1- it's the basic of the endpoints, i already explain what is for, i'm not going to repeat again the endpoints, most of the USB Driver/exploit it's to use the endpoints http://www.beyondlogic.org/usbnutshell/usb5.shtml#EndpointDescriptors and http://www.makelinux.net/ldd3/chp-13-sect-1 , the spare control don't exist, you are talking about the bulk use a spare un-allocated (after using all allocated point), also if you check correctly you can find the correct size of the data payload on the endpoint description (related to isochronous)
2- I was talking about the debug button trick that can use under a old firmware PS Vita that let you go on a Debug USB/Arm mode, after it's hope to you to exploit the debug also i wonder who doing the blabla in here don't be unrespectful, reminds me a person who talking like you, anyway
3- Yes that is more detail about the source of the SDK PS Vita/CMA but i'm not going to talk about that (it was a detail that a add under my pastebin, it's a clue) the .h you will not find ever on the PS Vita for the rest, connectivity, system, etc.. it's under the PS Vita
4- Actually IOCTL it's the abbreviation of I/O Control, all the info is here but if you can understand better to stop in here and wait (the Python script is not even related, the Python script is one of the way to exploit the PS Vita and make a alternative driver) that help to understand the PS Vita
the IOCTL can be used with the IOKIT framework that is related to the driver/system execution/control, that what the CMA use to transfer/control the PS Vita (back the endpoint mister) that exist also on Windows dev http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
5- Like i said stop in here if you don't know how to use the endpoint or try to learn, i'm not going to explain all that, i can help yes but not explaining a story about the endpoint, if you are a software engineer, i wonder why you don't know that, a application that related to the driver execution need to know where to write to load the USB hardware, maybe you don't make application related to the USB Control
i log is only here to tell you where the information goes and what happen, it's also a help and the base where you need to watch, you need to go under development, i already said to use X-Code/IOKit Framework, OpenOCD, etc...
the communication is between 0x81 and 0x02, 0x83 interrupt the tranmission, use getreport that let you check the control pipe and know and check the raw descriptor-report that let you understand more.
the complete explanation is here and everything that you need for that, if you check the easy way (like the debug trick method) forget about it, i never said it would be easy to use my method that's why i'm working on it for a easy way that let the people just click and run
6-Man page of ioctl, nothing more to say ? mmm actually i show the man control of IOCTL and that you need to launch a terminal under MacOS/Linux/BSD (i'm not talking about windows in here
and for windows it's deviceiocontrol) for the rest is more than useful, it show what CMA control when the PS Vita is connected to the USB port, as you can see CMA work under a kernel mode control
of the Mac OS System
The thread of CMA communication
Code:
-> the beginning -> _ZL16BeginThreadProxyPv (in CMA) + 77 [0xa0bca]
-> thread execution of a command under Mach MsvCommandExecutor::threadProc -> PS Vita(void*) (in CMA) + 17 the point -> [0x1bec7]
-> execute the commande MsvCommandExecutor::run() (in CMA) + 92 the point -> [0x1c50c]
-> waiting the answer MsvCommandExecutor::wait() (in CMA) + 164 the point -> [0x1be42]
-> not answer -> XpManualEvent::Lock(unsigned long) (in CMA) + 87 -> the point [0xa23a1]
-> trying to reconnect again to the PS Vita XpComboSyncObject::waitCondition(unsigned long) (in CMA) + 44 the point -> [0x9ac6683e]
If you can understand this, i can't help more, sorry
7- It's useful because the CMA only work under a monitor mode to control the device, if you want to exploit a USB Hardware, that you need to control the kernel of your own system that to execute what you need without have problem with permission, the mach also virtual memory, the control of the PS Vita it's also here that let the PS Vita think the Application is the right one (signature/encryption)
you don't need anymore internet, you can control the transfer and even more but like i said, you need also and more know the ARM Architecture for understand how to write/read under a external signal
8- I told that the debug trick mode, it was usefull only with a old firmware and by using the libusb windows that i release in the beginning of january, stop insulting and say i'm evasive. if you can't understand, i'm sorry but i'm not going to accept that style of conclusion, i give many many info and i still helping, explaining the last pastbin show you the link to understand the Arm architecture, it give you a lot of information about the debug, the jtag, usb external signal etc...
The CMA it's the base not the conclusion 
IOCTL it's the best part to exploit what you need, that already explaining a lot, please check the Arm pdf and the endpoint/IOCTL recommendation.
Reply With Quote
(my CMA PS Vita crash badly and freeze the system)