Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use unique USB Serial using flash's uniqueID #1914

Merged
merged 6 commits into from
Feb 18, 2023
Merged

Use unique USB Serial using flash's uniqueID #1914

merged 6 commits into from
Feb 18, 2023

Conversation

henrygab
Copy link
Contributor

@henrygab henrygab commented Feb 18, 2023
edited
Loading

Fixes #1904

Enabling flash is now possible via PLATFORM_EXTRAS=FLASH, even on PM3 Easy.

I haven't noticed any negative or unexpected behavior. Tested:
Hardware: (2x) PM3 Easy, purchased from DT within the last year.
OS: Windows 11 (including full uninstall of device using NirSoft's usbdeview).
OS: WSL2 under Windows11, using Kali distributions + usbipd for connectivity

NOTE: This REQUIRES flashing bootloader. Otherwise, the device will sometimes show up without any serial number, and sometimes with. I think this may depend either on enumeration speed of OS vs. loading stage3 boot (main image), or soft-boot vs. full power loss. Does not occur after flashing new bootloader.

@henrygab
Update USB Serial Number from SPI flash's uniqueID
5784c8d 
Also allow flash to be separately enabled via PLATFORM_EXTRAS.

NOTE: this does *NOT* enable the serial number
in the bootrom.  Still investigating options there.
@henrygab
Bootrom: Enable serial number from flash
44676bd 
* Add `.ramfunc` section to bootrom loader script
* exclude spiffs functionality from flashmem.h/flashmem.c
   (allows bootrom to use flashmem)
* hide unused tick.h / flashmem.h functions from bootrom
   (not technically necessary; see comments)
* bootrom: add source files, include path, and defines when
  `PLATFORM_DEFS` defines `WITH_FLASH`
* Define `AS_BOOTROM` to indicate code is building for bootrom
@henrygab
Add changelog
6eea476
@github-actions
Copy link

You are welcome to add an entry to the CHANGELOG.md as well

@iceman1001
Copy link
Collaborator

Well done!
Its a bit more changes than I expected. Have we verified that the new built bootroom image fits the allocated space on the device?

@iceman1001
Copy link
Collaborator

iceman1001 commented Feb 18, 2023
edited
Loading

Looks like you are using the MSB output of the ID.

Interesting bit of output


      -------------------- String Descriptors -------------------
             ------ String Descriptor 0 ------
bLength                  : 0x04 (4 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language ID[0]           : 0x0409 (English - United States)
Data (HexDump)           : 04 03 09 04                                       ....
             ------ String Descriptor 1 ------
bLength                  : 0x1A (26 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "proxmark.org"
Data (HexDump)           : 1A 03 70 00 72 00 6F 00 78 00 6D 00 61 00 72 00   ..p.r.o.x.m.a.r.
                           6B 00 2E 00 6F 00 72 00 67 00                     k...o.r.g.
             ------ String Descriptor 2 ------
bLength                  : 0x14 (20 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "proxmark3"
Data (HexDump)           : 14 03 70 00 72 00 6F 00 78 00 6D 00 61 00 72 00   ..p.r.o.x.m.a.r.
                           6B 00 33 00                                       k.3.
             ------ String Descriptor 3 ------
bLength                  : 0x32 (50 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "iceman__D5690C23DF8D402A"
Data (HexDump)           : 32 03 69 00 63 00 65 00 6D 00 61 00 6E 00 5F 00   2.i.c.e.m.a.n._.
                           5F 00 44 00 35 00 36 00 39 00 30 00 43 00 32 00   _.D.5.6.9.0.C.2.
                           33 00 44 00 46 00 38 00 44 00 34 00 30 00 32 00   3.D.F.8.D.4.0.2.
                           41 00                                             A.
             -- MSFT String Descriptor 0xEE --
bLength                  : 0x12 (18 bytes)
bDescriptorType          : 0x03 (String Descriptor)
qwSignature Lang 0x0409  : "MSFT100"
bMS_VendorCode           : 0x1C
bPad                     : 0x00
Data (HexDump)           : 12 03 4D 00 53 00 46 00 54 00 31 00 30 00 30 00   ..M.S.F.T.1.0.0.
                           1C 00                                             ..

Mem info output

[=] --- Flash memory Information ---------
[=] ID................... 2A408DDF230C69D5
Full output 
    =========================== USB Port1 ===========================

Connection Status        : 0x01 (Device is connected)
Port Chain               : 1-3-3-1
Properties               : 0x01
 IsUserConnectable       : yes
 PortIsDebugCapable      : no
 PortHasMultiCompanions  : no
 PortConnectorIsTypeC    : no
ConnectionIndex          : 1
CompanionIndex           : 0
 CompanionHubSymLnk      : USB#VID_0BDA&PID_0411#6&2d082f04&0&3#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
 CompanionPortNumber     : 1

      ======================== USB Device ========================

        +++++++++++++++++ Device Information ++++++++++++++++++
Friendly Name            : USB Serial Device (COM5)
Device Description       : USB Serial Device
Device Path              : \\?\usb#vid_9ac4&pid_4b8f#iceman__d5690c23df8d402a#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Device ID                : USB\VID_9AC4&PID_4B8F\ICEMAN__D5690C23DF8D402A
Hardware IDs             : USB\VID_9AC4&PID_4B8F&REV_0100 USB\VID_9AC4&PID_4B8F
Driver KeyName           : {4d36e978-e325-11ce-bfc1-08002be10318}\0004 (GUID_DEVCLASS_PORTS)
Driver                   : \SystemRoot\System32\drivers\usbser.sys (Version: 10.0.22621.1194  Date: 2023-02-06)
Driver Inf               : C:\WINDOWS\inf\usbser.inf
Legacy BusType           : PNPBus
Class                    : Ports
Class GUID               : {4d36e978-e325-11ce-bfc1-08002be10318} (GUID_DEVCLASS_PORTS)
Interface GUID           : {a5dcbf10-6530-11d2-901f-00c04fb951ed} (GUID_DEVINTERFACE_USB_DEVICE)
Service                  : usbser
Enumerator               : USB
Location Info            : Port_#0001.Hub_#0007
Location IDs             : PCIROOT(0)#PCI(1400)#USBROOT(0)#USB(3)#USB(3)#USB(1), ACPI(_SB_)#ACPI(PCI0)#ACPI(XHC_)#ACPI(RHUB)#ACPI(HS03)#USB(3)#USB(1)
Container ID             : {cd86c548-baaa-5701-8321-63ccef355687}
Manufacturer Info        : Microsoft
Capabilities             : 0x94 (Removable, UniqueID, SurpriseRemovalOK)
Status                   : 0x0180600A (DN_DRIVER_LOADED, DN_STARTED, DN_DISABLEABLE, DN_REMOVABLE, DN_NT_ENUMERATOR, DN_NT_DRIVER)
Problem Code             : 0
Power State              : D0 (supported: D0, D2, D3, wake from D0, wake from D2)
COM-Port                 : COM5 (\Device\USBSER000)

        +++++++++++++++++ Registry USB Flags +++++++++++++++++
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\UsbFlags\9AC44B8F0100
 osvc                    : REG_BINARY 01 1C
 SkipContainerIdQuery    : REG_BINARY 01 00

        ---------------- Connection Information ---------------
Connection Index         : 0x01 (1)
Connection Status        : 0x01 (DeviceConnected)
Current Config Value     : 0x01
Device Address           : 0x1A (26)
Is Hub                   : 0x00 (no)
Number Of Open Pipes     : 0x03 (3)
Device Bus Speed         : 0x01 (Full-Speed)
Pipe0ScheduleOffset      : 0x00 (0)
Pipe1ScheduleOffset      : 0x00 (0)
Pipe2ScheduleOffset      : 0x00 (0)
Data (HexDump)           : 01 00 00 00 12 01 00 02 02 00 00 08 C4 9A 8F 4B   ...............K
                           00 01 01 02 03 01 01 01 00 1A 00 03 00 00 00 01   ................
                           00 00 00 07 05 83 03 08 00 FF 00 00 00 00 07 05   ................
                           01 02 40 00 00 00 00 00 00 07 05 82 02 40 00 00   ..@..........@..
                           00 00 00 00                                       ....

        --------------- Connection Information V2 -------------
Connection Index         : 0x01 (1)
Length                   : 0x10 (16 bytes)
SupportedUsbProtocols    : 0x03
 Usb110                  : 1 (yes)
 Usb200                  : 1 (yes)
 Usb300                  : 0 (no)
 ReservedMBZ             : 0x00
Flags                    : 0x00
 DevIsOpAtSsOrHigher     : 0 (Is not operating at SuperSpeed or higher)
 DevIsSsCapOrHigher      : 0 (Is not SuperSpeed capable or higher)
 DevIsOpAtSsPlusOrHigher : 0 (Is not operating at SuperSpeedPlus or higher)
 DevIsSsPlusCapOrHigher  : 0 (Is not SuperSpeedPlus capable or higher)
 ReservedMBZ             : 0x00
Data (HexDump)           : 01 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00   ................

    ---------------------- Device Descriptor ----------------------
bLength                  : 0x12 (18 bytes)
bDescriptorType          : 0x01 (Device Descriptor)
bcdUSB                   : 0x200 (USB Version 2.00)
bDeviceClass             : 0x02 (Communications and CDC Control)
bDeviceSubClass          : 0x00
bDeviceProtocol          : 0x00 (No class specific protocol required)
bMaxPacketSize0          : 0x08 (8 bytes)
idVendor                 : 0x9AC4
idProduct                : 0x4B8F
bcdDevice                : 0x0100
iManufacturer            : 0x01 (String Descriptor 1)
 Language 0x0409         : "proxmark.org"
iProduct                 : 0x02 (String Descriptor 2)
 Language 0x0409         : "proxmark3"
iSerialNumber            : 0x03 (String Descriptor 3)
 Language 0x0409         : "iceman__D5690C23DF8D402A"
bNumConfigurations       : 0x01 (1 Configuration)
Data (HexDump)           : 12 01 00 02 02 00 00 08 C4 9A 8F 4B 00 01 01 02   ...........K....
                           03 01                                             ..

    ------------------ Configuration Descriptor -------------------
bLength                  : 0x09 (9 bytes)
bDescriptorType          : 0x02 (Configuration Descriptor)
wTotalLength             : 0x0043 (67 bytes)
bNumInterfaces           : 0x02 (2 Interfaces)
bConfigurationValue      : 0x01 (Configuration 1)
iConfiguration           : 0x00 (No String Descriptor)
bmAttributes             : 0x80
 D7: Reserved, set 1     : 0x01
 D6: Self Powered        : 0x00 (no)
 D5: Remote Wakeup       : 0x00 (no)
 D4..0: Reserved, set 0  : 0x00
MaxPower                 : 0xFA (500 mA)
Data (HexDump)           : 09 02 43 00 02 01 00 80 FA 09 04 00 00 01 02 02   ..C.............
                           01 00 05 24 00 10 01 04 24 02 02 05 24 06 00 01   ...$....$...$...
                           05 24 01 00 01 07 05 83 03 08 00 FF 09 04 01 00   .$..............
                           02 0A 00 00 00 07 05 01 02 40 00 00 07 05 82 02   .........@......
                           40 00 00                                          @..

        ---------------- Interface Descriptor -----------------
bLength                  : 0x09 (9 bytes)
bDescriptorType          : 0x04 (Interface Descriptor)
bInterfaceNumber         : 0x00
bAlternateSetting        : 0x00
bNumEndpoints            : 0x01 (1 Endpoint)
bInterfaceClass          : 0x02 (Communications and CDC Control)
bInterfaceSubClass       : 0x02 (Abstract Control Model)
bInterfaceProtocol       : 0x01 (AT Commands defined by ITU-T V.250 etc)
iInterface               : 0x00 (No String Descriptor)
Data (HexDump)           : 09 04 00 00 01 02 02 01 00                        .........

        -------------- CDC Interface Descriptor ---------------
bFunctionLength          : 0x05 (5 bytes)
bDescriptorType          : 0x24 (Interface)
bDescriptorSubType       : 0x00 (Header Functional Descriptor)
bcdCDC                   : 0x110 (CDC Version 1.10)
Data (HexDump)           : 05 24 00 10 01                                    .$...

        -------------- CDC Interface Descriptor ---------------
bFunctionLength          : 0x04 (4 bytes)
bDescriptorType          : 0x24 (Interface)
bDescriptorSubType       : 0x02 (Abstract Control Management Functional Descriptor)
bmCapabilities           : 0x02
 D7..4:                  : 0x00 (Reserved)
 D3   :                  : 0x00 (not supports the notification Network_Connection)
 D2   :                  : 0x00 (not supports the request Send_Break)
 D1   :                  : 0x01 (supports the request combination of Set_Line_Coding, Set_Control_Line_State, Get_Line_Coding, and the notification Serial_State)
 D0   :                  : 0x00 (not supports the request combination of Set_Comm_Feature, Clear_Comm_Feature, and Get_Comm_Feature)
Data (HexDump)           : 04 24 02 02                                       .$..

        -------------- CDC Interface Descriptor ---------------
bFunctionLength          : 0x05 (5 bytes)
bDescriptorType          : 0x24 (Interface)
bDescriptorSubType       : 0x06 (Union Functional Descriptor)
bControlInterface        : 0x00
bSubordinateInterface[0] : 0x01
Data (HexDump)           : 05 24 06 00 01                                    .$...

        -------------- CDC Interface Descriptor ---------------
bFunctionLength          : 0x05 (5 bytes)
bDescriptorType          : 0x24 (Interface)
bDescriptorSubType       : 0x01 (Call Management Functional Descriptor)
bmCapabilities           : 0x00
 D7..2:                  : 0x00 (Reserved)
 D1   :                  : 0x00 (sends/receives call management information only over the Communication Class interface)
 D0   :                  : 0x00 (does not handle call management itself)
bDataInterface           : 0x01
Data (HexDump)           : 05 24 01 00 01                                    .$...

        ----------------- Endpoint Descriptor -----------------
bLength                  : 0x07 (7 bytes)
bDescriptorType          : 0x05 (Endpoint Descriptor)
bEndpointAddress         : 0x83 (Direction=IN EndpointID=3)
bmAttributes             : 0x03 (TransferType=Interrupt)
wMaxPacketSize           : 0x0008 (8 bytes)
bInterval                : 0xFF (255 ms)
Data (HexDump)           : 07 05 83 03 08 00 FF                              .......

        ---------------- Interface Descriptor -----------------
bLength                  : 0x09 (9 bytes)
bDescriptorType          : 0x04 (Interface Descriptor)
bInterfaceNumber         : 0x01
bAlternateSetting        : 0x00
bNumEndpoints            : 0x02 (2 Endpoints)
bInterfaceClass          : 0x0A (CDC-Data)
bInterfaceSubClass       : 0x00
bInterfaceProtocol       : 0x00
iInterface               : 0x00 (No String Descriptor)
Data (HexDump)           : 09 04 01 00 02 0A 00 00 00                        .........

        ----------------- Endpoint Descriptor -----------------
bLength                  : 0x07 (7 bytes)
bDescriptorType          : 0x05 (Endpoint Descriptor)
bEndpointAddress         : 0x01 (Direction=OUT EndpointID=1)
bmAttributes             : 0x02 (TransferType=Bulk)
wMaxPacketSize           : 0x0040 (64 bytes)
bInterval                : 0x00 (ignored)
Data (HexDump)           : 07 05 01 02 40 00 00                              ....@..

        ----------------- Endpoint Descriptor -----------------
bLength                  : 0x07 (7 bytes)
bDescriptorType          : 0x05 (Endpoint Descriptor)
bEndpointAddress         : 0x82 (Direction=IN EndpointID=2)
bmAttributes             : 0x02 (TransferType=Bulk)
wMaxPacketSize           : 0x0040 (64 bytes)
bInterval                : 0x00 (ignored)
Data (HexDump)           : 07 05 82 02 40 00 00                              ....@..

    ----------------- Device Qualifier Descriptor -----------------
Error                    : ERROR_GEN_FAILURE

      -------------------- String Descriptors -------------------
             ------ String Descriptor 0 ------
bLength                  : 0x04 (4 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language ID[0]           : 0x0409 (English - United States)
Data (HexDump)           : 04 03 09 04                                       ....
             ------ String Descriptor 1 ------
bLength                  : 0x1A (26 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "proxmark.org"
Data (HexDump)           : 1A 03 70 00 72 00 6F 00 78 00 6D 00 61 00 72 00   ..p.r.o.x.m.a.r.
                           6B 00 2E 00 6F 00 72 00 67 00                     k...o.r.g.
             ------ String Descriptor 2 ------
bLength                  : 0x14 (20 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "proxmark3"
Data (HexDump)           : 14 03 70 00 72 00 6F 00 78 00 6D 00 61 00 72 00   ..p.r.o.x.m.a.r.
                           6B 00 33 00                                       k.3.
             ------ String Descriptor 3 ------
bLength                  : 0x32 (50 bytes)
bDescriptorType          : 0x03 (String Descriptor)
Language 0x0409          : "iceman__D5690C23DF8D402A"
Data (HexDump)           : 32 03 69 00 63 00 65 00 6D 00 61 00 6E 00 5F 00   2.i.c.e.m.a.n._.
                           5F 00 44 00 35 00 36 00 39 00 30 00 43 00 32 00   _.D.5.6.9.0.C.2.
                           33 00 44 00 46 00 38 00 44 00 34 00 30 00 32 00   3.D.F.8.D.4.0.2.
                           41 00                                             A.
             -- MSFT String Descriptor 0xEE --
bLength                  : 0x12 (18 bytes)
bDescriptorType          : 0x03 (String Descriptor)
qwSignature Lang 0x0409  : "MSFT100"
bMS_VendorCode           : 0x1C
bPad                     : 0x00
Data (HexDump)           : 12 03 4D 00 53 00 46 00 54 00 31 00 30 00 30 00   ..M.S.F.T.1.0.0.
                           1C 00                                             ..

@henrygab
Copy link
Contributor Author

henrygab commented Feb 18, 2023
edited
Loading

Looks like you are using the MSB output of the ID.

Thanks for catching this. I thought I chose the version that matched hw status output, but clearly I err'd. I have all the permutations still in a private branch, so it'll be a quick fix ... tomorrow. :) (see later comment)

Its a bit more changes than I expected.

Yes, it looks like a lot of change. But, if you ignore the #ifdefs to ensure bootrom doesn't do lots with flashmem, the functional changes are quite small. Most of it is just my moving files for flashmem.c/.h and ticks.c/.h so they can be used in the bootloader.

Have we verified that the new built bootroom image fits the allocated space on the device?

Yes, the new bootrom image fits

I intially had errors, because of how one function has the .ramfunc attribute, and the bootrom didn't list that section in the map. As a result, it complained because the .ld script put the .ramfunc section in the wrong location.... which overlapped with the next section. Simply adding the .ramfunc to the script (similar to how the main image has) allowed it to link correctly. Not a clear error ... it took me some time to understand what was failing ... so I learned about .ld files, .map files, and more....

@iceman1001
Copy link
Collaborator

Good good,

Having some slight issues with com port identification on WSL1 when I connect in the second device..

iceman@TAU:~/pm3/henrygab$ ./pm3 --list
[!!] No port found

@iceman1001
Copy link
Collaborator

I pushed fixes for the ./pm3 --list issue which was not related to this PR.

@henrygab
Copy link
Contributor Author

Looks like you are using the MSB output of the ID.

I was using the command hw status to see the flash serial number, and matched the output to that. I had not realized it was also exposed via mem info. The conflict in how they display the information.

I did not like the order displayed by hw status. I think it is more natural to show the flash serial number as displayed by mem info. Therefore, I will make two changes:

  1. update USB serial number to match mem info
  2. update hw status output of flash serial to match mem info

@iceman1001
Copy link
Collaborator

updating hw status is another PR...

@henrygab
Copy link
Contributor Author

updating hw status is another PR...

I didn't see this comment until I had finished integrating the change. I can revert the change to hw status output. Or, given timezones, you have write permissions to this branch, and it's clearly easy to swap which one is wrapped by if (g_dbglevel > 3), so of course feel free to swap which is output by default.

At the same time, I think it can reduce confusion; the Flashmem_print_status() is not called from any other location, so only user-visible output is changed. I added the (be) to the line of output, in case it was important to visually differentiate between older firmware and ones with this change. But, again, I'm OK reverting that change ... just say the final word.

It seemed to make much more sense to be consistent in the interpretation and display of the flash's unique ID.

@henrygab henrygab marked this pull request as ready for review February 18, 2023 20:26
@iceman1001 iceman1001 merged commit 21ab53c into RfidResearchGroup:master Feb 18, 2023
@iceman1001
Copy link
Collaborator

Its easier to follow changes if a PR is only doing one change. Mixing different purposes makes them harder to follow later on if you have to do some history/blame work.

Not to forget, small PR's is also good.

@iceman1001
Copy link
Collaborator

Well done! It was a interesting path you found here

@henrygab henrygab deleted the serial_from_flash_uniqueid branch February 18, 2023 22:21
@henrygab henrygab mentioned this pull request May 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

USB serial number is not unique
2 participants
@henrygab @iceman1001