Because of my work adding support for multiple USB to serial devices in UsbSerial I’ve had to deal with very different chipsets. Some of them like those manufactured by Silicon Labs like the CP2102 or the CP2130 are surprisingly well documented, not only with electrical and mechanical datasheets but also with documentation for driver developers.
Sadly others are not. FT232, one of the most common USB to serial devices out there lacks of official documentation but fortunately those hardcore developers of the Linux and BSD kernel managed to add a very good support long time ago. That is nothing compared to the very obscure CH340/341 chipset.
CH340/341 is a chipset without any kind of documentation besides electrical stuff and it is not well supported outside Windows (I bet it is not well supported even there). With so many custom chipsets and the standard CDC devices these weird chips should have been ignored long time ago. But one shouldn’t underestimate the power of cheapness. With the advent of the maker movement and the Arduino revolution, because of the Arduino open architecture, the market was flocked with Chinese Arduinos clones that replaced the FT232 with the CH340. Ignoring this infamous chip was no longer an option.
I started adapting other implementations but they weren’t working on every CH340 so finally I had to use the last bullet, start from the scratch and reverse engineering this thing! Here it’s the code, if you want to check it out
These posts aim to serve as introduction for people looking for more practical knowledge about USB and eager to reverse engineer USB devices. CH340, although almost non documented, it’s still a very simple USB to serial converter so it is a good candidate for a tutorial. This whole thing may sound complicated but, as you will see, it is easier than expected.
What will we need?
1) A windows computer
Generally speaking, hardware manufacturers put the best of their efforts on developing good Windows drivers for their own products. For some of them supporting of Linux and OS X is secondary in the better cases. This is normally the most common reason for reverse engineering USB or other devices. For this reason we need a Windows computer to be able to see how the device behaves with the manufacturer drivers.
2) USB software sniffer
A good USB software sniffer is mandatory to analyze every packet shared between our PC and the USB devices. There are some alternatives:
– Usbpcap with Wireshark (free and open source)
– Usb analyzer from Eltima software
– USBTrace from Sysnucleus
All of them should do the job but in my humble opinion, USBlyzer is by far the best of all them at the expense of a high price for hobbyists. Choose the right one for your needs.
Before starting, some knowledge of the USB protocol is required. This will be explained in the next post. Stay tuned!
Reverse engineering USB devices 101: USB Basics