[Poodle]

Hello

Here's some info on the switch message sent over the BULK OUT endpoint of an Option Icon. This info may be true for other devices.

The format of the switch message is in fact a CBW structure as defined in the USB Mass Storage device class specification. It always is 31 bytes in length and formatted like this:

+00h: 55 53 42 43 : CBW signature
+04h: 70 6e de 86 : Tag; value is not important
+08h: 00 00 00 00 : Data transfer length
+0Ch: 00 : Flags
+0Dh: 00 : Bit 0..3 : Logical Unit Number; bit 4..7 : Reserved
+0Eh: 06 : Length of the SCSI command
+0Fh: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : SCSI command

The CBW sends a REZERO UNIT SCSI command to the mass storage device. This is a 6-byte command: 01h 00h 00h 00h 00h 00h.

The device will not return a CSW over the BULK IN endpoint. It simply disconnects, and then reconnects with the USB IDs for 3G modem.

[Josh]

+04h: 70 6e de 86 : Tag; value is not important

I tried a random tag sequence with my Icon. It really did not matter.
Of course, this might be a point to insert an undocumented "key". But then again chances are against that if standard mass storage controllers are used, right?

The CBW sends a REZERO UNIT SCSI command to the mass storage device. This is a 6-byte command: 01h 00h 00h 00h 00h 00h.

I just had a look at the USB mass storage command specs. I know I should have done that earlier but you know how it is if something works reliably.
So the device developers chose this REZERO UNIT command because it's accepted for compatibility reason but usually doesn't really do something in flash storage devices. Clever.
The common storage drivers (Linux, Windows) assumably never send this command.

The ZTE MF620 is obviously using the TEST UNIT READY command (0x00) for switching. I suspect this command might occasionally be used by drivers, but I'm really no USB expert (though I learned a lot recently ...).

One more thing:
one user reported this as a working command string for the "GT MAX 7.2 ready":

Code: Select all

5553424308e0f8840800000080000a4a010000000000000800000000000000

I can't find the command 0x4a in the specs. Do you know that?
Besides, for annother user this string did not work. He returned to 0x01 ...

[Poodle]

+04h: 70 6e de 86 : Tag; value is not important

I tried a random tag sequence with my Icon. It really did not matter.
Of course, this might be a point to insert an undocumented "key". But then again chances are against that if standard mass storage controllers are used, right?

Very unlikely. After plug-in, the device operates as a true USB mass storage device.

The CBW sends a REZERO UNIT SCSI command to the mass storage device. This is a 6-byte command: 01h 00h 00h 00h 00h 00h.

I just had a look at the USB mass storage command specs. I know I should have done that earlier but you know how it is if something works reliably.
So the device developers chose this REZERO UNIT command because it's accepted for compatibility reason but usually doesn't really do something in flash storage devices. Clever.
The common storage drivers (Linux, Windows) assumably never send this command.

Those people do not look at non-commerical OSes But it works in Linux apparently.

The ZTE MF620 is obviously using the TEST UNIT READY command (0x00) for switching. I suspect this command might occasionally be used by drivers, but I'm really no USB expert (though I learned a lot recently ...).

The Windows USB mass storage drivers sends TEST UNIT READY very early. I assume ZTE didn't bother choosing an appropriate opcode and just depends on the OS behavior.

One more thing:
one user reported this as a working command string for the "GT MAX 7.2 ready":

Code: Select all

5553424308e0f8840800000080000a4a010000000000000800000000000000

I can't find the command 0x4a in the specs. Do you know that?
Besides, for annother user this string did not work. He returned to 0x01 ...

Don't count on it.

In fact, I believe one and the same mode switch command should switch all Option devices afaik. Doing so may simplify your code.

For the record: 4Ah = GET EVENT STATUS NOTIFICATION -> http://www.t10.org/lists/op-num.htm
The WinDDK says the same: scsi.h: #define SCSIOP_GET_EVENT_STATUS 0x4A