[Discuss] code for hacked USB drive (BadUSB) released on Github

[drew.vanzandt at gmail.com (Drew Van Zandt)]

Rich, I have designed hardware for several USB devices that can, in fact,
work that way.  The USB VID/PID are just registers, they can be rewritten,
and kicking your own reset line is easy in most cases.

I'm not saying "arbitrary USB devices can do this", I'm saying "it is
trivially easy to design a USB device to do this".  And I have, though
there was no need to do this, it was just possible due to inherent
properties of the hardware.  I would wager there are millions of devices
out there that can do this.  Anything with a Microchip PIC USB-capable
microcontroller, likely, and those are cheap.  Many, many embedded
microcontrollers that support USB allow modification of VID/PID by the
firmware.  Hell, you can do it with a soft USB stack.


*Drew Van Zandt*

On Mon, Oct 6, 2014 at 12:33 PM, Richard Pieri <richard.pieri at gmail.com>
wrote:

> On 10/6/2014 11:13 AM, Drew Van Zandt wrote:
> > It is, however, not difficult to have a USB device reset itself and then
> > change its answer when re-initialized.
>
> USB doesn't work that way. Neither does BadUSB. If you flash a BadUSB
> custom firmware to a USB device then that device becomes what you flash
> it to be. If you flash it as an HID payload injector then it is a human
> interface device regardless of what it was when it was assembled at the
> factory.
>
> Rubber Ducky is a different thing entirely. It's actually a full
> computer on a thumb-sized circuit board. As such it runs a software
> stack that can emulate different device classes and present virtual mass
> storage devices to hosts. The same thing that Android devices do.
>
> --
> Rich P.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>