Pico Technology PicoScope 2406B/USB traffic

From sigrok
Revision as of 00:16, 4 July 2023 by Septadecimal (talk | contribs) (add a couple of traffic dumps and some notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

These are some notes on a hypothetised USB wire protocol for the Picoscope 2406B device.

On this page, (A) etc means an identical packet.

These are all URB_BULK transfers

... means 00s to end

  • Endpoints appear to be:
    • Endpoint 0 (control): FX control, not used in standard operation
    • Endpoint 1 controls the scope
    • Endpoint 2 is used for data download

Open Picoscope SW with disabled channels

PcapNG capture: file:PS 2406B connect start ps sw no channels on.pcapng.zip

DIR      SIZE  DATA


Data out:  64: 02 02 02 7a e6 00 ...

Data in:    1: 00

              (Ping)
Data out:   1: 01

Data in:    8: 01 03 03 00 ... (F, serial number?)

Data out:  64: 02 83 03 51 00 ...

Data in:    1: 01

Data in :  64: 02 03 02 51 40 00 ...
                            ^
                            \-Xfer len?

Data in:   64: 

"C0 load"? "Serial EEPROM Present, First Byte is C0"

              -VID- -PID- -DID- -Cfg-
    0000   c0 e9 0c 16 10 13 00 00 01 01 00 47 01 00 00 00   ...........G....
                    <-       serial +nul       -> <- cal date?
    0010   00 00 00 49 57 30 37 34 30 31 33 33 00 30 36 4d   ...IW0740133.06M
           ------------->
    0020   61 79 32 31 00 00 00 21 00 22 00 24 00 2a 00 22   ay21...!.".$.*."
    0030   00 24 00 2b 00 22 00 24 00 2b 00 00 00 00 00 39   .$.+.".$.+.....9

Data out:  64: 02 03 02 51 40 ...

Data in    64:

    0000   00 3a 00 3c 00 3f 00 3a 00 3c 00 3f 00 3a 00 3c
    0010   00 3f 00 00 00 00 00 26 00 27 00 29 00 2b 00 28
    0020   00 2a 00 2b 00 28 00 2a 00 2b 00 00 00 00 00 14
    0030   00 15 00 17 00 1d 00 15 00 17 00 1d 00 15 00 17

Data out:  64: 02 03 02 51 40 ...

Data in    64:

    0000   00 1d 00 00 00 00 80 b2 85 b2 85 b2 85 b2 85 ae
    0010   85 ae 85 ae 85 e1 85 e1 85 e1 85 00 80 00 80 5d
    0020   86 5d 86 5d 86 5d 86 4e 86 4e 86 4e 86 4b 86 4b
    0030   86 4b 86 00 80 00 80 8a 86 8a 86 8a 86 8a 86 81

Data out:  64: 02 03 02 51 40 ...

Data in:   64:

    0000   86 81 86 81 86 a8 86 a8 86 a8 86 00 80 00 80 54
    0010   85 54 85 54 85 54 85 8b 85 8b 85 8b 85 93 85 93
    0020   85 93 85 00 80 00 00 02 20 73 72 0d 74 08 04 07
    0030   79 73 72 0d 74 08 04 07 79 73 72 0d 74 08 04 07

Lots of these out/in pairs, presumably reading EEPROM or something
Many of the later ones are all 00
128 in total = 128 * 64 bytes read = 8192 bytes

Data out:   64: 02 83 02 57 00 ...

Data in:     1: 01

Data out:   64: 02 0a 00 ...

Data out:   64: 02 81 03 b0 00 01 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 00 02 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 00 04 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 00 10 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 00 80 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 00 20 0c 03 0a 00 ...

Data out:   64: 02 81 03 b0 00 40 ...

Data out:   64:

         0000   02 81 03 80 20 ff 81 03 b2 e6 ff 81 03 b0 00 ff
         0010   81 03 b5 f7 ff 00 ...

Data out 64:
         0000   02 81 03 80 20 ff 81 03 b2 e6 ff 81 03 b0 00 ff
         0010   81 03 b5 f7 ff 00 ...

Data out:   64: 02 81 03 b0 ff 00 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 40 00 ...
Data out:   64: 02 81 03 b0 ff 20 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 80 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 10 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 04 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 01 0c 03 0a 00 ...
Data out:   64: 02 81 03 b0 ff 02 0c 03 0a 00 ...

Data out:   64: 02 02 02 f4 e6 00 ...

Data in:     1: 03

Data out    64:
         0000   02 83 04 0c 02 28 00 83 04 0c 01 28 00 83 04 0c
         0010   08 28 00 83 04 0c 04 28 00 0c 03 0a 00 ...

Data in:     4: 01 01 01 01

Data out:    5: 04 ce 3b 0c 00

Data out:32768: 

    0000   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
    0010   55 99 aa 66 0c 85 00 e0 04 00 8c 85 20 11 8c 82
    0020   bc 10 8c 86 90 77 8c 43 20 00 02 c9 0c 87 00 f3
    0030   0c 83 00 81 04 00 04 00 04 00 04 00 04 00 04 00
    0040   04 00 04 00 04 00 04 00 04 00 04 00 04 00 04 00
    0050   04 00 04 00 04 00 cc 81 3c 13 8c 81 10 81 2c 84
    0060   00 00 4c 80 00 f8 8c 87 ff ff cc 84 00 a0 cc 82
    0070   00 20 cc 80 80 00 4c 86 00 00 4c 81 00 00 4c 85
    0080   00 00 4c 83 00 00 4c 87 00 00 cc 85 d8 47 cc 43
    0090   00 00 00 00 04 00 04 00 0c 44 00 00 00 00 0c 85
    00a0   00 80 0a 06 00 60 38 53 00 00 00 00 00 00 00 00
    00b0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    ....

.... 23 similar 32k xfers

Data out:15310:

0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
...
3af0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
3b00   00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b10   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b20   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b30   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b40   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b50   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b60   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b70   ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
3b80   ff ff ff ff 00 90 ac 81 0c 85 00 50 0c 85 00 c0
3b90   04 00 04 00 04 00 04 00 0c 85 00 50 0c 85 00 a0
3ba0   0c 87 00 ff 0c 83 00 81 0c 40 00 30 a3 80 0c 85
3bb0   00 b0 04 00 04 00 04 00 04 00 04 00 04 00 04 00
3bc0   04 00 04 00 04 00 04 00 04 00 04 00 04 00

Total 24 * 32768 + 1 * 15310 = 801742 bytes = 0x0C3BCE

Looks like FPGA bitstream

Data out:  64: 02 01 01 80 00 ...

Data in:    1: 2d

Data out:  64: 02 0e 06 05 04 00  ...

Data in:    6: 00 00 fc 02 00 00  ...

Data out:  64: 02 0e 05 05 00 ...

Data in:    5: 00 00 01 00 33 ...

               (??Flash LED??)
Data out:  64: 02 8e 05 08 00 03 00 09 0c 03 14 00 ...

Data out:  64:
         0000   02 8e 3c 01 00 00 ff 0f 00 00 00 00 00 00 00 00
         0010   00 00 00 00 01 00 00 00 20 00 00 00 00 00 00 20
         0020   00 00 00 20 00 00 00 00 00 00 00 00 00 e8 03 00
         0030   00 00 00 00 00 00 e8 03 00 00 00 00 00 00 01 00

Data out:  64:
         0000   02 8e 2c 01 3a 00 01 00 00 00 00 00 00 01 00 00
         0010   01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
         0020   ...

5 more xfers with 02 8e

Data out:   64: 02 0c 03 14 00 00 ...

7 xfers start with 02 8e

Data out:   64: 02 0c 03 0a 00 00 8e 03 07 02 13 8e 03 07 02 11 ...

Data out:   64: 02 8e 03 01 01 ee 0c 03 0a 00 ...

Data out:   64: 02 0e 04 05 0e 00 ...

Data in:     4: 00 00 8a 0b

Data out:   64: 02 0e 06 05 08 00 ...

Data in:     6: 00 00 05 c4 00 00 ...

3 * 02 8e

Data out:   64: 02 0e 06 05 08 00 ...

Data in:     6: 00 00 07 44 00 00 ... (C)

3 * 02 8e

Data out:   64: 02 0e 04 05 0c 00 ...

Data in:     4: 00 00 33 07

Data out:   64: 02 8e 03 01 01 00 ...

Data out:   64: 02 0c 03 14 00 ...

Data out    64: 02 0e 06 06 08 00 ...

Data in:     6: 00 00 07 44 00 00 ... (C)

Data out:   64: 02 8e 03 07 02 15 0c 03 14 ...

Data out:   64: 02 0e 06 05 08 00 ... (D)

Data in:     6: 00 00 07 44 00 00 ... (C)

Data out:   64: 02 8e 03 07 02 11 0c 03 14 00 ...

Data out:   64: 02 0e 06 05 08 00 ... (D)

Data in:     6: 00 00 07 44 00 00 ... (C)

7 * 02 8e

Data out:   64: 02 87 06 00 00 01 00 03 01 00 ...

Data out: 32k: 08 02 (repeats forever)
Data out: 32k: 08 02 (repeats forever, again)

2 * 02 8e
Data out:    64: 02 8e 02 00 05 8e 02 00 04 ... (E)

            (Ping)
Data out:     1: 01

Data in:      8: 01 03 03 .... (F, serial?)

2 * 02 8e
Data out:    64: 02 8e 02 00 05 8e 02 00 04 ... (E)

            (Ping)
Data out:     1: 01

Data in:      8: 01 03 03 .... (F, serial?)

With SW open, enable Ch A at 20mV

PcapNG capture: File:PS 2406B turn on ch a 20mv.pcapng.zip

Data out:   64: 02 0e 06 05 08 ...

Data in:     6: 00 00 07 44 00

Data out:   64: 02 8e 02 00 08 ... (A)

Data out:   64: 02 8e 02 00 01 ... (B)

Data out:   64: 02 0a 00 00 00 ...

Data out:   64: 02 8e 03 01 20 ...

Data out:   64: 02 8e 02 00 00 ...

Data out:   64: 02 07 06 20 00 00 00 02   01 00 ...

Data in:    32: 

         0000   aa 55 01 04 00 00 00 00   fc d9 00 00 00 00 00 00
         0010   00 00 00 00 00 00 00 00   00 00 00 00 02 00 10 00

Data out:   64: 02 8e 02 00 08 ... (A)
Data out:   64: 02 8e 02 00 01 ... (B)

Data out:   64:

         0000   02 8e 04 01 0f cc 9e 8e   03 01 13 2a 8e 07 01 42
         0010   08 01 02 b3 01 8e 02 00   ...

Data out:   64: 02 07 06 08 10 00 00 02   01 00 ...

--------------------------------------------------------

Then acq on EP 2:

 data in: 4104:

0000   fc 02 fd 03 fd 02 fc 02 fd 02 fc 02 fc 02 fd 02
0010   fc 03 fd 02 fc 02 fc 02 fd 02 fd 02 fd 03 fd 03

This looks like raw samples of some sort

--------------------------------------------------------

Back to EP 1:
00
Data out:   64: 02 8e 02 00 08 ... (A)
Data out:   64: 02 8e 02 00 01 ... (B)

Data out:   64:

         0000   02 8e 04 01 0f 2a 9f 8e   04 01 45 c7 00 8e 02 00
         0010   ...

Data out:   64: 02 07 06 0c 23 00 00 02   01 00 ...

Then acq on EP 2 again (8972)