right-ctrl = 10 modkey_left-shift = 02
## modkey_right-shift = 20 modkey_left-alt = 04 modkey_right-alt = 40
## modkey_left-meta = 08 modkey_right-meta = 80
## key_a = 04 key_b = 05 key_c = 06 key_d = 07 key_e = 08
## key_f = 09 key_g = 0a key_h = 0b key_i = 0c key_j = 0d
## key_k = 0e key_l = 0f key_m = 10 key_n = 11 key_o = 12
## key_p = 13 key_q = 14 key_r = 15 key_s = 16 key_t = 17
## key_u = 18 key_v = 19 key_w = 1a key_x = 1b key_y = 1c
## key_z = 1d key_1 = 1e key_2 = 1f key_3 = 20 key_4 = 21
## key_5 = 22 key_6 = 23 key_7 = 24 key_8 = 25 key_9 = 26
## key_0 = 27
## key_return = 28 key_enter = 28 key_esc = 29 key_escape = 29
## key_bckspc = 2a key_backspace = 2a key_tab = 2b key_space = 2c
## key_minus = 2d key_dash = 2d key_equals = 2e key_equal = 2e
## key_lbracket = 2f key_rbracket = 30 key_backslash = 31 key_hash = 32
## key_number = 32 key_semicolon = 33 key_quote = 34 key_backquote = 35
## key_tilde = 35 key_comma = 36 key_period = 37 key_stop = 37
## key_slash = 38 key_caps-lock = 39 key_capslock = 39 key_f1 = 3a
## key_f2 = 3b key_f3 = 3c key_f4 = 3d key_f5 = 3e
## key_f6 = 3f key_f7 = 40 key_f8 = 41 key_f9 = 42
## key_f10 = 43 key_f11 = 44 key_f12 = 45 key_print = 46
## key_scroll-lock = 47 key_scrolllock = 47 key_pause = 48 key_insert = 49
## key_home = 4a key_pageup = 4b key_pgup = 4b key_del = 4c
## key_delete = 4c key_end = 4d key_pagedown = 4e key_pgdown = 4e
## key_right = 4f key_left = 50 key_down = 51 key_up = 52
## key_num-lock = 53 key_numlock = 53 key_kp-divide = 54 key_kp-multiply = 55
## key_kp-minus = 56 key_kp-plus = 57 key_kp-enter = 58 key_kp-return = 58
## key_kp-1 = 59 key_kp-2 = 5a key_kp-3 = 5b key_kp-4 = 5c
## key_kp-5 = 5d key_kp-6 = 5e key_kp-7 = 5f key_kp-8 = 60
## key_kp-9 = 61 key_kp-0 = 62 key_kp-period = 63 key_kp-stop = 63
## key_application = 65 key_power = 66 key_kp-equals = 67 key_kp-equal = 67
## key_f13 = 68 key_f14 = 69 key_f15 = 6a key_f16 = 6b
## key_f17 = 6c key_f18 = 6d key_f19 = 6e key_f20 = 6f
## key_f21 = 70 key_f22 = 71 key_f23 = 72 key_f24 = 73
## key_execute = 74 key_help = 75 key_menu = 76 key_select = 77
## key_cancel = 78 key_redo = 79 key_undo = 7a key_cut = 7b
## key_copy = 7c key_paste = 7d key_find = 7e key_mute = 7f
## key_volume-up = 80 key_volume-down = 81
## '\x{MOD}\0\x{KEY}\0\0\0\0\0'
##
## key_A = 04
#echo -ne "\0\0\x04\0\0\0\0\0" > /dev/hidg0
## return: a
## mod_RSHIFT = 20
#echo -ne "\x20\0\x04\0\0\0\0\0" > /dev/hidg0
## return: A (shift+a)
## Release:
#echo -ne "\0\0\0\0\0\0\0\0" > /dev/hidg0
#echo -ne "\0\0\x1a\x0b\x12\x04\x10\x0c" > /dev/hidg0 && echo -ne "\0\0\0\0\0\0\0\0" > /dev/hidg0
## ++ Joystick (HID) (desntTested!??
## https://github.com/milador/RaspberryPi-Joystick
##printf '%2.2x\n' 127
##
## Axis: Y Up
## [127](\x7F)
## |
## X Left [-127](\x81)--[0]--[127](\x7F) X Right
## |
## [-127](\x81)
## Y Down
##
## ( X and Y analog joysticks plus 8 buttons )
## ( X and Y analog joysticks plus 8 buttons for XAC) XACGamepad
## Release = '\x00\x00\x00'
## button_1 = '\x00\x00\x01'
## button_2 = '\x00\x00\x02'
## button_3 = '\x00\x00\x04'
## button_4 = '\x00\x00\x08'
## button_5 = '\x00\x00\x10'
## button_6 = '\x00\x00\x20'
## button_7 = '\x00\x00\x40'
## button_8 = '\x00\x00\x80'
## xy = range(-127..0..127) '\XX\YY\BB'
## button_Up = '\x00\x7F\x00'
## button_Right = '\x7F\x00\x00'
## button_Down = '\x00\x81\x00'
## button_Left = '\x81\x00\x00'
##
## ( X and Y analog joysticks plus 16 buttons )
## Release = '\x00\x00\x00\x00'
## button_1 = '\x00\x00\x01\x00' button_9 = '\x00\x00\x00\x01'
## button_2 = '\x00\x00\x02\x00' button_10 = '\x00\x00\x00\x02'
## button_3 = '\x00\x00\x04\x00' button_11 = '\x00\x00\x00\x04'
## button_4 = '\x00\x00\x08\x00' button_12 = '\x00\x00\x00\x08'
## button_5 = '\x00\x00\x10\x00' button_13 = '\x00\x00\x00\x10'
## button_6 = '\x00\x00\x20\x00' button_14 = '\x00\x00\x00\x20'
## button_7 = '\x00\x00\x40\x00' button_15 = '\x00\x00\x00\x40'
## button_8 = '\x00\x00\x80\x00' button_16 = '\x00\x00\x00\x80'
## xy = range(-127..0..127) '\XX\YY\BB\BB'
## button_Up = '\x00\x7F\x00\x00'
## button_Right = '\x7F\x00\x00\x00'
## button_Down = '\x00\x81\x00\x00'
## button_Left = '\x81\x00\x00\x00'
##
## ( X and Y analog joysticks plus 32 buttons )
## Release = '\x00\x00\x00\x00\x00\x00'
## button_1 = '\x00\x00\x01\x00\x00\x00' button_17 = '\x00\x00\x00\x00\x01\x00'
## button_2 = '\x00\x00\x02\x00\x00\x00' button_18 = '\x00\x00\x00\x00\x02\x00'
## button_3 = '\x00\x00\x04\x00\x00\x00' button_19 = '\x00\x00\x00\x00\x04\x00'
## button_4 = '\x00\x00\x08\x00\x00\x00' button_20 = '\x00\x00\x00\x00\x08\x00'
## button_5 = '\x00\x00\x10\x00\x00\x00' button_21 = '\x00\x00\x00\x00\x10\x00'
## button_6 = '\x00\x00\x20\x00\x00\x00' button_22 = '\x00\x00\x00\x00\x20\x00'
## button_7 = '\x00\x00\x40\x00\x00\x00' button_23 = '\x00\x00\x00\x00\x40\x00'
## button_8 = '\x00\x00\x80\x00\x00\x00' button_24 = '\x00\x00\x00\x00\x80\x00'
## button_9 = '\x00\x00\x00\x01\x00\x00' button_25 = '\x00\x00\x00\x00\x00\x01'
## button_10 = '\x00\x00\x00\x02\x00\x00' button_26 = '\x00\x00\x00\x00\x00\x02'
## button_11 = '\x00\x00\x00\x04\x00\x00' button_27 = '\x00\x00\x00\x00\x00\x04'
## button_12 = '\x00\x00\x00\x08\x00\x00' button_28 = '\x00\x00\x00\x00\x00\x08'
## button_13 = '\x00\x00\x00\x10\x00\x00' button_29 = '\x00\x00\x00\x00\x00\x10'
## button_14 = '\x00\x00\x00\x20\x00\x00' button_30 = '\x00\x00\x00\x00\x00\x20'
## button_15 = '\x00\x00\x00\x40\x00\x00' button_31 = '\x00\x00\x00\x00\x00\x40'
## button_16 = '\x00\x00\x00\x80\x00\x00' button_32 = '\x00\x00\x00\x00\x00\x80'
## xy = range(-127..0..127) '\XX\YY\BB\BB\BB\BB'
## button_Up = '\x00\x7F\x00\x00\x00\x00'
## button_Right = '\x7F\x00\x00\x00\x00\x00'
## button_Down = '\x00\x81\x00\x00\x00\x00'
## button_Left = '\x81\x00\x00\x00\x00\x00'
##
## Axis: DPad:
## Y 7--0--1
## [255](\xFF) | |
## | 6 + 2
## [128](\x80) + | |
## | 5--4--3
## [0]--[128](\x80)--[255](\xFF) X
##
## ( 2 analog sticks, 1 dpad, 14 buttons ) NSGamepad (!??
## button_Y_Square =
## button_B_Cross =
## button_A_Circle =
## button_X_Triangle =
## button_LTrigger_L1 =
## button_RTrigger_R1 =
## button_LThrottle_L2 =
## button_RThrottle_R2 =
## button_Minus_Share =
## button_Plus_Options =
## button_LStick_L3 =
## button_RStick_R3 =
## button_Home_Logo =
## button_Capture_TPad =
## xy = range(0..128..255) '\XX\YY\DD\BB\BB' (!??
## xy = range(0..128..255) '\BB\BB\DD\XX\YY\XX\YY\00' (!??
## button_Up =
## button_UpRight =
## button_Right =
## button_DownLeft =
## button_Down =
## button_DownRight =
## button_UpLeft =
## button_Left =
## ++ Mouse (HID)
## button_1 = 01 button_1_&_2 = 03
## button_2 = 02 button_2_&_3 = 06
## button_3 = 04
## none/release = 00
##
## Relative:
##
## Y
## [-127](\x81)
## |
## X [-127](\x81)--[0]--[127](\x7f) X
## |
## [127](\x7f)
## Y
##
## relative = 01
## xy = range(-127..0..127)
## '\x{relative}\x{button}\x{XX}\x{YY}\x00\x00'
##
## x => 127 => \x7f
## y => -127 => \x81
#echo -ne '\x01\x00\x7f\x81\x00\x00' > /dev/hidg1
##
#_HEXA(){ H="00$(printf '%2.2x\n' "${1:?}")";H="${H:(-4)}"; printf '\\x%s' "${H:2:2}"; }
#_MOVE(){ echo "\x01\x0${3:-0}$(_HEXA ${1:-0})$(_HEXA ${2-0})\x00\x00"; }
# {-127..0..127} {-127..0..127} {0-4,6}
#echo -ne "$(_MOVE -10 -10 0)" > /dev/hidg1
#echo -ne "$(_MOVE 0 0 1)" > /dev/hidg1
#echo -ne "$(_MOVE 0 0 0)" > /dev/hidg1
##
## Absolute: (desntWork!??
##
## Y
## [32767](\x7fff)
## |
## [0]--[32762](\x7fff) X
##
## absolute = 02
## xy = range(0..32767)
## '\x{absolute}\x{button}\x{XX2}\x{XX1}\x{YY2}\x{YY1}'
##
## x => 32767 => 0x7fff => \xff\x7f
## y => 6553 => 0x1999 => \x99\x19
#echo -ne '\x02\x00\xff\x7f\x99\x19' > /dev/hidg1
##
#
# #720x1280#720x1520#600*1024#
# for monitor 1920x1080
# x = 50 * 32767 / 1920 = 853 => 0x355 => \x55\x03
# y = 100 * 32767 / 1080 = 3033 => 0xbd9 => \xd9\x0b
### HID.* Gadget
## # Report Descriptor from an already existing device (eventXX/mouseXX/..)
## ls -l /sys/class/input/event0/device/device/report_descriptor
## xxd -p /sys/class/input/event0/device/device/report_descriptor | tr -d '\n' > /tmp/repdesc
## xxd -r -ps /tmp/repdesc functions/hid.${INSTANCE}/report_desc
##echo "0501....08100c0" | xxd -r -ps > functions/hid.${INSTANCE}/report_desc
# http://www.isticktoit.net/?p=1383
# https://github.com/RoganDawes/P4wnP1 # *
# https://github.com/girst/sendHID-mirror-of-git.gir.st
# https://lwn.net/Articles/395712/
# https://threadsec.wordpress.com/raspberry-pi-zero-usb-composite-gadget/
# https://github.com/anbud/DroidDucky/blob/master/droidducky.sh
# https://roy-n-roy.github.io/Raspberry%20Pi/WebConsole/
# echo "12$(echo $(grep Serial /proc/cpuinfo | sed 's/Serial\s*: 0000\(\w*\)/\1/' | sed 's/\(\w\w\)/:\1/g' | cut -b 2-) | cut -b 3-)"
# echo "02$(echo $(grep Serial /proc/cpuinfo | sed 's/Serial\s*: 0000\(\w*\)/\1/' | sed 's/\(\w\w\)/:\1/g' | cut -b 2-) | cut -b 3-)"
echo 0 | sudo /sys/class/leds/led0/brightness
#cat /sys/class/leds/led0/trigger
#echo mmc0 | sudo tee /sys/class/leds/led0/trigger
echo timer | sudo tee /sys/class/leds/led0/trigger
## ++ Mass Storage
#lsusb -d 0781:5567 -v && dmesg
echo 0x0781 > idVendor # SanDisk Corp.
echo 0x5567 > idProduct # Cruzer Blade
echo 0x0126 > bcdDevice # v1.26
echo 0x64 > bMaxPacketSize0 # !08?
echo "SanDisk" > strings/0x409/manufacturer
echo "Cruzer Blade" > strings/0x409/product
echo 'SanDisk Cruzer Blade 1.26' > functions/mass_storage.${INSTANCE}/lun.0/inquiry_string
#modprobe g_mass_storage file=${FILE:?} stall=0 ro=0 removable=1 nofua=1
### 11.0 4.19.81-piCore - RPi0W (armv6l)
# tce-load -wil tar wget squashfs-tools
# cd /tmp
# wget http://repo.tinycorelinux.net/11.x/armv6/releases/RPi/src/kernel/modules.tar.gz
# mkdir -p /tmp/BR/usr
# cd /tmp/BR/usr
# tar tf /tmp/modules.tar.gz | grep -E "net/802|llc|bridge" | grep -v "/$"> /tmp/bridging.txt
# tar xf /tmp/modules.tar.gz --files-from=/tmp/bridging.txt
# mv modules local
# ls -d /tmp/BR/usr/local/lib/modules/4.19.81-piCore/kernel/net/bridge/
# cd /tmp
# mksquashfs /tmp/BR/ net-bridging-4.19.81-piCore.tcz
# md5sum net-bridging-4.19.81-piCore.tcz > net-bridging-4.19.81-piCore.tcz.md5.txt
# echo 'ipv6-4.19.81-piCore.tcz' > net-bridging-4.19.81-piCore.tcz.dep
# mv net-bridging-4.19.81-piCore.tc* /mnt/mmcblk0p2/tce/optional/
# echo 'net-bridging-4.19.81-piCore' >> /mnt/mmcblk0p2/tce/onboot.lst
# exitcheck.sh reboot
#
# /sbin/depmod
# /sbin/modprobe bridge br_netfilter
# /sbin/lsmod
# sudo -s
# mount /dev/mmcblk0p1 /mnt/mmcblk0p1
# echo -e "\n[PI0]\ndtoverlay=dwc2\n" >> /mnt/mmcblk0p1/config.txt
# sed -i 's/rootwait/rootwait modules-load=dwc2,g_ether/g' /mnt/mmcblk0p1/cmdline.txt
# #sed -i 's/rootwait/rootwait modules-load=dwc2,g_serial/g' /mnt/mmcblk0p1/cmdline.txt
#
# /sbin/depmod
# /sbin/modprobe dwc2
# /sbin/modprobe g_ether
#
# ls /sys/class/net/usb0/carrier
# ip link set dev usb0 up
# ip addr add 10.0.0.1/30 broadcast 10.0.0.3 dev usb0
# ip route add default via 10.0.0.2 dev usb0
# #/sbin/udhcpc -b -i usb0 -x hostname:$(/bin/hostname) -p /var/run/udhcpc.usb0.pid
##@% ifconfig ethX 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 up
Raw
hid-gadget-test.c
/* hid_gadget_test */
// https://github.com/pelya/android-keyboard-gadget/
/* Musl : gcc -static --static hid-gadget-test.c -o hid-gadget-test */
#include <sys/select.h>
#include <pthread.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define BUF_LEN 512
struct options {
const char *opt;
unsigned char val;
};
static struct options kmod[] = {
{.opt = "left-ctrl", .val = 0x01},
{.opt = "right-ctrl", .val = 0x10},
{.opt = "left-shift", .val = 0x02},
{.opt = "right-shift", .val = 0x20},
{.opt = "left-alt", .val = 0x04},
{.opt = "right-alt", .val = 0x40},
{.opt = "left-meta", .val = 0x08},
{.opt = "right-meta", .val = 0x80},
{.opt = NULL}
};
static struct options kval[] = {
{.opt = "a", .val = 0x04},
{.opt = "b", .val = 0x05},
{.opt = "c", .val = 0x06},
{.opt = "d", .val = 0x07},
{.opt = "e", .val = 0x08},
{.opt = "f", .val = 0x09},
{.opt = "g", .val = 0x0a},
{.opt = "h", .val = 0x0b},
{.opt = "i", .val = 0x0c},
{.opt = "j", .val = 0x0d},
{.opt = "k", .val = 0x0e},
{.opt = "l", .val = 0x0f},
{.opt = "m", .val = 0x10},
{.opt = "n", .val = 0x11},
{.opt = "o", .val = 0x12},
{.opt = "p", .val = 0x13},
{.opt = "q", .val = 0x14},
{.opt = "r", .val = 0x15},
{.opt = "s", .val = 0x16},
{.opt = "t", .val = 0x17},
{.opt = "u", .val = 0x18},
{.opt = "v", .val = 0x19},
{.opt = "w", .val = 0x1a},
{.opt = "x", .val = 0x1b},
{.opt = "y", .val = 0x1c},
{.opt = "z", .val = 0x1d},
{.opt = "1", .val = 0x1e},
{.opt = "2", .val = 0x1f},
{.opt = "3", .val = 0x20},
{.opt = "4", .val = 0x21},
{.opt = "5", .val = 0x22},
{.opt = "6", .val = 0x23},
{.opt = "7", .val = 0x24},
{.opt = "8", .val = 0x25},
{.opt = "9", .val = 0x26},
{.opt = "0", .val = 0x27},
{.opt = "return", .val = 0x28},
{.opt = "enter", .val = 0x28},
{.opt = "esc", .val = 0x29},
{.opt = "escape", .val = 0x29},
{.opt = "bckspc", .val = 0x2a},
{.opt = "backspace", .val = 0x2a},
{.opt = "tab", .val = 0x2b},
{.opt = "space", .val = 0x2c},
{.opt = "minus", .val = 0x2d},
{.opt = "dash", .val = 0x2d},
{.opt = "equals", .val = 0x2e},
{.opt = "equal", .val = 0x2e},
{.opt = "lbracket", .val = 0x2f},
{.opt = "rbracket", .val = 0x30},
{.opt = "backslash", .val = 0x31},
{.opt = "hash", .val = 0x32},
{.opt = "number", .val = 0x32},
{.opt = "semicolon", .val = 0x33},
{.opt = "quote", .val = 0x34},
{.opt = "backquote", .val = 0x35},
{.opt = "tilde", .val = 0x35},
{.opt = "comma", .val = 0x36},
{.opt = "period", .val = 0x37},
{.opt = "stop", .val = 0x37},
{.opt = "slash", .val = 0x38},
{.opt = "caps-lock", .val = 0x39},
{.opt = "capslock", .val = 0x39},
{.opt = "f1", .val = 0x3a},
{.opt = "f2", .val = 0x3b},
{.opt = "f3", .val = 0x3c},
{.opt = "f4", .val = 0x3d},
{.opt = "f5", .val = 0x3e},
{.opt = "f6", .val = 0x3f},
{.opt = "f7", .val = 0x40},
{.opt = "f8", .val = 0x41},
{.opt = "f9", .val = 0x42},
{.opt = "f10", .val = 0x43},
{.opt = "f11", .val = 0x44},
{.opt = "f12", .val = 0x45},
{.opt = "print", .val = 0x46},
{.opt = "scroll-lock", .val = 0x47},
{.opt = "scrolllock", .val = 0x47},
{.opt = "pause", .val = 0x48},
{.opt = "insert", .val = 0x49},
{.opt = "home", .val = 0x4a},
{.opt = "pageup", .val = 0x4b},
{.opt = "pgup", .val = 0x4b},
{.opt = "del", .val = 0x4c},
{.opt = "delete", .val = 0x4c},
{.opt = "end", .val = 0x4d},
{.opt = "pagedown", .val = 0x4e},
{.opt = "pgdown", .val = 0x4e},
{.opt = "right", .val = 0x4f},
{.opt = "left", .val = 0x50},
{.opt = "down", .val = 0x51},
{.opt = "up", .val = 0x52},
{.opt = "num-lock", .val = 0x53},
{.opt = "numlock", .val = 0x53},
{.opt = "kp-divide", .val = 0x54},
{.opt = "kp-multiply", .val = 0x55},
{.opt = "kp-minus", .val = 0x56},
{.opt = "kp-plus", .val = 0x57},
{.opt = "kp-enter", .val = 0x58},
{.opt = "kp-return", .val = 0x58},
{.opt = "kp-1", .val = 0x59},
{.opt = "kp-2", .val = 0x5a},
{.opt = "kp-3", .val = 0x5b},
{.opt = "kp-4", .val = 0x5c},
{.opt = "kp-5", .val = 0x5d},
{.opt = "kp-6", .val = 0x5e},
{.opt = "kp-7", .val = 0x5f},
{.opt = "kp-8", .val = 0x60},
{.opt = "kp-9", .val = 0x61},
{.opt = "kp-0", .val = 0x62},
{.opt = "kp-period", .val = 0x63},
{.opt = "kp-stop", .val = 0x63},
{.opt = "application", .val = 0x65},
{.opt = "power", .val = 0x66},
{.opt = "kp-equals", .val = 0x67},
{.opt = "kp-equal", .val = 0x67},
{.opt = "f13", .val = 0x68},
{.opt = "f14", .val = 0x69},
{.opt = "f15", .val = 0x6a},
{.opt = "f16", .val = 0x6b},
{.opt = "f17", .val = 0x6c},
{.opt = "f18", .val = 0x6d},
{.opt = "f19", .val = 0x6e},
{.opt = "f20", .val = 0x6f},
{.opt = "f21", .val = 0x70},
{.opt = "f22", .val = 0x71},
{.opt = "f23", .val = 0x72},
{.opt = "f24", .val = 0x73},
{.opt = "execute", .val = 0x74},
{.opt = "help", .val = 0x75},
{.opt = "menu", .val = 0x76},
{.opt = "select", .val = 0x77},
{.opt = "cancel", .val = 0x78},
{.opt = "redo", .val = 0x79},
{.opt = "undo", .val = 0x7a},
{.opt = "cut", .val = 0x7b},
{.opt = "copy", .val = 0x7c},
{.opt = "paste", .val = 0x7d},
{.opt = "find", .val = 0x7e},
{.opt = "mute", .val = 0x7f},
{.opt = "volume-up", .val = 0x80}, // These are multimedia keys, they will not work on standard keyboard, they need a different USB descriptor
{.opt = "volume-down", .val = 0x81},
{.opt = NULL}
};
int keyboard_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int key = 0;
int i = 0;
for (; tok != NULL; tok = strtok(NULL, " ")) {
if (strncmp(tok, "--", 2) == 0)
tok += 2;
if (strcmp(tok, "quit") == 0)
return -1;
if (strcmp(tok, "hold") == 0) {
*hold = 1;
continue;
}
if (key < 6) {
for (i = 0; kval[i].opt != NULL; i++)
if (strcmp(tok, kval[i].opt) == 0) {
report[2 + key++] = kval[i].val;
break;
}
if (kval[i].opt != NULL)
continue;
}
for (i = 0; kmod[i].opt != NULL; i++)
if (strcmp(tok, kmod[i].opt) == 0) {
report[0] = report[0] | kmod[i].val;
break;
}
if (kmod[i].opt != NULL)
continue;
if (key < 6)
fprintf(stderr, "unknown option: %s\n", tok);
}
return 8;
}
static struct options mmod[] = {
{.opt = "--b1", .val = 0x01},
{.opt = "--b2", .val = 0x02},
{.opt = "--b3", .val = 0x04},
{.opt = NULL}
};
int mouse_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int mvt = 0;
int i = 0;
for (; tok != NULL; tok = strtok(NULL, " ")) {
if (strcmp(tok, "--quit") == 0)
return -1;
if (strcmp(tok, "--hold") == 0) {
*hold = 1;
continue;
}
for (i = 0; mmod[i].opt != NULL; i++)
if (strcmp(tok, mmod[i].opt) == 0) {
report[0] = report[0] | mmod[i].val;
break;
}
if (mmod[i].opt != NULL)
continue;
if (!(tok[0] == '-' && tok[1] == '-') && mvt < 2) {
errno = 0;
report[1 + mvt++] = (char)strtol(tok, NULL, 0);
if (errno != 0) {
fprintf(stderr, "Bad value:'%s'\n", tok);
report[1 + mvt--] = 0;
}
continue;
}
fprintf(stderr, "unknown option: %s\n", tok);
}
return 3;
}
static struct options jmod[] = {
{.opt = "--b1", .val = 0x10},
{.opt = "--b2", .val = 0x20},
{.opt = "--b3", .val = 0x40},
{.opt = "--b4", .val = 0x80},
{.opt = "--hat1", .val = 0x00},
{.opt = "--hat2", .val = 0x01},
{.opt = "--hat3", .val = 0x02},
{.opt = "--hat4", .val = 0x03},
{.opt = "--hatneutral", .val = 0x04},
{.opt = NULL}
};
int joystick_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int mvt = 0;
int i = 0;
*hold = 1;
/* set default hat position: neutral */
report[3] = 0x04;
for (; tok != NULL; tok = strtok(NULL, " ")) {
if (strcmp(tok, "--quit") == 0)
return -1;
for (i = 0; jmod[i].opt != NULL; i++)
if (strcmp(tok, jmod[i].opt) == 0) {
report[3] = (report[3] & 0xF0) | jmod[i].val;
break;
}
if (jmod[i].opt != NULL)
continue;
if (!(tok[0] == '-' && tok[1] == '-') && mvt < 3) {
errno = 0;
report[mvt++] = (char)strtol(tok, NULL, 0);
if (errno != 0) {
fprintf(stderr, "Bad value:'%s'\n", tok);
report[mvt--] = 0;
}
continue;
}
fprintf(stderr, "unknown option: %s\n", tok);
}
return 4;
}
void print_options(char c)
{
int i = 0;
if (c == 'k') {
printf(" keyboard options:\n"
" hold\n");
for (i = 0; kmod[i].opt != NULL; i++)
printf("\t\t%s\n", kmod[i].opt);
printf("\n keyboard values:\n"
" [a-z] or [0-9] or\n");
for (i = 0; kval[i].opt != NULL; i++)
printf("\t\t%-8s%s", kval[i].opt, i % 2 ? "\n" : "");
printf("\n");
} else if (c == 'm') {
printf(" mouse options:\n"
" --hold\n");
for (i = 0; mmod[i].opt != NULL; i++)
printf("\t\t%s\n", mmod[i].opt);
printf("\n mouse values:\n"
" Two signed numbers\n\n");
} else {
printf(" joystick options:\n");
for (i = 0; jmod[i].opt != NULL; i++)
printf("\t\t%s\n", jmod[i].opt);
printf("\n joystick values:\n"
" three signed numbers\n"
"--quit to close\n");
}
}
int main(int argc, const char *argv[])
{
const char *filename = NULL;
int fd = 0;
char buf[BUF_LEN];
int cmd_len;
char report[8];
int to_send = 8;
int hold = 0;
fd_set rfds;
int retval, i;
if (argc < 3) {
fprintf(stderr, "Usage: %s devname mouse|keyboard|joystick\n",
argv[0]);
print_options('k');
print_options('m');
print_options('j');
return 1;
}
if (argv[2][0] != 'k' && argv[2][0] != 'm' && argv[2][0] != 'j')
return 2;
filename = argv[1];
if ((fd = open(filename, O_RDWR, 0666)) == -1) {
perror(filename);
return 3;
}
while (42) {
FD_ZERO(&rfds);
FD_SET(STDIN_FILENO, &rfds);
FD_SET(fd, &rfds);
retval = select(fd + 1, &rfds, NULL, NULL, NULL);
if (retval == -1 && errno == EINTR)
continue;
if (retval < 0) {
perror("select()");
return 4;
}
if (FD_ISSET(fd, &rfds)) {
cmd_len = read(fd, buf, BUF_LEN - 1);
printf("recv report:");
for (i = 0; i < cmd_len; i++)
printf(" %02x", buf[i]);
printf("\n");
}
if (FD_ISSET(STDIN_FILENO, &rfds)) {
memset(report, 0x0, sizeof(report));
cmd_len = read(STDIN_FILENO, buf, BUF_LEN - 1);
if (cmd_len == 0)
break;
buf[cmd_len - 1] = '\0';
hold = 0;
memset(report, 0x0, sizeof(report));
if (argv[2][0] == 'k')
to_send = keyboard_fill_report(report, buf, &hold);
else if (argv[2][0] == 'm')
to_send = mouse_fill_report(report, buf, &hold);
else
to_send = joystick_fill_report(report, buf, &hold);
if (to_send == -1)
break;
if (write(fd, report, to_send) != to_send) {
perror(filename);
return 5;
}
if (!hold) {
memset(report, 0x0, sizeof(report));
if (write(fd, report, to_send) != to_send) {
perror(filename);
return 6;
}
}
}
}
close(fd);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment