Hacking a generic USB joystick using HIDAPI.

It has been a while since I posted something here. Lately I have been working on USB firmware and software applications. There are loads of things to post but have very less free time. I’ll post them when I got a free time.

What this article primarily talks about is on a method to communicate with the joystick using your own application. It may be to control a robot, who knows. I will be using a simple MFC application to communicate with the joystick.

In order to understand the article properly you should have at least a slight understanding about,

  1. MFC applications
  2. USB specifications
  3. HID class specifications
  4. C++

A helicopter view of how this communication works,

You have the device. A driver is needed to communicate with the device. The driver has something called IOCTLs which are used by the applications/libraries to communicate with the device. Ya, that’s enough.

HIDAPI is some sort of a library which is cross platform (i will be using it in windows though) and it will take care of all the IOCTL calls and provide us with an API to easily communicate with the device. In other words, we do not need to worry about specific IOCTL details, rather we just need to know how to use the API functions. HIDAPI uses the windows generic driver to communicate with the joystick or any other HID class USB devices. You can find HIDAPI home page here.

First thing I did was connecting the joystick to the pc and sniffing the USB packets using USBlyzer. After that I understood that there is an Interrupt Transfer which has 8 bytes of data. And it simply floods the USBlyzer window. I tried a bit to find the protocol but I haven’t had any luck. So I decided I will figure it out myself.