Open SuperMarioSF opened 2 years ago
SuperMarioSF
commented
2 years ago By the way I done some binary hacking, modified my current binary to have 0x4ee4 product ID. Device ID actually changed, and Windows picked up RNDIS device as expected, however the driver doesn't automatically install, leaving in a unconfigured state.
Maybe there are extra works need to be done.
fevenor
commented
2 years ago The RNDIS in HandsomeMod looks different from that in Android. Android's RNDIS can be recognized by RouterOS, but HandsomeMod's is not.
SuperMarioSF
commented
2 years ago The RNDIS in HandsomeMod looks different from that in Android. Android's RNDIS can be recognized by RouterOS, but HandsomeMod's is not.
Btw which version of RouterOS are you using?
On my RouterOS v6.49.2 on hAP ac2 it works just fine, both default 18D1:D001 and "hacked" 18D1:4EE4 just works, and I'm using this right now.
fevenor
commented
2 years ago The RNDIS in HandsomeMod looks different from that in Android. Android's RNDIS can be recognized by RouterOS, but HandsomeMod's is not.
Btw which version of RouterOS are you using? On my RouterOS v6.49.2 on hAP ac2 it works just fine, both default
18D1:D001and "hacked"18D1:4EE4just works, and I'm using this right now.
RouterOS 7.2.3 on RB5009 I did a test, on RouterOS 7.2.3, Android's RNDIS works fine and recognizes as LTE, HandsomeMod's shows up in USB, but doesn't recognize as LTE. RB5009 doesn't support RouterOS 6, so I used CHR version to test, on RouterOS 6.48.6 CHR, neither Android's nor HandsomeMod's can be displayed in USB.
fevenor
commented
2 years ago Linux系统下的USB信息应该有些帮助: Android:
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M
|__ Port 1: Dev 2, If 0, Class=Wireless, Driver=rndis_host, 480M
|__ Port 1: Dev 2, If 1, Class=CDC Data, Driver=rndis_host, 480M
|__ Port 1: Dev 2, If 2, Class=Vendor Specific Class, Driver=, 480M
|__ Port 1: Dev 2, If 3, Class=Vendor Specific Class, Driver=, 480MBus 001 Device 002: ID 05c6:90b4 Qualcomm, Inc. Android
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x05c6 Qualcomm, Inc.
idProduct 0x90b4
bcdDevice ff.ff
iManufacturer 1 Android
iProduct 2 Android
iSerial 3 4239ce11
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0093
bNumInterfaces 4
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Association:
bLength 8
bDescriptorType 11
bFirstInterface 0
bInterfaceCount 2
bFunctionClass 224 Wireless
bFunctionSubClass 1 Radio Frequency
bFunctionProtocol 3 RNDIS
iFunction 9 RNDIS
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 3 RNDIS
iInterface 7 RNDIS Communications Control
** UNRECOGNIZED: 05 24 00 10 01
** UNRECOGNIZED: 05 24 01 00 01
** UNRECOGNIZED: 04 24 02 00
** UNRECOGNIZED: 05 24 06 00 01
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0008 1x 8 bytes
bInterval 9
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 8 RNDIS Ethernet Data
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 2
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
** UNRECOGNIZED: 05 24 00 10 01
** UNRECOGNIZED: 05 24 01 00 00
** UNRECOGNIZED: 04 24 02 02
** UNRECOGNIZED: 05 24 06 00 00
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x000a 1x 10 bytes
bInterval 9
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 3
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 66
bInterfaceProtocol 1
iInterface 4 ADB Interface
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x85 EP 5 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)HandsomeMod:
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M
|__ Port 1: Dev 3, If 0, Class=Communications, Driver=rndis_host, 480M
|__ Port 1: Dev 3, If 1, Class=CDC Data, Driver=rndis_host, 480M
|__ Port 1: Dev 3, If 2, Class=Vendor Specific Class, Driver=, 480MBus 001 Device 003: ID 18d1:d001 Google Inc. Nexus 4 (fastboot)
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x18d1 Google Inc.
idProduct 0xd001 Nexus 4 (fastboot)
bcdDevice 0.01
iManufacturer 1 HandsomeTech
iProduct 2 HandsomeMod Device
iSerial 3 0123456789
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0062
bNumInterfaces 3
bConfigurationValue 1
iConfiguration 4 c1
bmAttributes 0x80
(Bus Powered)
MaxPower 2mA
Interface Association:
bLength 8
bDescriptorType 11
bFirstInterface 0
bInterfaceCount 2
bFunctionClass 2 Communications
bFunctionSubClass 6 Ethernet Networking
bFunctionProtocol 0
iFunction 7 RNDIS
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 255 Vendor Specific (MSFT RNDIS?)
iInterface 5 RNDIS Communications Control
CDC Header:
bcdCDC 1.10
CDC Call Management:
bmCapabilities 0x00
bDataInterface 1
CDC ACM:
bmCapabilities 0x00
CDC Union:
bMasterInterface 0
bSlaveInterface 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0008 1x 8 bytes
bInterval 9
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 6 RNDIS Ethernet Data
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 2
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 66
bInterfaceProtocol 1
iInterface 9 ADB Interface
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0001
Self Powered
tutugreen
commented
1 year ago @fevenor
This works well in RotuerOS 7.6 @ RBD52G-5HacD2HnD-TC.
ID from https://wiki.mikrotik.com/wiki/Manual:Peripherals
btw, RouterOS has a strange behavior, if you plug a normal android phone, enable usb tethering, wait lte interface shows up, then unplug it, plug the usb stick, it will work before reboot, with default rndis @ 18D1:D001.
jackadam1981
commented
1 year ago the android put in my windows11.
koast18
commented
11 months ago 同样的问题,但是我认为更改vid和pid并不能使它在win11上正常工作,我直接patch了二进制中的vid和pid,并把它更改为和我小米手机相同(手机开启usb共享网络是能自动识别并正确安装驱动的),这次识别出的设备中功能里倒是多了RNDIS,但是却并不能安装驱动,我不是太懂这些,也许还需要其他一些字段满足才行。
另外,我在很多其他地方看到了这些
# Note: RNDIS must be the first function in the configuration, or Windows'
# RNDIS support will not operate correctly.
enable_rndis=1
if [ ${enable_rndis} -eq 1 ]; then
cfg_str="${cfg_str}+RNDIS"
func=functions/rndis.usb0
mkdir -p "${func}"
ln -sf "${func}" "${cfg}"
# Informs Windows that this device is compatible with the built-in RNDIS
# driver. This allows automatic driver installation without any need for
# a .inf file or manual driver selection.
echo 1 > os_desc/use
echo 0xcd > os_desc/b_vendor_code
echo MSFT100 > os_desc/qw_sign
echo RNDIS > "${func}/os_desc/interface.rndis/compatible_id"
echo 5162001 > "${func}/os_desc/interface.rndis/sub_compatible_id"
ln -sf "${cfg}" os_desc
fi这可以用来生成一个RNDIS设备,但是作者的代码写的对我来说有点困惑,这个结构体为什么完全没有用到呢,但是从windows的反应似乎又发送过去了。。。
那个vendor code也和网上其他的一些写的不一样 ,不知道是不是因为这些原因导致驱动会找不到。
手动修改inf在高版本系统下还得关闭驱动强制签名 完全划不来 不知道作者有没有在windows平台下测试过,盼望能早日好用
Currently
gcis usingVID=0x18D1PID=0xD001, which is corresponding to Android Fastboot device (often called "recovery" interface, some device info site mark this as "Nexus 4 (fastboot)").Maybe this is the reason Windows just can't pickup RNDIS immediately and required for manual driver selection.
A better USB device ID is
VID=0x18D1PID=0x4EE4, which on some site this matched as "Nexus/Pixel Device (tether+ debug)", which better suited for HandsomeMod use (RNDIS+ADB).References: