liz/flipperzero-firmware
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[FL-2159] BadUSB alt codes (#935)

Browse Source 
* badusb: alt code commands
* badusb: demo script update
* usb hid: consumer control descriptor
* BadUsb: remove dangerous type casting, rename variable to match codding style guide

Co-authored-by: あく <alleteam@gmail.com>
This commit is contained in:
Nikolay Minaylov
2022-01-02 20:34:39 +03:00
committed by GitHub
parent 5b1f50e63a
commit 1202f9b82d
10 changed files with 483 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
firmware/targets/f7/furi-hal/furi-hal-usb-cdc.c
View File

@@ -539,11 +539,6 @@ static usbd_respond cdc_ep_config (usbd_device *dev, uint8_t cfg) {
switch (cfg) {
case 0:
/* deconfiguring device */
usbd_ep_deconfig(dev, CDC0_NTF_EP);
usbd_ep_deconfig(dev, CDC0_TXD_EP);
usbd_ep_deconfig(dev, CDC0_RXD_EP);
usbd_reg_endpoint(dev, CDC0_RXD_EP, 0);
usbd_reg_endpoint(dev, CDC0_TXD_EP, 0);
if (if_cnt == 4) {
usbd_ep_deconfig(dev, CDC1_NTF_EP);
usbd_ep_deconfig(dev, CDC1_TXD_EP);
@@ -551,6 +546,11 @@ static usbd_respond cdc_ep_config (usbd_device *dev, uint8_t cfg) {
usbd_reg_endpoint(dev, CDC1_RXD_EP, 0);
usbd_reg_endpoint(dev, CDC1_TXD_EP, 0);
}
usbd_ep_deconfig(dev, CDC0_NTF_EP);
usbd_ep_deconfig(dev, CDC0_TXD_EP);
usbd_ep_deconfig(dev, CDC0_RXD_EP);
usbd_reg_endpoint(dev, CDC0_RXD_EP, 0);
usbd_reg_endpoint(dev, CDC0_TXD_EP, 0);
return usbd_ack;
case 1:
/* configuring device */

119
firmware/targets/f7/furi-hal/furi-hal-usb-hid.c
View File

@@ -9,17 +9,24 @@
#include "hid_usage_desktop.h"
#include "hid_usage_button.h"
#include "hid_usage_keyboard.h"
#include "hid_usage_led.h"
#define HID_RIN_EP 0x81
#define HID_RIN_SZ 0x10
#define HID_EP_IN 0x81
#define HID_EP_OUT 0x01
#define HID_EP_SZ 0x10
#define HID_KB_MAX_KEYS 6
#define HID_CONSUMER_MAX_KEYS 2
#define HID_PAGE_CONSUMER 0x0C
#define HID_CONSUMER_CONTROL 0x01
struct HidIadDescriptor {
struct usb_iad_descriptor hid_iad;
struct usb_interface_descriptor hid;
struct usb_hid_descriptor hid_desc;
struct usb_endpoint_descriptor hid_ep;
struct usb_endpoint_descriptor hid_ep_in;
struct usb_endpoint_descriptor hid_ep_out;
};
struct HidConfigDescriptor {
@@ -30,6 +37,7 @@ struct HidConfigDescriptor {
enum HidReportId {
ReportIdKeyboard = 1,
ReportIdMouse = 2,
ReportIdConsumer = 3,
};
/* HID report: keyboard+mouse */
@@ -49,7 +57,13 @@ static const uint8_t hid_report_desc[] = {
HID_REPORT_COUNT(1),
HID_REPORT_SIZE(8),
HID_INPUT(HID_IOF_CONSTANT | HID_IOF_VARIABLE | HID_IOF_ABSOLUTE),
HID_REPORT_COUNT(6),
HID_USAGE_PAGE(HID_PAGE_LED),
HID_REPORT_COUNT(8),
HID_REPORT_SIZE(1),
HID_USAGE_MINIMUM(1),
HID_USAGE_MAXIMUM(8),
HID_OUTPUT(HID_IOF_DATA | HID_IOF_VARIABLE | HID_IOF_ABSOLUTE),
HID_REPORT_COUNT(HID_KB_MAX_KEYS),
HID_REPORT_SIZE(8),
HID_LOGICAL_MINIMUM(0),
HID_LOGICAL_MAXIMUM(101),
@@ -86,6 +100,18 @@ static const uint8_t hid_report_desc[] = {
HID_INPUT(HID_IOF_DATA | HID_IOF_VARIABLE | HID_IOF_RELATIVE),
HID_END_COLLECTION,
HID_END_COLLECTION,
HID_USAGE_PAGE(HID_PAGE_CONSUMER),
HID_USAGE(HID_CONSUMER_CONTROL),
HID_COLLECTION(HID_APPLICATION_COLLECTION),
HID_REPORT_ID(ReportIdConsumer),
HID_LOGICAL_MINIMUM(0),
HID_RI_LOGICAL_MAXIMUM(16, 0x3FF),
HID_USAGE_MINIMUM(0),
HID_RI_USAGE_MAXIMUM(16, 0x3FF),
HID_REPORT_COUNT(HID_CONSUMER_MAX_KEYS),
HID_REPORT_SIZE(16),
HID_INPUT(HID_IOF_DATA | HID_IOF_ARRAY | HID_IOF_ABSOLUTE),
HID_END_COLLECTION,
};
static const struct usb_string_descriptor dev_manuf_desc = USB_STRING_DESC("Logitech");
@@ -138,7 +164,7 @@ static const struct HidConfigDescriptor hid_cfg_desc = {
.bDescriptorType = USB_DTYPE_INTERFACE,
.bInterfaceNumber = 0,
.bAlternateSetting = 0,
.bNumEndpoints = 1,
.bNumEndpoints = 2,
.bInterfaceClass = USB_CLASS_HID,
.bInterfaceSubClass = USB_HID_SUBCLASS_NONBOOT,
.bInterfaceProtocol = USB_HID_PROTO_NONBOOT,
@@ -153,12 +179,20 @@ static const struct HidConfigDescriptor hid_cfg_desc = {
.bDescriptorType0 = USB_DTYPE_HID_REPORT,
.wDescriptorLength0 = sizeof(hid_report_desc),
},
.hid_ep = {
.hid_ep_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_RIN_EP,
.bEndpointAddress = HID_EP_IN,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_RIN_SZ,
.wMaxPacketSize = HID_EP_SZ,
.bInterval = 10,
},
.hid_ep_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_EP_OUT,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_EP_SZ,
.bInterval = 10,
},
},
@@ -179,9 +213,20 @@ struct HidReportKB {
uint8_t btn[HID_KB_MAX_KEYS];
} __attribute__((packed));
struct HidReportConsumer {
uint8_t report_id;
uint16_t btn[HID_CONSUMER_MAX_KEYS];
} __attribute__((packed));
struct HidReportLED {
uint8_t report_id;
uint8_t led_state;
} __attribute__((packed));
static struct HidReport {
struct HidReportKB keyboard;
struct HidReportMouse mouse;
struct HidReportConsumer consumer;
} __attribute__((packed)) hid_report;
static void hid_init(usbd_device* dev, UsbInterface* intf);
@@ -197,11 +242,16 @@ static osSemaphoreId_t hid_semaphore = NULL;
static bool hid_connected = false;
static HidStateCallback callback;
static void* cb_ctx;
static uint8_t led_state;
bool furi_hal_hid_is_connected() {
return hid_connected;
}
uint8_t furi_hal_hid_get_led_state() {
return led_state;
}
void furi_hal_hid_set_state_callback(HidStateCallback cb, void* ctx) {
if (callback != NULL) {
if (hid_connected == true)
@@ -273,6 +323,26 @@ bool furi_hal_hid_mouse_scroll(int8_t delta) {
return state;
}
bool furi_hal_hid_consumer_key_press(uint16_t button) {
for (uint8_t key_nb = 0; key_nb < HID_CONSUMER_MAX_KEYS; key_nb++) {
if (hid_report.consumer.btn[key_nb] == 0) {
hid_report.consumer.btn[key_nb] = button;
break;
}
}
return hid_send_report(ReportIdConsumer);
}
bool furi_hal_hid_consumer_key_release(uint16_t button) {
for (uint8_t key_nb = 0; key_nb < HID_CONSUMER_MAX_KEYS; key_nb++) {
if (hid_report.consumer.btn[key_nb] == button) {
hid_report.consumer.btn[key_nb] = 0;
break;
}
}
return hid_send_report(ReportIdConsumer);
}
UsbInterface usb_hid = {
.init = hid_init,
.deinit = hid_deinit,
@@ -294,6 +364,7 @@ static void hid_init(usbd_device* dev, UsbInterface* intf) {
usb_dev = dev;
hid_report.keyboard.report_id = ReportIdKeyboard;
hid_report.mouse.report_id = ReportIdMouse;
hid_report.consumer.report_id = ReportIdConsumer;
usbd_reg_config(dev, hid_ep_config);
usbd_reg_control(dev, hid_control);
@@ -331,16 +402,24 @@ static bool hid_send_report(uint8_t report_id)
furi_check(osSemaphoreAcquire(hid_semaphore, osWaitForever) == osOK);
if (hid_connected == true) {
if (report_id == ReportIdKeyboard)
usbd_ep_write(usb_dev, HID_RIN_EP, &hid_report.keyboard, sizeof(hid_report.keyboard));
else
usbd_ep_write(usb_dev, HID_RIN_EP, &hid_report.mouse, sizeof(hid_report.mouse));
usbd_ep_write(usb_dev, HID_EP_IN, &hid_report.keyboard, sizeof(hid_report.keyboard));
else if (report_id == ReportIdMouse)
usbd_ep_write(usb_dev, HID_EP_IN, &hid_report.mouse, sizeof(hid_report.mouse));
else if (report_id == ReportIdConsumer)
usbd_ep_write(usb_dev, HID_EP_IN, &hid_report.consumer, sizeof(hid_report.consumer));
return true;
}
return false;
}
static void hid_ep_callback(usbd_device *dev, uint8_t event, uint8_t ep) {
osSemaphoreRelease(hid_semaphore);
static void hid_txrx_ep_callback(usbd_device *dev, uint8_t event, uint8_t ep) {
if (event == usbd_evt_eptx) {
osSemaphoreRelease(hid_semaphore);
} else {
struct HidReportLED leds;
usbd_ep_read(usb_dev, ep, &leds, 2);
led_state = leds.led_state;
}
}
/* Configure endpoints */
@@ -348,14 +427,18 @@ static usbd_respond hid_ep_config (usbd_device *dev, uint8_t cfg) {
switch (cfg) {
case 0:
/* deconfiguring device */
usbd_ep_deconfig(dev, HID_RIN_EP);
usbd_reg_endpoint(dev, HID_RIN_EP, 0);
usbd_ep_deconfig(dev, HID_EP_OUT);
usbd_ep_deconfig(dev, HID_EP_IN);
usbd_reg_endpoint(dev, HID_EP_OUT, 0);
usbd_reg_endpoint(dev, HID_EP_IN, 0);
return usbd_ack;
case 1:
/* configuring device */
usbd_ep_config(dev, HID_RIN_EP, USB_EPTYPE_INTERRUPT, HID_RIN_SZ);
usbd_reg_endpoint(dev, HID_RIN_EP, hid_ep_callback);
usbd_ep_write(dev, HID_RIN_EP, 0, 0);
usbd_ep_config(dev, HID_EP_IN, USB_EPTYPE_INTERRUPT, HID_EP_SZ);
usbd_ep_config(dev, HID_EP_OUT, USB_EPTYPE_INTERRUPT, HID_EP_SZ);
usbd_reg_endpoint(dev, HID_EP_IN, hid_txrx_ep_callback);
usbd_reg_endpoint(dev, HID_EP_OUT, hid_txrx_ep_callback);
usbd_ep_write(dev, HID_EP_IN, 0, 0);
return usbd_ack;
default:
return usbd_fail;

126
firmware/targets/f7/furi-hal/furi-hal-usb-u2f.c
View File

@@ -71,71 +71,65 @@ static const struct usb_device_descriptor hid_u2f_device_desc = {
/* Device configuration descriptor */
static const struct HidConfigDescriptor hid_u2f_cfg_desc = {
.config =
.config = {
.bLength = sizeof(struct usb_config_descriptor),
.bDescriptorType = USB_DTYPE_CONFIGURATION,
.wTotalLength = sizeof(struct HidConfigDescriptor),
.bNumInterfaces = 1,
.bConfigurationValue = 1,
.iConfiguration = NO_DESCRIPTOR,
.bmAttributes = USB_CFG_ATTR_RESERVED | USB_CFG_ATTR_SELFPOWERED,
.bMaxPower = USB_CFG_POWER_MA(100),
},
.iad_0 = {
.hid_iad =
{
.bLength = sizeof(struct usb_config_descriptor),
.bDescriptorType = USB_DTYPE_CONFIGURATION,
.wTotalLength = sizeof(struct HidConfigDescriptor),
.bNumInterfaces = 1,
.bConfigurationValue = 1,
.iConfiguration = NO_DESCRIPTOR,
.bmAttributes = USB_CFG_ATTR_RESERVED | USB_CFG_ATTR_SELFPOWERED,
.bMaxPower = USB_CFG_POWER_MA(100),
.bLength = sizeof(struct usb_iad_descriptor),
.bDescriptorType = USB_DTYPE_INTERFASEASSOC,
.bFirstInterface = 0,
.bInterfaceCount = 1,
.bFunctionClass = USB_CLASS_PER_INTERFACE,
.bFunctionSubClass = USB_SUBCLASS_NONE,
.bFunctionProtocol = USB_PROTO_NONE,
.iFunction = NO_DESCRIPTOR,
},
.iad_0 =
{
.hid_iad =
{
.bLength = sizeof(struct usb_iad_descriptor),
.bDescriptorType = USB_DTYPE_INTERFASEASSOC,
.bFirstInterface = 0,
.bInterfaceCount = 1,
.bFunctionClass = USB_CLASS_PER_INTERFACE,
.bFunctionSubClass = USB_SUBCLASS_NONE,
.bFunctionProtocol = USB_PROTO_NONE,
.iFunction = NO_DESCRIPTOR,
},
.hid =
{
.bLength = sizeof(struct usb_interface_descriptor),
.bDescriptorType = USB_DTYPE_INTERFACE,
.bInterfaceNumber = 0,
.bAlternateSetting = 0,
.bNumEndpoints = 2,
.bInterfaceClass = USB_CLASS_HID,
.bInterfaceSubClass = USB_HID_SUBCLASS_NONBOOT,
.bInterfaceProtocol = USB_HID_PROTO_NONBOOT,
.iInterface = NO_DESCRIPTOR,
},
.hid_desc =
{
.bLength = sizeof(struct usb_hid_descriptor),
.bDescriptorType = USB_DTYPE_HID,
.bcdHID = VERSION_BCD(1, 0, 0),
.bCountryCode = USB_HID_COUNTRY_NONE,
.bNumDescriptors = 1,
.bDescriptorType0 = USB_DTYPE_HID_REPORT,
.wDescriptorLength0 = sizeof(hid_u2f_report_desc),
},
.hid_ep_in =
{
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_EP_IN,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_U2F_PACKET_LEN,
.bInterval = 5,
},
.hid_ep_out =
{
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_EP_OUT,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_U2F_PACKET_LEN,
.bInterval = 5,
},
.hid = {
.bLength = sizeof(struct usb_interface_descriptor),
.bDescriptorType = USB_DTYPE_INTERFACE,
.bInterfaceNumber = 0,
.bAlternateSetting = 0,
.bNumEndpoints = 2,
.bInterfaceClass = USB_CLASS_HID,
.bInterfaceSubClass = USB_HID_SUBCLASS_NONBOOT,
.bInterfaceProtocol = USB_HID_PROTO_NONBOOT,
.iInterface = NO_DESCRIPTOR,
},
.hid_desc = {
.bLength = sizeof(struct usb_hid_descriptor),
.bDescriptorType = USB_DTYPE_HID,
.bcdHID = VERSION_BCD(1, 0, 0),
.bCountryCode = USB_HID_COUNTRY_NONE,
.bNumDescriptors = 1,
.bDescriptorType0 = USB_DTYPE_HID_REPORT,
.wDescriptorLength0 = sizeof(hid_u2f_report_desc),
},
.hid_ep_in = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_EP_IN,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_U2F_PACKET_LEN,
.bInterval = 5,
},
.hid_ep_out = {
.bLength = sizeof(struct usb_endpoint_descriptor),
.bDescriptorType = USB_DTYPE_ENDPOINT,
.bEndpointAddress = HID_EP_OUT,
.bmAttributes = USB_EPTYPE_INTERRUPT,
.wMaxPacketSize = HID_U2F_PACKET_LEN,
.bInterval = 5,
},
},
};
static void hid_u2f_init(usbd_device* dev, UsbInterface* intf);
@@ -254,10 +248,10 @@ static usbd_respond hid_u2f_ep_config(usbd_device* dev, uint8_t cfg) {
switch(cfg) {
case 0:
/* deconfiguring device */
usbd_ep_deconfig(dev, HID_EP_IN);
usbd_ep_deconfig(dev, HID_EP_OUT);
usbd_reg_endpoint(dev, HID_EP_IN, 0);
usbd_ep_deconfig(dev, HID_EP_IN);
usbd_reg_endpoint(dev, HID_EP_OUT, 0);
usbd_reg_endpoint(dev, HID_EP_IN, 0);
return usbd_ack;
case 1:
/* configuring device */
@@ -281,10 +275,6 @@ static usbd_respond hid_u2f_control(usbd_device* dev, usbd_ctlreq* req, usbd_rqc
switch(req->bRequest) {
case USB_HID_SETIDLE:
return usbd_ack;
case USB_HID_GETREPORT:
// dev->status.data_ptr = &hid_u2f_report;
// dev->status.data_count = sizeof(hid_u2f_report);
return usbd_ack;
default:
return usbd_fail;
}

3
firmware/targets/f7/target.mk
View File

@@ -71,7 +71,8 @@ C_SOURCES += \
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_tim.c \
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_usart.c \
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_lpuart.c \
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_utils.c
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_utils.c \
$(CUBE_DIR)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_ll_rng.c
# FreeRTOS
CFLAGS += \