Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
November 28, 2024, 02:34:20 02:34


Login with username, password and session length


Pages: [1]
Print
Author Topic: Christmas project idea: Bad USB defender.  (Read 4629 times)
0 Members and 1 Guest are viewing this topic.
dotm
Active Member
***
Offline Offline

Posts: 180

Thank You
-Given: 81
-Receive: 75


$$$


« on: December 09, 2014, 10:04:51 22:04 »

I ask myself what to do IF there is little spare time during hollydays.
One option: farcry4
another one: doing electronics, for a change.

How hard could that be?
An Adapter that you can Plug your USB stick into, it checks if it is not a HID (thus BAD USB) and if everything is ok it connects it to the computer.
Anyone thought about this?

Yours
m.
Logged
pickit2
Moderator
Hero Member
*****
Offline Offline

Posts: 4667

Thank You
-Given: 834
-Receive: 4322


There is no evidence that I muted SoNsIvRi


« Reply #1 on: December 09, 2014, 10:26:07 22:26 »

It sounds more like software project.
http://msdn.microsoft.com/en-us/library/windows/hardware/dn376877(v=vs.85).aspx
Logged

Note: I stoped Muteing bad members OK I now put thier account in sleep mode
dotm
Active Member
***
Offline Offline

Posts: 180

Thank You
-Given: 81
-Receive: 75


$$$


« Reply #2 on: December 09, 2014, 10:36:31 22:36 »


Yes.
But if I somehow want to definitely make it as hardware (for recreational purpose?), how hard can it be?
Should I use a mcu with integrated host like the ftdi vinculum series? Or should I use a software stack like LUFA?
Logged
Gallymimu
Hero Member
*****
Offline Offline

Posts: 704

Thank You
-Given: 152
-Receive: 214


« Reply #3 on: December 09, 2014, 10:40:18 22:40 »

This would be a bit of work because the adapter would have to act as a host, identify the device, and then disconnect and pass the device through.

What would be the purpose of limiting to HID drivers??

The other issue is that I think you would need a database of ALL device PIDs.  Otherwise how would you know what driver a device needs?  The way windows knows is it scans through a list of PIDs it has for devices and if one matches a driver, it installs that driver.
Logged
dotm
Active Member
***
Offline Offline

Posts: 180

Thank You
-Given: 81
-Receive: 75


$$$


« Reply #4 on: December 09, 2014, 10:44:19 22:44 »

What would be the purpose of limiting to HID drivers??

As far as I read, bad usb will reprogramm the memory controller to act as a HID besides its memory controller functions.
The security risk then comes from hidden keyboard inputs. So the goal would be to limit the stick to storage devices.
My naive idea is to check if there is one and JUST ONE device connected to the host and if this device is a storage device, eveything should be fine.
Logged
Gallymimu
Hero Member
*****
Offline Offline

Posts: 704

Thank You
-Given: 152
-Receive: 214


« Reply #5 on: December 09, 2014, 10:54:57 22:54 »

hmmm,

interesting.  You would have to get a processor that could be a full host or possibly OTG would work.
Logged
dotm
Active Member
***
Offline Offline

Posts: 180

Thank You
-Given: 81
-Receive: 75


$$$


« Reply #6 on: December 09, 2014, 11:05:59 23:05 »

You would have to get a processor that could be a full host

like this ?
http://www.farnell.com/datasheets/64691.pdf
(ftdi site is down atm)
Would be limiting valid devices to class 08h (storage) sufficient?
Logged
CocaCola
Senior Member
****
Offline Offline

Posts: 482

Thank You
-Given: 169
-Receive: 232



« Reply #7 on: December 09, 2014, 11:10:49 23:10 »

At the end of the day nothing is going to be fool proof, on Windows follow the steps in this link and disable installation of USB keyboards and that will solve most of the 'BADUSB' thumb drive exploits...

https://heimdalsecurity.com/blog/badusb-exploit-vulnerability-fix/
Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright © 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC