MitM on USB -- Introduction of USBProxy --
-
Upload
kiyotaka-atsumi -
Category
Data & Analytics
-
view
1.698 -
download
3
Transcript of MitM on USB -- Introduction of USBProxy --
2014/10/31 (c) 2014 [email protected] 1
MitM on USBIntroduction of USBProxy
からぼ(kalab1998{e})
2014年10月31日 第22回「ネットワークパケットを読む会(仮)」
2014/10/31 (c) 2014 [email protected] 2
Self Introduction
● An engineer of a software company in Aizuwakamatsu (until next Feb., and will not update)
● I'm looking for a next job very hard.● I will found an independent researcher “KA-LAB”
(It's the second choice if no one employ me).● I have no released open source software.● I have two projects on github as follows.
– USBProxy is forked from dominicgs/USBProxy
– kalas is a BLAS on GPGPU for Huge Matrix
2014/10/31 (c) 2014 [email protected] 4
Is USB a computer network?
Hub
Hub
USB is a tree structure network in physical.
Hostcomputer
2014/10/31 (c) 2014 [email protected] 5
Is USB a computer network?
USB is one by one connections from the hostto each device in logical.
Hostcomputer
2014/10/31 (c) 2014 [email protected] 8
Where is the host computer?
Now a days, increasing such connections.
Are therehost computers?
※Vector Graphics has copyright of this navigation icon.
2014/10/31 (c) 2014 [email protected] 9
Which devices are the host?
hosthost
host
※Vector Graphics has copyright of this navigation icon.
2014/10/31 (c) 2014 [email protected] 10
We have an important problem.
● Hack devices such cameras, printers, navigators, smartphones and so on.
It's usually very difficult.⇒
● Electrical tap on the USB cable.Next slides.⇒
● Develop a USB Man in the Middle device.Main theme for this presentation.⇒
How do we investigate vulnerabilities of such devices without any laptop?
2014/10/31 (c) 2014 [email protected] 11
Electrical tapping on USB
http://hackaday.com/2011/03/16/usb-man-in-the-middle-adapter/
2014/10/31 (c) 2014 [email protected] 12
Electrical tapping on USB
● Conflicting signals● Not enough electric power on signal lines● Very weak against electrical noises● Not running on USB2.0 by that specification
It's very easy, but it has some big problems.
2014/10/31 (c) 2014 [email protected] 13
dominicgs/USBProxy
● The device must have two USB ports.– One is for connecting a host.
– Another is for connecting a device.
● Software relaying● Connectable USB2.0● Sniffable / Filterable / Injectable● Very cheap, BeagleBone Black is about $60.0● https://github.com/dominicgs/USBProxy
2014/10/31 (c) 2014 [email protected] 14
USBProxy Structure
2014/10/31 (c) 2014 [email protected] 15
How to relay?
● USBProxy makes 6 kinds of threads runninng.
– Reader for Input EP, – Reader for output EP, – Writer for Input EP, – Writer for Output EP, – Injection, – Filter
2014/10/31 (c) 2014 [email protected] 16
Connection Reader and Writer
2014/10/31 (c) 2014 [email protected] 17
Relay from device to host
● Reader for Input EP always requests data to the Endpoint on the device.
● Reader for Input EP send data to Writer for Input EP when it got data.
● Writer for Input EP sends data to the host.
2014/10/31 (c) 2014 [email protected] 18
Relay from host to device
● Reader for Output EP always wait a request and data from the host.
● Reader for Output EP send data to Writer for Output EP when it got data.
● Writer for Output EP sends data to the Endpoint on the device.
That's it. Very rough.
2014/10/31 (c) 2014 [email protected] 19
Notification!
● USBProxy does not simulate the USB line.● It just simulates endpoints on only one device.
2014/10/31 (c) 2014 [email protected] 20
We have problems yet
● We want to simulate more devices.● In many cases, it fail to simulate a device. ● It can't handle some complex devices yet.● Linux lose endpoints on a device sometimes.● It can't notice reset signal from a device.● Very slow.
– Original speed is 30.7MB/s,
– USBProxy relay speed is 1,9MB/s.
2014/10/31 (c) 2014 [email protected] 21
Other solutions
● If you want to just snif on USB, you can use USB protocol analizer such the Beagle USB480 Power.
● If you are interesting in deep side, maybe you will fall in darkness.
2014/10/31 (c) 2014 [email protected] 22
Beagle USB480 Power
● Easy to use● Very fast, 29.8MB/s● Cheap, just $2250.0● Another device is
enable USB3.0,just $3600.0
2014/10/31 (c) 2014 [email protected] 23
Do you want to fall in darkness?
● Kali Linux NetHunter "Bad USB" MITM Attack● http://vimeo.com/106065667
2014/10/31 (c) 2014 [email protected] 24
White page