public static void SendPayload(FileInfo info) { Writes = 0; byte[] payload = File.ReadAllBytes(info.FullName); var buf = new byte[0x10]; Device.ReadPipe(0x81, buf, 0x10, out _, IntPtr.Zero); WritePayload(Device, SwizzlePayload(payload)); if (Writes % 2 != 1) { Console.WriteLine("Switching buffers..."); Device.WritePipe(1, new byte[0x1000], 0x1000, out _, IntPtr.Zero); } var setup = new WINUSB_SETUP_PACKET { RequestType = 0x81, Request = 0, Value = 0, Index = 0, Length = 0x7000 }; Task.Run(() => Device.ControlTransfer(setup, new byte[0x7000], 0x7000, out var b, IntPtr.Zero)); }
internal static extern bool WinUsb_ControlTransfer( IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, byte[] Buffer, uint BufferLength, out uint LengthTransferred, IntPtr Overlapped);
/// <summary> /// Performs a control transfer that has no data stage. /// </summary> /// <param name="setupPacket">The SETUP packet to send to the device.</param> protected unsafe void controlTransfer(WINUSB_SETUP_PACKET setupPacket) { UInt32 lengthTransferred = controlTransfer(setupPacket, (Byte *)null); if (lengthTransferred != 0) { throw new Exception("The control transfer was expected to have no data stage, but " + lengthTransferred + " bytes were transferred."); } }
internal void controlTransfer(byte RequestType, byte Request, ushort Value, ushort Index) { WINUSB_SETUP_PACKET setupPacket = new WINUSB_SETUP_PACKET(); setupPacket.RequestType = RequestType; setupPacket.Request = Request; setupPacket.Value = Value; setupPacket.Index = Index; setupPacket.Length = 0; controlTransfer(setupPacket); }
/// <summary> /// Performs a control transfer, a series of USB transactions that /// consist of a SETUP packet sent to the device, an optional data /// phase for transferring bytes to the host or the device, and an /// acknowledgement packet form the party that did not send the /// data phase. /// /// A control transfer with no data phase is considered to be a /// control write transfer, so the acknowledgement packet comes /// from the device. /// </summary> /// <param name="buffer"> /// If this is a Read transfer, this is the buffer that the data from the /// device will be read in to during the data stage. If this is a Write /// transfer, this is the buffer that will be written to the device during /// the data stage. /// </param> /// <param name="setupPacket">The SETUP packet to send to the device.</param> /// <returns> /// The number of bytes transferred in the data stage. /// This is usually equal to setupPacket.wLength. /// </returns> protected unsafe UInt32 controlTransfer(WINUSB_SETUP_PACKET setupPacket, void *buffer) { UInt32 lengthTransferred = 0; Boolean success = WinUsb_ControlTransfer(handles.winusbHandle, setupPacket, buffer, setupPacket.Length, &lengthTransferred, (OVERLAPPED *)0); if (!success) { throw new Win32Exception("Control transfer failed."); } return(lengthTransferred); }
internal unsafe uint controlTransfer(byte RequestType, byte Request, ushort Value, ushort Index, void *data, ushort Length) { WINUSB_SETUP_PACKET setupPacket = new WINUSB_SETUP_PACKET(); setupPacket.RequestType = RequestType; setupPacket.Request = Request; setupPacket.Value = Value; setupPacket.Index = Index; setupPacket.Length = Length; return(controlTransfer(setupPacket, data)); }
unsafe public static bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, USBSetupPacket SetupPacket, IntPtr Buffer, uint BufferLength, ref uint LengthTransferred, NativeOverlapped *Overlapped) { WINUSB_SETUP_PACKET packet = new WINUSB_SETUP_PACKET() { Index = SetupPacket.Index, Length = SetupPacket.Length, Request = SetupPacket.Request, RequestType = SetupPacket.RequestType, Value = SetupPacket.Value }; return(NativeMethods.WinUsb_ControlTransfer(InterfaceHandle, packet, Buffer, BufferLength, ref LengthTransferred, Overlapped)); }
protected bool SendTransfer(byte requestType, byte request, ushort value, byte[] buffer, ref int transfered) { if (!IsActive) { return(false); } var setup = new WINUSB_SETUP_PACKET { RequestType = requestType, Request = request, Value = value, Index = 0, Length = (ushort)buffer.Length }; return(WinUsbWrapper.ControlTransfer(_winUsbHandle, setup, buffer, buffer.Length, ref transfered, IntPtr.Zero)); }
/// <summary> /// Performs a control transfer with a data stage. Calling this function /// is slightly safer than calling controlTransfer(WINUSB_SETUP_PACKET, Byte *) /// because this function can verify that buffer is not null and that buffer /// is long enough. /// </summary> /// <param name="buffer"> /// If this is a Read transfer, this is the buffer that the data from the /// device will be read in to during the data stage. If this is a Write /// transfer, this is the buffer that will be written to the device during /// the data stage. /// </param> /// <param name="setupPacket">The SETUP packet to send to the device.</param> /// <returns> /// The number of bytes transferred in the data stage. /// This is usually equal to setupPacket.wLength. /// </returns> protected unsafe UInt32 controlTransfer(WINUSB_SETUP_PACKET setupPacket, Byte[] buffer) { if (setupPacket.Length != 0) { if (buffer == null) { throw new ArgumentException("The setupPacket length field is non-zero, but no buffer was provided.", "buffer"); } if (buffer.Length < setupPacket.Length) { throw new ArgumentException("The setupPacket length field is " + setupPacket.Length + ", but the buffer provided is only " + buffer.Length + " bytes.", "buffer"); } } fixed(Byte *pointer = &buffer[0]) return(controlTransfer(setupPacket, pointer)); }
public virtual Boolean SendTransfer(Byte RequestType, Byte Request, UInt16 Value, Byte[] Buffer, ref Int32 Transfered) { if (!m_IsActive) { return(false); } WINUSB_SETUP_PACKET Setup = new WINUSB_SETUP_PACKET(); Setup.RequestType = RequestType; Setup.Request = Request; Setup.Value = Value; Setup.Index = 0; Setup.Length = (UInt16)Buffer.Length; return(WinUsb_ControlTransfer(m_WinUsbHandle, Setup, Buffer, Buffer.Length, ref Transfered, IntPtr.Zero)); }
public virtual bool SendTransfer(byte RequestType, byte Request, ushort Value, byte[] Buffer, ref int Transfered) { if (!m_IsActive) { return(false); } var Setup = new WINUSB_SETUP_PACKET(); Setup.RequestType = RequestType; Setup.Request = Request; Setup.Value = Value; Setup.Index = 0; Setup.Length = (ushort)Buffer.Length; return(WinUsb_ControlTransfer(m_WinUsbHandle, Setup, Buffer, Buffer.Length, ref Transfered, IntPtr.Zero)); }
private static void Main(string[] args) { var buf = new byte[0x10]; UsbK Switch; try { Switch = FindDevice(); Switch.SetAltInterface(0, false, 0); } catch { Console.Error.WriteLine("Error: Cannot access device, is your Switch plugged in, turned on and in RCM mode?"); return; } Switch.ReadPipe(0x81, buf, 0x10, out _, IntPtr.Zero); Console.WriteLine("Device ID: {0}", BitConverter.ToString(buf).Replace("-", "").ToLower()); Console.WriteLine("Writing payload..."); Write(Switch, SwizzlePayload(File.ReadAllBytes(args[0]))); if (_writes % 2 != 1) { Console.WriteLine("Switching buffers..."); Switch.WritePipe(1, new byte[0x1000], 0x1000, out _, IntPtr.Zero); } Console.WriteLine("Smashing..."); var setup = new WINUSB_SETUP_PACKET { RequestType = 0x81, Request = 0, Value = 0, Index = 0, Length = 0x7000 }; var result = Switch.ControlTransfer(setup, new byte[0x7000], 0x7000, out var b, IntPtr.Zero); Console.WriteLine(!result ? "Successfully smashed device!" : $"Length transferred was 0x{b:x} bytes... it seems your Switch isn't vulnerable."); }
public bool WriteBytesTransfer(byte requestType, byte request, ushort value, byte[] outputBuffer) { try { if (!Connected) { return(false); } WINUSB_SETUP_PACKET setupPacket = new WINUSB_SETUP_PACKET(); setupPacket.RequestType = requestType; setupPacket.Request = request; setupPacket.Value = value; setupPacket.Index = 0; setupPacket.Length = (ushort)outputBuffer.Length; return(WinUsb_ControlTransfer(WinUsbHandle, setupPacket, outputBuffer, outputBuffer.Length, out int bytesWritten, IntPtr.Zero) && bytesWritten > 0); } catch (Exception ex) { Debug.WriteLine("Failed to write transfer bytes: " + ex.Message); return(false); } }
private static unsafe extern bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, Byte[] Buffer, UInt32 BufferLength, ref UInt32 LengthTransferred, NativeOverlapped *pOverlapped);
public static extern bool WinUsb_ControlTransfer(IntPtr hInterface, WINUSB_SETUP_PACKET SetupPacket, byte[] Buffer, uint BufferLength, ref uint LengthTransferred, IntPtr Overlapped);
public virtual bool SendTransfer(byte RequestType, byte Request, ushort Value, byte[] Buffer, ref int Transfered) { if (!m_IsActive) return false; var setup = new WINUSB_SETUP_PACKET { RequestType = RequestType, Request = Request, Value = Value, Index = 0, Length = (ushort) Buffer.Length }; return WinUsb_ControlTransfer(m_WinUsbHandle, setup, Buffer, Buffer.Length, ref Transfered, IntPtr.Zero); }
static extern unsafe Boolean WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, void *Buffer, UInt32 BufferLength, UInt32 *LengthTransferred, OVERLAPPED *Overlapped);
protected static extern Boolean WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, Byte[] Buffer, Int32 BufferLength, ref Int32 LengthTransferred, IntPtr Overlapped);
public virtual Boolean SendTransfer(Byte RequestType, Byte Request, UInt16 Value, Byte[] Buffer, ref Int32 Transfered) { if (!m_IsActive) return false; WINUSB_SETUP_PACKET Setup = new WINUSB_SETUP_PACKET(); Setup.RequestType = RequestType; Setup.Request = Request; Setup.Value = Value; Setup.Index = 0; Setup.Length = (UInt16) Buffer.Length; return WinUsb_ControlTransfer(m_WinUsbHandle, Setup, Buffer, Buffer.Length, ref Transfered, IntPtr.Zero); }
public static extern bool WinUsb_ControlTransfer(IntPtr interfaceHandle, WINUSB_SETUP_PACKET setupPacket, byte[] buffer, int bufferLength, out int lengthTransferred, IntPtr overlapped);
private static unsafe extern bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, Byte[] Buffer, UInt32 BufferLength, ref UInt32 LengthTransferred, NativeOverlapped* pOverlapped);
public static extern bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, Byte[] Buffer, UInt32 BufferLength, ref UInt32 LengthTransferred, IntPtr Overlapped);
unsafe public static extern bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, IntPtr Buffer, uint BufferLength, ref uint LengthTransferred, NativeOverlapped *Overlapped);
internal static extern Boolean WinUsb_ControlTransfer(SafeWinUsbHandle InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, Byte[] Buffer, UInt32 BufferLength, ref UInt32 LengthTransferred, IntPtr Overlapped);
protected static extern bool WinUsb_ControlTransfer(IntPtr InterfaceHandle, WINUSB_SETUP_PACKET SetupPacket, byte[] Buffer, int BufferLength, ref int LengthTransferred, IntPtr Overlapped);
public extern static bool WinUsb_ControlTransfer(IntPtr interfaceHandle, WINUSB_SETUP_PACKET setupPacket, byte[] buffer, uint bufferLength, out UInt32 lengthTransferred, IntPtr overlapped);