Re: USB Examiner Package? Special USB Kernel Modules?

To: debian-user@lists.debian.org
Subject: Re: USB Examiner Package? Special USB Kernel Modules?
From: <tomas@tuxteam.de>
Date: Tue, 26 Nov 2019 10:48:51 +0100
Message-id: <[🔎] 20191126094851.GC13643@tuxteam.de>
In-reply-to: <[🔎] CAFZQJ14hpzMBiT5fD2Jp7D+0L1rZE+t8afLO5CyDDZ9=47SimA@mail.gmail.com>
References: <[🔎] CAFZQJ14hpzMBiT5fD2Jp7D+0L1rZE+t8afLO5CyDDZ9=47SimA@mail.gmail.com>

On Mon, Nov 25, 2019 at 10:37:42PM -0500, Kenneth Parker wrote:

[...]

> So, what I want, is a USB Debugging Package, that will  *NOT*  attempt to,
> actually open this device, but will give me information about it.

I think before trying an analysis, you'll have to make up your mind about
what you want "open" to mean. With USB, there are many layers involved[0],
from

 - /physical/ (someone mentioned malicious USB devices frying your
   hardware: here[1]'s an actual example; the trick is to overwhelm
   USB's built-in overvoltage protection), through

 - /device/ (what's this: A keyboard? A network adapter? A serial port?
   A mass storage device? A webcam? All of the above?
   This is something typically handled in Linux by udev: once you plug
   in an USB device, some ttyUSB0 or eth17 or something magically
   "appears". Bugs in the kernel and in the udev scripts could be
   exploited here.

   My setup usually ends here: I manually mount my file systems,
   manually add my USB keyboards, etc -- but that's not everyone's
   cup of tea.

 - /higher layers/ When your operating system/desktop environment/
   whatever machinery tries to mount a file system found on a new
   block device, set up a new keyboard or mouse ("human interface
   device", aka HID) whithin your X/Gnome/KDE/Wayland thingie.
   More kernel bugs (file system code is fiendishly complex) can
   be exploited here. The USB can type things into your desktop.
   Other strange things may happen. For a rough idea, enter
   the keyword "badusb" into hackaday[3].

 - /even higher layers/ The new file system may contain code
   to be automatically executed "For Your Convenience" (TM) --
   think Windows AUTORUN.EXE. I'm not sure "modern" free desktop
   environments haven't come up with an equivalent botch: convenience
   is always horribly tempting. And then there are things like
   trying to show you nice icons for the files in that freshly
   mounted file system: even more bugs to exploit there, from
   generic file-content scanning code to rendering code.

 - /even more higher layers/ It's turtles all the way down!

Enjoy the trip

[0] https://en.wikipedia.org/wiki/USB#System_design
[1] https://techcrunch.com/2015/03/12/this-usb-drive-can-nuke-a-computer/
[3] https://hackaday.com/?s=badusb

-- tomás

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: USB Examiner Package? Special USB Kernel Modules?
  - From: Kenneth Parker <sea7kenp@gmail.com>

References:
- USB Examiner Package? Special USB Kernel Modules?
  - From: Kenneth Parker <sea7kenp@gmail.com>

Prev by Date: Re: how to change wifi setting
Next by Date: Re: USB Examiner Package? Special USB Kernel Modules?
Previous by thread: Re: USB Examiner Package? Special USB Kernel Modules?
Next by thread: Re: USB Examiner Package? Special USB Kernel Modules?
Index(es):
- Date
- Thread