Android RNDIS gadget Windows免驱修改方案

过程简单粗暴，拿到竞品的设备，然后使用UsbTreeView查看设备的相关描述符。

对比发现接口抽象描述符和接口描述符不一致，直接修改Linux RNDIS gadget 驱动，将驱动中有关的两个描述符结构体都改成预想的配置。

diff --git a/kernel-4.19/drivers/usb/gadget/function/f_rndis.c b/kernel-4.19/drivers/usb/gadget/function/f_rndis.c
index 0d8e4a3..a83a591 100644
--- a/kernel-4.19/drivers/usb/gadget/function/f_rndis.c
+++ b/kernel-4.19/drivers/usb/gadget/function/f_rndis.c
@@ -113,9 +113,12 @@ static struct usb_interface_descriptor rndis_control_intf = {
/* .bInterfaceNumber = DYNAMIC */
/* status endpoint is optional; this could be patched later */
.bNumEndpoints = 1,
- .bInterfaceClass = USB_CLASS_COMM,
- .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
- .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
+ // .bInterfaceClass = USB_CLASS_COMM,
+ // .bInterfaceSubClass = USB_CDC_SUBCLASS_ACM,
+ // .bInterfaceProtocol = USB_CDC_ACM_PROTO_VENDOR,
+ .bInterfaceClass = USB_CLASS_WIRELESS_CONTROLLER,
+ .bInterfaceSubClass = USB_CDC_SUBCLASS_RNDIS,
+ .bInterfaceProtocol = USB_CDC_ACM_PROTO_AT_PCCA101_WAKE,
/* .iInterface = DYNAMIC */
};

@@ -174,9 +177,12 @@ rndis_iad_descriptor = {

.bFirstInterface = 0, /* XXX, hardcoded */
.bInterfaceCount = 2, // control + data
- .bFunctionClass = USB_CLASS_COMM,
- .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET,
- .bFunctionProtocol = USB_CDC_PROTO_NONE,
+ // .bFunctionClass = USB_CLASS_COMM, // 0x02
+ // .bFunctionSubClass = USB_CDC_SUBCLASS_ETHERNET, // 0x06
+ // .bFunctionProtocol = USB_CDC_PROTO_NONE, // 0x00
+ .bFunctionClass = USB_CLASS_WIRELESS_CONTROLLER, // 0xe0
+ .bFunctionSubClass = USB_CDC_SUBCLASS_RNDIS, // 0x01
+ .bFunctionProtocol = USB_CDC_ACM_PROTO_AT_PCCA101_WAKE, // 0x03
/* .iFunction = DYNAMIC */
};

修改完成后的情况

 

 其实这个问题难点并不是在修改描述符上，而是找微软RNDIS驱动资料上。Windows上虽然自带rndis驱动，但是找了半天也没找到对应的inf文件，也就无从知道rndis相关的usb描述符配置需求。只能找竞品对比。