BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell

Julian H. Stacey jhs at berklix.com
Thu Oct 9 14:07:17 UTC 2014 

Hi, Reference:
> From:		Oliver Pinter <oliver.pntr at gmail.com>
> Date:		Thu, 9 Oct 2014 15:59:28 +0200

Oliver Pinter wrote:
> On 10/9/14, Hans Petter Selasky <hps at selasky.org> wrote:
> > Hi Julian,
> >
> > On 10/09/14 01:46, Julian H. Stacey wrote:
> >> Hi Hans etc
> >> "Julian H. Stacey" wrote:
> >>> Hans Petter Selasky wrote:
> >>>> Hi,
> >>>>
> >>>> Can you test the following kernel patch and give some feedback:
> >>>>
> >>>> https://svnweb.freebsd.org/changeset/base/272733
> >>
> >> I'm now on latest current with src & sys/ GENERIC
> >> /usr/src/.ctm_status	# src-cur 11645
> >>
> >> This time I downloaded your files properly
> >> (last time I was severely distracted & made a silly mistake)
> >>
> >>>> After the patch you will get something like:
> >>>> hw.usb.disable_enumeration: 0
> >>>> dev.uhub.0.disable_enumeration: 0
> >>>> dev.uhub.1.disable_enumeration: 0
> >>>> ...
> >>
> >> sysctl -a | grep  enumeration
> >>    hw.usb.disable_enumeration: 0
> >>    dev.uhub.0.disable_enumeration: 0
> >>    dev.uhub.1.disable_enumeration: 0
> >>    dev.uhub.2.disable_enumeration: 0
> >>    dev.uhub.3.disable_enumeration: 0
> >>    dev.uhub.4.disable_enumeration: 0
> >>
> >> sysctl -d hw.usb.disable_enumeration
> >>    hw.usb.disable_enumeration: Set to disable all USB device enumeration.
> >>
> >> sysctl -d dev.uhub.4.disable_enumeration
> >>    dev.uhub.4.disable_enumeration: Set to disable enumeration on this USB
> >> HUB.
> >>
> >> usbconfig
> >> ugen0.1: <EHCI root HUB Intel> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps)
> >> pwr=SAVE (0mA)
> >> ugen1.1: <EHCI root HUB Intel> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps)
> >> pwr=SAVE (0mA)
> >> ugen0.2: <product 0x0020 vendor 0x8087> at usbus0, cfg=0 md=HOST spd=HIGH
> >> (480Mbps) pwr=SAVE (0mA)
> >> ugen1.2: <product 0x0020 vendor 0x8087> at usbus1, cfg=0 md=HOST spd=HIGH
> >> (480Mbps) pwr=SAVE (0mA)
> >> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH
> >> (480Mbps) pwr=OFF (500mA)
> >> ugen1.3: <Semi Tech PS2 Keyboard - PS2 Mouse Semi Tech> at usbus1, cfg=0
> >> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA)
> >> ugen1.4: <USB2.0 Hub vendor 0x05e3> at usbus1, cfg=0 md=HOST spd=HIGH
> >> (480Mbps) pwr=SAVE (100mA)
> >>
> >
> >>
> >> Great ! Seems to work.
> >>
> >> (Though I need to read up on how major & minor of ugen relate to
> >> the digit in eg 4.disable_enumeration)
> >>
> >>
> >>>> which is also settable through /boot/loader.conf (tunable)
> >>
> >> Good,
> >> I hope/presume loader.conf gets run before any USB, cos I recall
> >> lecturer Karsten Nohl pointing out one could get BadUSB taking up
> >> residence in USB controller chips inside a PC, ie for a built in
> >> mouse or web cam, so one would need to turn off enumeration earlier
> >> than when first external USB approaches to connect.
> >
> > Yes, if set by the loader.conf, you will only see the RootHUB after boot.
> >
> > To get devices back after enabling enumeration again, you will need to
> > reset the HUBs:
> >
> > usbconfig -d X.1 reset
> >
> > For example.
> >
> > BTW: I've added some exceptions, that existing devices can be detached,
> > suspend/resumed and reset while the enumeration is disabled.
> 
> Can we somehow improve this change, to powering down the ports/hubs
> which has the enumeration disabled?

It's usefull to have the port remain powered up for when someone says

"Can I charge my smart phone on your PC/ laptop ?"

Cheers,
Julian
-- 
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Indent previous with "> ".  Interleave reply paragraphs like a play script.
 Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.

More information about the freebsd-usb mailing list