Links
A collection of USB related links.
Another good list: USB Reverse Engineering: Down the rabbit hole.
Essential
"USB 101: An Introduction to Universal Serial Bus 2.0" by Robert Murphy [book]
"USB in a NutShell" by Craig Peacock [articles]
Workshops
Hacking the USB World with FaceDancer [workshop]
Hardware
Rubber Ducky
Rubber Ducky [hardware]
https://github.com/hak5darren/USB-Rubber-Ducky/wiki
Bash Bunny
Bash Bunny [hardware]
https://wiki.bashbunny.com/#!index.md
https://github.com/hak5/bashbunny-payloads
https://github.com/golem445/bunny_payloads
Lan Turtle
LAN Turtle [hardware]
https://www.hak5.org/gear/lan-turtle/docs
ATtiny85 board
AliExpress: ATtiny85 board [hardware]
1$ Rubber Ducky – Hack any PC within seconds MR.Robot style using Attiny85
https://github.com/toxydose/Duckyspark
https://github.com/micronucleus/micronucleus
CJMCU BadUSB
AliExpress: CJMCU BadUSB [hardware]
https://github.com/mharjac/bad_ducky
Cactus WHID
AliExpress: Cactus WHID [hardware]
AliExpress: Cactus Micro Rev2 [hardware]
https://github.com/whid-injector/WHID
https://github.com/exploitagency/ESPloitV2
Teensy
Teensy 3.2 [hardware]
Teensy 2.0 [hardware]
USB Serial, USB Keyboard, USB Mouse, USB Joystick, USB MIDI and USB Flight Sim
Getting started with Teensy [article]
https://github.com/PaulStoffregen/cores
Various tools
https://github.com/ebursztein/malusb
https://github.com/samyk/usbdriveby
https://github.com/ihowson/Teensy-Raw-HID-in-Python
https://github.com/Screetsec/Pateensy
https://github.com/Screetsec/Brutal
https://github.com/samratashok/Kautilya
http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
https://github.com/offensive-security/hid-backdoor-peensy
https://github.com/kbeflo/teensy-payloads
http://kevincuzner.com/2014/12/12/teensy-3-1-bare-metal-writing-a-usb-driver/
Facedancer
Facedancer21 [hardware]
GreatFET One [hardware]
FaceDancer21 (USB Emulator/USB Fuzzer)
2012: "Emulating USB Devices with Python" by Travis Goodspeed [article]
2012: "Emulating USB DFU to Capture Firmware" by Travis Goodspeed [article]
2017: "FaceDancer 2.0" by Dominic Spill [video]
https://github.com/usb-tools/Facedancer
https://github.com/travisgoodspeed/goodfet
https://github.com/nccgroup/umap
https://github.com/nccgroup/umap2
https://github.com/usb-tools/nu-map
USB MitM with two Facedacer21 boards 1, 2
http://wiki.yobi.be/wiki/Raspdancer
https://github.com/dominicgs/BeagleDancer
Raspberry Pi Zero
Raspberry Pi Zero [hardware]
Turning your Raspberry PI Zero into a USB Gadget [article]
Raspberry Pi Zero OTG Mode [article]
https://github.com/mame82/P4wnP1 (writeup)
https://twitter.com/_binkybear/status/919324503020150784
https://github.com/samyk/poisontap
https://github.com/darrylburke/RaspberryPiZero_HID_MultiTool/
https://github.com/theresalu/rspiducky
https://github.com/bkerler/sahara_emulator
BeagleBone Black
BeagleBone Black [hardware]
https://github.com/dominicgs/USBProxy
2014: "USB write blocking with USBProxy" by Dominic Spill [slides]
2016: "USBiquitous: USB intrusion toolkit" by Benoit Camredon [article]
http://beagleboard-usbsniffer.blogspot.de/
https://github.com/dominicgs/BeagleDancer
https://github.com/matlo/bb_usb_sniffer (beagleboard xM)
USB armory
USB Armory [hardware]
2015: "USB Armory as an Offensive Attack Platform" [paper]
2016: "Forging USB armory" by Andrea Barisani [slides] [video]
2016: "Snagging creds from locked machines" by Rob Fuller [article]
2017: ARMORY SANDBOX – BUILDING A USB ANALYZER WITH USB ARMORY by Pedro Vilaca [article]
Android
https://github.com/pelya/android-keyboard-gadget
https://github.com/anbud/DroidDucky
Other
USB Killer [hardware]
Beagle analyzers (1], [2], [3])
OpenVizsla [hardware]
Daisho: SuperSpeed USB 3.0 FPGA platform [hardware]
Tomu: An ARM board that fits inside your USB connector [hardware]
AirDrive Keylogger [hardware]
LambdaConcept USB2 SNIFFER [hardware]
USBNinja: BadUSB embedded into a USB cable [hardware]
Raspberry Pi Zero W USB-A Addon Board [hardware]
PhyWhisperer-USB [hardware]
Maltronics WiFi KeyLogger Internal
Linux USB stack
https://www.kernel.org/doc/Documentation/usb/
What actually happens when you plug in a USB device? [article]
2009: "Linux USB drivers" by Michael Opdenacker [slides]
2009: "USB Device Drivers A Stepping Stone into your Kernel" by Moritz Jodeit and Martin Johns [slides]
Bootstrap Yourself with Linux-USB Stack: Design, Develop, Debug, and Validate Embedded USB [book]
usbmon
https://www.kernel.org/doc/Documentation/usb/usbmon.txt
https://wiki.ubuntu.com/Kernel/Debugging/USB
How to install Wireshak on Linux and capture USB traffic? [stackoverflow]
Gadget subsystem
Kernel USB Gadget Configfs Interface [slides]
Create your own USB gadget with GadgetFS [article]
ConfigFS Gadget - An Introduction [slides]
https://github.com/gadgetd/gadgetd/wiki/Motivation
https://wiki.tizen.org/wiki/USB/Linux_USB_Layers/Configfs_Composite_Gadget/General_configuration
https://www.kernel.org/doc/htmldocs/gadget/
https://www.kernel.org/doc/Documentation/usb/functionfs.txt
https://www.kernel.org/doc/Documentation/usb/ (gadget: testing.txt, configfs.txt, hid.txt, multi.txt, printer.txt, serial.txt)
http://www.linux-usb.org/usbtest/
http://www.linux-usb.org/gadget/ (usb.c + usbstring.c + usbstring.h)
https://sourceforge.net/p/hid-gadgetfs/code/ci/master/tree/
https://github.com/ueno/libusb-gadget
https://github.com/qlyoung/keyboard-gadget
Tools
ViewSB: open-source USB analyzer toolkit with support for a variety of capture hardware [github]
usbrip: Simple CLI forensics tool for tracking USB events on GNU/Linux [github]
usbq: Python-based programming framework for monitoring and modifying USB communications [github]
hidviz: A tool for in-depth analysis of USB HID devices communication [github]
vusb-analyzer: Virtual USB Analyzer [github]
USaBUSe: a project to demonstrate the risks of hardware bypasses of software security [github]
usb-device-fuzzing: Some tools for testing USB devices [github]
usbguard: USBGuard is a software framework for implementing USB device authorization policies
usb-canary: A Linux or OSX tool that uses psutil to monitor devices while your computer is locked [github]
uhubctl: USB hub per-port power control [github]
hub-ctrl.c: Control USB power on a port by port basis on some USB hubs [github]
webcam-tools: Update of the UVC webcam tools [github]
facewhisperer: USB host add-on for the ChipWhisperer side-channel analysis tool [github]
USBDescriptorKitchen: A USB Descriptor creation and maintainance tool [github]
usbwall: Control ldap users access to usb devices [github]
Research
2019: BadUSB in Routers [slides] [github]
2019: "eyeDisk. Hacking the unhackable. Again" [article]
2019: "Coverage-Guided USB Fuzzing with Syzkaller" [slides] [video]
2019: "Simple AV Evasion Symantec and P4wnP1 USB" [article]
2019: "Hacking microcontroller firmware through a USB" [article]
2018: "USB Hub Bug Hunting & Lessons Learned" [article]
2018: "Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems" [article]
2018: "Discovering and Plotting Hidden Networks created with USB Devices"
2018: "Advanced USB key phishing"
2018: "Android: directory traversal over USB via injection in blkid output" [article]
2018: "OPENING BLACK BOX SYSTEMS WITH GREATFET+FD"
2018: "Preventing USB Attacks with linux-hardened" [article]
2018: "Here's a List of 29 Different Types of USB Attacks" by Catalin Cimpanu [article]
2018: Massive scale usb device driver fuzz without device" [slides]
2018: "OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB" [article]
2018: "OH NO, WHERE'S FIDO? - A JOURNEY INTO NOVEL WEB-TECHNOLOGY AND U2F EXPLOITATION" [video]
2018: "Understanding HID report descriptors" [article]
2017: "USBGuard: authorization for USB" by Nur Hussein [article]
2017: "POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection" by James Patrick-Evans, Lorenzo Cavallaro, and Johannes Kinder [slides] [paper]
2017: "Exploiting USB/IP in Linux" by Ignat Korchagin [slides]
2017: "FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution" [paper]
2016: "Understand USB (in Linux)" by Opasiak Krzysztof [slides]
2016: "Preventing USB Attacks with Grsecurity" [article]
2016: "GLITCHING USB FIRMWARE FOR FUN" [article]
2016: "Alternate Mode for USB Type-C: Going beyond USB" [article]
2016: "Making USB Great Again with USBFILTER" [slides] [paper]
2015: "USB Attack to Decrypt Wi Fi Communications" by Jeremy Dorrough [slides] [video]
2015: "Introduction to USB and Fuzzing" by Matt DuHarte [slides] [video]
2015: "Don't Trust Your USB! How to Find Bugs in USB Device Drivers" by Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke [slides] [paper] [video]
2015: "Defending Against Malicious USB Firmware with GoodUSB" [paper]
2015: "USB - An Attack Surface of Emerging Importance" [thesis]
2014: "BadUSB - On Accessories that Turn Evil" by Karsten Nohl and Jakob Lell [slides] [video]
2014: "USB Attacks Need Physical Access Right? Not Any More…" by Andy Davis [slides] [video]
2014: "USB for All!!1" by Jesse Michael and Mickey Shkatov [slides]
2014: "Implementing an USB Host Driver Fuzzer" by Daniel Mende [slides]
2014: "Make your own USB gadget Kernel and userspace" [slides]
2014: BadUSB - On accessories that turn evil [slides] [wiki]
2014: HubCap: pwning the ChromeCast pt. 1 [article]
2013: iSeeYou: Disabling the MacBook Webcam Indicator LED [paper]
2012: "Fuzzing the USB in your devices" by Olle Segerdahl [slides]
2011: "USB Fuzzing for the Masses" [article]
2011: "USB Security Challenges" [article]
2011: "Exploiting USB Devices with Arduino" [article]
2009: "USB Attacks: Fun with Plug and 0wn" by Rafael Dominguez Vega [slides]
2008: USB Made Simple: A Series of Articles on USB [articles]
Unsorted
USB Complete: Everything You Need to Develop USB Peripherals [book]
Attacks via physical access to USB (DMA…?) [stackoverflow]
Can webcams be turned on without the indicator light? [stackoverflow]
Turning off the blue status LED on the logitech C920 usb camera? [stackoverflow]
https://opensource.srlabs.de/projects/badusb
Tech Stuff - USB and Firewire [article]
USB Type-C is Coming: 3 Things You’ve Just Gotta Know [article]
Making Pioneer DDJ-RB USB audio work on Linux [video 1] [video 2]
https://github.com/brandonlw/Psychson
https://github.com/RedBalloonShenanigans/MonitorDarkly
https://github.com/smeso/MTPwn
https://github.com/kkamagui/IRON-HID
https://github.com/basic4/USB-Rubber-Ducky-Clone-using-Arduino-Leonardo-Beetle
https://github.com/jerwuqu/ardoducky
https://github.com/Seytonic/Duckduino-microSD
https://vivibit.net/psychson2307final-en/
https://room362.com/post/2016/snagging-creds-from-locked-machines/
https://www.kitploit.com/2018/04/bad-ducky-rubber-ducky-compatible-clone.html
https://www.youtube.com/watch?v=QLEpwra_9o8
http://www.jodeit.org/research/DeepSec2009_USB_Device_Drivers.pdf
http://processors.wiki.ti.com/index.php/USB_General_Guide_Linux_v3.8
https://www.youtube.com/watch?time_continue=3&v=y_bbX_Ch1Z8
https://greatscottgadgets.com/2019/06-26-making-usb-accessible-teardown-2019/
https://davejingtian.org/2019/07/17/usb-fuzzing-a-usb-perspective/
https://www.chromium.org/chromium-os/twinkie
https://rfc1149.net/blog/2013/03/05/what-is-the-difference-between-devttyusbx-and-devttyacmx/
https://www.cypress.com/file/44851/download
https://en.wikipedia.org/wiki/Juice_jacking
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
https://unnamedre.com/episode/25
https://blog.seekintoo.com/affordable-usb-attack-device-part-1.html
https://carvesystems.com/news/command-injection-with-usb-peripherals/
https://mobile.twitter.com/mame82/status/1221093466463182849?s=19
https://xakep.ru/2020/03/27/practical-badusb/
https://github.com/JohnDMcMaster/usbrply
https://training.ti.com/sites/default/files/docs/USB-M6-USB-in-Device-Mode.pdf
https://github.com/google/ukip
https://github.com/RoganDawes/LOGITacker/blob/USB_host_enum/fingerprint_os.md
https://gist.github.com/abarisani/4595a7c535435038e0571237893c81c4
https://www.collabora.com/news-and-blog/blog/2019/06/24/using-dummy-hcd/
https://blog.benjojo.co.uk/post/userspace-usb-drivers
https://www.youtube.com/c/Seytonic/videos
https://github.com/glitchcore/usbproxy/releases/tag/1
https://github.com/glitchcore/usbproxy
https://lab.ktemkin.com/post/why-is-usb3-harder/
https://github.com/0x123456789/UDEFuzz
https://www.youtube.com/watch?v=N0O5Uwc3C0o
https://www.youtube.com/watch?v=wdgULBpRoXk
https://8051enthusiast.github.io/2020/04/14/001-USB_Firmware.html
https://8051enthusiast.github.io/2020/04/14/002-Sensor_Firmware.html
https://8051enthusiast.github.io/2020/04/14/003-Stream_Video_From_Mouse.html
https://www.crowdsupply.com/great-scott-gadgets/luna
https://www.driverentry.com/node/104
https://staff.aist.go.jp/k.suzaki/DeviceVeil-DSN19-Slide.pdf
https://staff.aist.go.jp/k.suzaki/DeviceVeil-DSN19.pdf
https://www.usenix.org/system/files/hotstorage20_paper_zhong_0.pdf