WireShark USB 抓包：CMSIS-DAP调试分析

环境

类别	内容
IDE	Keil V5.37
CMSIS_DAP Firmware	V2.1.0
Debug Port	SWD
Max Clock	1MHz

分析

WireShark 过滤设置：usb.device_address == xx && usb.endpoint_address.number == x

扫描调试器

0000 1b 00 d0 c7 c0 4e 01 bd ff ff 00 00 00 00 09 00
0010 00 02 00 1e 00 01 01 40 00 00 00 00 02 00 00 00
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00

01: Endpoint: 0x01, Direction: OUT
01: URB transfer type: URB_INTERRUPT (0x01)
00 00 00 40: Packet Data Length: 64

USB 数据简化为：

CMD00: ID_DAP_Info

DAP_ID_PRODUCT

00 02 …

• Response: NULL

00 00 …

DAP_ID_SER_NUM

00 03 00…

• Response: 0880ff20f17004c75fd

00 14 30 38 38 30 66 66 32 30 66 31 37 30 30 34 63 37 35 66 64

DAP_ID_DAP_FW_VER

00 04 00…

• Response: 2.1.0

00 06 32 2e 31 2e 30 00…

DAP_ID_CAPABILITIES

00 F0 00…

• Response: 0x01

00 01 31 00…

info[0] = ((DAP_SWD  != 0) ? (1U << 0) : 0U) |
			((DAP_JTAG != 0)         ? (1U << 1) : 0U) |
            ((SWO_UART != 0)         ? (1U << 2) : 0U) |
            ((SWO_MANCHESTER != 0)   ? (1U << 3) : 0U) |
            /* Atomic Commands  */     (1U << 4)       |
            ((TIMESTAMP_CLOCK != 0U) ? (1U << 5) : 0U) |
            ((SWO_STREAM != 0U)      ? (1U << 6) : 0U) |
            ((DAP_UART != 0U)        ? (1U << 7) : 0U);

DAP_ID_VENDOR

00 01 00…

• Response: NULL

00…

DAP_ID_PACKET_SIZE

00 FF 00…

• Response: 64

00 02 40 00…

DAP_ID_PACKET_COUNT

00 FE 00…

• Response: 64

00 01 40 00…

CMD02: ID_DAP_Connect

DAP_PORT_SWD

02 01 00…

• Response: 回环

02 01 00…

CMD11: ID_DAP_SWJ_Clock

11 40 42 0F 00…

• Response: 回环 错了一位

11 00 42 0F 00…

CMD04: ID_DAP_TransferConfigure

04 00 64 00 00 00…

struct {                                      // Transfer Configuration
    uint8_t   idle_cycles;                      // Idle cycles after transfer
    uint8_t    padding[3];
    uint16_t  retry_count;                      // Number of retries after WAIT response
    uint16_t  match_retry;                      // Number of retries if read value does not match
    uint32_t  match_mask;                       // Match Mask
} transfer;

static uint32_t DAP_TransferConfigure(const uint8_t *request, uint8_t *response) {
  DAP_Data.transfer.idle_cycles =            *(request+0);
  DAP_Data.transfer.retry_count = (uint16_t) *(request+1) | (uint16_t)(*(request+2) << 8);
  DAP_Data.transfer.match_retry = (uint16_t) *(request+3) | (uint16_t)(*(request+4) << 8);
  
  *response = DAP_OK;
  return ((5U << 16) | 1U);
}

Idle cycles after transfer = 0;
retry_count = 100;
match_retry = 0;

• Response: 回环

04 00 64 00 00 00…

CMD13: ID_DAP_SWD_Configure

13 00…

• Response: 回环

13 00…

CMD01: ID_DAP_HostStatus

DAP_DEBUGGER_CONNECTED

01 00 01 00…

• Response: 回环

01 00 01 00…

CMD12: ID_DAP_SWJ_Sequence

LineReset

12 33 FF FF FF FF FF FF FF 00…

0x33: 51(bit)
Send LINERESET
输出如下：

• Response: 回环 (Response = 0x00)

12 00 FF FF FF FF FF FF FF 00…

JATG2SWD

12 10 9E E7 00…

LineReset

12 33 FF FF FF FF FF FF FF 00…

0x00 00

12 08 00 00 00…

CMD05: ID_DAP_Transfer + …

05 00 01 02 00…

• Response: `0x0BB11477

05 01 01 77 14 b1 0b 00…

CMD12: IDLE

12 08 00 00 00…

• Response:

12 00 00 00 00…

CMD03: ID_DAP_Disconnect

03 00…

• Response:

03 00…

CMD01: ID_DAP_HostStatus + DAP_DEBUGGER_CONNECTED

01 00 00…

• Response: 回环

01 00 00…

Download

case1: Normal & Autodetect

CMD00: ID_DAP_Info

CMD02: ID_DAP_Connect

02 01

CMD11: ID_DAP_SWJ_Clock

11 40 42 0f

CMD04: ID_DAP_TransferConfigure

04 00 64

CMD13: ID_DAP_SWD_Configure

13 00

CMD01: ID_DAP_HostStatus

01 00 01

CMD12: ID_DAP_SWJ_Sequence

LineReset

12 33 FF FF FF FF FF FF FF

JTAG2SWD

12 10 9E E7

LineReset

12 33 FF FF FF FF FF FF FF

IDLE

12 08 00 00

CMD05: ID_DAP_Transfer

05 00 01 02

CMD12: IDLE

12 08 00 00

CMD05: ID_DAP_Transfer

05 00 01 02

CMD05: ID_DAP_Transfer

05 00 01 08

CMD05: ID_DAP_Transfer

05 00 01 04 00 00 00 50

CMD05: ID_DAP_Transfer

05 00 01 06

CMD08: ID_DAP_WriteABORT

08 00 1E

CMD05: ID_DAP_Transfer

05 00 01 04 00 0F 00 50

CMD05: ID_DAP_Transfer

05 00 01 08 F0

CMD05: ID_DAP_Transfer

05 00 01 0F

CMD05: ID_DAP_Transfer

05 00 01 08

CMD05: ID_DAP_Transfer

05 00 01 01 60 00 00 23

CMD05: ID_DAP_Transfer

05 00 01 03

CMD05: ID_DAP_Transfer

05 00 01 01 60 00 00 23

CMD05: ID_DAP_Transfer

05 00 01 03

CMD05: ID_DAP_Transfer

05 00 01 01 52 00 00 23

CMD05: ID_DAP_Transfer

05 00 01 08 F0

CMD05: ID_DAP_Transfer

05 00 01 0B

CMD05: ID_DAP_Transfer

05 00 01 08

CMD05: ID_DAP_Transfer

05 00 01 05 F0 FF 0F E0

CMD06: ID_DAP_TransferBlock

06 00 04 00 0F

CMD05: ID_DAP_Transfer

05 00 01 06

CMD05: ID_DAP_Transfer

05 00 01 05 D0 FF 0F E0

CMD06: ID_DAP_TransferBlock

06 00 08 00 0F

CMD05: ID_DAP_Transfer

05 00 01 06

CMD05: ID_DAP_Transfer

05 00 02 05 00 F0 0F E0 0F

CMD05: ID_DAP_Transfer

05 00 01 05 F0 EF 00 E0

CMD06: ID_DAP_TransferBlock

06 00 04 00 0F

CMD05: ID_DAP_Transfer

05 00 01 06

CMD05: ID_DAP_Transfer

05 00 01 05 D0 EF 00 E0

CMD06: ID_DAP_TransferBlock

06 00 08 00 0F

CMD05: ID_DAP_Transfer

05 00 01 06

CMD05: ID_DAP_Transfer

05 00 02 05 FC ED 00 E0 0D 00 00 00 01

Case2: UnderReset. Hardware

CMD00: ID_DAP_Info

CMD02: ID_DAP_Connect

CMD11: ID_DAP_SWJ_Clock

CMD04: ID_DAP_TransferConfigure

CMD13: ID_DAP_SWD_Configure

CMD01: ID_DAP_HostStatus

CMD10: ID_DAP_SWJ_Pins

10 00 80

CMD12: ID_DAP_SWJ_Sequence

LineReset

12 33 FF FF FF FF FF FF FF

JATG2SWD

12 10 9E E7

LineReset

12 33 FF FF FF FF FF FF FF

IDLE

12 08 00 00

CMD05: ID_DAP_Transfer

05 00 01 02

在发送命令后

有几点疑问：

SWD发送的