/*
* elksmart-comm.c: ELK Smart infrared dongle tool (for EKX4S and EKX5S-T)
*
* Copyright (c) 2024, Přemysl Eric Janouch
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
#include "config.h"
#undef PROGRAM_NAME
#define PROGRAM_NAME "elksmart-comm"
#include "liberty/liberty.c"
#include
// --- Utilities ---------------------------------------------------------------
/// Search for a device with given vendor and product ID.
/// This is quite similar to libusb_open_device_with_vid_pid().
static libusb_device_handle *
find_device (int vendor, int product, int *error)
{
libusb_device **list = NULL;
libusb_device_handle *handle = NULL;
int result = 0;
ssize_t len = libusb_get_device_list (NULL, &list);
if (len < 0)
{
result = len;
goto out;
}
for (ssize_t i = 0; i < len; i++)
{
libusb_device *device = list[i];
struct libusb_device_descriptor desc = {};
if ((result = libusb_get_device_descriptor (device, &desc)))
print_debug ("%s", libusb_strerror (result));
else if (desc.idVendor != vendor || desc.idProduct != product)
continue;
else if (!(result = libusb_open (device, &handle)))
break;
}
libusb_free_device_list (list, true);
out:
if (error != NULL && result != 0)
*error = result;
return handle;
}
static void
wait_ms (long ms)
{
struct timespec ts = { ms / 1000, (ms % 1000) * 1000 * 1000 };
nanosleep (&ts, NULL);
}
static void
dump_hex (const unsigned char *buf, size_t len)
{
for (size_t i = 0; i < len; i++)
printf ("%02x", buf[i]);
printf ("\n");
}
static bool
read_hex (const char *string, struct str *out)
{
static const char *alphabet = "0123456789abcdef";
str_reset (out);
while (true)
{
while (*string && strchr (" \t\n\r\v\f", *string))
string++;
if (!*string)
return true;
const char *hi, *lo;
if (!(hi = strchr (alphabet, tolower_ascii (*string++))) || !*string
|| !(lo = strchr (alphabet, tolower_ascii (*string++))))
return false;
str_pack_u8 (out, (hi - alphabet) << 4 | (lo - alphabet));
}
}
// --- Coding ------------------------------------------------------------------
// Values are in microseconds.
struct pulse { unsigned on, off; };
static bool
pulse_equal (struct pulse a, struct pulse b)
{
return a.on == b.on && a.off == b.off;
}
static size_t
decode_learned_direct (const uint8_t *b, size_t b_len, struct pulse *pulses)
{
size_t pulses_len = 0;
for (size_t i = 0; i < b_len; )
{
struct pulse *pulse = &pulses[pulses_len++];
while (b[i] == 0xff)
{
pulse->on += 4080;
if (++i == b_len)
return 0;
}
pulse->on += b[i++] * 16;
// Who cares, presumably it stays off.
if (i == b_len)
break;
while (b[i] == 0xff)
{
pulse->off += 4080;
if (++i == b_len)
return 0;
}
pulse->off += b[i++] * 16;
}
return pulses_len;
}
static struct pulse *
decode_learned (const struct str *code, size_t *len, struct error **e)
{
// This conveniently has an upper bound.
struct pulse *pulses = xcalloc (code->len, sizeof *pulses);
if (!(*len = decode_learned_direct
((const uint8_t *) code->str, code->len, pulses)))
{
error_set (e, "code ends unexpectedly");
free (pulses);
return NULL;
}
return pulses;
}
static struct pulse *
encode_nec_byte (struct pulse *p, uint8_t byte)
{
for (int i = 7; i >= 0; i--)
*p++ = (struct pulse)
{ .on = 550, .off = ((byte >> i) & 1) ? 1650 : 550 };
return p;
}
static struct pulse *
encode_nec (const struct str *code, size_t *len, struct error **e)
{
if (code->len % 2)
{
error_set (e, "NEC transmission format requires pairs");
return NULL;
}
// The timings seem to be rather tolerant.
*len = code->len / 2 * (1 /* leader */ + 32 + 1 /* stop */);
struct pulse *pulses = xcalloc (*len, sizeof *pulses), *p = pulses;
for (size_t i = 0; i < code->len; i += 2)
{
*p++ = (struct pulse) { .on = 8500, .off = 4250 };
p = encode_nec_byte (p, code->str[i + 0]);
p = encode_nec_byte (p, ~code->str[i + 0]);
p = encode_nec_byte (p, code->str[i + 1]);
p = encode_nec_byte (p, ~code->str[i + 1]);
*p++ = (struct pulse) { .on = 550, .off = 25000 };
}
return pulses;
}
static void
compress_value (unsigned value, struct str *encoded)
{
if (value <= 2032)
{
// We fix a minor problem in the original Ocrustar algorithm.
uint8_t v = value / 16. + .5;
str_pack_u8 (encoded, MAX (2, v));
}
else
do
{
uint8_t v = value & 0x7f;
if ((value >>= 7))
v |= 0x80;
str_pack_u8 (encoded, v);
} while (value);
}
static void
compress_pulses (const struct pulse *pulses, size_t len, struct str *encoded)
{
unsigned counts[len];
memset (counts, 0, sizeof counts);
for (size_t i = 0; i < len; i++)
for (size_t k = 0; k < len; k++)
if (pulse_equal (pulses[i], pulses[k]))
counts[i]++;
struct pulse p1 = {}, p2 = {};
size_t top1 = 0, top2 = 0;
for (size_t i = 0; i < len; i++)
if (counts[i] > counts[top1])
p1 = pulses[top1 = i];
for (size_t i = 0; i < len; i++)
if (counts[i] < counts[top1]
&& counts[i] > counts[top2])
p2 = pulses[top2 = i];
else if (counts[top2] == counts[top1])
p2 = pulses[top2 = i];
// Although I haven't really tried it, something tells me that
// this will work even in the degenerated case of len <= 2.
// XXX: The receiver might not like multibyte values here,
// Ocrustar also oddly replaces 0xff with 0xfe for these fields.
compress_value (p2.on, encoded);
compress_value (p2.off, encoded);
compress_value (p1.on, encoded);
compress_value (p1.off, encoded);
str_pack_u8 (encoded, -1);
str_pack_u8 (encoded, -1);
str_pack_u8 (encoded, -1);
for (size_t i = 0; i < len; i++)
{
if (pulse_equal (pulses[i], p1))
str_pack_u8 (encoded, 0);
else if (pulse_equal (pulses[i], p2))
str_pack_u8 (encoded, 1);
else
{
compress_value (pulses[i].on, encoded);
compress_value (pulses[i].off, encoded);
}
}
}
// --- Device interaction ------------------------------------------------------
enum
{
USB_VENDOR_SMTCTL = 0x045c,
// 0x134 (EKX5S ~ 5s, 5th generation remote)
// 0x195 (EKX4S ~ 4s, 4th generation remote)
// 0x184 (EKX5S-T, international edition)
USB_PRODUCT_SMTCTL_SMART_EKX4S = 0x0195,
USB_PRODUCT_SMTCTL_SMART_EKX5S_T = 0x0184,
// There should only ever be one interface.
USB_INTERFACE = 0,
};
static uint8_t
c_transmit[] = { -1, -1, -1, -1 },
c_learn[] = { -2, -2, -2, -2 },
c_stop[] = { -3, -3, -3, -3 },
c_identify[] = { -4, -4, -4, -4 };
static struct
{
unsigned char endpoint_out; ///< Outgoing endpoint
unsigned char endpoint_in; ///< Incoming endpoint
}
g;
static bool
init_device_from_desc (struct libusb_config_descriptor *desc, struct error **e)
{
// We're not being particuarly strict in here.
if (desc->bNumInterfaces != 1)
return error_set (e, "unexpected USB interface count");
if (desc->interface->num_altsetting != 1)
return error_set (e, "unexpected alternate setting count");
const struct libusb_interface_descriptor *asd = desc->interface->altsetting;
if (asd->bInterfaceClass != LIBUSB_CLASS_COMM)
return error_set (e, "unexpected USB interface class");
if (asd->bNumEndpoints != 2)
return error_set (e, "unexpected endpoint count");
bool have_out = false, have_in = false;
for (uint8_t i = 0; i < asd->bNumEndpoints; i++)
{
const struct libusb_endpoint_descriptor *epd = asd->endpoint + i;
if ((epd->bmAttributes & LIBUSB_TRANSFER_TYPE_MASK)
!= LIBUSB_ENDPOINT_TRANSFER_TYPE_BULK)
return error_set (e, "unexpected endpoint transfer type");
switch ((epd->bEndpointAddress & LIBUSB_ENDPOINT_DIR_MASK))
{
break; case LIBUSB_ENDPOINT_OUT:
have_out = true;
g.endpoint_out = epd->bEndpointAddress;
break; case LIBUSB_ENDPOINT_IN:
have_in = true;
g.endpoint_in = epd->bEndpointAddress;
}
}
if (!have_out || !have_in)
return error_set (e, "USB interface is not bidirectional");
return true;
}
static bool
init_device (libusb_device_handle *device, struct error **e)
{
struct libusb_config_descriptor *desc = NULL;
int result =
libusb_get_active_config_descriptor (libusb_get_device (device), &desc);
if (result)
return error_set (e, "%s", libusb_strerror (result));
bool ok = true;
if ((result = libusb_kernel_driver_active (device, USB_INTERFACE)) == 1)
ok = error_set (e, "device is claimed by a kernel driver");
else if (result)
ok = error_set (e, "%s", libusb_strerror (result));
else
ok = init_device_from_desc (desc, e);
libusb_free_config_descriptor (desc);
return ok;
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
static uint8_t
mangle (uint8_t value)
{
uint8_t reversed = 0;
for (int i = 0; i < 8; i++)
{
reversed = (reversed << 1) | (value & 1);
value >>= 1;
}
return ~reversed;
}
static uint8_t
checksum (const uint8_t *b, size_t len)
{
uint32_t sum = 0;
for (size_t i = 0; i < len; i++)
sum += b[i];
return mangle ((sum & 0xF0) | ((sum >> 8) & 0x0F));
}
static bool
send_transmit (libusb_device_handle *device, unsigned long frequency,
const struct pulse *pulses, size_t pulses_len, struct error **e)
{
if (g_debug_mode)
for (size_t i = 0; i < pulses_len; )
{
printf ("%u,%u", pulses[i].on, pulses[i].off);
putchar (++i == pulses_len ? '\n' : ',');
}
struct str compressed = str_make ();
compress_pulses (pulses, pulses_len, &compressed);
struct str message = str_make ();
str_append_data (&message, c_transmit, sizeof c_transmit);
frequency += 0x7ffff;
str_pack_u8 (&message, mangle (frequency >> 8));
str_pack_u8 (&message, mangle (frequency >> 16));
str_pack_u8 (&message, mangle (frequency));
str_pack_u8 (&message, mangle (compressed.len >> 8));
str_pack_u8 (&message, mangle (compressed.len));
str_append_str (&message, &compressed);
str_free (&compressed);
size_t i = 0;
uint8_t buffer[64];
bool ok = true;
while (i != message.len)
{
size_t chunk = MIN (62, message.len - i);
memcpy (buffer, message.str + i, chunk);
i += chunk;
if (chunk == 62)
{
buffer[chunk] = checksum (buffer, chunk);
chunk++;
}
int result = 0, len = 0;
if ((result = libusb_bulk_transfer (device, g.endpoint_out,
buffer, chunk, &len, 100)))
{
ok = error_set (e, "send: %s", libusb_strerror (result));
break;
}
wait_ms (2);
}
str_free (&message);
return ok;
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
static bool
pulse_is_likely_leader (const struct pulse *p)
{
return p->on >= 2048 && p->off >= 2048;
}
static void
try_to_depulse (const struct str *code)
{
size_t len = 0;
struct pulse *pulses = decode_learned (code, &len, NULL);
if (!pulses)
return;
struct pulse *p = pulses, *end = p + len;
while (p != end && pulse_is_likely_leader (p))
{
p++;
printf ("Attempted pulse decode:\n");
uint8_t bits = 0, nibble = 0;
for (; p != end && !pulse_is_likely_leader (p); p++)
{
nibble = nibble << 1 | (p->off > 2 * p->on);
if (++bits == 4)
{
putchar ("0123456789abcdef"[nibble]);
bits = nibble = 0;
}
}
putchar ('\n');
}
free (pulses);
}
static bool
recv_learn (libusb_device_handle *device, struct str *data, struct error **e)
{
uint8_t buffer[64] = {};
int result = 0, len = 0;
while ((result = libusb_bulk_transfer (device, g.endpoint_in,
buffer, sizeof buffer, &len, 100)))
{
if (result != LIBUSB_ERROR_TIMEOUT)
return error_set (e, "learn/recv: %s", libusb_strerror (result));
print_debug ("learn/recv: %s", libusb_strerror (result));
}
if (len < 6 || memcmp (buffer, c_learn, sizeof c_learn))
return error_set (e, "learn/recv: %s", "unexpected response");
// This field might only make sense for a later device,
// because it doesn't always correspond with how much data we receive.
// Nonetheless, it does match exactly often enough.
size_t size = buffer[4] << 8 | buffer[5];
print_debug ("learn: code size: %zu", size);
str_append_data (data, buffer + 6, len - 6);
dump_hex ((const unsigned char *) data->str, data->len);
while (data->len < size)
{
if (!(result = libusb_bulk_transfer (device, g.endpoint_in,
buffer, sizeof buffer, &len, 100)))
{
dump_hex (buffer, len);
str_append_data (data, buffer, len);
print_debug ("learn: received %d (have %zu of %zu)",
len, data->len, size);
continue;
}
if (result != LIBUSB_ERROR_TIMEOUT)
return error_set (e, "learn/recv: %s", libusb_strerror (result));
// The device seems to queue up its output with pauses.
print_debug ("learn/recv: %s", libusb_strerror (result));
}
// As far as I know, this doesn't do anything,
// and the device doesn't accept it while scanning infrared codes either.
if ((result = libusb_bulk_transfer (device, g.endpoint_out,
c_stop, sizeof c_stop, &len, 100)))
return error_set (e, "learn/send: %s", libusb_strerror (result));
return true;
}
static bool
send_learn (libusb_device_handle *device, struct error **e)
{
int result = 0, len = 0;
if ((result = libusb_bulk_transfer (device, g.endpoint_out,
c_learn, sizeof c_learn, &len, 100)))
return error_set (e, "learn/send: %s", libusb_strerror (result));
printf ("Reading remote control codes.\n");
printf ("Press a remote control button from less than a centimeter.\n");
printf ("The dongle may be unusable until it returns some data.\n");
// ... Resetting the device using libusb_reset_device() doesn't help then.
printf ("If the code fails to replay, retry the capture.\n");
struct str data = str_make ();
bool ok = recv_learn (device, &data, e);
if (ok)
{
printf ("Full command:\n");
dump_hex ((const unsigned char *) data.str, data.len);
try_to_depulse (&data);
}
str_free (&data);
return ok;
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
static bool
send_identify (libusb_device_handle *device, struct error **e)
{
uint8_t buffer[64] = {};
int result = 0, len = 0;
while (!(result = libusb_bulk_transfer (device, g.endpoint_in,
buffer, sizeof buffer, &len, 10)))
/* Flush buffers. */;
if ((result = libusb_bulk_transfer (device, g.endpoint_out,
c_identify, sizeof c_identify, &len, 100)))
return error_set (e, "identify/send: %s", libusb_strerror (result));
if ((result = libusb_bulk_transfer (device, g.endpoint_in,
buffer, sizeof buffer, &len, 100)))
return error_set (e, "identify/recv: %s", libusb_strerror (result));
// XXX: Sometimes, the device doesn't send any identification values.
if (len != 6 || memcmp (buffer, c_identify, sizeof c_identify)
|| buffer[4] != 0x70 || buffer[5] != 0x01)
return error_set (e, "device busy or not supported");
#if 0
// The EKX4S does not respond to this request.
static uint8_t c_serial[] = { -5, -5, -5, -5 };
if ((result = libusb_bulk_transfer (device, g.endpoint_out,
c_serial, sizeof c_serial, &len, 100)))
return error_set (e, "serial/send: %s", libusb_strerror (result));
if ((result = libusb_bulk_transfer (device, g.endpoint_in,
buffer, sizeof buffer, &len, 100)))
return error_set (e, "serial/recv: %s", libusb_strerror (result));
if (len < (int) sizeof c_serial
|| memcmp (buffer, c_serial, sizeof c_serial))
return error_set (e, "serial retrieval failed");
#endif
return true;
}
static bool
run (libusb_device_handle *device, unsigned long frequency, bool nec,
char **codes, size_t codes_len, struct error **e)
{
if (!send_identify (device, e))
return false;
if (!codes_len)
return send_learn (device, e);
struct str code = str_make ();
bool ok = true;
for (size_t i = 0; i < codes_len; i++)
{
if (!read_hex (codes[i], &code))
{
ok = error_set (e, "invalid hex string");
break;
}
size_t pulses_len = 0;
struct pulse *pulses = nec
? encode_nec (&code, &pulses_len, e)
: decode_learned (&code, &pulses_len, e);
ok = pulses && send_transmit (device, frequency, pulses, pulses_len, e);
free (pulses);
if (!ok)
break;
wait_ms (100);
}
str_free (&code);
return ok;
}
// --- Main --------------------------------------------------------------------
int
main (int argc, char *argv[])
{
unsigned long frequency = 38000;
bool nec = false;
static const struct opt opts[] =
{
{ 'd', "debug", NULL, 0, "run in debug mode" },
{ 'f', "frequency", "HZ", 0, "frequency (38000 Hz by default)" },
{ 'n', "nec", NULL, 0, "use the NEC transmission format" },
{ 'h', "help", NULL, 0, "display this help and exit" },
{ 'V', "version", NULL, 0, "output version information and exit" },
{ 0, NULL, NULL, 0, NULL }
};
struct opt_handler oh = opt_handler_make (argc, argv, opts, "[COMMAND...]",
"Transmit or receive infrared commands.");
int c;
while ((c = opt_handler_get (&oh)) != -1)
switch (c)
{
case 'd':
g_debug_mode = true;
break;
case 'f':
if (!xstrtoul (&frequency, optarg, 10) || !frequency)
exit_fatal ("invalid frequency");
break;
case 'n':
nec = true;
break;
case 'h':
opt_handler_usage (&oh, stdout);
exit (EXIT_SUCCESS);
case 'V':
printf (PROGRAM_NAME " " PROGRAM_VERSION "\n");
exit (EXIT_SUCCESS);
default:
print_error ("wrong options");
opt_handler_usage (&oh, stderr);
exit (EXIT_FAILURE);
}
argc -= optind;
argv += optind;
opt_handler_free (&oh);
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#if LIBUSB_API_VERSION >= 0x0100010A
const struct libusb_init_option option =
{
.option = LIBUSB_OPTION_LOG_LEVEL,
.value.ival = LIBUSB_LOG_LEVEL_DEBUG,
};
int result = libusb_init_context (NULL, &option, g_debug_mode);
#else
int result = libusb_init (NULL);
#endif
if (result)
exit_fatal ("libusb: %s", libusb_strerror (result));
libusb_device_handle *device = NULL;
if (!device && !result)
device = find_device (USB_VENDOR_SMTCTL,
USB_PRODUCT_SMTCTL_SMART_EKX4S, &result);
if (!device && !result)
device = find_device (USB_VENDOR_SMTCTL,
USB_PRODUCT_SMTCTL_SMART_EKX5S_T, &result);
if (result)
exit_fatal ("couldn't open device: %s", libusb_strerror (result));
else if (!device)
exit_fatal ("no suitable device found");
struct error *e = NULL;
if (!init_device (device, &e))
exit_fatal ("%s", e->message);
if ((result = libusb_claim_interface (device, USB_INTERFACE)) == 1)
exit_fatal ("couldn't claim interface: %s", libusb_strerror (result));
if (!run (device, frequency, nec, argv, argc, &e))
{
print_error ("%s", e->message);
error_free (e);
}
if ((result = libusb_release_interface (device, USB_INTERFACE)) == 1)
exit_fatal ("couldn't release interface: %s", libusb_strerror (result));
libusb_close (device);
libusb_exit (NULL);
return 0;
}