SlideShare a Scribd company logo

MitM on USB -- Introduction of USBProxy --

Kiyotaka Atsumi
Kiyotaka Atsumi

Introduction of USBProxy as a USB Man-in-the-Middle, advantage and disadvantage

Data & Analytics
1 of 24
Download to read offline
MitM on USB Introduction of USBProxy    からぼ(kalab1998{e}) 2014年10月31日 第22回「ネットワークパケットを読む会(仮)」 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 1
Self Introduction ● An engineer of a software company in Aizuwakamatsu (until next Feb., and will not update) ● I'm looking for a next job very hard. ● I will found an independent researcher “KA-LAB” (It's the second choice if no one employ me). ● I have no released open source software. ● I have two projects on github as follows. – USBProxy is forked from dominicgs/USBProxy – kalas is a BLAS on GPGPU for Huge Matrix  2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 2
Is USB a computer network? YES! USB is a computer network 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 3
Is USB a computer network? Hub Hub USB is a tree structure network in physical. Host computer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 4
Is USB a computer network? USB is one by one connections from the host to each device in logical. Host computer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 5
How to communicate on USB? Case: Device to Host 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 6
How to communicate on USB? Case: Host to Device 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 7
Where is the host computer? Now a days, increasing such connections. Are there host computers? ※Vector Graphics has copyright of this navigation icon. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 8
Which devices are the host? hhoosstt host ※Vector Graphics has copyright of this navigation icon. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 9
We have an important problem. How do we investigate vulnerabilities of such devices without any laptop? ● Hack devices such cameras, printers, navigators, smartphones and so on. ⇒It's usually very difficult. ● Electrical tap on the USB cable. ⇒Next slides. ● Develop a USB Man in the Middle device. ⇒Main theme for this presentation. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 10
Electrical tapping on USB http://hackaday.com/2011/03/16/usb-man-in-the-middle-adapter/ 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 11
Electrical tapping on USB It's very easy, but it has some big problems. ● Conflicting signals ● Not enough electric power on signal lines ● Very weak against electrical noises ● Not running on USB2.0 by that specification 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 12
dominicgs/USBProxy ● The device must have two USB ports. – One is for connecting a host. – Another is for connecting a device. ● Software relaying ● Connectable USB2.0 ● Sniffable / Filterable / Injectable ● Very cheap, BeagleBone Black is about $60.0 ● https://github.com/dominicgs/USBProxy 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 13
USBProxy Structure 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 14
How to relay? ● USBProxy makes 6 kinds of threads runninng. – Reader for Input EP, – Reader for output EP, – Writer for Input EP, – Writer for Output EP, – Injection, – Filter 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 15
Connection Reader and Writer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 16
Relay from device to host ● Reader for Input EP always requests data to the Endpoint on the device. ● Reader for Input EP send data to Writer for Input EP when it got data. ● Writer for Input EP sends data to the host. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 17
Relay from host to device ● Reader for Output EP always wait a request and data from the host. ● Reader for Output EP send data to Writer for Output EP when it got data. ● Writer for Output EP sends data to the Endpoint on the device. That's it. Very rough. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 18
Notification! ● USBProxy does not simulate the USB line. ● It just simulates endpoints on only one device. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 19
We have problems yet ● We want to simulate more devices. ● In many cases, it fail to simulate a device. ● It can't handle some complex devices yet. ● Linux lose endpoints on a device sometimes. ● It can't notice reset signal from a device. ● Very slow. – Original speed is 30.7MB/s, – USBProxy relay speed is 1,9MB/s. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 20
Other solutions ● If you want to just snif on USB, you can use USB protocol analizer such the Beagle USB480 Power. ● If you are interesting in deep side, maybe you will fall in darkness. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 21
Beagle USB480 Power ● Easy to use ● Very fast, 29.8MB/s ● Cheap, just $2250.0 ● Another device is enable USB3.0, just $3600.0 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 22
Do you want to fall in darkness? ● Kali Linux NetHunter "Bad USB" MITM Attack ● http://vimeo.com/106065667 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 23
White page 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 24

Recommended

Raspi32
Raspi32Raspi32
Raspi32たけおか しょうぞう
 
raspi + soracom #pakeana33
raspi + soracom #pakeana33raspi + soracom #pakeana33
raspi + soracom #pakeana33@ otsuka752
 
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~Tetsuya Yokoyama
 
お化け
お化けお化け
お化けたけおか しょうぞう
 
Robot Language and a Tail Recursive Interpreter
Robot Language and a Tail Recursive Interpreter Robot Language and a Tail Recursive Interpreter
Robot Language and a Tail Recursive Interpreter たけおか しょうぞう
 
Dataflow140711
Dataflow140711Dataflow140711
Dataflow140711たけおか しょうぞう
 
実践イカパケット解析
実践イカパケット解析実践イカパケット解析
実践イカパケット解析Yuki Mizuno
 
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMocke Tech
 

Recommended

Raspi32
Raspi32Raspi32
Raspi32たけおか しょうぞう
 
raspi + soracom #pakeana33
raspi + soracom #pakeana33raspi + soracom #pakeana33
raspi + soracom #pakeana33@ otsuka752
 
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~
パケット解析にまつわるお話 ~ネットワークモニターとHyper-V~Tetsuya Yokoyama
 
お化け
お化けお化け
お化けたけおか しょうぞう
 
Robot Language and a Tail Recursive Interpreter
Robot Language and a Tail Recursive Interpreter Robot Language and a Tail Recursive Interpreter
Robot Language and a Tail Recursive Interpreter たけおか しょうぞう
 
Dataflow140711
Dataflow140711Dataflow140711
Dataflow140711たけおか しょうぞう
 
実践イカパケット解析
実践イカパケット解析実践イカパケット解析
実践イカパケット解析Yuki Mizuno
 
MitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMitM on USB -- introduction of USBProxy
MitM on USB -- introduction of USBProxyMocke Tech
 
Let's begin io t with $10
Let's begin io t with $10Let's begin io t with $10
Let's begin io t with $10Makoto Takahashi
 
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)ariannaschlegel
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow96Boards
 
Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012Philip Polstra
 
Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 2012Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 201244CON
 
Advanced Video Production with FOSS
Advanced Video Production with FOSSAdvanced Video Production with FOSS
Advanced Video Production with FOSSKirk Kimmel
 
Getting started pi with android
Getting started pi with androidGetting started pi with android
Getting started pi with androidMasafumi Ohta
 
Open-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics EducationOpen-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics EducationBrian Huang
 
digitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdfdigitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdfDuy-Hieu Bui
 
Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009Shigeru Kobayashi
 
small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)ariannaschlegel
 
[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.Hayoung Yoon
 
libreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux DistrolibreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux DistroAll Things Open
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
The RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux usersThe RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux usersMarco Fioretti
 
How blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talkHow blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talktodbotdotcom
 
arduino
arduino arduino
arduinojhcid
 
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...South Tyrol Free Software Conference
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 

More Related Content

Similar to MitM on USB -- Introduction of USBProxy --

Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)ariannaschlegel
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow96Boards
 
Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 2012Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 201244CON
 
Advanced Video Production with FOSS
Advanced Video Production with FOSSAdvanced Video Production with FOSS
Advanced Video Production with FOSSKirk Kimmel
 
Getting started pi with android
Getting started pi with androidGetting started pi with android
Getting started pi with androidMasafumi Ohta
 
Open-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics EducationOpen-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics EducationBrian Huang
 
digitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdfdigitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdfDuy-Hieu Bui
 
Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009Shigeru Kobayashi
 
small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)ariannaschlegel
 
[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.Hayoung Yoon
 
libreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux DistrolibreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux DistroAll Things Open
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
The RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux usersThe RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux usersMarco Fioretti
 
How blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talkHow blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talktodbotdotcom
 
arduino
arduino arduino
arduinojhcid
 
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...South Tyrol Free Software Conference
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 

Similar to MitM on USB -- Introduction of USBProxy -- (20)

Let's begin io t with $10
Let's begin io t with $10Let's begin io t with $10
Let's begin io t with $10
 
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
Small Electronics for Your Makerspace (CLC Trendspotting - September 2014)
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow
 
Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012
 
Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 2012Hacking and Forensics on the Go - 44CON 2012
Hacking and Forensics on the Go - 44CON 2012
 
Advanced Video Production with FOSS
Advanced Video Production with FOSSAdvanced Video Production with FOSS
Advanced Video Production with FOSS
 
Getting started pi with android
Getting started pi with androidGetting started pi with android
Getting started pi with android
 
Open-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics EducationOpen-Source Hardware, Tinkering, and Physics Education
Open-Source Hardware, Tinkering, and Physics Education
 
digitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdfdigitaldesign-s20-lecture3b-fpga-afterlecture.pdf
digitaldesign-s20-lecture3b-fpga-afterlecture.pdf
 
Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009Ubiquitous Content Symposium 2009
Ubiquitous Content Symposium 2009
 
small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)small electronics for your makerspace (clc trendspotting - february 2014)
small electronics for your makerspace (clc trendspotting - february 2014)
 
[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.[Dec./2017] My Personal/Professional Journey after Graduate Univ.
[Dec./2017] My Personal/Professional Journey after Graduate Univ.
 
libreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux DistrolibreCMC : The Libre Embedded GNU/Linux Distro
libreCMC : The Libre Embedded GNU/Linux Distro
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
The RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux usersThe RULE project: efficient computing for all GNU/Linux users
The RULE project: efficient computing for all GNU/Linux users
 
How blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talkHow blink(1) was made – Hackaday 10th anniversary talk
How blink(1) was made – Hackaday 10th anniversary talk
 
arduino
arduino arduino
arduino
 
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
SFScon 21 - Roberto Innocenti - PPC64 Open Hardware Notebook prototype around...
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primer
 
BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about it
 

Recently uploaded

100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 

Recently uploaded (20)

100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 

MitM on USB -- Introduction of USBProxy --

  • 1. MitM on USB Introduction of USBProxy    からぼ(kalab1998{e}) 2014年10月31日 第22回「ネットワークパケットを読む会(仮)」 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 1
  • 2. Self Introduction ● An engineer of a software company in Aizuwakamatsu (until next Feb., and will not update) ● I'm looking for a next job very hard. ● I will found an independent researcher “KA-LAB” (It's the second choice if no one employ me). ● I have no released open source software. ● I have two projects on github as follows. – USBProxy is forked from dominicgs/USBProxy – kalas is a BLAS on GPGPU for Huge Matrix  2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 2
  • 3. Is USB a computer network? YES! USB is a computer network 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 3
  • 4. Is USB a computer network? Hub Hub USB is a tree structure network in physical. Host computer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 4
  • 5. Is USB a computer network? USB is one by one connections from the host to each device in logical. Host computer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 5
  • 6. How to communicate on USB? Case: Device to Host 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 6
  • 7. How to communicate on USB? Case: Host to Device 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 7
  • 8. Where is the host computer? Now a days, increasing such connections. Are there host computers? ※Vector Graphics has copyright of this navigation icon. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 8
  • 9. Which devices are the host? hhoosstt host ※Vector Graphics has copyright of this navigation icon. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 9
  • 10. We have an important problem. How do we investigate vulnerabilities of such devices without any laptop? ● Hack devices such cameras, printers, navigators, smartphones and so on. ⇒It's usually very difficult. ● Electrical tap on the USB cable. ⇒Next slides. ● Develop a USB Man in the Middle device. ⇒Main theme for this presentation. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 10
  • 11. Electrical tapping on USB http://hackaday.com/2011/03/16/usb-man-in-the-middle-adapter/ 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 11
  • 12. Electrical tapping on USB It's very easy, but it has some big problems. ● Conflicting signals ● Not enough electric power on signal lines ● Very weak against electrical noises ● Not running on USB2.0 by that specification 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 12
  • 13. dominicgs/USBProxy ● The device must have two USB ports. – One is for connecting a host. – Another is for connecting a device. ● Software relaying ● Connectable USB2.0 ● Sniffable / Filterable / Injectable ● Very cheap, BeagleBone Black is about $60.0 ● https://github.com/dominicgs/USBProxy 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 13
  • 14. USBProxy Structure 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 14
  • 15. How to relay? ● USBProxy makes 6 kinds of threads runninng. – Reader for Input EP, – Reader for output EP, – Writer for Input EP, – Writer for Output EP, – Injection, – Filter 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 15
  • 16. Connection Reader and Writer 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 16
  • 17. Relay from device to host ● Reader for Input EP always requests data to the Endpoint on the device. ● Reader for Input EP send data to Writer for Input EP when it got data. ● Writer for Input EP sends data to the host. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 17
  • 18. Relay from host to device ● Reader for Output EP always wait a request and data from the host. ● Reader for Output EP send data to Writer for Output EP when it got data. ● Writer for Output EP sends data to the Endpoint on the device. That's it. Very rough. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 18
  • 19. Notification! ● USBProxy does not simulate the USB line. ● It just simulates endpoints on only one device. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 19
  • 20. We have problems yet ● We want to simulate more devices. ● In many cases, it fail to simulate a device. ● It can't handle some complex devices yet. ● Linux lose endpoints on a device sometimes. ● It can't notice reset signal from a device. ● Very slow. – Original speed is 30.7MB/s, – USBProxy relay speed is 1,9MB/s. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 20
  • 21. Other solutions ● If you want to just snif on USB, you can use USB protocol analizer such the Beagle USB480 Power. ● If you are interesting in deep side, maybe you will fall in darkness. 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 21
  • 22. Beagle USB480 Power ● Easy to use ● Very fast, 29.8MB/s ● Cheap, just $2250.0 ● Another device is enable USB3.0, just $3600.0 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 22
  • 23. Do you want to fall in darkness? ● Kali Linux NetHunter "Bad USB" MITM Attack ● http://vimeo.com/106065667 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 23
  • 24. White page 2014/10/31 (c) 2014 kiyotaka@ka-lab.jp 24