BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell
Oliver Pinter
oliver.pntr at gmail.com
Thu Oct 9 15:04:12 UTC 2014
On 10/9/14, Hans Petter Selasky <hps at selasky.org> wrote:
> On 10/09/14 15:59, Oliver Pinter wrote:
>> On 10/9/14, Hans Petter Selasky <hps at selasky.org> wrote:
>>> Hi Julian,
>>>
>>> On 10/09/14 01:46, Julian H. Stacey wrote:
>>>> Hi Hans etc
>>>> "Julian H. Stacey" wrote:
>>>>> Hans Petter Selasky wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Can you test the following kernel patch and give some feedback:
>>>>>>
>>>>>> https://svnweb.freebsd.org/changeset/base/272733
>>>>
>>>> I'm now on latest current with src & sys/ GENERIC
>>>> /usr/src/.ctm_status # src-cur 11645
>>>>
>>>> This time I downloaded your files properly
>>>> (last time I was severely distracted & made a silly mistake)
>>>>
>>>>>> After the patch you will get something like:
>>>>>> hw.usb.disable_enumeration: 0
>>>>>> dev.uhub.0.disable_enumeration: 0
>>>>>> dev.uhub.1.disable_enumeration: 0
>>>>>> ...
>>>>
>>>> sysctl -a | grep enumeration
>>>> hw.usb.disable_enumeration: 0
>>>> dev.uhub.0.disable_enumeration: 0
>>>> dev.uhub.1.disable_enumeration: 0
>>>> dev.uhub.2.disable_enumeration: 0
>>>> dev.uhub.3.disable_enumeration: 0
>>>> dev.uhub.4.disable_enumeration: 0
>>>>
>>>> sysctl -d hw.usb.disable_enumeration
>>>> hw.usb.disable_enumeration: Set to disable all USB device
>>>> enumeration.
>>>>
>>>> sysctl -d dev.uhub.4.disable_enumeration
>>>> dev.uhub.4.disable_enumeration: Set to disable enumeration on this
>>>> USB
>>>> HUB.
>>>>
>>>> usbconfig
>>>> ugen0.1: <EHCI root HUB Intel> at usbus0, cfg=0 md=HOST spd=HIGH
>>>> (480Mbps)
>>>> pwr=SAVE (0mA)
>>>> ugen1.1: <EHCI root HUB Intel> at usbus1, cfg=0 md=HOST spd=HIGH
>>>> (480Mbps)
>>>> pwr=SAVE (0mA)
>>>> ugen0.2: <product 0x0020 vendor 0x8087> at usbus0, cfg=0 md=HOST
>>>> spd=HIGH
>>>> (480Mbps) pwr=SAVE (0mA)
>>>> ugen1.2: <product 0x0020 vendor 0x8087> at usbus1, cfg=0 md=HOST
>>>> spd=HIGH
>>>> (480Mbps) pwr=SAVE (0mA)
>>>> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH
>>>> (480Mbps) pwr=OFF (500mA)
>>>> ugen1.3: <Semi Tech PS2 Keyboard - PS2 Mouse Semi Tech> at usbus1,
>>>> cfg=0
>>>> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA)
>>>> ugen1.4: <USB2.0 Hub vendor 0x05e3> at usbus1, cfg=0 md=HOST spd=HIGH
>>>> (480Mbps) pwr=SAVE (100mA)
>>>>
>>>
>>>>
>>>> Great ! Seems to work.
>>>>
>>>> (Though I need to read up on how major & minor of ugen relate to
>>>> the digit in eg 4.disable_enumeration)
>>>>
>>>>
>>>>>> which is also settable through /boot/loader.conf (tunable)
>>>>
>>>> Good,
>>>> I hope/presume loader.conf gets run before any USB, cos I recall
>>>> lecturer Karsten Nohl pointing out one could get BadUSB taking up
>>>> residence in USB controller chips inside a PC, ie for a built in
>>>> mouse or web cam, so one would need to turn off enumeration earlier
>>>> than when first external USB approaches to connect.
>>>
>>> Yes, if set by the loader.conf, you will only see the RootHUB after
>>> boot.
>>>
>>> To get devices back after enabling enumeration again, you will need to
>>> reset the HUBs:
>>>
>>> usbconfig -d X.1 reset
>>>
>>> For example.
>>>
>>> BTW: I've added some exceptions, that existing devices can be detached,
>>> suspend/resumed and reset while the enumeration is disabled.
>>
>> Can we somehow improve this change, to powering down the ports/hubs
>> which has the enumeration disabled?
>>
>
> Hi,
>
> I've added this as an orthogonal feature. Please test and report back:
>
> hw.usb.disable_enumeration: 0
> hw.usb.disable_port_power: 0
>
> dev.uhub.0.disable_enumeration: 0
> dev.uhub.0.disable_port_power: 0
>
> https://svnweb.freebsd.org/changeset/base/272822
Cool! Thanks! I will test it shortly.
>
> Thank you!
>
> --HPS
>
>
More information about the freebsd-usb
mailing list