[chirp_devel] Portmon doc for 64bit windows?
Per a recent post from Pavel, there is the following document to get a binary dump of a radio image transfer at:
http://chirp.danplanet.com/attachments/2257/how%20to%20portmon.doc
Unfortunately, that's only available for 32bit windows... but I only have 64bit windows. Is anyone aware of a solution here? I'd like to get some dumps to see if I can add Yaesu FTM400 and FT2D support. I think the FT2D is going to be quite similar to Marco's existing FT1 but I think the FTM400 is going to be quite different.
--David KI6ZHD
Virtual Box? Can you run a 32 bit Windows inside of a VirtualBox? https://www.virtualbox.org/
73, Dave Nathanson KG6ZJO
On Apr 25, 2016, at 8:46 PM, David Ranch via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Per a recent post from Pavel, there is the following document to get a binary dump of a radio image transfer at:
http://chirp.danplanet.com/attachments/2257/how%20to%20portmon.doc
Unfortunately, that's only available for 32bit windows... but I only have 64bit windows. Is anyone aware of a solution here? I'd like to get some dumps to see if I can add Yaesu FTM400 and FT2D support. I think the FT2D is going to be quite similar to Marco's existing FT1 but I think the FTM400 is going to be quite different.
--David KI6ZHD _______________________________________________ chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
I didn't realize portmon doesn't exist for 64-bit windows. I hope there is a replacement.
As an FYI, If you go the VM route, a few tips:
- VMware has some tracing capabilities built in. I know Travis Goodspeed was using this to capture the Tytera MD-380 (DMR) USB transactions to create his Python tool for reading/writing that radio. VMware Workstation Player, is the new free for personal use version of VMware. If you need capabilities that aren't in the free version, you can get an eval license.
- VirtualBox as of 5.x added some tracing capabilities that were previous lacking in VirtualBox 4.x. I have no experience with this.
- VirtualBox USB support -- VirtualBox is free/open-source, but you need to add the extension package which isn't open source for USB device support.
- Pre-built Windows VMs for testing - Microsoft makes pre-built Windows VMs available for testing IE that are useful for doing other tests. VirtualBox, VMware, Vagrant, Parallels, and Hyper-V images are available. (They don't have a qcow2 image directly usable by Linux KVM/libvirt). The VMs expire after 90 days, but they tell you to make a snapshot at first boot that you can roll back to.
Seehttps://developer.microsoft.com/en-us/microsoft-edge/tools/vms/windows/
Hope this helps, --Rob W2RCT
On 4/26/2016 12:50 AM, Dave Nathanson via chirp_devel wrote:
Virtual Box? Can you run a 32 bit Windows inside of a VirtualBox? https://www.virtualbox.org/
73, Dave Nathanson KG6ZJO
On Apr 25, 2016, at 8:46 PM, David Ranch via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Per a recent post from Pavel, there is the following document to get a binary dump of a radio image transfer at:
http://chirp.danplanet.com/attachments/2257/how%20to%20portmon.doc
Unfortunately, that's only available for 32bit windows... but I only have 64bit windows. Is anyone aware of a solution here? I'd like to get some dumps to see if I can add Yaesu FTM400 and FT2D support. I think the FT2D is going to be quite similar to Marco's existing FT1 but I think the FTM400 is going to be quite different.
--David KI6ZHD
Using wireshark would be excellent from my perspective but I don't know if people who might have written tools against the output of Portmon would work with a PCAP capture.
Marco / Pavel: Any thoughts here?
--David KI6ZHD
Hi to all,
Interesting topic, and interesting tip about Wireshark doing USB capture, I will give that a try and see how they pack the usb protocol in the pcap format or whatever format they doit, maybe we can unpack that format in to a kind of log...
David, I used one time in the past a serial capture tool for Windows 8 @64 bits from the Internet (I don't remember the name now) but it was a "limited time you has to buy after 30 days" kind of tool, that may work for a short time frame but isn't a solution on the long term.
73
El 26/04/16 a las 14:08, David Ranch via chirp_devel escribió:
Using wireshark would be excellent from my perspective but I don't know if people who might have written tools against the output of Portmon would work with a PCAP capture.
Marco / Pavel: Any thoughts here?
--David KI6ZHD
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
This analysis can be directly in Wireshark by writing a dissector for your USB serial device; the Linux kernel sources tell us details of many USB serial devices. I'll do my best to help when someone can get this started:
wireshark-2.0.3/epan/dissectors/packet-usb-com.c
as an example of a dissector. Also possible is to write this in LUA language but when I started this way I discovered some unexpected behavior / bugs in wireshark 1.9.x LUA support; maybe these are fixed now, but for inclusion into wireshark upstream we should target the upstream C source code tree.
Even without a dissector you should be able to apply a filter:
"usb.capdata and usb.bus_id==8 and usb.device_address==2"
where 8 and 2 are values from the Linux host in 'dmesg' or 'lsusb' output. This gives all transactions where there is more data than the existing USB dissectors can handle, and should be mostly the RS232 data payload we're interested in.
Eric
On Tue, Apr 26, 2016 at 11:44 AM, Pavel Milanes (CO7WT) via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Hi to all,
Interesting topic, and interesting tip about Wireshark doing USB capture, I will give that a try and see how they pack the usb protocol in the pcap format or whatever format they doit, maybe we can unpack that format in to a kind of log...
David, I used one time in the past a serial capture tool for Windows 8 @64 bits from the Internet (I don't remember the name now) but it was a "limited time you has to buy after 30 days" kind of tool, that may work for a short time frame but isn't a solution on the long term.
73
El 26/04/16 a las 14:08, David Ranch via chirp_devel escribió:
Using wireshark would be excellent from my perspective but I don't know if people who might have written tools against the output of Portmon would work with a PCAP capture.
Marco / Pavel: Any thoughts here?
--David KI6ZHD
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
I've written a crude Wireshark dissector in LUA that strings together data across URB_BULK requests.
From Linux (Debian Stretch/testing):
Get the dissector script usb232.lua at: http://paste.debian.net/447366/
$ mkdir $HOME/.config/wireshark/plugins
Save the usb232.lua plugin in your Wireshark plugins directory (above).
$ lsusb | grep -i serial Bus 008 Device 004: ID 050d:0103 Belkin Components F5U103 Serial Adapter [etek]
Make certain no other USB devices are on the same Bus number. This usually means plugging your USB serial adapter into its own port i.e. not after a hub.
$ lsusb | grep "Bus 008" Bus 008 Device 004: ID 050d:0103 Belkin Components F5U103 Serial Adapter [etek] Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
This is fine because the root hub itself doesn't likely send any URB_BULK messages which would confuse the Wireshark dissector script.
$ sudo modprobe usbmon
Run tcpdump as root for access to /dev/usbmon8 (as in Bus 008 above)
$ sudo tcpdump -i usbmon8 -w output.pcap
Break (ctrl-c) when done to quit tcpdump and finalize the capture file.
Change owner of output file to your user account
$ sudo chown $USER. output.pcap
Run Wireshark and open the capture file.
$ wireshark output.pcap
Apply a display filter 'usb232'.
File|Export Packet Dissections|As Plain Text... "export.txt" with options: All packets, Displayed, No Summary line, No Details, Yes Bytes.
The output is cluttered with the USB protocol Frames which we don't care about. I'm not sure yet how to do this better from Wireshark but we can simply post-process to clean this up.
Remove the packet Field data leaving only RS232 bytes: $ sed -i -e '/Frame/,/RS232/{//!d}' -e '/Frame/d' export.txt
See example output (AT3318UV-E radio 168kb) at: http://paste.ubuntu.com/16138458/
Eric
On Tue, Apr 26, 2016 at 8:20 PM, Eric Shattow lucent@gmail.com wrote:
This analysis can be directly in Wireshark by writing a dissector for your USB serial device; the Linux kernel sources tell us details of many USB serial devices. I'll do my best to help when someone can get this started:
wireshark-2.0.3/epan/dissectors/packet-usb-com.c
as an example of a dissector. Also possible is to write this in LUA language but when I started this way I discovered some unexpected behavior / bugs in wireshark 1.9.x LUA support; maybe these are fixed now, but for inclusion into wireshark upstream we should target the upstream C source code tree.
Even without a dissector you should be able to apply a filter:
"usb.capdata and usb.bus_id==8 and usb.device_address==2"
where 8 and 2 are values from the Linux host in 'dmesg' or 'lsusb' output. This gives all transactions where there is more data than the existing USB dissectors can handle, and should be mostly the RS232 data payload we're interested in.
Eric
On Tue, Apr 26, 2016 at 11:44 AM, Pavel Milanes (CO7WT) via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Hi to all,
Interesting topic, and interesting tip about Wireshark doing USB capture, I will give that a try and see how they pack the usb protocol in the pcap format or whatever format they doit, maybe we can unpack that format in to a kind of log...
David, I used one time in the past a serial capture tool for Windows 8 @64 bits from the Internet (I don't remember the name now) but it was a "limited time you has to buy after 30 days" kind of tool, that may work for a short time frame but isn't a solution on the long term.
73
El 26/04/16 a las 14:08, David Ranch via chirp_devel escribió:
Using wireshark would be excellent from my perspective but I don't know if people who might have written tools against the output of Portmon would work with a PCAP capture.
Marco / Pavel: Any thoughts here?
--David KI6ZHD
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
Thanks for putting that together Eric. I'll have to give that a try and see if I can start looking at some of these new radios.
--David KI6ZHD
Alternate post-processing script:
#!/usr/bin/env ruby ring = "" while line = $stdin.gets if $stdin.eof? or line =~ /^([\w ]+) (\d+ \w+):/ if s = ring.match(/^([\w ]+) (\d+ \w+):\n((?:\h{4}\s+(?:\s?\h{2})+\s+.+\n)+)/) label = s[1] hex = [] ascii = [] body = s[2].split("\n").map {|x| x.split /\s\s+/ }.each {|x,y,z| hex << y; ascii << z } print "%-16s%-64s\t%s\n" % [label, hex.join(" "), ascii.join("")] unless label =~ /^Frame$/ end ring.clear end ring << line end
Example usage: cat output.txt | ./usb232-postprocess.rb
Example output: RS232 Send 50 52 4f 47 52 41 4d PROGRAM RS232 Receive 51 58 06 QX. RS232 Send 02 . RS232 Receive 49 33 33 31 38 55 53 45 04 56 31 30 30 e4 00 06 I3318USE.V100... RS232 Send 52 00 40 10 R.@. RS232 Receive 57 00 40 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 06 W.@.................P. ...visit http://paste.debian.net/681956/ for full example output.
This will unwind the column output for each label to make it simpler to compare line-by-line. It works with full wireshark text output as long as the usb232.lua was loaded and "Bytes" text export option enabled.
I am using the filtered output with a memory dump where say memory 0 has squelch level 1, memory 1 squelch level 2, memory 2 squelch level 3... to figure out the squelch bits visually.
Any luck trying these methods?
Eric
On Fri, Apr 29, 2016 at 9:41 PM, David Ranch chirp-devel@trinnet.net wrote:
Thanks for putting that together Eric. I'll have to give that a try and see if I can start looking at some of these new radios.
--David KI6ZHD
Virtual Box? Can you run a 32 bit Windows inside of a VirtualBox? https://www.virtualbox.org/
73, Dave Nathanson KG6ZJO
On Apr 25, 2016, at 8:46 PM, David Ranch via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Per a recent post from Pavel, there is the following document to get a binary dump of a radio image transfer at:
http://chirp.danplanet.com/attachments/2257/how%20to%20portmon.doc
Unfortunately, that's only available for 32bit windows... but I only have 64bit windows. Is anyone aware of a solution here? I'd like to get some dumps to see if I can add Yaesu FTM400 and FT2D support. I think the FT2D is going to be quite similar to Marco's existing FT1 but I think the FTM400 is going to be quite different.
--David KI6ZHD _______________________________________________ chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
participants (6)
-
Dave Nathanson -
Dave Nathanson -
David Ranch -
Eric Shattow -
Pavel Milanes (CO7WT) -
Robert Terzi