Pico Technology PicoScope 2406B/USB traffic
Revision as of 00:16, 4 July 2023 by Septadecimal (talk | contribs) (add a couple of traffic dumps and some notes)
These are some notes on a hypothetised USB wire protocol for the Picoscope 2406B device.
On this page, (A) etc means an identical packet.
These are all URB_BULK transfers
...
means 00s to end
- Endpoints appear to be:
- Endpoint 0 (control): FX control, not used in standard operation
- Endpoint 1 controls the scope
- Endpoint 2 is used for data download
Open Picoscope SW with disabled channels
PcapNG capture: file:PS 2406B connect start ps sw no channels on.pcapng.zip
DIR SIZE DATA Data out: 64: 02 02 02 7a e6 00 ... Data in: 1: 00 (Ping) Data out: 1: 01 Data in: 8: 01 03 03 00 ... (F, serial number?) Data out: 64: 02 83 03 51 00 ... Data in: 1: 01 Data in : 64: 02 03 02 51 40 00 ... ^ \-Xfer len? Data in: 64: "C0 load"? "Serial EEPROM Present, First Byte is C0" -VID- -PID- -DID- -Cfg- 0000 c0 e9 0c 16 10 13 00 00 01 01 00 47 01 00 00 00 ...........G.... <- serial +nul -> <- cal date? 0010 00 00 00 49 57 30 37 34 30 31 33 33 00 30 36 4d ...IW0740133.06M -------------> 0020 61 79 32 31 00 00 00 21 00 22 00 24 00 2a 00 22 ay21...!.".$.*." 0030 00 24 00 2b 00 22 00 24 00 2b 00 00 00 00 00 39 .$.+.".$.+.....9 Data out: 64: 02 03 02 51 40 ... Data in 64: 0000 00 3a 00 3c 00 3f 00 3a 00 3c 00 3f 00 3a 00 3c 0010 00 3f 00 00 00 00 00 26 00 27 00 29 00 2b 00 28 0020 00 2a 00 2b 00 28 00 2a 00 2b 00 00 00 00 00 14 0030 00 15 00 17 00 1d 00 15 00 17 00 1d 00 15 00 17 Data out: 64: 02 03 02 51 40 ... Data in 64: 0000 00 1d 00 00 00 00 80 b2 85 b2 85 b2 85 b2 85 ae 0010 85 ae 85 ae 85 e1 85 e1 85 e1 85 00 80 00 80 5d 0020 86 5d 86 5d 86 5d 86 4e 86 4e 86 4e 86 4b 86 4b 0030 86 4b 86 00 80 00 80 8a 86 8a 86 8a 86 8a 86 81 Data out: 64: 02 03 02 51 40 ... Data in: 64: 0000 86 81 86 81 86 a8 86 a8 86 a8 86 00 80 00 80 54 0010 85 54 85 54 85 54 85 8b 85 8b 85 8b 85 93 85 93 0020 85 93 85 00 80 00 00 02 20 73 72 0d 74 08 04 07 0030 79 73 72 0d 74 08 04 07 79 73 72 0d 74 08 04 07 Lots of these out/in pairs, presumably reading EEPROM or something Many of the later ones are all 00 128 in total = 128 * 64 bytes read = 8192 bytes Data out: 64: 02 83 02 57 00 ... Data in: 1: 01 Data out: 64: 02 0a 00 ... Data out: 64: 02 81 03 b0 00 01 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 02 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 04 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 10 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 80 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 20 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 00 40 ... Data out: 64: 0000 02 81 03 80 20 ff 81 03 b2 e6 ff 81 03 b0 00 ff 0010 81 03 b5 f7 ff 00 ... Data out 64: 0000 02 81 03 80 20 ff 81 03 b2 e6 ff 81 03 b0 00 ff 0010 81 03 b5 f7 ff 00 ... Data out: 64: 02 81 03 b0 ff 00 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 40 00 ... Data out: 64: 02 81 03 b0 ff 20 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 80 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 10 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 04 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 01 0c 03 0a 00 ... Data out: 64: 02 81 03 b0 ff 02 0c 03 0a 00 ... Data out: 64: 02 02 02 f4 e6 00 ... Data in: 1: 03 Data out 64: 0000 02 83 04 0c 02 28 00 83 04 0c 01 28 00 83 04 0c 0010 08 28 00 83 04 0c 04 28 00 0c 03 0a 00 ... Data in: 4: 01 01 01 01 Data out: 5: 04 ce 3b 0c 00 Data out:32768: 0000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0010 55 99 aa 66 0c 85 00 e0 04 00 8c 85 20 11 8c 82 0020 bc 10 8c 86 90 77 8c 43 20 00 02 c9 0c 87 00 f3 0030 0c 83 00 81 04 00 04 00 04 00 04 00 04 00 04 00 0040 04 00 04 00 04 00 04 00 04 00 04 00 04 00 04 00 0050 04 00 04 00 04 00 cc 81 3c 13 8c 81 10 81 2c 84 0060 00 00 4c 80 00 f8 8c 87 ff ff cc 84 00 a0 cc 82 0070 00 20 cc 80 80 00 4c 86 00 00 4c 81 00 00 4c 85 0080 00 00 4c 83 00 00 4c 87 00 00 cc 85 d8 47 cc 43 0090 00 00 00 00 04 00 04 00 0c 44 00 00 00 00 0c 85 00a0 00 80 0a 06 00 60 38 53 00 00 00 00 00 00 00 00 00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .... .... 23 similar 32k xfers Data out:15310: 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... 3af0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b10 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b20 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b30 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b40 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b50 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b60 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b70 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3b80 ff ff ff ff 00 90 ac 81 0c 85 00 50 0c 85 00 c0 3b90 04 00 04 00 04 00 04 00 0c 85 00 50 0c 85 00 a0 3ba0 0c 87 00 ff 0c 83 00 81 0c 40 00 30 a3 80 0c 85 3bb0 00 b0 04 00 04 00 04 00 04 00 04 00 04 00 04 00 3bc0 04 00 04 00 04 00 04 00 04 00 04 00 04 00 Total 24 * 32768 + 1 * 15310 = 801742 bytes = 0x0C3BCE Looks like FPGA bitstream Data out: 64: 02 01 01 80 00 ... Data in: 1: 2d Data out: 64: 02 0e 06 05 04 00 ... Data in: 6: 00 00 fc 02 00 00 ... Data out: 64: 02 0e 05 05 00 ... Data in: 5: 00 00 01 00 33 ... (??Flash LED??) Data out: 64: 02 8e 05 08 00 03 00 09 0c 03 14 00 ... Data out: 64: 0000 02 8e 3c 01 00 00 ff 0f 00 00 00 00 00 00 00 00 0010 00 00 00 00 01 00 00 00 20 00 00 00 00 00 00 20 0020 00 00 00 20 00 00 00 00 00 00 00 00 00 e8 03 00 0030 00 00 00 00 00 00 e8 03 00 00 00 00 00 00 01 00 Data out: 64: 0000 02 8e 2c 01 3a 00 01 00 00 00 00 00 00 01 00 00 0010 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0020 ... 5 more xfers with 02 8e Data out: 64: 02 0c 03 14 00 00 ... 7 xfers start with 02 8e Data out: 64: 02 0c 03 0a 00 00 8e 03 07 02 13 8e 03 07 02 11 ... Data out: 64: 02 8e 03 01 01 ee 0c 03 0a 00 ... Data out: 64: 02 0e 04 05 0e 00 ... Data in: 4: 00 00 8a 0b Data out: 64: 02 0e 06 05 08 00 ... Data in: 6: 00 00 05 c4 00 00 ... 3 * 02 8e Data out: 64: 02 0e 06 05 08 00 ... Data in: 6: 00 00 07 44 00 00 ... (C) 3 * 02 8e Data out: 64: 02 0e 04 05 0c 00 ... Data in: 4: 00 00 33 07 Data out: 64: 02 8e 03 01 01 00 ... Data out: 64: 02 0c 03 14 00 ... Data out 64: 02 0e 06 06 08 00 ... Data in: 6: 00 00 07 44 00 00 ... (C) Data out: 64: 02 8e 03 07 02 15 0c 03 14 ... Data out: 64: 02 0e 06 05 08 00 ... (D) Data in: 6: 00 00 07 44 00 00 ... (C) Data out: 64: 02 8e 03 07 02 11 0c 03 14 00 ... Data out: 64: 02 0e 06 05 08 00 ... (D) Data in: 6: 00 00 07 44 00 00 ... (C) 7 * 02 8e Data out: 64: 02 87 06 00 00 01 00 03 01 00 ... Data out: 32k: 08 02 (repeats forever) Data out: 32k: 08 02 (repeats forever, again) 2 * 02 8e Data out: 64: 02 8e 02 00 05 8e 02 00 04 ... (E) (Ping) Data out: 1: 01 Data in: 8: 01 03 03 .... (F, serial?) 2 * 02 8e Data out: 64: 02 8e 02 00 05 8e 02 00 04 ... (E) (Ping) Data out: 1: 01 Data in: 8: 01 03 03 .... (F, serial?)
With SW open, enable Ch A at 20mV
PcapNG capture: File:PS 2406B turn on ch a 20mv.pcapng.zip
Data out: 64: 02 0e 06 05 08 ... Data in: 6: 00 00 07 44 00 Data out: 64: 02 8e 02 00 08 ... (A) Data out: 64: 02 8e 02 00 01 ... (B) Data out: 64: 02 0a 00 00 00 ... Data out: 64: 02 8e 03 01 20 ... Data out: 64: 02 8e 02 00 00 ... Data out: 64: 02 07 06 20 00 00 00 02 01 00 ... Data in: 32: 0000 aa 55 01 04 00 00 00 00 fc d9 00 00 00 00 00 00 0010 00 00 00 00 00 00 00 00 00 00 00 00 02 00 10 00 Data out: 64: 02 8e 02 00 08 ... (A) Data out: 64: 02 8e 02 00 01 ... (B) Data out: 64: 0000 02 8e 04 01 0f cc 9e 8e 03 01 13 2a 8e 07 01 42 0010 08 01 02 b3 01 8e 02 00 ... Data out: 64: 02 07 06 08 10 00 00 02 01 00 ... -------------------------------------------------------- Then acq on EP 2: data in: 4104: 0000 fc 02 fd 03 fd 02 fc 02 fd 02 fc 02 fc 02 fd 02 0010 fc 03 fd 02 fc 02 fc 02 fd 02 fd 02 fd 03 fd 03 This looks like raw samples of some sort -------------------------------------------------------- Back to EP 1: 00 Data out: 64: 02 8e 02 00 08 ... (A) Data out: 64: 02 8e 02 00 01 ... (B) Data out: 64: 0000 02 8e 04 01 0f 2a 9f 8e 04 01 45 c7 00 8e 02 00 0010 ... Data out: 64: 02 07 06 0c 23 00 00 02 01 00 ... Then acq on EP 2 again (8972)