Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
512 lines (259 sloc) 23.5 KB

Links

A collection of USB related links.

Another good list: USB Reverse Engineering: Down the rabbit hole.

USB Overview

Essential

"USB 101: An Introduction to Universal Serial Bus 2.0" by Robert Murphy [book]

"USB in a NutShell" by Craig Peacock [articles]

2016: "Understand USB (in Linux)" by Opasiak Krzysztof [video] [slides]

Specs

USB: Document Library

Attack surface

2018: "Here's a List of 29 Different Types of USB Attacks" by Catalin Cimpanu [article]

Attacks via physical access to USB (DMA…?) [stackoverflow]

USB Device Classes

Hubs

2017: "USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs" by Yang Su, Daniel Genkin, Damith Ranasinghe and Yuval Yarom [paper]

BadUSB Exposure: Hubs [article]

uhubctl: USB hub per-port power control [github]

hub-ctrl.c: Control USB power on a port by port basis on some USB hubs [github]

Cameras

iSeeYou: Disabling the MacBook Webcam Indicator LED [paper]

Can webcams be turned on without the indicator light? [stackoverflow]

Turning off the blue status LED on the logitech C920 usb camera? [stackoverflow]

webcam-tools: Update of the UVC webcam tools [github]

Linux USB stack

https://www.kernel.org/doc/Documentation/usb/

http://www.linux-usb.org/

What actually happens when you plug in a USB device? [article]

2009: "Linux USB drivers" by Michael Opdenacker [slides]

2009: "USB Device Drivers A Stepping Stone into your Kernel" by Moritz Jodeit and Martin Johns [slides]

USB General Guide Linux v3.8

Linux USB API

Bootstrap Yourself with Linux-USB Stack: Design, Develop, Debug, and Validate Embedded USB [book]

usbmon

https://www.kernel.org/doc/Documentation/usb/usbmon.txt

https://wiki.ubuntu.com/Kernel/Debugging/USB

How to install Wireshak on Linux and capture USB traffic? [stackoverflow]

Gadget subsystem

Kernel USB Gadget Configfs Interface [slides]

Create your own USB gadget with GadgetFS [article]

ConfigFS Gadget - An Introduction [slides]

https://github.com/gadgetd/gadgetd/wiki/Motivation

https://wiki.tizen.org/wiki/USB/Linux_USB_Layers/Configfs_Composite_Gadget/General_configuration

https://www.kernel.org/doc/htmldocs/gadget/

https://www.kernel.org/doc/Documentation/usb/functionfs.txt

https://www.kernel.org/doc/Documentation/usb/ (gadget: testing.txt, configfs.txt, hid.txt, multi.txt, printer.txt, serial.txt)

http://www.linux-usb.org/usbtest/

http://www.linux-usb.org/gadget/ (usb.c + usbstring.c + usbstring.h)

https://sourceforge.net/p/hid-gadgetfs/code/ci/master/tree/

https://github.com/ueno/libusb-gadget

https://github.com/qlyoung/keyboard-gadget

Hardware

Rubber Ducky

Rubber Ducky

https://github.com/hak5darren/USB-Rubber-Ducky/wiki

Bash Bunny

Bash Bunny

https://wiki.bashbunny.com/#!index.md

https://github.com/hak5/bashbunny-payloads

https://github.com/golem445/bunny_payloads

Lan Turtle

LAN Turtle

https://www.hak5.org/gear/lan-turtle/docs

Teensy

Teensy 3.2

Teensy 2.0

USB Serial, USB Keyboard, USB Mouse, USB Joystick, USB MIDI and USB Flight Sim

Getting started with Teensy [article]

https://github.com/PaulStoffregen/cores

Various tools

https://github.com/ebursztein/malusb

https://github.com/samyk/usbdriveby

https://github.com/ihowson/Teensy-Raw-HID-in-Python

https://github.com/Screetsec/Pateensy

https://github.com/Screetsec/Brutal

https://github.com/samratashok/Kautilya

http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle

https://github.com/offensive-security/hid-backdoor-peensy

https://github.com/kbeflo/teensy-payloads

http://kevincuzner.com/2014/12/12/teensy-3-1-bare-metal-writing-a-usb-driver/

ATtiny85 board

AliExpress: ATtiny85 board

1$ Rubber Ducky – Hack any PC within seconds MR.Robot style using Attiny85

https://github.com/toxydose/Duckyspark

https://github.com/micronucleus/micronucleus

CJMCU BadUSB

AliExpress: CJMCU BadUSB

https://github.com/mharjac/bad_ducky

Cactus WHID

AliExpress: Cactus WHID

AliExpress: Cactus Micro Rev2

https://github.com/whid-injector/WHID

Raspberry Pi Zero

Raspberry Pi Zero

Turning your Raspberry PI Zero into a USB Gadget [article]

Raspberry Pi Zero OTG Mode [article]

https://github.com/mame82/P4wnP1 (writeup)

https://twitter.com/_binkybear/status/919324503020150784

https://github.com/samyk/poisontap

https://github.com/darrylburke/RaspberryPiZero_HID_MultiTool/

https://github.com/theresalu/rspiducky

BeagleBone Black

BeagleBone Black

https://github.com/dominicgs/USBProxy

2014: "USB write blocking with USBProxy" by Dominic Spill [slides]

2016: "USBiquitous: USB intrusion toolkit" by Benoit Camredon [article]

http://beagleboard-usbsniffer.blogspot.de/

https://github.com/dominicgs/BeagleDancer

https://github.com/matlo/bb_usb_sniffer (beagleboard xM)

USB armory

USB Armory

2015: "USB Armory as an Offensive Attack Platform" [paper]

2016: "Forging USB armory" by Andrea Barisani [slides] [video]

2016: "Snagging creds from locked machines" by Rob Fuller [article]

2017: ARMORY SANDBOX – BUILDING A USB ANALYZER WITH USB ARMORY by Pedro Vilaca [article]

Android

https://github.com/pelya/android-keyboard-gadget

https://github.com/anbud/DroidDucky

https://github.com/anbud/DroidDucky

Facedancer21

Facedancer21

FaceDancer21 (USB Emulator/USB Fuzzer)

2012: "Emulating USB Devices with Python" by Travis Goodspeed [article]

2012: "Emulating USB DFU to Capture Firmware" by Travis Goodspeed [article]

2017: "FaceDancer 2.0" by Dominic Spill [video]

https://github.com/ktemkin/Facedancer

https://github.com/travisgoodspeed/goodfet

https://github.com/nccgroup/umap

https://github.com/nccgroup/umap2

https://github.com/xairy/facedancer-utils

USB MitM with two Facedacer21 boards 1, 2

http://wiki.yobi.be/wiki/Raspdancer

https://github.com/dominicgs/BeagleDancer

Other

USB Killer [hardware]

Beagle analyzers (1], [2], [3])

OpenVizsla [hardware]

Daisho: SuperSpeed USB 3.0 FPGA platform [hardware]

Tomu: An ARM board that fits inside your USB connector [hardware]

AirDrive Keylogger [hardware]

GreatFET One [hardware]

Unsorted

https://opensource.srlabs.de/projects/badusb

usb-device-fuzzing: Some tools for testing USB devices [github]

usbguard: USBGuard is a software framework for implementing USB device authorization policies

2016: "Preventing USB Attacks with Grsecurity" [article]

2018: "Preventing USB Attacks with linux-hardened" [article]

usb-canary: A Linux or OSX tool that uses psutil to monitor devices while your computer is locked [github]

usbkill: an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer [github]

USaBUSe: a project to demonstrate the risks of hardware bypasses of software security [github]

2017: "USBGuard: authorization for USB" by Nur Hussein [article]

2017: "POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection" by James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder [paper] [slides]

2017: "Exploiting USB/IP in Linux" by Ignat Korchagin [slides]

2015: "USB Attack to Decrypt Wi Fi Communications" by Jeremy Dorrough [slides] [video]

2015: "Introduction to USB and Fuzzing" by Matt DuHarte [video] [slides]

2015: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke [paper] [slides] [video]

2014: "BadUSB - On Accessories that Turn Evil" by Karsten Nohl and Jakob Lell [slides] [video]

2014: "USB Attacks Need Physical Access Right? Not Any More…" by Andy Davis [slides] [video]

2014: "USB for All!!1" by Jesse Michael and Mickey Shkatov [slides]

2012: "Fuzzing the USB in your devices" by Olle Segerdahl [slides]

2009: "USB Attacks: Fun with Plug and 0wn" by Rafael Dominguez Vega [slides]

2014: "Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation" by Rijnard van Tonder and Herman Engelbrecht [paper]

2014: "Implementing an USB Host Driver Fuzzer" by Daniel Mende [slides]

USB Complete: Everything You Need to Develop USB Peripherals [book]

USB Made Simple: A Series of Articles on USB [articles]

2018: "USB Hub Bug Hunting & Lessons Learned" [article]

2018: "Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems" [article]

2011: "USB Fuzzing for the Masses"

2018: "Discovering and Plotting Hidden Networks created with USB Devices"

2018: "Advanced USB key phishing"

2018: "Android: directory traversal over USB via injection in blkid output" [article]

2018: "OPENING BLACK BOX SYSTEMS WITH GREATFET+FD"

2011: "USB Security Challenges" [article]

2018: "ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem" [paper]

2015: "Defending Against Malicious USB Firmware with GoodUSB" [paper]

2016: "Making USB Great Again with USBFILTER" [slides] [paper]

2017: "FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution" [paper]

2018: "OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB" [article]

2014: "Make your own USB gadget Kernel and userspace" [slides]

Tech Stuff - USB and Firewire [article]

USB Type-C is Coming: 3 Things You’ve Just Gotta Know [article]

2016: "Alternate Mode for USB Type-C: Going beyond USB" [article]

USBNinja: BadUSB embedded into a USB cable [hardware]

2018: Massive scale usb device driver fuzz without device" [slides]

2016: "GLITCHING USB FIRMWARE FOR FUN" [article]

facewhisperer: USB host add-on for the ChipWhisperer side-channel analysis tool [github]

2011: "Exploiting USB Devices with Arduino" [article]

2015: "USB - An Attack Surface of Emerging Importance" [thesis]

LambdaConcept USB2 SNIFFER [hardware]

2018: "Understanding HID report descriptors" [article]

USBDescriptorKitchen: A USB Descriptor creation and maintainance tool [github]

2019: "Hacking microcontroller firmware through a USB" [article]

Raspberry Pi Zero W USB-A Addon Board [hardware]

2019: "Simple AV Evasion Symantec and P4wnP1 USB" [article]

usbwall: Control ldap users access to usb devices [github]

Making Pioneer DDJ-RB USB audio work on Linux [video 1] [video 2]

2019: "eyeDisk. Hacking the unhackable. Again" [article]

2019: "Coverage-Guided USB Fuzzing with Syzkaller" [video] [slides]

2018: "OH NO, WHERE'S FIDO? - A JOURNEY INTO NOVEL WEB-TECHNOLOGY AND U2F EXPLOITATION" [video]

https://www.twitch.tv/ktemkin

https://github.com/RedBalloonShenanigans/MonitorDarkly

https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1/

https://github.com/brandonlw/Psychson

https://vivibit.net/psychson2307final-en/

https://room362.com/post/2016/snagging-creds-from-locked-machines/

https://github.com/dbridges/logician

https://github.com/ondrejbudai/hidviz/

https://shop.malduino.com/

https://github.com/scanlime/vusb-analyzer

https://github.com/exploitagency/ESPloitV2

https://www.kitploit.com/2018/04/bad-ducky-rubber-ducky-compatible-clone.html

https://www.youtube.com/watch?v=QLEpwra_9o8

https://github.com/kkamagui/IRON-HID

https://github.com/bkerler/sahara_emulator

https://github.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle

https://github.com/jerwuqu/ardoducky

https://github.com/Seytonic/Duckduino-microSD

http://www.jodeit.org/research/DeepSec2009_USB_Device_Drivers.pdf

http://processors.wiki.ti.com/index.php/USB_General_Guide_Linux_v3.8

https://github.com/usb-tools/ViewSB

https://github.com/tenable/router_badusb

https://www.youtube.com/watch?time_continue=3&v=y_bbX_Ch1Z8

https://greatscottgadgets.com/2019/06-26-making-usb-accessible-teardown-2019/

https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/

https://www.chromium.org/chromium-os/twinkie

https://github.com/snovvcrash/usbrip

https://usbc.tf/

https://www.crowdsupply.com/newae/phywhisperer-usb

https://rfc1149.net/blog/2013/03/05/what-is-the-difference-between-devttyusbx-and-devttyacmx/

https://maltronics.com/products/wifi-keylogger-internal

https://www.cypress.com/file/44851/download

https://usbq.org/

https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Brad-Dixon-Cheating-in-eSports-How-to-cheat-at-virtual-cycling-using-USB-hacks.compressed.pdf

https://atcommands.org/

https://github.com/usb-tools/nu-map

https://en.wikipedia.org/wiki/Juice_jacking

https://github.com/smeso/MTPwn

https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/

https://unnamedre.com/episode/25

https://usbc.tf/

https://mini.usbc.tf/

https://github.com/usb-tools

https://github.com/usb-tools/ViewSB

https://github.com/hacking-usb

https://blog.seekintoo.com/affordable-usb-attack-device-part-1.html

https://carvesystems.com/news/command-injection-with-usb-peripherals/

https://keyvilboard.nl/en/

https://twitter.com/mame82

https://github.com/joelsernamoreno/EvilCrow-Cable

https://mobile.twitter.com/mame82/status/1221093466463182849?s=19

You can’t perform that action at this time.