Reverse Engineering a Samsung Scanner Button, page 3

Pages: 1 2 3 4 5 6 7 8

Step 1: Configure the VM for USB

In my case I created an XP VM in VirtualBox running on the CentOS server. Then I installed the "Guest Additions" for XP, and set up USB functionality using the guide at this url:

http://wiki.centos.org/HowTos/Virtualization/VirtualBox

Step 2: Install the driver and scanner software on the Windows VM

I installed the scanner driver for XP, and in my case the software for the Samsung SCX-3405w is called "Samsung Easy Print Manager". This is the software that allows you to press the "Scan" button and save the scan to a file, in a directory that you specify. Install your scanner software and adjust the settings to save scans to a specified directory.

Step 3: Setup "usbmon" on the CentOS host

I will reference the guide that set me on the right path:

https://www.kernel.org/doc/Documentation/usb/usbmon.txt

I was using the SSH client called "Putty". Feel free to use your chosen SSH client and open a shell to your server. The commands to type, and the responses are in bold.

Here were my steps:

1) Mount the debug file system and ensure that there are sockets created by the mount. You should see directories like 0s, 0u, 1s, 1u, etc...

The 't' and 'u' files will stream trace data. With 't' being the older format, 'u' is the one we want.

					[root@server5 ~]# mount -t debugfs none_debugs /sys/kernel/debug
					[root@server5 ~]# ls /sys/kernel/debug/usb/usbmon
					0s  0u  1s  1t  1u  2s  2t  2u  3s  3t  3u  4s  4t  4u  5s  5t  5u  6s  6t  6u  7s  7t  7u  8s  8t  8u
				

2) Find out where the device connects to the bus

					[root@server5 ~]# lsusb
					Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
					Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
					Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
					Bus 001 Device 003: ID 04e8:344f Samsung Electronics Co., Ltd
					Bus 002 Device 002: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
					Bus 003 Device 014: ID 0764:0501 Cyber Power System, Inc. CP1500 AVR UPS
					Bus 008 Device 002: ID 046a:0008 Cherry GmbH Wireless Keyboard and Mouse
					[root@server5 ~]#
			

In my case the results were: Bus 001 Device 003: ID 04e8:344f Samsung Electronics Co., Ltd

The result tells us that we should dump Bus 001 to a file:

					cat /sys/kernel/debug/usb/usbmon/1u > /tmp/usbmon_bus1.txt
			

That 'cat' command is persistent, so it will not end until you break out of it, or you kill it's PID. All activity on Bus 001 is now being dumped to a file.

Step 4: Capture the scan events

This is the time to capture everything that happens when you press the "Scan" button. Press the button, and after the scan completes, break out of the cat command via 'ctrl+ C' and the cat command ends. You are no longer writing to file.

Then, to unmount the debug file system, type:

					[root@server5 ~]# umount /sys/kernel/debug
			

Next page