简介
使用嵌入式设备,通过otg接口连接电脑主机,可以简单的实现键鼠的模拟。
最终的效果:将一个设备插在电脑上,可通过设备中的程序模拟成键盘/鼠标,从而被主机识别,并以此来操控主机。
参考文章:
http://trac.gateworks.com/wiki/linux/OTG
https://www.kernel.org/doc/html/latest/usb/gadget_configfs.html
http://www.usbzh.com/
参考代码:
https://www.kernel.org/doc/Documentation/usb/gadget_hid.txt
https://github.com/nesto-software/USBProxy
环境说明
嵌入式设备:有OTG接口(不是普通的U口),linux操作系统,内核版本4.19(更旧的版本没试过),内核支持configfs,hid相关的gadget(例如g_hid\f_hid等),如果要同时支持键盘鼠标,可能需要内核支持libcomposite。
主机:winXP/win7/win10/winServer/ubuntu/centos已测,但有些win7遇到过问题,具体原因不详,可能和windows自身的驱动有关。
设备和主机的连接方式:嵌入式设备OTG接口和PC的USB接口做连接,线缆型号和嵌入式设备的OTG接口有关。例如树莓派,可直接将U口插在主机。
实现相关
linux C、configfs
实现步骤
使用键盘举例说明,鼠标大同小异,差别仅在于report相关信息
1.枚举
枚举过程可通过手动命令实现,亦可调用libusbgx-master(git搜索即可)的api,原理相同
(1)挂载,挂载的目录随意,参考已有文章大多数放在/sys/kernel/config目录下,此时目录下以生成和设备硬件配套的相关目录。一般是usb_gadget.
# mount -t configfs none /sys/kernel/config
(2)创建gadget目录,创建目录后系统自动生成文件在该目录下
# mkdir -p /sys/kernel/config/usb_gadget/my_gadget
(3)填充厂商ID/产品ID/等,这些数据随意一些即可
# echo 0x1234 > /sys/kernel/config/usb_gadget/my_gadget/idVendor
# echo 0x5678 > /sys/kernel/config/usb_gadget/my_gadget/idProduct
....
(4)创建hid-键盘相关文件,创建好文件夹后,自动生成hid相关的配置文件以共填充
# cd /sys/kernel/config/usb_gadget/my_gadget/functions
# mkdir hid.keyboard
# cd hid.keyboard
# ls
//dev protocol report_desc report_length subclass
(5)填充配置文件,可参考已有的真实设备。其中protocol=1标识键盘设备,subclass=1标识仅有一个接口描述符,report_length标识该hid设备每次发送的报表长度为8字节,report_desc标识该hid设备的报表描述符。
其中report_length的值根据report_desc得出。如何计算可参考libusb官网示例或USB中文网中的介绍。
# echo 1 > protocol
# echo 1 > subclass
# echo 8 > report_length
# echo -ne \\x05\\x01\\x09\\x06\\xa1\\x01\\x05\\x07\\x19\\xe0\\x29\\xe7\\x15\\x00\\x25\\x01\\x75\\x01\\x95\\x08\\x81\\x02\\x95\\x01\\x75\\x08\\x81\\x03\\x95\\x05\\x75\\x01\\x05\\x08\\x19\\x01\\x29\\x05\\x91\\x02\\x95\\x01\\x75\\x03\\x91\\x03\\x95\\x06\\x75\\x08\\x15\\x00\\x25\\x65\\x05\\x07\\x19\\x00\\x29\\x65\\x81\\x00\\xc0 > report_desc
(6)创建配置描述符,在configs目录下自动生成相关的目录,例如b.1或c.1等,若没有可尝试自行创建
# cd /sys/kernel/config/usb_gadget/my_gadget/
# ln -s functions/hid.keyboard configs/c.1/
(7)使能,将设备(不同设备的udc名称不同)重新写入UDC文件,类似于重新上电,正常情况下,此时主机应已经枚举到键盘设备,例如windows可在设备和打印机中看到键盘设备。
# ls /sys/class/udc/
// fcc00000.dwc3
# echo fcc00000.dwc3 > UDC
2.数据交互
数据的交互由用户层的代码实现,通信手段是对文件/dev/hidgX文件的读写,如果在上述1-7步骤中仅软连接了一个设备,则是hidg0;如果软连接了多个设备,则根据文件名称的字典顺序依次是hidg0,hidg1等。
(1)程序及应用方式:摘自https://www.kernel.org/doc/Documentation/usb/gadget_hid.txt
#include <pthread.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define BUF_LEN 512
struct options {
const char *opt;
unsigned char val;
};
static struct options kmod[] = {
{.opt = "--left-ctrl", .val = 0x01},
{.opt = "--right-ctrl", .val = 0x10},
{.opt = "--left-shift", .val = 0x02},
{.opt = "--right-shift", .val = 0x20},
{.opt = "--left-alt", .val = 0x04},
{.opt = "--right-alt", .val = 0x40},
{.opt = "--left-meta", .val = 0x08},
{.opt = "--right-meta", .val = 0x80},
{.opt = NULL}
};
static struct options kval[] = {
{.opt = "--return", .val = 0x28},
{.opt = "--esc", .val = 0x29},
{.opt = "--bckspc", .val = 0x2a},
{.opt = "--tab", .val = 0x2b},
{.opt = "--spacebar", .val = 0x2c},
{.opt = "--caps-lock", .val = 0x39},
{.opt = "--f1", .val = 0x3a},
{.opt = "--f2", .val = 0x3b},
{.opt = "--f3", .val = 0x3c},
{.opt = "--f4", .val = 0x3d},
{.opt = "--f5", .val = 0x3e},
{.opt = "--f6", .val = 0x3f},
{.opt = "--f7", .val = 0x40},
{.opt = "--f8", .val = 0x41},
{.opt = "--f9", .val = 0x42},
{.opt = "--f10", .val = 0x43},
{.opt = "--f11", .val = 0x44},
{.opt = "--f12", .val = 0x45},
{.opt = "--insert", .val = 0x49},
{.opt = "--home", .val = 0x4a},
{.opt = "--pageup", .val = 0x4b},
{.opt = "--del", .val = 0x4c},
{.opt = "--end", .val = 0x4d},
{.opt = "--pagedown", .val = 0x4e},
{.opt = "--right", .val = 0x4f},
{.opt = "--left", .val = 0x50},
{.opt = "--down", .val = 0x51},
{.opt = "--kp-enter", .val = 0x58},
{.opt = "--up", .val = 0x52},
{.opt = "--num-lock", .val = 0x53},
{.opt = NULL}
};
int keyboard_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int key = 0;
int i = 0;
for (; tok != NULL; tok = strtok(NULL, " ")) {
if (strcmp(tok, "--quit") == 0)
return -1;
if (strcmp(tok, "--hold") == 0) {
*hold = 1;
continue;
}
if (key < 6) {
for (i = 0; kval[i].opt != NULL; i++)
if (strcmp(tok, kval[i].opt) == 0) {
report[2 + key++] = kval[i].val;
break;
}
if (kval[i].opt != NULL)
continue;
}
if (key < 6) if (islower(tok[0])) {
report[2 + key++] = (tok[0] - ('a' - 0x04));
continue;
}
for (i = 0; kmod[i].opt != NULL; i++)
if (strcmp(tok, kmod[i].opt) == 0) {
report[0] = report[0] | kmod[i].val;
break;
}
if (kmod[i].opt != NULL)
continue;
if (key < 6)
fprintf(stderr, "unknown option: %s\n", tok);
}
return 8;
}
static struct options mmod[] = {
{.opt = "--b1", .val = 0x01},
{.opt = "--b2", .val = 0x02},
{.opt = "--b3", .val = 0x04},
{.opt = NULL}
};
int mouse_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int mvt = 0;
int i = 0;
for (; tok != NULL; tok = strtok(NULL, " "))
{
if (strcmp(tok, "--quit") == 0)
return -1;
if (strcmp(tok, "--hold") == 0) {
*hold = 1;
continue;
}
for (i = 0; mmod[i].opt != NULL; i++)
if (strcmp(tok, mmod[i].opt) == 0) {
report[0] = report[0] | mmod[i].val;
break;
}
if (mmod[i].opt != NULL)
continue;
if (!(tok[0] == '-' && tok[1] == '-') && mvt < 2) {
errno = 0;
report[1 + mvt++] = (char)strtol(tok, NULL, 0);
if (errno != 0) {
fprintf(stderr, "Bad value:'%s'\n", tok);
report[1 + mvt--] = 0;
}
continue;
}
fprintf(stderr, "unknown option: %s\n", tok);
}
return 3;
}
static struct options jmod[] = {
{.opt = "--b1", .val = 0x10},
{.opt = "--b2", .val = 0x20},
{.opt = "--b3", .val = 0x40},
{.opt = "--b4", .val = 0x80},
{.opt = "--hat1", .val = 0x00},
{.opt = "--hat2", .val = 0x01},
{.opt = "--hat3", .val = 0x02},
{.opt = "--hat4", .val = 0x03},
{.opt = "--hatneutral", .val = 0x04},
{.opt = NULL}
};
int joystick_fill_report(char report[8], char buf[BUF_LEN], int *hold)
{
char *tok = strtok(buf, " ");
int mvt = 0;
int i = 0;
*hold = 1;
/* set default hat position: neutral */
report[3] = 0x04;
for (; tok != NULL; tok = strtok(NULL, " ")) {
if (strcmp(tok, "--quit") == 0)
return -1;
for (i = 0; jmod[i].opt != NULL; i++)
if (strcmp(tok, jmod[i].opt) == 0) {
report[3] = (report[3] & 0xF0) | jmod[i].val;
break;
}
if (jmod[i].opt != NULL)
continue;
if (!(tok[0] == '-' && tok[1] == '-') && mvt < 3) {
errno = 0;
report[mvt++] = (char)strtol(tok, NULL, 0);
if (errno != 0) {
fprintf(stderr, "Bad value:'%s'\n", tok);
report[mvt--] = 0;
}
continue;
}
fprintf(stderr, "unknown option: %s\n", tok);
}
return 4;
}
void print_options(char c)
{
int i = 0;
if (c == 'k') {
printf(" keyboard options:\n" " --hold\n");
for (i = 0; kmod[i].opt != NULL; i++)
printf("\t\t%s\n", kmod[i].opt);
printf("\n keyboard values:\n" " [a-z] or\n");
for (i = 0; kval[i].opt != NULL; i++)
printf("\t\t%-8s%s", kval[i].opt, i % 2 ? "\n" : "");
printf("\n");
} else if (c == 'm') {
printf(" mouse options:\n" " --hold\n");
for (i = 0; mmod[i].opt != NULL; i++)
printf("\t\t%s\n", mmod[i].opt);
printf("\n mouse values:\n" " Two signed numbers\n"
"--quit to close\n");
} else {
printf(" joystick options:\n");
for (i = 0; jmod[i].opt != NULL; i++)
printf("\t\t%s\n", jmod[i].opt);
printf("\n joystick values:\n" " three signed numbers\n"
"--quit to close\n");
}
}
int main(int argc, const char *argv[])
{
const char *filename = NULL;
int fd = 0;
char buf[BUF_LEN];
int cmd_len;
char report[8];
int to_send = 8;
int hold = 0;
fd_set rfds;
int retval, i;
if (argc < 3) {
fprintf(stderr, "Usage: %s devname mouse|keyboard|joystick\n", argv[0]);
return 1;
}
if (argv[2][0] != 'k' && argv[2][0] != 'm' && argv[2][0] != 'j')
return 2;
filename = argv[1];
if ((fd = open(filename, O_RDWR, 0666)) == -1) {
perror(filename);
return 3;
}
print_options(argv[2][0]);
while (42) {
FD_ZERO(&rfds);
FD_SET(STDIN_FILENO, &rfds);
FD_SET(fd, &rfds);
retval = select(fd + 1, &rfds, NULL, NULL, NULL);
if (retval == -1 && errno == EINTR) continue; if (retval < 0) {
perror("select()");
return 4;
}
if (FD_ISSET(fd, &rfds)) {
cmd_len = read(fd, buf, BUF_LEN - 1);
printf("recv report:");
for (i = 0; i < cmd_len; i++)
printf(" %02x", buf[i]); printf("\n");
}
if (FD_ISSET(STDIN_FILENO, &rfds)) {
memset(report, 0x0, sizeof(report));
cmd_len = read(STDIN_FILENO, buf, BUF_LEN - 1);
if (cmd_len == 0)
break;
buf[cmd_len - 1] = '\0';
hold = 0;
memset(report, 0x0, sizeof(report));
if (argv[2][0] == 'k')
to_send = keyboard_fill_report(report, buf, &hold);
else if (argv[2][0] == 'm')
to_send = mouse_fill_report(report, buf, &hold);
else
to_send = joystick_fill_report(report, buf, &hold);
if (to_send == -1)
break;
if (write(fd, report, to_send) != to_send) {
perror(filename);
return 5;
}
if (!hold) {
memset(report, 0x0, sizeof(report));
if (write(fd, report, to_send) != to_send) {
perror(filename);
return 6;
}
}
}
}
close(fd);
return 0;
}
(2)可自行编写程序,代码不便放出,提供思路,若有问题还请指出
1.枚举程序
main(){
// 1.通过system命令或相关API实现枚举过程
init_configfs();
// 2.创建读线程
pthread_create(read_hidgX);
// 3.创建写线程
pthread_create(write_hidgX);
// 4.阻塞主函数
pthread_join();
}
read_hidgX(){
// 循环读hidgX,用以获取此时的numLock、capLock等状态
while(1){
len = read(hidgX,buf);
if(){
isNumlock = X;
}
if(){
isCapLock = X;
}
//...
}
}
white_hidgX(){
// 循环写
while(1){
//获取输入,多种方式方法
scanf(); read_file();
//将输入转成hid_report,转换方式比较复杂
//1.每一次写入需要有多个字节组成,其字节数量等于枚举阶段中写入report_length的长度,代表按下一个按键。
unsigned char buf[report_len] = {0};
//2.填充写入的字节数组:
//需要注意的是功能按键、字符按键、等不同种类的按键占据report的不同位置
//详情:http://www.usbzh.com/article/detail-326.html
file_report(string,buf);
//3.写入hid即可
write(hidgX,buf);
//4.写入全零报表,截断上次输入,否则会认为该按键一直被按下
write(hidgX,0x00,report_len)
}
}
//键盘,report_usage的部分字节对应的ASCII字符,如有更多需要,可自行谷歌搜索,
struct KBD_USAGE_2_CHAR{
unsigned char usageCode;
unsigned char lowerCase;
unsigned char upperCase;
};
static struct KBD_USAGE_2_CHAR kbdUsage2Char[] = {
{0x04,'a','A'}, // a A
{0x05,'b','B'}, // b B
{0x06,'c','C'}, // c C
{0x07,'d','D'}, // d D
{0x08,'e','E'}, // e E
{0x09,'f','F'}, // f F
{0x0A,'g','G'}, // g G
{0x0B,'h','H'}, // h H
{0x0C,'i','I'}, // i I
{0x0D,'j','J'}, // j J
{0x0E,'k','K'}, // k K
{0x0F,'l','L'}, // l L
{0x10,'m','M'}, // m M
{0x11,'n','N'}, // n N
{0x12,'o','O'}, // o O
{0x13,'p','P'}, // p P
{0x14,'q','Q'}, // q Q
{0x15,'r','R'}, // r R
{0x16,'s','S'}, // s S
{0x17,'t','T'}, // t T
{0x18,'u','U'}, // u U
{0x19,'v','V'}, // v V
{0x1A,'w','W'}, // w W
{0x1B,'x','X'}, // x X
{0x1C,'y','Y'}, // y Y
{0x1D,'z','Z'}, // z Z
{0x1E,'1','!'}, // 1 !
{0x1F,'2','@'}, // 2 @
{0x20,'3','#'}, // 3 #
{0x21,'4','$'}, // 4 $
{0x22,'5','%'}, // 5 %
{0x23,'6','^'}, // 6 ^
{0x24,'7','&'}, // 7 &
{0x25,'8','*'}, // 8 *
{0x26,'9','('}, // 9 (
{0x27,'0',')'}, // 0 )
{0x28,0x0A,0x0A}, // Enter
{0x2A,0x08,0x08}, // Backspace
{0x2B,'\t','\t'}, // Tab
{0x2C,' ',' '}, // Space
{0x2D,'-','_'}, // - _
{0x2E,'=','+'}, // = +
{0x2F,'[','{'}, // [ {
{0x30,']','}'}, // ] }
{0x31,'\\','|'}, // \ |
{0x33,';',':'}, // ; :
{0x34,'\'','\"'}, // ' "
{0x35,'`','~'}, // ` ~
{0x36,',','<'}, // , <
{0x37,'.','>'}, // . >
{0x38,'/','?'}, // / ?
{0x54,'/','/'}, // Keypad / (Note 1)
{0x55,'*','*'}, // Keypad *
{0x56,'-','-'}, // Keypad -
{0x57,'+','+'}, // Keypad +
{0x58,0x0A,0x0A}, // Keypad Enter
{0x59,'1','1'}, // Keypad 1 End
{0x5A,'2','2'}, // Keypad 2 Down
{0x5B,'3','3'}, // Keypad 3 PageDn
{0x5C,'4','4'}, // Keypad 4 Left
{0x5D,'5','5'}, // Keypad 5
{0x5E,'6','6'}, // Keypad 6 Right
{0x5F,'7','7'}, // Keypad 7 Home
{0x60,'8','8'}, // Keypad 8 Up
{0x61,'9','9'}, // Keypad 9 PageUp
{0x62,'0','0'}, // Keypad 0 Insert
{0x63,'.','.'}, // Keypad . Delete
};
程序编写完成后,放置嵌入式设备中,执行后,主机会根据程序进行一系列的键盘操作
结语
此例实现较为简单,但其中涉及到许多零碎的知识,还是需要系统的学习才能对USB有更进一步的了解。