Hacking the USB World with FaceDancer
USB connectivity has become ubiquitous: the sheer variety of usb-connected devices— ranging from computers and game consoles to resource-constrained embedded systems— has resulted in a wide variety of vendor-specific protocols and custom USB software stacks – presenting a unique and omni-present attack surface. The ability to able to fuzz, monitor, MITM, or emulate USB can often be a foot in the door for working with black box systems; whether your goal is to build tools that work with existing hardware and software, find vendor interfaces or vulnerabilities to execute custom code, or to play NSA.
This exercise-driven training covers the basics of USB, and explores the role of USB in attack and defense using open-source hardware and software, including FaceDancer and GreatFET. Over the span of two days, you’ll explore the tools and techniques relevant to modern USB security, learn how to craft and defend from real-world exploits, and explore the depths of the USB security model. Course instructors will share real-world experience developing both USB tools (including FaceDancer and USBProxy) and USB exploits (including the Tegra RCM exploit that completely compromises devices using NVIDIA’s embedded processors, such as the Nintendo Switch).
In this training, we’ll teach you what you need to get into USB hacking– including:
- Fundamentals of USB: how USB hosts and devices communicate, from the physical layer to the basics of enumeration and standard device classes
- Understanding existing USB devices: how you can use open-source software and hardware tools to reverse engineer and understand existing USB devices
- Understanding the USB attack surface: understanding the (lack of a) USB trust model, and understanding how misbehaving hosts and devices can wreak havoc
- Rapid construction of new USB devices: how to use the FaceDancer tool kit to rapidly create new USB devices– including creation of misbehaving USB devices
- Manipulation of existing USB devices: including using USBProxy to man-in-the-middle USB communications to tamper with target hosts and devices
- Using USB skills offensively and defensively: using the skills developed thus far to attack USB hosts and devices, and understanding the challenges of securing USB hardware
- Advanced USB techniques: including discussion and demonstration of real USB attacks developed by the trainers
This training is primarily exercise, and will primarily consist of hands-on, CTF-style exercises interspersed with short lectures. Students will gain experience with open-source hardware and software– including GreatFET, FaceDancer, and USBProxy– and learn how they can apply these tools to their own development, research, and penetration testing work.
Attendees should have basic proficiency in a scripting language, with a casual familiarity with Python preferred. Course exercises will involve simple Python development, but a very basic familiarity with a scripting language should be sufficient.
A laptop with at least three USB ports (or a USB hub).