WireShark USB 抓包：CMSIS-DAP调试分析

1万 · 2025-4-11 08:21

环境

分析
WireShark 过滤设置：usb.device_address == xx && usb.endpoint_address.number == x

扫描调试器
0000 1b 00 d0 c7 c0 4e 01 bd ff ff 00 00 00 00 09 00
0010 00 02 00 1e 00 01 01 40 00 00 00 00 02 00 00 00
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00

01: Endpoint: 0x01, Direction: OUT
01: URB transfer type: URB_INTERRUPT (0x01)
00 00 00 40: Packet Data Length: 64

USB 数据简化为：

CMD00: ID_DAP_Info
DAP_ID_PRODUCT
00 02 …

Response: NULL
00 00 …

DAP_ID_SER_NUM
00 03 00…

Response: 0880ff20f17004c75fd
00 14 30 38 38 30 66 66 32 30 66 31 37 30 30 34 63 37 35 66 64

DAP_ID_DAP_FW_VER
00 04 00…

Response: 2.1.0
00 06 32 2e 31 2e 30 00…

DAP_ID_CAPABILITIES
00 F0 00…

Response: 0x01
00 01 31 00…

info[0] = ((DAP_SWD  != 0) ? (1U << 0) : 0U) |
((DAP_JTAG != 0)       ? (1U << 1) : 0U) |
         ((SWO_UART != 0)       ? (1U << 2) : 0U) |
         ((SWO_MANCHESTER != 0) ? (1U << 3) : 0U) |
         /* Atomic Commands  */    (1U << 4)    |
         ((TIMESTAMP_CLOCK != 0U) ? (1U << 5) : 0U) |
         ((SWO_STREAM != 0U)    ? (1U << 6) : 0U) |
         ((DAP_UART != 0U)       ? (1U << 7) : 0U);

DAP_ID_VENDOR
00 01 00…

Response: NULL
00…

DAP_ID_PACKET_SIZE
00 FF 00…

Response: 64
00 02 40 00…

DAP_ID_PACKET_COUNT
00 FE 00…

Response: 64
00 01 40 00…

CMD02: ID_DAP_Connect
DAP_PORT_SWD

02 01 00…

Response: 回环
02 01 00…

CMD11: ID_DAP_SWJ_Clock
11 40 42 0F 00…

Response: 回环错了一位
11 00 42 0F 00…

CMD04: ID_DAP_TransferConfigure
04 00 64 00 00 00…

struct {                                     // Transfer Configuration
uint8_t idle_cycles;                   // Idle cycles after transfer
uint8_t padding[3];
uint16_t  retry_count;                   // Number of retries after WAIT response
uint16_t  match_retry;                   // Number of retries if read value does not match
uint32_t  match_mask;                      // Match Mask
} transfer;

static uint32_t DAP_TransferConfigure(const uint8_t *request, uint8_t *response) {
  DAP_Data.transfer.idle_cycles =          *(request+0);
  DAP_Data.transfer.retry_count = (uint16_t) *(request+1) | (uint16_t)(*(request+2) << 8);
  DAP_Data.transfer.match_retry = (uint16_t) *(request+3) | (uint16_t)(*(request+4) << 8);

  *response = DAP_OK;
  return ((5U << 16) | 1U);
}

Idle cycles after transfer = 0;
retry_count = 100;
match_retry = 0;

Response: 回环
04 00 64 00 00 00…

CMD13: ID_DAP_SWD_Configure
13 00…

Response: 回环
13 00…

CMD01: ID_DAP_HostStatus
DAP_DEBUGGER_CONNECTED

01 00 01 00…

Response: 回环
01 00 01 00…

CMD12: ID_DAP_SWJ_Sequence
LineReset
12 33 FF FF FF FF FF FF FF 00…

0x33: 51(bit)
Send LINERESET
输出如下：

Response: 回环 (Response = 0x00)
12 00 FF FF FF FF FF FF FF 00…

JATG2SWD
12 10 9E E7 00…

LineReset
12 33 FF FF FF FF FF FF FF 00…

0x00 00
12 08 00 00 00…

CMD05: ID_DAP_Transfer + …
05 00 01 02 00…

Response: `0x0BB11477
05 01 01 77 14 b1 0b 00…

CMD12: IDLE
12 08 00 00 00…

Response:
12 00 00 00 00…

CMD03: ID_DAP_Disconnect
03 00…

Response:
03 00…

CMD01: ID_DAP_HostStatus + DAP_DEBUGGER_CONNECTED
01 00 00…

Response: 回环
01 00 00…

Download
case1: Normal & Autodetect
CMD00: ID_DAP_Info
CMD02: ID_DAP_Connect
02 01

CMD11: ID_DAP_SWJ_Clock
11 40 42 0f

CMD04: ID_DAP_TransferConfigure
04 00 64

CMD13: ID_DAP_SWD_Configure
13 00

CMD01: ID_DAP_HostStatus
01 00 01

CMD12: ID_DAP_SWJ_Sequence
LineReset
12 33 FF FF FF FF FF FF FF

JTAG2SWD
12 10 9E E7

LineReset
12 33 FF FF FF FF FF FF FF

IDLE
12 08 00 00

CMD05: ID_DAP_Transfer
05 00 01 02

CMD12: IDLE
12 08 00 00

CMD05: ID_DAP_Transfer
05 00 01 02

CMD05: ID_DAP_Transfer
05 00 01 08

CMD05: ID_DAP_Transfer
05 00 01 04 00 00 00 50

CMD05: ID_DAP_Transfer
05 00 01 06

CMD08: ID_DAP_WriteABORT
08 00 1E

CMD05: ID_DAP_Transfer
05 00 01 04 00 0F 00 50

CMD05: ID_DAP_Transfer
05 00 01 08 F0

CMD05: ID_DAP_Transfer
05 00 01 0F

CMD05: ID_DAP_Transfer
05 00 01 08

CMD05: ID_DAP_Transfer
05 00 01 01 60 00 00 23

CMD05: ID_DAP_Transfer
05 00 01 03

CMD05: ID_DAP_Transfer
05 00 01 01 60 00 00 23

CMD05: ID_DAP_Transfer
05 00 01 03

CMD05: ID_DAP_Transfer
05 00 01 01 52 00 00 23

CMD05: ID_DAP_Transfer
05 00 01 08 F0

CMD05: ID_DAP_Transfer
05 00 01 0B

CMD05: ID_DAP_Transfer
05 00 01 08

CMD05: ID_DAP_Transfer
05 00 01 05 F0 FF 0F E0

CMD06: ID_DAP_TransferBlock
06 00 04 00 0F

CMD05: ID_DAP_Transfer
05 00 01 06

CMD05: ID_DAP_Transfer
05 00 01 05 D0 FF 0F E0

CMD06: ID_DAP_TransferBlock
06 00 08 00 0F

CMD05: ID_DAP_Transfer
05 00 01 06

CMD05: ID_DAP_Transfer
05 00 02 05 00 F0 0F E0 0F

CMD05: ID_DAP_Transfer
05 00 01 05 F0 EF 00 E0

CMD06: ID_DAP_TransferBlock
06 00 04 00 0F

CMD05: ID_DAP_Transfer
05 00 01 06

CMD05: ID_DAP_Transfer
05 00 01 05 D0 EF 00 E0

CMD06: ID_DAP_TransferBlock
06 00 08 00 0F

CMD05: ID_DAP_Transfer
05 00 01 06

CMD05: ID_DAP_Transfer
05 00 02 05 FC ED 00 E0 0D 00 00 00 01

Case2: UnderReset. Hardware
CMD00: ID_DAP_Info
CMD02: ID_DAP_Connect
CMD11: ID_DAP_SWJ_Clock
CMD04: ID_DAP_TransferConfigure
CMD13: ID_DAP_SWD_Configure
CMD01: ID_DAP_HostStatus
CMD10: ID_DAP_SWJ_Pins
10 00 80

CMD12: ID_DAP_SWJ_Sequence
LineReset
12 33 FF FF FF FF FF FF FF

JATG2SWD
12 10 9E E7

LineReset
12 33 FF FF FF FF FF FF FF

IDLE
12 08 00 00

CMD05: ID_DAP_Transfer
05 00 01 02

在发送命令后

————————————————

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

原文链接：https://blog.csdn.net/chendu103/article/details/126285487

WireShark USB 抓包：CMSIS-DAP调试分析

十世金身

技术领袖奖章

坚毅之洋流

终身成就奖章