Saturday, November 22, 2014

Emulating a HID Device

I've been hacking around with some Atmel microcontrollers and I thought I've give this project a try. Due to circumstances out of my control, taking a pedometer to work is not possible as it is not permitted on site. However, this pedometer is directly related to a health fund that gets money from my employer based on how active you are. I've already done something like this:
Yes, it get the job done, but at the expense of time... So, now I am going one step further. Using either a Pro Trinket or Teensy (images below), I was planning on faking things out. Instead of plugging this into my computer


I'll plug this in! :)



The next step was to setup setup the boards to emulate the USB HID device. For the Pro Trinket, I used VUSB and for the Teensy, I used LUFA. The VUSB API was a bit more involved and took a bit longer to get working as documentation seems sparse from my searches. Using Dean's LUFA library, it was very easy to setup and get configured. Since the Pro Trinket uses a slightly less sophisticated microprocessor (ATmega 328p), there is no USB support in that chip. However, Teensy's chip is the ATmega 32U4 which does have USB support and can use the LUFA stack. Either way, I thought I'd give both a shot.

After getting both configured, if I run the 3rd party software provided by Virgin Healthmiles, it now thinks I've plugged in the "real" pedometer. First step done! Drink a few beers and celebrate!

The next step is where I am currently stuck... Decoding their USB protocol. I have uploaded data many times using the real pedometer and captured the USB communication. Here is some sample data.

I've tried sending back the data I captured (using wireshark), but no dice. So they have some smarts built in, but I can't pinpoint it just yet. To complicate things more, the 3rd party software only supports Windows and Mac. Mac has good tools, but nothing to capture USB! I've tried to setup a VM on my linux box, but wine does not support all win32 API's the 3rd party software is calling. So I am writing the code on linux, uploading with avrdude and testing on Windows. Fun times.... Perhaps I should bit the bullet and install the development environment on windows. talk about humbug!

So.... my question for some of you readers out there. What are some common techniques used for this? What are things I can try to decode the data? My serial number seems to be encoded in the data, but I have yet to figure it out as things are either encrypted or on the bit fields and not at the byte boundaries. Any one have advice/suggestions as I'm all ears! Even better.... anyone want to join me with this project?!