2019-11-09, 16:30–16:55, Blue Day
USB seems hard -- and it shouldn't. A serious lack of inexpensive tooling has made this relatively simple (and near-omnipresent) protocol seem overwhelming -- to the point where even 'highly-secured' targets ignore USB as a vector for hacking and reverse engineering. In this talk, we discuss our efforts to dispel USB's aura of mystery -- and empower hackers and engineers to observe and interact directly with USB using a set of open-source tools that includes analyzers, fuzzers, and a variety of other USB-poking hardware and software.
The tasks of USB hacking and reverse engineering are often way more challenging than they need to be -- and accordingly, USB doesn't get nearly the attention it merits. USB is often neglected when sizing up systems -- whether when trying to understand a closed-off system, or trying to ensure your USB port doesn't become a vector for embarrassing vulnerabilities.
Earlier this year, we unveiled usb-tools -- an organization to unify open-source USB-hacking solutions -- and introduced ViewSB, our open-source, low-cost USB analysis toolkit. This talk documents our continued efforts to make USB fully accessible for designers, attackers, defenders, and reverse engineers alike. We'll talk about new developments in our tools -- with emphasis on Rhododendron, our ultra-low-cost USB analyzer, and new developments in the technologies that power FaceDancer and Numap, our USB emulation and fuzzing toolkits.
This talk -- as always -- features new live demonstrations, and focuses on introducing the audience to new tools and techniques they can use in their own daily USB lives.