Links
A collection of USB related links.
Another good list: USB Reverse Engineering: Down the rabbit hole.
USB Overview
Essential
"USB 101: An Introduction to Universal Serial Bus 2.0" by Robert Murphy [book]
"USB in a NutShell" by Craig Peacock [articles]
2016: "Understand USB (in Linux)" by Opasiak Krzysztof [video] [slides]
Specs
Attack surface
2018: "Here's a List of 29 Different Types of USB Attacks" by Catalin Cimpanu [article]
Attacks via physical access to USB (DMA…?) [stackoverflow]
USB Device Classes
Hubs
BadUSB Exposure: Hubs [article]
uhubctl: USB hub per-port power control [github]
hub-ctrl.c: Control USB power on a port by port basis on some USB hubs [github]
Cameras
iSeeYou: Disabling the MacBook Webcam Indicator LED [paper]
Can webcams be turned on without the indicator light? [stackoverflow]
Turning off the blue status LED on the logitech C920 usb camera? [stackoverflow]
webcam-tools: Update of the UVC webcam tools [github]
Linux USB stack
https://www.kernel.org/doc/Documentation/usb/
What actually happens when you plug in a USB device? [article]
2009: "Linux USB drivers" by Michael Opdenacker [slides]
2009: "USB Device Drivers A Stepping Stone into your Kernel" by Moritz Jodeit and Martin Johns [slides]
Bootstrap Yourself with Linux-USB Stack: Design, Develop, Debug, and Validate Embedded USB [book]
usbmon
https://www.kernel.org/doc/Documentation/usb/usbmon.txt
https://wiki.ubuntu.com/Kernel/Debugging/USB
How to install Wireshak on Linux and capture USB traffic? [stackoverflow]
Gadget subsystem
Kernel USB Gadget Configfs Interface [slides]
Create your own USB gadget with GadgetFS [article]
ConfigFS Gadget - An Introduction [slides]
https://github.com/gadgetd/gadgetd/wiki/Motivation
https://wiki.tizen.org/wiki/USB/Linux_USB_Layers/Configfs_Composite_Gadget/General_configuration
https://www.kernel.org/doc/htmldocs/gadget/
https://www.kernel.org/doc/Documentation/usb/functionfs.txt
https://www.kernel.org/doc/Documentation/usb/ (gadget: testing.txt, configfs.txt, hid.txt, multi.txt, printer.txt, serial.txt)
http://www.linux-usb.org/usbtest/
http://www.linux-usb.org/gadget/ (usb.c + usbstring.c + usbstring.h)
https://sourceforge.net/p/hid-gadgetfs/code/ci/master/tree/
https://github.com/ueno/libusb-gadget
https://github.com/qlyoung/keyboard-gadget
Hardware
Rubber Ducky
https://github.com/hak5darren/USB-Rubber-Ducky/wiki
Bash Bunny
https://wiki.bashbunny.com/#!index.md
https://github.com/hak5/bashbunny-payloads
https://github.com/golem445/bunny_payloads
Lan Turtle
https://www.hak5.org/gear/lan-turtle/docs
Teensy
USB Serial, USB Keyboard, USB Mouse, USB Joystick, USB MIDI and USB Flight Sim
Getting started with Teensy [article]
https://github.com/PaulStoffregen/cores
Various tools
https://github.com/ebursztein/malusb
https://github.com/samyk/usbdriveby
https://github.com/ihowson/Teensy-Raw-HID-in-Python
https://github.com/Screetsec/Pateensy
https://github.com/Screetsec/Brutal
https://github.com/samratashok/Kautilya
http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
https://github.com/offensive-security/hid-backdoor-peensy
https://github.com/kbeflo/teensy-payloads
http://kevincuzner.com/2014/12/12/teensy-3-1-bare-metal-writing-a-usb-driver/
ATtiny85 board
1$ Rubber Ducky – Hack any PC within seconds MR.Robot style using Attiny85
https://github.com/toxydose/Duckyspark
https://github.com/micronucleus/micronucleus
CJMCU BadUSB
https://github.com/mharjac/bad_ducky
Cactus WHID
https://github.com/whid-injector/WHID
Raspberry Pi Zero
Turning your Raspberry PI Zero into a USB Gadget [article]
Raspberry Pi Zero OTG Mode [article]
https://github.com/mame82/P4wnP1 (writeup)
https://twitter.com/_binkybear/status/919324503020150784
https://github.com/samyk/poisontap
https://github.com/darrylburke/RaspberryPiZero_HID_MultiTool/
https://github.com/theresalu/rspiducky
BeagleBone Black
https://github.com/dominicgs/USBProxy
2014: "USB write blocking with USBProxy" by Dominic Spill [slides]
2016: "USBiquitous: USB intrusion toolkit" by Benoit Camredon [article]
http://beagleboard-usbsniffer.blogspot.de/
https://github.com/dominicgs/BeagleDancer
https://github.com/matlo/bb_usb_sniffer (beagleboard xM)
USB armory
2015: "USB Armory as an Offensive Attack Platform" [paper]
2016: "Forging USB armory" by Andrea Barisani [slides] [video]
2016: "Snagging creds from locked machines" by Rob Fuller [article]
2017: ARMORY SANDBOX – BUILDING A USB ANALYZER WITH USB ARMORY by Pedro Vilaca [article]
Android
https://github.com/pelya/android-keyboard-gadget
https://github.com/anbud/DroidDucky
https://github.com/anbud/DroidDucky
Facedancer21
FaceDancer21 (USB Emulator/USB Fuzzer)
2012: "Emulating USB Devices with Python" by Travis Goodspeed [article]
2012: "Emulating USB DFU to Capture Firmware" by Travis Goodspeed [article]
2017: "FaceDancer 2.0" by Dominic Spill [video]
https://github.com/ktemkin/Facedancer
https://github.com/travisgoodspeed/goodfet
https://github.com/nccgroup/umap
https://github.com/nccgroup/umap2
https://github.com/xairy/facedancer-utils
USB MitM with two Facedacer21 boards 1, 2
http://wiki.yobi.be/wiki/Raspdancer
https://github.com/dominicgs/BeagleDancer
Other
USB Killer [hardware]
Beagle analyzers (1], [2], [3])
OpenVizsla [hardware]
Daisho: SuperSpeed USB 3.0 FPGA platform [hardware]
Tomu: An ARM board that fits inside your USB connector [hardware]
AirDrive Keylogger [hardware]
GreatFET One [hardware]
Unsorted
https://opensource.srlabs.de/projects/badusb
usb-device-fuzzing: Some tools for testing USB devices [github]
usbguard: USBGuard is a software framework for implementing USB device authorization policies
2016: "Preventing USB Attacks with Grsecurity" [article]
2018: "Preventing USB Attacks with linux-hardened" [article]
usb-canary: A Linux or OSX tool that uses psutil to monitor devices while your computer is locked [github]
USaBUSe: a project to demonstrate the risks of hardware bypasses of software security [github]
2017: "USBGuard: authorization for USB" by Nur Hussein [article]
2017: "POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection" by James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder [paper] [slides]
2017: "Exploiting USB/IP in Linux" by Ignat Korchagin [slides]
2015: "USB Attack to Decrypt Wi Fi Communications" by Jeremy Dorrough [slides] [video]
2015: "Introduction to USB and Fuzzing" by Matt DuHarte [video] [slides]
2015: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke [paper] [slides] [video]
2014: "BadUSB - On Accessories that Turn Evil" by Karsten Nohl and Jakob Lell [slides] [video]
2014: "USB Attacks Need Physical Access Right? Not Any More…" by Andy Davis [slides] [video]
2014: "USB for All!!1" by Jesse Michael and Mickey Shkatov [slides]
2012: "Fuzzing the USB in your devices" by Olle Segerdahl [slides]
2009: "USB Attacks: Fun with Plug and 0wn" by Rafael Dominguez Vega [slides]
2014: "Implementing an USB Host Driver Fuzzer" by Daniel Mende [slides]
USB Complete: Everything You Need to Develop USB Peripherals [book]
USB Made Simple: A Series of Articles on USB [articles]
2018: "USB Hub Bug Hunting & Lessons Learned" [article]
2018: "Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems" [article]
2011: "USB Fuzzing for the Masses"
2018: "Discovering and Plotting Hidden Networks created with USB Devices"
2018: "Advanced USB key phishing"
2018: "Android: directory traversal over USB via injection in blkid output" [article]
2018: "OPENING BLACK BOX SYSTEMS WITH GREATFET+FD"
2011: "USB Security Challenges" [article]
2015: "Defending Against Malicious USB Firmware with GoodUSB" [paper]
2016: "Making USB Great Again with USBFILTER" [slides] [paper]
2017: "FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution" [paper]
2018: "OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB" [article]
2014: "Make your own USB gadget Kernel and userspace" [slides]
Tech Stuff - USB and Firewire [article]
USB Type-C is Coming: 3 Things You’ve Just Gotta Know [article]
2016: "Alternate Mode for USB Type-C: Going beyond USB" [article]
USBNinja: BadUSB embedded into a USB cable [hardware]
2018: Massive scale usb device driver fuzz without device" [slides]
2016: "GLITCHING USB FIRMWARE FOR FUN" [article]
facewhisperer: USB host add-on for the ChipWhisperer side-channel analysis tool [github]
2011: "Exploiting USB Devices with Arduino" [article]
2015: "USB - An Attack Surface of Emerging Importance" [thesis]
LambdaConcept USB2 SNIFFER [hardware]
2018: "Understanding HID report descriptors" [article]
USBDescriptorKitchen: A USB Descriptor creation and maintainance tool [github]
2019: "Hacking microcontroller firmware through a USB" [article]
Raspberry Pi Zero W USB-A Addon Board [hardware]
2019: "Simple AV Evasion Symantec and P4wnP1 USB" [article]
usbwall: Control ldap users access to usb devices [github]
Making Pioneer DDJ-RB USB audio work on Linux [video 1] [video 2]
2019: "eyeDisk. Hacking the unhackable. Again" [article]
2019: "Coverage-Guided USB Fuzzing with Syzkaller" [video] [slides]
2018: "OH NO, WHERE'S FIDO? - A JOURNEY INTO NOVEL WEB-TECHNOLOGY AND U2F EXPLOITATION" [video]
https://github.com/RedBalloonShenanigans/MonitorDarkly
https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1/
https://github.com/brandonlw/Psychson
https://vivibit.net/psychson2307final-en/
https://room362.com/post/2016/snagging-creds-from-locked-machines/
https://github.com/dbridges/logician
https://github.com/ondrejbudai/hidviz/
https://github.com/scanlime/vusb-analyzer
https://github.com/exploitagency/ESPloitV2
https://www.kitploit.com/2018/04/bad-ducky-rubber-ducky-compatible-clone.html
https://www.youtube.com/watch?v=QLEpwra_9o8
https://github.com/kkamagui/IRON-HID
https://github.com/bkerler/sahara_emulator
https://github.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle
https://github.com/jerwuqu/ardoducky
https://github.com/Seytonic/Duckduino-microSD
http://www.jodeit.org/research/DeepSec2009_USB_Device_Drivers.pdf
http://processors.wiki.ti.com/index.php/USB_General_Guide_Linux_v3.8
https://github.com/usb-tools/ViewSB
https://github.com/tenable/router_badusb
https://www.youtube.com/watch?time_continue=3&v=y_bbX_Ch1Z8
https://greatscottgadgets.com/2019/06-26-making-usb-accessible-teardown-2019/
https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/
https://www.chromium.org/chromium-os/twinkie
https://github.com/snovvcrash/usbrip
https://www.crowdsupply.com/newae/phywhisperer-usb
https://rfc1149.net/blog/2013/03/05/what-is-the-difference-between-devttyusbx-and-devttyacmx/
https://maltronics.com/products/wifi-keylogger-internal
https://www.cypress.com/file/44851/download
https://github.com/usb-tools/nu-map
https://en.wikipedia.org/wiki/Juice_jacking
https://github.com/smeso/MTPwn
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://unnamedre.com/episode/25
https://github.com/usb-tools/ViewSB
https://github.com/hacking-usb
https://blog.seekintoo.com/affordable-usb-attack-device-part-1.html
https://carvesystems.com/news/command-injection-with-usb-peripherals/
https://github.com/joelsernamoreno/EvilCrow-Cable
https://mobile.twitter.com/mame82/status/1221093466463182849?s=19