"OpenVizsla" Open Source USB Protocol Analyzer

UPDATE: \o/ We made the target! Thank you!

But your pledges are still appreciated and needed.

Pledging more will allow us to buy larger quantities of components that will give us more buying power and access further price breaks with the distributors and vendors. Pledge to secure your badge, PCB, kit or finished OpenVizsla unit!

OpenVizsla is a project to design a device that will allow the capture and inspection of USB traffic that will help with the reverse engineering and debugging of proprietary USB devices, and will also be an invaluable tool for developers working with USB and especially those who are using USB in embedded designs. The project is created by bushing and pytey of Team Twiizers and iPhone DevTeam fame.

The name OpenVizsla comes from the Magyar (Hungarian) Vizsla, a multipurpose breed of dog that is skilled in seeking, tracking, pointing, and retrieving, if you are wondering how to pronounce the word "Vizsla" you can hear a clip here and here.

USB has a standard, published interface that is properly described (at great length) but the actual protocols for connected devices are not common and are often proprietary to the individual vendors or manufacturers. USB succeeded at eliminating most strange cables, but requires custom drivers for many types of hardware.

Read more: KickStarter

Posted via email from Jasper-Net

Demystifying USB Selective Suspend

Run-Time Power Management

Before we talk about selective suspend, let’s understand a more generic concept: run-time power management.

One way of conserving power in a system is to send the whole system to a low-power state such as sleep or hibernate. Because this mechanism requires turning off the system, it is only possible when the whole system is not in use. Even when the whole system is in use and is in working state, it is quite likely that certain components of the system are not active. Those components are said to be in an idle state. Run-time power management refers to sending idle components to a lower power state, until they need to be used again. The components can be hardware such as processor, memory, and so on; however in this discussion, we are only interested in run time power management of devices.

Devices and device drivers should aggressively pursue run-time power management of devices because the mechanism can lead to significant power savings. Because a driver stack includes more than one driver, coordination between drivers is required while sending the device to a lower power state and bringing it back to working state. Both Windows Driver Model (WDM) and Kernel-Mode Driver Framework provide mechanisms for this coordination. One driver in the device stack, typically the function driver, is the power policy owner. This power policy owner is responsible for detecting that the device is idle and initiating the process of transitioning the device into a lower power state. The power policy owner is also responsible for bringing the device back to working state, (also referred to as waking up the device) when the user needs to use that device.

Host-Initiated and Device-Initiated Wake-up

How would the power policy owner driver know about the user’s intent to use a device, so that the driver can wake up the device? That depends on the kind of device. Let us say, a storage device that is in a low-power state, and a user needs to transfer a file from or to that device. When the user initiates the transfer process (by using a certain application), the power policy owner gets an I/O request from the application, and knows that it needs to wake up the device. However, if the device is a mouse, the device must send some sort of signal to initiate the wake-up process. The device-initiated power transition is known as remote wake-up feature in the USB world. Because the mouse needs to generate such a resume signal, it cannot completely turn itself off. Typically, the ability of the device to generate the resume signal is programmable. Therefore, before putting the device to sleep, the driver must instruct the device to turn on the remote wake-up feature when the device is suspended. This process is called arming the device for remote wake-up.

Read more: Microsoft Windows USB Core Team Blog

Posted via email from Jasper-Net

Android Usb Port Forwarding

Introduction  

The Android architecture does not allow to start communication from the Android to the host through the USB cable.The opposite is possible, using the Google "Android Debug Bridge" (ADB in short).    

This tool will act as a tunnel between the Android client application and the host server. It is a software implementation of a router doing IP port forwarding.

On the Host part, you have to declare the ports you want to be opened on the Android and the tunnel will transfer communications between the android and the host. The host can be any server on the network or your local host.

Prerequisits   

Enable "Usb debuging" on your Android

Install "Usb Tunnel" on your Android (see donwnload link on top of the article) or from the market :

Read more: Codeproject

Posted via email from Jasper-Net

USB & CD/DVD Blocking: One Way to Keep Data Free of Theft

Introduction

Have you ever thought of blocking access to USB Memory and CD? I will introduce an example of this. Perhaps some of you will not be interested in this, but I think this technique will be useful for more large-scale projects. I referenced a sample in Microsoft Windows DDK. This sample is implemented by file system filter driver. As you know, File System Filter Driver is commonly used in Anti-Virus and it can be used for some other purposes. In this sample, we can not only block access, but log the file path written to USB.

How to Use

This sample consists of 2 sysfiles and a DLL file. In order to test this sample, first execute install.exe in 1_install folder. You can uninstall this by executing uninstall.exe in 3_uninstall folder. 

As seen above, click OK button first and then test the functions.

Using the Code

Here I would explain the file system filter driver. There are two ways of developing file system filter driver. One is to use filter function supported by FLTLIB.DLL in system32 directory. In this case, we can communicate with driver by using FilterConnectCommunicationPort() function and FilterSendMessage() function. Another one is to get file system driver's pointer and attach our driver to it by using IoAttachDeviceToDeviceStack() function.

DriverEntry

DriverEntry() function should be written like below:

NTSTATUS

DriverEntry (

    __in PDRIVER_OBJECT DriverObject,

    __in PUNICODE_STRING RegistryPath

    )

{

    PSECURITY_DESCRIPTOR sd;

    OBJECT_ATTRIBUTES oa;

    UNICODE_STRING uniString;

    NTSTATUS status;

PFLT_VOLUME fltvolume;

HANDLE handle = (PVOID)-1;

PROCESS_DEVICEMAP_INFORMATION ldrives;

ULONG           drive, bit;

STRING ansiString, ansiVolString;

UNICODE_STRING unString, unVolString;

CHAR szDrv[20];

ULONG sizeneeded;

HANDLE hThread;

OBJECT_ATTRIBUTES oaThread;

KIRQL irql;

ULONG i;

    try {

ACDrvData.LogSequenceNumber = 0;

        ACDrvData.MaxRecordsToAllocate = DEFAULT_MAX_RECORDS_TO_ALLOCATE;

        ACDrvData.RecordsAllocated = 0;

        ACDrvData.NameQueryMethod = DEFAULT_NAME_QUERY_METHOD;

        ACDrvData.DriverObject = DriverObject;

        InitializeListHead( &ACDrvData.OutputBufferList );

        KeInitializeSpinLock( &ACDrvData.OutputBufferLock );

#if ACDRV_LONGHORN

        //

        //  Dynamically import FilterMgr APIs for transaction support

        //

        ACDrvData.PFltSetTransactionContext = 

FltGetRoutineAddress( "FltSetTransactionContext" );

        ACDrvData.PFltGetTransactionContext = 

FltGetRoutineAddress( "FltGetTransactionContext" );

        ACDrvData.PFltEnlistInTransaction = 

FltGetRoutineAddress( "FltEnlistInTransaction" );

#endif

SpyReadDriverParameters(RegistryPath);

Read more: Codeproject

Posted via email from Jasper-Net

HIDEasy Lib

Project Description

With HIDEasy Lib, you can easily access to your Human Input Device. It works with Windows XP, Vista and Seven (32 or 64bits).

You can connect and handle your gamepad, joysticks, boxes of buttons/LEDs...

It's developed in VB (.NET 3.5)

Read more: Codeplex

Posted via email from Jasper-Net

USB driver bug exposed as "Linux plug&pwn"

Rafael Dominguez Vega of MRW InfoSecurity has reported a bug in the Caiaq USB driver which could be used to gain control of a Linux system via a USB device.

The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code. Because the driver is included, and automatically loaded, in most Linux distributions, to execute code in kernel mode an attacker would merely have to connect such a device to a Linux system's USB port.

MRW says that it has assembled a suitable USB device for this purpose, boasting in a Tweet of a "Linux plug&pwn". Their derision is not entirely misplaced – buffer overflows arising from the use of strcpy() are something of a 20th century problem. Microsoft, for example, placed the function on its list of banned function calls some years ago, with the result that developers can no longer check in code containing the incriminating function. The fact that this function call was used in a Linux kernel driver and only replaced by the safer, length checking strlcpy() on 14 February 2011 is not a ringing endorsement of its quality.

To exploit this vulnerability, an attacker would nonetheless require physical access to the target system. Despite this limitation, such vulnerabilities are apparently highly sought after. US security company HBGary developed a complete framework for spying on and compromising computers via USB, FireWire and other ports under the codename Task B. The main customer for this was defence contractor General Dynamics, which supplies a range of US military and secret service agencies. Target price: around $400,000.

Read more: The H-Open

Posted via email from Jasper-Net

USB Autorun Attacks Against Linux

Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS — including the addition of features that can allow Autorun attacks. This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things. Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not.

Read more: Slashdot

Posted via email from Jasper-Net

Script to attach a USB device to a virtual machine [VPC]

A couple of people have asked me how to automate attaching a USB device to a Windows Virtual PC virtual machine, so here is a PowerShell script to do just that:

# Connect to Virtual PC
$vpc = new-object -com VirtualPC.Application

# Get VM name
$vmName = Read-host "Specify the name of the virtual machine that you want to use"

# List available USB devices
write-host "The following USB devices are available:"
$vpc.USBDeviceCollection | select -ExpandProperty DeviceString

# Get the USB device name
$usb = Read-host "Enter the name of the USB device that you want to connect to the virtual machine"

Read more: Virtual PC Guy's Blog

Posted via email from Jasper-Net

Boot via USB with an Old BIOS

Dear How-To Geek,
I’m trying to repurpose some old computers by updating them with lightweight Linux distros but the BIOS on most of the machines is ancient and creaky. How ancient? It doesn’t even support booting from a USB device! I have a large flash drive that I’ve turned into a master installation tool for jobs like this but I can’t use it. The computers in question have USB ports; they just aren’t recognized during the boot process. What can I do?

USB Bootin’ in Boise

Dear USB Bootin’,
It’s great you’re working to breathe life into old hardware! You’ve run into one of the limitations of older BIOSes, USB was around but nobody was thinking about booting off of it. Fortunately if you have a computer old enough to have that kind of BIOS it’s likely to also has a floppy drive or a CDROM drive. While you could make a bootable CDROM for your application we understand that you want to keep using the master USB installer you’ve made. In light of that we recommend PLoP Boot Manager. Think of it like a boot manager for your boot manager. Using it you can create a bootable floppy or CDROM that will enable USB booting of your master USB drive. Make a CD and a floppy version and you’ll have everything in your toolkit you need for future computer refurbishing projects. Read up on creating bootable media with PLoP Boot Manager here.

Read more: How-to-geek
Read more: PLoP Boot Manager

Posted via email from .NET Info

How to Generate a Container ID for a USB Device

Hi, I’m Kristina Hotz, a Program Manager on the USB team.  In this post, I’ll explain how you can create a container ID for a USB device by using the same mechanism as Windows 7.

You will find the information useful if you are developing a USB driver stack that replaces the Microsoft-provided USB driver stack or if you are a USB device manufacturer and would like to know how your device is recognized by the Windows 7 version of the operating system.

A container ID is an identification string that is generated by the USB driver stack. The string is unique to a physical device. To view all physical devices connected to your computer, from Start, select Devices and Printers. A physical device can expose one or more functional devices. For a single function device, the icon in Devices and Printers represents the physical device and its functional device. If you have a multi-function device (for example, a printer/scanner/fax machine), you will notice an icon that represents the physical device (for example, the printer/scanner/fax machine appears as a printer). That is because Windows uses container IDs to group all functional devices associated with the physical device.

After a USB device is connected to the computer, the USB driver stack (specifically, the bus driver) starts enumerating device nodes (devnode) for each functional device associated with the physical device. The bus driver then assigns a container ID for each devnode. The container ID is a property of a devnode, and is specified through a globally unique identifier (GUID). That GUID is set as a string property on a devnode.  All devnodes originating from a physical device must have the same container ID.
For an external device’s devnode, the bus driver obtains the container ID by one of the following ways:

·         Reading the Microsoft OS ContainerID descriptor supplied by the device.  For more information, see Using Microsoft OS ContainerID Descriptors.
·         Generating a container ID by hashing certain device information. (See How to Generate a Container ID String)
·         Generating a random GUID for the container ID.
·         Inheriting the container ID of the parent devnode.

Note: Windows uses ACPI to determine whether the physical device is an external device or internal device.  An internal device’s devnode always inherits the container ID of the computer, i.e. its parent devnode.

Read more: Microsoft Windows USB Core Team Blog

Posted via email from .NET Info

Prevent Copying files from USB Drive without Disabling USB port

Today one of my friend called me up and was asking about this issue, but he also said that he want the USB drive to read files but don’t want to write files to it or copy from it for some security purpose.
Suddenly i thought, is it possible to do it? i was little bit confused about it. Then i got some idea and was testing about it. and finally i got it. Using GP edit or Registry edit, one can easily do this task.

If you don’t know how to do it, follow the below steps and you could also keep some tight security for your USB Drive.
To perform this we need to edit some registry entries. To do this registry edition follow the steps below.
1. Click on start and go to Run.
2. Type “regedit”, with our quotes on run command window and click OK. Now the registry editor will be opened. Now follow the following path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies

3. Create a DWORD value called ‘WriteProtect‘ and set it to 1.
4. To disable write protect on USB drives change the DWORD to 0.
It feels great to learn these tricks and teach someone else too.

Read more: Blig Book

Posted via email from .NET Info

Infinitec Infinite USB Memory Drive review

The idea behind Infinitec's Infinite USB Memory Drive is actually quite straightforward, but we've found that when we tell friends and acquaintances about the unit, it often boggles their minds. So, we'll try to keep it real simple: This red plastic stick is a 802.11b/g/n WiFi radio disguised as a USB flash drive. And when we say "disguised", we're not just talking about the stick's size, but its functionality as well -- it lets you wirelessly transfer files direct from from your WiFi-equipped laptop's hard drive to just about anything with a USB port. Stick it into an Xbox 360 or set-top-box, for instance, and it pretends to be your average thumbdrive, but with access to theoretically anything you choose. Sounds like a fantastic idea, but does it really work? Find out after the break in our full review.

Read more: Engadget

Posted via email from .NET Info

OpenVizsla hopes to bring USB sniffing to the everyhacker

Remember that Kinect hack how-to? A key figure in the story was the use of a USB analyzer that was plugged in-between the Kinect and the Xbox to pick up on USB traffic and pull out a log that could be used for hacking. Well, there's a new 'OpenVizsla' project on KickStarter that's aiming to build open source hardware that can put this typically expensive tech ($1,400+) in the hands of more hackers, who use the hardware for anything from jailbreaking locked-down devices to building Linux drivers for hardware. The project was actually started by hackers "bushing" and "pytey," who have worked on hacking the Wii and the iPhone, respectively. They've already raised a good chunk of change for the project in pledges, with backing from folks like Stephen Fry and DVD Jon helping out the momentum, and hopefully we'll be seeing the next generation of hacks enabled by OpenVizsla and its brood before too long.

Read more: Engadget

Read more: OpenVizsla

Posted via email from .NET Info

DIY Kinect Hacking

Introduction!
Everyone has seen the Xbox 360 Kinect hacked in a matter of days after our "open source driver" bounty - here's how we helped the winner and here's how you can reverse engineer USB devices as well!
USB is a very complex protocol, must more complicated than Serial or Parallel, SPI and even I2C. USB uses only two wires but they are not used as 'receive' and 'transmit' like serial. Rather, data is bidirectional and differential - that is the data sent depends on the difference in voltage between the two data lines D+ and D- If you want to do more USB hacking, you'll need to read Jan Axelson's USB Complete books , they're easy to follow and discuss USB in both depth and breadth.
USB is also very structured. This is good for reverse engineering because it means that at least the format of packets is agreed upon and you won't have to deal with check-sums. The bad news is it means you have to have software assistance to decode the complex packet structure. The good news is that every computer now made has a USB host core, that does a lot of the tough work for you, and there are many software libraries to assist.
Today we're going to be reverse engineering the Xbox Kinect Motor, one part of the Kinect device.

Verify the VID & PID
The first place to start is to see what devices and "interfaces" or "configurations" are available for the USB device. The nicest way to do this is to use lsusb (Linux) or system_profiler (Mac) which is a "list usb" program available for Linux and mac. Sadly, it does not exist for windows, so find a mac or linux computer or friend, you'll only need it for a minute!
For linux, run lsusb -vv (ultra verbose) for Mac, run system_profiler SPUSBDataType
Read more: ladyada.net

Posted via email from .NET Info

How to recover from USB errors ?

A USB client driver sends in and out transfers to its device. At times transfers to/from the device fail and the client driver needs to recover from the error condition. Failure may be due to a legitimate error response from the USB device (e.g. transfer failed with status USBD_STATUS_STALL_PID) or it may be unexpected (e.g. transfer failed with status USBD_STATUS_XACT_ERROR).
Various articles do talk about the recovery process, however they are not comprehensive. Thus it can be confusing for a client driver writer. Some examples are:
USB Transfer May Fail Due to Transaction Error
USB Device I/O
URB_HEADER Structure
In this blog series, I will provide clear guidelines on the steps a client driver should take to recover from USB transfer errors. This blog will give you an overview of the recovery process, and the future ones will describe the recovery steps needed by a WDM client driver, a WDF client driver and a WinUSB driver.
The Recovery Process:
When a transfer to/from the device fails, the corresponding pipe transitions into halted state. No further transfers for that pipe are processed until the error condition on the pipe is cleared. A client driver can do the following types of error recovery:
(In case the error is due to device having disconnected, client driver should not invoke the following error recovery)
Reset pipe: clears the error condition on the pipe on which the error occurred
Reset port: resets the USB device thereby bringing it to a clean state
Cycle Port: resets the USB device and in addition performs PNP re-enumeration of the client driver stack
Usually it is a good idea to do a reset pipe first, and if the problem persists do the reset port or cycle port.
Note that some of the operations mentioned below can only be executed at PASSIVE LEVEL, thus your driver may need to queue a work item.
Read more: Microsoft Windows USB Core Team Blog

Posted via email from .NET Info

PS3 Hacked via USB Dongle

   PSX-scene.com reports that the first PS3 modchip has been tested and confirmed working. Working off of a USB dongle, It appears to be relatively user friendly and claims to not void your warranty, and online gameplay works (at least for the time being). It's been a long time coming, cheers to the PS Jailbreak Guys.

Read more:  Slashdot

Posted via email from .NET Info