1 // SPDX-License-Identifier: GPL-2.0-or-later 2 #include <unistd.h> 3 #include "switch.h" 4 5 enum { 6 DATA_MODE, 7 DATA_MODEVAL, 8 DATA_MSG, 9 DATA_INTERFACE, 10 DATA_MSG_EP, 11 DATA_RES_EP, 12 DATA_RESPONSE, 13 DATA_RELEASE_DELAY, 14 DATA_CONFIG, 15 DATA_ALT, 16 DATA_DEV_CLASS, 17 __DATA_MAX 18 }; 19 20 static void detach_driver(struct usbdev_data *data) 21 { 22 libusb_detach_kernel_driver(data->devh, data->interface); 23 } 24 25 struct msg_entry { 26 char *data; 27 int len; 28 }; 29 30 static int send_msg(struct usbdev_data *data, struct msg_entry *msg) 31 { 32 int transferred; 33 34 return libusb_bulk_transfer(data->devh, data->msg_endpoint, 35 (void *) msg->data, msg->len, 36 &transferred, 3000); 37 } 38 39 static int read_response(struct usbdev_data *data, int len) 40 { 41 unsigned char *buf; 42 int ret, transferred; 43 44 if (len < 13) 45 len = 13; 46 buf = alloca(len); 47 ret = libusb_bulk_transfer(data->devh, data->response_endpoint, 48 buf, len, &transferred, 3000); 49 libusb_bulk_transfer(data->devh, data->response_endpoint, 50 buf, 13, &transferred, 100); 51 return ret; 52 } 53 54 static void send_messages(struct usbdev_data *data, struct msg_entry *msg, int n_msg) 55 { 56 int i, len; 57 58 libusb_claim_interface(data->devh, data->interface); 59 libusb_clear_halt(data->devh, data->msg_endpoint); 60 61 for (i = 0; i < n_msg; i++) { 62 if (send_msg(data, &msg[i])) { 63 fprintf(stderr, "Failed to send switch message\n"); 64 continue; 65 } 66 67 if (!data->need_response) 68 continue; 69 70 if (!memcmp(msg[i].data, "\x55\x53\x42\x43", 4)) 71 len = 13; 72 else 73 len = msg[i].len; 74 75 if (read_response(data, len)) 76 return; 77 } 78 79 libusb_clear_halt(data->devh, data->msg_endpoint); 80 libusb_clear_halt(data->devh, data->response_endpoint); 81 82 usleep(200000); 83 84 if (data->release_delay) 85 usleep(data->release_delay * 1000); 86 87 libusb_release_interface(data->devh, data->interface); 88 return; 89 } 90 91 static void send_config_messages(struct usbdev_data *data, struct blob_attr *attr) 92 { 93 struct blob_attr *cur; 94 int rem, n_msg = 0; 95 struct msg_entry *msg; 96 97 blobmsg_for_each_attr(cur, attr, rem) 98 n_msg++; 99 100 msg = alloca(n_msg * sizeof(*msg)); 101 n_msg = 0; 102 blobmsg_for_each_attr(cur, attr, rem) { 103 int msg_nr; 104 105 if (blobmsg_type(cur) != BLOBMSG_TYPE_INT32) { 106 fprintf(stderr, "Invalid data in message list\n"); 107 return; 108 } 109 110 msg_nr = blobmsg_get_u32(cur); 111 if (msg_nr >= n_messages) { 112 fprintf(stderr, "Message index out of range!\n"); 113 return; 114 } 115 116 msg[n_msg].data = messages[msg_nr]; 117 msg[n_msg++].len = message_len[msg_nr]; 118 } 119 120 send_messages(data, msg, n_msg); 121 } 122 123 static void handle_generic(struct usbdev_data *data, struct blob_attr **tb) 124 { 125 detach_driver(data); 126 send_config_messages(data, tb[DATA_MSG]); 127 } 128 129 static void send_control_packet(struct usbdev_data *data, uint8_t type, uint8_t req, 130 uint16_t val, uint16_t idx, int len) 131 { 132 unsigned char *buffer = alloca(len ? len : 1); 133 134 libusb_control_transfer(data->devh, type, req, val, idx, buffer, len, 1000); 135 } 136 137 static void handle_huawei(struct usbdev_data *data, struct blob_attr **tb) 138 { 139 int type = LIBUSB_REQUEST_TYPE_STANDARD | LIBUSB_RECIPIENT_DEVICE; 140 send_control_packet(data, type, LIBUSB_REQUEST_SET_FEATURE, 1, 0, 0); 141 } 142 143 static void handle_huaweinew(struct usbdev_data *data, struct blob_attr **tb) 144 { 145 static struct msg_entry msgs[] = { 146 { 147 "\x55\x53\x42\x43\x12\x34\x56\x78\x00\x00\x00\x00\x00\x00\x00\x11" 148 "\x06\x20\x00\x00\x01\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 149 } 150 }; 151 152 detach_driver(data); 153 data->need_response = false; 154 send_messages(data, msgs, ARRAY_SIZE(msgs)); 155 } 156 157 static void handle_option(struct usbdev_data *data, struct blob_attr **tb) 158 { 159 static struct msg_entry msgs[] = { 160 { 161 "\x55\x53\x42\x43\x12\x34\x56\x78\x00\x00\x00\x00\x00\x00\x06\x01" 162 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 163 } 164 }; 165 166 detach_driver(data); 167 data->need_response = false; 168 send_messages(data, msgs, ARRAY_SIZE(msgs)); 169 } 170 171 static void handle_standardeject(struct usbdev_data *data, struct blob_attr **tb) 172 { 173 static struct msg_entry msgs[] = { 174 { 175 "\x55\x53\x42\x43\x12\x34\x56\x78\x00\x00\x00\x00\x00\x00\x06\x1e" 176 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 177 }, { 178 "\x55\x53\x42\x43\x12\x34\x56\x79\x00\x00\x00\x00\x00\x00\x06\x1b" 179 "\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 180 }, { 181 "\x55\x53\x42\x43\x12\x34\x56\x78\x00\x00\x00\x00\x00\x01\x06\x1e" 182 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 183 }, { 184 "\x55\x53\x42\x43\x12\x34\x56\x79\x00\x00\x00\x00\x00\x01\x06\x1b" 185 "\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 186 } 187 }; 188 189 detach_driver(data); 190 data->need_response = true; 191 send_messages(data, msgs, ARRAY_SIZE(msgs)); 192 } 193 194 static void handle_sierra(struct usbdev_data *data, struct blob_attr **tb) 195 { 196 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE; 197 send_control_packet(data, type, LIBUSB_REQUEST_SET_INTERFACE, 1, 0, 0); 198 } 199 200 static void handle_sony(struct usbdev_data *data, struct blob_attr **tb) 201 { 202 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_ENDPOINT_IN; 203 int i; 204 205 detach_driver(data); 206 send_control_packet(data, type, 0x11, 2, 0, 3); 207 208 libusb_close(data->devh); 209 sleep(5); 210 211 for (i = 0; i < 25; i++) { 212 data->devh = libusb_open_device_with_vid_pid(usb, 213 data->desc.idVendor, data->desc.idProduct); 214 if (data->devh) 215 break; 216 } 217 218 send_control_packet(data, type, 0x11, 2, 0, 3); 219 } 220 221 static void handle_qisda(struct usbdev_data *data, struct blob_attr **tb) 222 { 223 static unsigned char buffer[] = "\x05\x8c\x04\x08\xa0\xee\x20\x00\x5c\x01\x04\x08\x98\xcd\xea\xbf"; 224 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE; 225 226 libusb_control_transfer(data->devh, type, 0x04, 0, 0, buffer, 16, 1000); 227 } 228 229 static void handle_gct(struct usbdev_data *data, struct blob_attr **tb) 230 { 231 int type = LIBUSB_REQUEST_TYPE_CLASS | LIBUSB_RECIPIENT_INTERFACE | LIBUSB_ENDPOINT_IN; 232 233 detach_driver(data); 234 235 if (libusb_claim_interface(data->devh, data->interface)) 236 return; 237 238 send_control_packet(data, type, 0xa0, 0, data->interface, 1); 239 send_control_packet(data, type, 0xfe, 0, data->interface, 1); 240 241 libusb_release_interface(data->devh, data->interface); 242 } 243 244 static void handle_kobil(struct usbdev_data *data, struct blob_attr **tb) 245 { 246 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN; 247 248 detach_driver(data); 249 send_control_packet(data, type, 0x88, 0, 0, 8); 250 } 251 252 static void handle_sequans(struct usbdev_data *data, struct blob_attr **tb) 253 { 254 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE; 255 send_control_packet(data, type, LIBUSB_REQUEST_SET_INTERFACE, 2, 0, 0); 256 } 257 258 static void mobile_action_interrupt_msg(struct usbdev_data *data, void *msg, int n_in) 259 { 260 unsigned char *buf = alloca(8); 261 int ep_out = 0x02, ep_in = 0x81; 262 int transferred; 263 int i; 264 265 if (msg) 266 libusb_interrupt_transfer(data->devh, ep_out, msg, 8, &transferred, 1000); 267 for (i = 0; i < n_in; i++) 268 libusb_interrupt_transfer(data->devh, ep_in, buf, 8, &transferred, 1000); 269 } 270 271 static void handle_mobile_action(struct usbdev_data *data, struct blob_attr **tb) 272 { 273 int type = LIBUSB_REQUEST_TYPE_CLASS | LIBUSB_RECIPIENT_INTERFACE; 274 char *msg[] = { 275 "\xb0\x04\x00\x00\x02\x90\x26\x86", 276 "\x37\x01\xfe\xdb\xc1\x33\x1f\x83", 277 "\x37\x0e\xb5\x9d\x3b\x8a\x91\x51", 278 "\x34\x87\xba\x0d\xfc\x8a\x91\x51", 279 "\x37\x01\xfe\xdb\xc1\x33\x1f\x83", 280 "\x37\x0e\xb5\x9d\x3b\x8a\x91\x51", 281 "\x34\x87\xba\x0d\xfc\x8a\x91\x51", 282 "\x33\x04\xfe\x00\xf4\x6c\x1f\xf0", 283 "\x32\x07\xfe\xf0\x29\xb9\x3a\xf0" 284 }; 285 int i; 286 287 for (i = 0; i < 2; i++) 288 libusb_control_transfer(data->devh, type, 0x09, 0x0300, 0, (void *) msg[0], 8, 1000); 289 mobile_action_interrupt_msg(data, NULL, 2); 290 mobile_action_interrupt_msg(data, msg[1], 1); 291 mobile_action_interrupt_msg(data, msg[2], 1); 292 mobile_action_interrupt_msg(data, msg[3], 63); 293 mobile_action_interrupt_msg(data, msg[4], 1); 294 mobile_action_interrupt_msg(data, msg[5], 1); 295 mobile_action_interrupt_msg(data, msg[6], 73); 296 mobile_action_interrupt_msg(data, msg[7], 1); 297 mobile_action_interrupt_msg(data, msg[8], 1); 298 } 299 300 static void handle_cisco(struct usbdev_data *data, struct blob_attr **tb) 301 { 302 static struct msg_entry msgs[] = { 303 { 304 "\x55\x53\x42\x43\xf8\x3b\xcd\x81\x00\x02\x00\x00\x80\x00\x0a\xfd" 305 "\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 306 }, { 307 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x02\x00\x00\x80\x00\x0a\xfd" 308 "\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 309 }, { 310 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x00\x00\x00\x00\x00\x0a\xfd" 311 "\x00\x01\x00\x07\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 312 }, { 313 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x02\x00\x00\x80\x00\x0a\xfd" 314 "\x00\x02\x00\x23\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 315 }, { 316 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x00\x00\x00\x00\x00\x0a\xfd" 317 "\x00\x03\x00\x23\x82\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 318 }, { 319 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x02\x00\x00\x80\x00\x0a\xfd" 320 "\x00\x02\x00\x26\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 321 }, { 322 "\x55\x53\x42\x43\x98\x43\x00\x82\x00\x00\x00\x00\x00\x00\x0a\xfd" 323 "\x00\x03\x00\x26\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 324 }, { 325 "\x55\x53\x42\x43\xd8\x4c\x04\x82\x00\x02\x00\x00\x80\x00\x0a\xfd" 326 "\x00\x00\x10\x73\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 327 }, { 328 "\x55\x53\x42\x43\xd8\x4c\x04\x82\x00\x02\x00\x00\x80\x00\x0a\xfd" 329 "\x00\x02\x00\x24\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00", 31 330 }, { 331 "\x55\x53\x42\x43\xd8\x4c\x04\x82\x00\x00\x00\x00\x00\x00\x0a\xfd" 332 "\x00\x03\x00\x24\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 333 }, { 334 "\x55\x53\x42\x43\xd8\x4c\x04\x82\x00\x00\x00\x00\x00\x00\x0a\xfd" 335 "\x00\x01\x10\x73\x24\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 31 336 } 337 338 }; 339 340 detach_driver(data); 341 data->need_response = true; 342 send_messages(data, msgs, ARRAY_SIZE(msgs)); 343 } 344 345 static void handle_mbim(struct usbdev_data *data, struct blob_attr **tb) 346 { 347 int j; 348 349 if (data->desc.bNumConfigurations < 2) 350 return; 351 352 for (j = 0; j < data->desc.bNumConfigurations; j++) { 353 struct libusb_config_descriptor *config; 354 int i; 355 356 libusb_get_config_descriptor(data->dev, j, &config); 357 358 for (i = 0; i < config->bNumInterfaces; i++) { 359 if (config->interface[i].altsetting[0].bInterfaceClass == 2) { 360 if (config->interface[i].altsetting[0].bInterfaceSubClass == 0x0e) { 361 struct libusb_config_descriptor *active; 362 int count = 5; 363 364 libusb_get_active_config_descriptor(data->dev, &active); 365 if (active->bConfigurationValue == config->bConfigurationValue) 366 return; 367 while ((libusb_set_configuration(data->devh, config->bConfigurationValue) < 0) && --count) 368 libusb_detach_kernel_driver(data->devh, active->interface[0].altsetting[0].bInterfaceNumber); 369 370 libusb_free_config_descriptor(config); 371 return; 372 } 373 } 374 } 375 376 libusb_free_config_descriptor(config); 377 } 378 } 379 380 static void handle_quanta(struct usbdev_data *data, struct blob_attr **tb) 381 { 382 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN; 383 384 detach_driver(data); 385 send_control_packet(data, type, 0xff, 0, 0, 8); 386 } 387 388 static void handle_blackberry(struct usbdev_data *data, struct blob_attr **tb) 389 { 390 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_IN; 391 392 detach_driver(data); 393 send_control_packet(data, type, 0xb1, 0x0000, 0, 8); 394 send_control_packet(data, type, 0xa9, 0x000e, 0, 8); 395 } 396 397 static void handle_pantech(struct usbdev_data *data, struct blob_attr **tb) 398 { 399 int type = LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_OUT; 400 int val = 1; 401 402 if (tb[DATA_MODEVAL]) 403 val = blobmsg_get_u32(tb[DATA_MODEVAL]); 404 detach_driver(data); 405 if (val > 1) 406 send_control_packet(data, type, 0x70, val, 0, 0); 407 } 408 409 static void set_alt_setting(struct usbdev_data *data, int setting) 410 { 411 if (libusb_claim_interface(data->devh, data->interface)) 412 return; 413 414 libusb_set_interface_alt_setting(data->devh, data->interface, setting); 415 libusb_release_interface(data->devh, data->interface); 416 } 417 418 enum { 419 MODE_GENERIC, 420 MODE_HUAWEI, 421 MODE_HUAWEINEW, 422 MODE_SIERRA, 423 MODE_STDEJECT, 424 MODE_SONY, 425 MODE_QISDA, 426 MODE_GCT, 427 MODE_KOBIL, 428 MODE_SEQUANS, 429 MODE_MOBILE_ACTION, 430 MODE_CISCO, 431 MODE_MBIM, 432 MODE_OPTION, 433 MODE_QUANTA, 434 MODE_BLACKBERRY, 435 MODE_PANTECH, 436 __MODE_MAX 437 }; 438 439 static const struct { 440 const char *name; 441 void (*cb)(struct usbdev_data *data, struct blob_attr **tb); 442 } modeswitch_cb[__MODE_MAX] = { 443 [MODE_GENERIC] = { "Generic", handle_generic }, 444 [MODE_STDEJECT] = { "StandardEject", handle_standardeject }, 445 [MODE_HUAWEI] = { "Huawei", handle_huawei }, 446 [MODE_HUAWEINEW] = { "HuaweiNew", handle_huaweinew }, 447 [MODE_SIERRA] = { "Sierra", handle_sierra }, 448 [MODE_SONY] = { "Sony", handle_sony }, 449 [MODE_QISDA] = { "Qisda", handle_qisda }, 450 [MODE_GCT] = { "GCT", handle_gct }, 451 [MODE_KOBIL] = { "Kobil", handle_kobil }, 452 [MODE_SEQUANS] = { "Sequans", handle_sequans }, 453 [MODE_MOBILE_ACTION] = { "MobileAction", handle_mobile_action }, 454 [MODE_CISCO] = { "Cisco", handle_cisco }, 455 [MODE_MBIM] = { "MBIM", handle_mbim }, 456 [MODE_OPTION] = { "Option", handle_option }, 457 [MODE_QUANTA] = { "Quanta", handle_quanta }, 458 [MODE_BLACKBERRY] = { "Blackberry", handle_blackberry }, 459 [MODE_PANTECH] = { "Pantech", handle_pantech }, 460 }; 461 462 void handle_switch(struct usbdev_data *data) 463 { 464 static const struct blobmsg_policy data_policy[__DATA_MAX] = { 465 [DATA_MODE] = { .name = "mode", .type = BLOBMSG_TYPE_STRING }, 466 [DATA_MODEVAL] = { .name = "modeval", .type = BLOBMSG_TYPE_INT32 }, 467 [DATA_MSG] = { .name = "msg", .type = BLOBMSG_TYPE_ARRAY }, 468 [DATA_INTERFACE] = { .name = "interface", .type = BLOBMSG_TYPE_INT32 }, 469 [DATA_MSG_EP] = { .name = "msg_endpoint", .type = BLOBMSG_TYPE_INT32 }, 470 [DATA_RES_EP] = { .name = "response_endpoint", .type = BLOBMSG_TYPE_INT32 }, 471 [DATA_RESPONSE] = { .name = "response", .type = BLOBMSG_TYPE_BOOL }, 472 [DATA_CONFIG] = { .name = "config", .type = BLOBMSG_TYPE_INT32 }, 473 [DATA_ALT] = { .name = "alt", .type = BLOBMSG_TYPE_INT32 }, 474 [DATA_DEV_CLASS] = { .name = "t_class", .type = BLOBMSG_TYPE_INT32 }, 475 }; 476 struct blob_attr *tb[__DATA_MAX]; 477 int mode = MODE_GENERIC; 478 int t_class = 0; 479 480 blobmsg_parse(data_policy, __DATA_MAX, tb, blobmsg_data(data->info), blobmsg_data_len(data->info)); 481 482 if (tb[DATA_DEV_CLASS]) 483 t_class = blobmsg_get_u32(tb[DATA_DEV_CLASS]); 484 485 if (tb[DATA_INTERFACE]) 486 data->interface = blobmsg_get_u32(tb[DATA_INTERFACE]); 487 488 if (tb[DATA_MSG_EP]) 489 data->msg_endpoint = blobmsg_get_u32(tb[DATA_MSG_EP]); 490 491 if (tb[DATA_RES_EP]) 492 data->response_endpoint = blobmsg_get_u32(tb[DATA_RES_EP]); 493 494 if (tb[DATA_RELEASE_DELAY]) 495 data->release_delay = blobmsg_get_u32(tb[DATA_RELEASE_DELAY]); 496 497 if (tb[DATA_RESPONSE]) 498 data->need_response = blobmsg_get_bool(tb[DATA_RESPONSE]); 499 500 if (t_class > 0 && data->dev_class != t_class) 501 return; 502 503 if (tb[DATA_MODE]) { 504 const char *modestr; 505 int i; 506 507 modestr = blobmsg_data(tb[DATA_MODE]); 508 for (i = 0; i < __MODE_MAX; i++) { 509 if (strcmp(modeswitch_cb[i].name, modestr) != 0) 510 continue; 511 512 mode = i; 513 break; 514 } 515 } 516 517 modeswitch_cb[mode].cb(data, tb); 518 519 if (tb[DATA_CONFIG]) { 520 int config, config_new; 521 522 config_new = blobmsg_get_u32(tb[DATA_CONFIG]); 523 if (libusb_get_configuration(data->devh, &config) || 524 config != config_new) { 525 libusb_set_configuration(data->devh, 0); 526 usleep(100000); 527 libusb_set_configuration(data->devh, config_new); 528 } 529 } 530 531 if (tb[DATA_ALT]) { 532 int new = blobmsg_get_u32(tb[DATA_ALT]); 533 set_alt_setting(data, new); 534 } 535 } 536
This page was automatically generated by LXR 0.3.1. • OpenWrt