[Nut-upsdev] Krauler UP-M500VA investigation

Peter Selinger selinger at mathstat.dal.ca
Fri Nov 17 06:08:05 CET 2006 

Alexander I. Gordeev wrote:
> 
> Success!
> I haven't yet switched UPS to Windows box so I haven't tried usbsnoop.
> But I tried your program, Peter. It WORKS! UPS is responding.
> By the way, could you please explain what is "descriptor" and "index"
> and how to choose them?

Please see the USB specification, at
http://www.usb.org/developers/docs/, file usb_20.pdf, section 9.4.3
(and referenced tables). Rougly speaking, a descriptor is a data
structure used by a USB device to describe itself. Certain descriptor
types are predefined; the contents of the corresponding data
structures are defined in section 9.6. 

Your initial success is encouraging. Particularly descriptor 3 index 3
(the third "string" descriptor) looks promising: this appears to be
some sort of encoded device state, because it changes over time. The
first byte is the length (0x60 = 96 bytes), the second byte is the
descriptor type (3 = string), and the rest is the string data, using 2
bytes per character (the character encoding is 16-bit Unicode). The
string contents looks like it was taken from a serial protocol:

"(229.0 165.0 229.0 000 50.0 13.6 00.0 00001000\n"

This could be a set of voltages (229.0V), frequency (50.0Hz), battery
voltage (13.6V), and some status bits (for things like "on battery",
"low battery" etc). 

Index 19 seems to be identical (19 = 16+3; probably indices are taken
modulo 16). 

Index 13 also looks promising:

"#225.0 004 11.50 50.0"

could be more state info. It is troubling that the device is liable to
return errors ("UPS No Ack") for no apparent reason. 

The above mechanism could potentially be used to write a custom driver
for this device. It probably doesn't belong in the newhidups driver,
since it does not use the HID mechanism. 

In the USB specification, the "get_descriptor" request is used mainly
to read static information from the UPS (such as its name,
manufacturer, capabilities, usage table, etc). 

There is another request specific to HID devices called "get_report".
This is described in section 7.2.1 of the HID specification
(http://www.usb.org/developers/hidpage/, file HID1_11.pdf).  This
request, which is not implemented by my program get_descriptor.c,
is intended to be used to read actual state information from the UPS,
and this is where newhidups returned only time-outs. 

It might be worthwhile to modify the get_descriptor.c program to
implement the get_report request. An example for how to do this is in
the libusb_get_report() function in drivers/libusb.c in the NUT
sources. However, one should play around with the timeout, the
reportsize, and the other parameters. 

I hope this helps. Happy experimenting! -- Peter

Alexander I. Gordeev wrote:
> Here are some logs of program starts with different parameters:
> 
> Here I tried values that newhidups had reported
> -----------------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 1 16
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x01 index 16:
> 
>  12 01 00 01 00 00 00 08 01 00 00 00 00 01 01 02 00 01
> 
>  ..................
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 2 16
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x02 index 16:
> 
>  09 02 22 00 01 01 00 80 32 09 04 00 00 01 03 00 00 00 09 21 00 01 00 01
>  22 70 02 07 05 81 03 08 00 0a
> 
>  ..".....2..........!...."p........
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 16
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 16:
> 
>  04 03 09 00
> 
>  ....
> 
> 
> The same output comes for all indexes from 0 to about 30 with descriptor = 1
> ----------------------------------------------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 1 0
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x01 index 0:
> 
>  12 01 00 01 00 00 00 08 01 00 00 00 00 01 01 02 00 01
> 
>  ..................
> 
>  
> Quite the same situation with descriptor = 2
> --------------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 2 0
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x02 index 0:
> 
>  09 02 22 00 01 01 00 80 32 09 04 00 00 01 03 00 00 00 09 21 00 01 00 01
>  22 70 02 07 05 81 03 08 00 0a
> 
>  ..".....2..........!...."p........
> 
>  
> With descriptor = 3:
> --------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 0
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 0:
> 
>  04 03 09 00
> 
>  ....
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 1
> Can't get endpoint 129 descriptor 0x03 index 1: error sending control message: Connection timed out
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 2
> Can't get endpoint 129 descriptor 0x03 index 2: error sending control message: Connection timed out
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 3
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 3:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 4
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 4:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 5
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 5:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 6
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 6:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 7
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 7:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> 
>  
> And at this point I noticed a beep from the UPS! I tried this sequence
> once more and behaviour of this run changed:
> ----------------------------------------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 3
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 3:
> 
>  60 03 28 00 32 00 32 00 39 00 2e 00 30 00 20 00 31 00 36 00 35 00 2e 00
>  30 00 20 00 32 00 32 00 39 00 2e 00 30 00 20 00 30 00 30 00 30 00 20 00
>  35 00 30 00 2e 00 30 00 20 00 31 00 33 00 2e 00 36 00 20 00 30 00 30 00
>  2e 00 30 00 20 00 30 00 30 00 30 00 30 00 31 00 30 00 30 00 30 00 0d 00
> 
>  `.(.2.2.9...0. .1.6.5...0. .2.2.9...0. .0.0.0. .5.0...0. .1.3...6. .0.0.
>  ..0. .0.0.0.0.1.0.0.0...
> 
>  
> And it also changes from time to time:
> --------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 3
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 3:
> 
>  60 03 28 00 32 00 32 00 39 00 2e 00 30 00 20 00 31 00 36 00 35 00 2e 00
>  30 00 20 00 32 00 32 00 39 00 2e 00 30 00 20 00 30 00 30 00 30 00 20 00
>  35 00 30 00 2e 00 30 00 20 00 31 00 33 00 2e 00 35 00 20 00 30 00 30 00
>  2e 00 30 00 20 00 30 00 30 00 30 00 30 00 31 00 30 00 30 00 30 00 0d 00
> 
>  `.(.2.2.9...0. .1.6.5...0. .2.2.9...0. .0.0.0. .5.0...0. .1.3...5. .0.0.
>  ..0. .0.0.0.0.1.0.0.0...
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 3
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 3:
> 
>  60 03 28 00 32 00 33 00 31 00 2e 00 30 00 20 00 31 00 36 00 35 00 2e 00
>  30 00 20 00 32 00 33 00 31 00 2e 00 30 00 20 00 30 00 30 00 30 00 20 00
>  35 00 30 00 2e 00 30 00 20 00 31 00 33 00 2e 00 35 00 20 00 30 00 30 00
>  2e 00 30 00 20 00 30 00 30 00 30 00 30 00 31 00 30 00 30 00 30 00 0d 00
> 
>  `.(.2.3.1...0. .1.6.5...0. .2.3.1...0. .0.0.0. .5.0...0. .1.3...5. .0.0.
>  ..0. .0.0.0.0.1.0.0.0...
> 
> 
> Some other interesting logs:
> ----------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 12
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 12:
> 
>  50 03 23 00 4b 00 52 00 41 00 55 00 4c 00 45 00 52 00 20 00 20 00 20 00
>  20 00 20 00 20 00 20 00 20 00 20 00 55 00 50 00 2d 00 4d 00 35 00 30 00
>  30 00 56 00 41 00 20 00 20 00 56 00 45 00 52 00 33 00 2e 00 30 00 30 00
>  20 00 20 00 20 00 0d 00
> 
>  P.#.K.R.A.U.L.E.R. . . . . . . . . .U.P.-.M.5.0.0.V.A. . .V.E.R.3...0.0.
>   . . ...
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 13
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 13:
> 
>  2e 03 23 00 32 00 32 00 35 00 2e 00 30 00 20 00 30 00 30 00 34 00 20 00
>  31 00 31 00 2e 00 35 00 30 00 20 00 35 00 30 00 2e 00 30 00 0d 00
> 
>  ..#.2.2.5...0. .0.0.4. .1.1...5.0. .5.0...0...
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 19
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 19:
> 
>  60 03 28 00 32 00 32 00 39 00 2e 00 30 00 20 00 31 00 36 00 35 00 2e 00
>  30 00 20 00 32 00 32 00 39 00 2e 00 30 00 20 00 30 00 30 00 30 00 20 00
>  35 00 30 00 2e 00 30 00 20 00 31 00 33 00 2e 00 36 00 20 00 30 00 30 00
>  2e 00 30 00 20 00 30 00 30 00 30 00 30 00 31 00 30 00 30 00 30 00 0d 00
> 
>  `.(.2.2.9...0. .1.6.5...0. .2.2.9...0. .0.0.0. .5.0...0. .1.3...6. .0.0.
>  ..0. .0.0.0.0.1.0.0.0...
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 20
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 20:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 21
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 21:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 22
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 22:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 23
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 23:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 24
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 24:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 25
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 25:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 26
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 26:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 27
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 27:
> 
>  16 03 55 00 50 00 53 00 20 00 4e 00 6f 00 20 00 41 00 63 00 6b 00
> 
>  ..U.P.S. .N.o. .A.c.k.
> 
> 
> Nearly every time I got "..U.P.S. .N.o. .A.c.k." message UPS beeped or
> uttered some clicking sounds
> ----------------------------------------------------------------------
> 
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 28
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 28:
> 
>  50 03 22 00 4b 00 52 00 41 00 55 00 4c 00 45 00 52 00 20 00 20 00 20 00
>  20 00 20 00 20 00 20 00 20 00 20 00 55 00 50 00 2d 00 4d 00 35 00 30 00
>  30 00 56 00 41 00 20 00 20 00 56 00 45 00 52 00 33 00 2e 00 30 00 30 00
>  20 00 20 00 20 00 0d 00
> 
>  P.".K.R.A.U.L.E.R. . . . . . . . . .U.P.-.M.5.0.0.V.A. . .V.E.R.3...0.0.
>   . . ...
> admin at router:/home/alex/work/module-dev/hid> ./get_descriptor 001 003 1 0 0 129 3 29
> Bus 001 device 003 configuration 1 interface 0 altsetting 0 endpoint 129 descriptor 0x03 index 29:
> 
>  2e 03 23 00 32 00 32 00 35 00 2e 00 30 00 20 00 30 00 30 00 34 00 20 00
>  31 00 31 00 2e 00 35 00 30 00 20 00 35 00 30 00 2e 00 30 00 0d 00
> 
>  ..#.2.2.5...0. .0.0.4. .1.1...5.0. .5.0...0...
> 
> 
> Sorry if I quoted too much.
> 
> P.S. I forgot that when I was experimenting for the first time some
> equipment was plugged in and after one run UPS powered itself off.
> After that I unplugged the devices for safety and without load it
> never turns off.
> 
> Peter Selinger wrote:
> 
> > It's an interesting guess, but this is not possible. The reason is
> > that (as Charles already pointed out) one never asks a HID device for
> > '00860004.xxx' - one asks, e.g., for "Report number 13". The UPS sends
> > a sort of directory in the beginning, explaining what reports
> > correspond to what usages. So in a sense the usages such as '00860004'
> > are purely informational. 
> 
> > It is, however, possible that it sends the wrong report id's, or that
> > the hardware is simply too slow to respond to our requests (as Charles
> > suggested). 
> 
> > I once posted a program called get_descriptor.c on the nut-upsdev
> > mailing list [attached below]. This is a simple tool that can be used
> > to experiment with retrieving individual reports from a USB device
> > from the command line. It might be a good starting point for
> > exploration, as it is relatively simple to modify (e.g. to insert
> > timing delays).
> 
> > If we find some hack that works, we can then worry about how newhidups
> > should be modified.
> 
> > -- Peter
> 
> -- 
>  Alexander                          mailto:lasaine at lvk.cs.msu.su
>

More information about the Nut-upsdev mailing list