Understand USB (in Linux)
1y ago
40 Views
1 Downloads
3.47 MB
46 Pages
Report/dmca
Download PDF

Transcription

Understand USB (in Linux)Krzysztof OpasiakSamsung R&D Institute Poland

AgendaWhat USB is about?Plug and PlayHow BadUSB works?May I have my own USB device?Q&A1

What USB is about?

What Internet is about? It is about providing and using some services! Web pages File transfer Remote shell Mail Any other invented by programmer3

How it is done? Usually it's well known client-server architecture4

What USB is about? It is about providing and using some services! Additional storage Printing Ethernet External camera Any other invented by programmer5

How it is done? In a very different way than Internet6

USB Host vs USB DeviceHOSTDEVICE Can be extended May extend USB HOSTusing some devices Has Type-A connectorwith somefunctionalities Has Type-B connector7

How we connect them?8

Logical vs physical topologyPhysicalLogical9

What is USB device? Piece of Hardware forproviding desiredfunctionality Piece of additionalHardware for USBcommunication USB protocolimplementation Some useful protocolimplementation10

Endpoints Device may have up to 31 endpoints(including ep0) Each of them gets an unique Endpoint address Endpoint 0 may transfer data in both directions All other endpoints may transfer data in onedirection:IN Transfer data from device to hostOUT Transfer data from host to device11

Endpoint types Control Bi-directional endpoint Used for enumeration Can be used for application Interrupt Transfers a small amount of low-latency data Reserves bandwidth on the bus Used for time-sensitive data (HID)12

Endpoint types Bulk Used for large data transfers Used for large, time-insensitive data(Network packets, Mass Storage, etc). Does not reserve bandwidth on bus, uses whatevertime is left over Isochronous Transfers a large amount of time-sensitive data Delivery is not guaranteed (no ACKs are sent) Used for Audio and Video streams Late data is as good as no data Better to drop a frame than to delay and force are-transmission13

USB bus USB is a Host-controlled bus Nothing on the bus happens without the host firstinitiating it. Devices cannot initiate any communication. The USB is a Polled Bus. The Host polls each device, requesting data orsending data.14

What is USB host? Piece of hardware with some OS etc. Piece of USB Host side hardware(ehci, ohci, uhci, xhci) Drivers for USB hardware USB protocol implementation Drivers for some useful devices15

Plug and Play

Step by step Plug in device Detect Connection Set address Get device info Choose a devicedriver Choose configuration Choose drivers forinterfaces Use it ;)17

Detect Connection18

Detect ConnectionWhat with high-speed? We try to communicate using highspeed. If successful the device is HS and FS otherwise.18

Set address On plug-in device use default address 0x00 Only one device is enumerated at once Hosts assigns unique address for new device19

Get device info Each USB world entity is described by datastructure called descriptor Descriptors have different types, sizes andcontent But they all have a common headerFieldbLengthbDescriptorType data Size11bLength - 2ValueDescriptionNumberConstantNASize of the Descriptor in BytesDevice Descriptor (0x01)Payload20

Device mConfigurations1IntegerDescription18 bytesDevice Descriptor (0x01)USB Specification Number whichdevice complies too.Class Code (by USB Org)Subclass Code (by USB Org)Protocol Code (by USB Org)Maximum Packet Size for ZeroEndpoint. Valid Sizes are 8, 16,32, 64Vendor ID (by USB Org)Product ID (by Manufacturer)Device Release NumberIndex of Manufacturer String DescriptorIndex of Product String DescriptorIndex of Serial Number String DescriptorNumber of Possible Configurations21

Configuration Attributes1BitmapbMaxPower1mADescriptionSize of Descriptor in BytesConfiguration Descriptor (0x02)Total length in bytes of data returnedNumber of InterfacesValue to use as an argument to select this configurationIndex of String Descriptor describing this configurationD7 Reserved, set to 1.D6 Self PoweredD5 Remote WakeupD4.0 Reserved, set to 0.Maximum Power Consumptionin 2mA units22

Interface ubClassProtocolIndexDescription9 BytesInterface Descriptor (0x04)Number of InterfaceValue used to select alternativesettingNumber of Endpoints used for thisinterfaceClass Code (By USB Org)Subclass Code (By USB Org)Protocol Code (By USB Org)Index of String Descriptor Describing this interface23

USB BothInterfaceBothInterfaceBothUse class information in the Interface DescriptorsAudioCommunications and CDC ControlHID (Human Interface Device)PhysicalImagePrinterMass StorageHubCDC-DataSmart CardContent SecurityVideoPersonal HealthcareAudio/Video DevicesBillboard Device ClassDiagnostic DeviceWireless ControllerMiscellaneousApplication SpecificVendor Specific24

Device Info Summary Host gets info about new devices from suitableUSB descriptors Most important data at this moment: ceSubClassbInterfaceProtocol25

Set Configuration Which configuration is the most suitable? We have enough power for it (bMaxPower?) It has at least one interface If device has only one config just use it Choose the one which first interface is not Vendorspecific All interfaces of choosen configuration becomesenabled so let's use them26

What USB driver really is? Piece of kernel code Usually provides something to userspace(network interface, tty, etc.) Implementation of some communication protocol27

How to choose a suitable driver? struct usb driver vs struct usb device driver When device needs special handling: Using VID and PID and interface id Driver probe()s for each interface in device that matchvid and pid When driver implements some well defined,standardized protocol Using bInterfaceClass, bInterfaceSubClass etc. Driver probe() for each interface which has suitableidentity No matter what is the VID and PID Driver will not match if interface hasn't suitable class28

Big picture29

What's next? We have the driver which provides something touserspace but what's next? It depends on interface type: Network devices - Network manager should handlenew interface setup Pendrives, disks etc - automount service shouldmount new block device Mouse, keyboard - X11 will start listening for inputevents And many many other things are going to be handledAUTOMATICALLY without any user action 30

How BadUSB works?

USB security summary Between plug in and start using there is no user interactionDrivers are probed automaticallyUserspace starts using new device automaticallyDevice introduce itself as it wantsThere is no relation between physical outfit anddescriptors32

My beautiful tablet33

BadUSB attack scenario User connect hacked device Device looks like pendrive, tablet But sends descriptor taken from some keyboard And implements HID protocol Kernel creates new input source and X11 just starts using them34

How dangerous it is? I just downloaded image and changed the background but what else it can do?There is a version of this attack which spoofsDNS on host and redirects them to USB deviceAny command which doesn't require sudo can beexecutedanything!anything!anything!35

How to protect? Don't connect unknown devices found on a street Limit number of input source to X11 Use device authorization Use interface authorization36

Device/interface authorization Each USB device has authorized attribute in sysfs directoryEach HCD has authorized default entry in sysfsIf we set this to false each new device on this buswill be unauthorized by defaultDrivers will not be able to bind to itThis gives us time to use lsusb to check it37

My tablet (once again)38

May I have my own USBdevice?

Yes, you can!NeedSuitable hardwareImplementation of USBprotocolImplementation of someuseful protocolSolutionGet some board with UDCcontroller (BBB, Odroid etc.)Use one from Linux kernel!A lot of protocols are available out of box in Linux kernel!40

How to do this? That's a very good topic for tutorial! If you would like to learn this, feel free to join mytutorial: Wednesday, 14:00 room: Liffey Hall 241

Q&A

Thank you!Krzysztof OpasiakSamsung R&D Institute Poland 48 605 125 174k.opasiak@samsung.com43

References Tame The USB gadgets Talkative Beast, Krzysztof OpasiakMake your own USB gadget,Andrzej PietrasiewiczUSB and the Real World, Alan OttUSB in a NutshellUSB specificationBadUSB attack44

05h Interface Physical 06h Interface Image 07h Interface Printer 08h Interface MassStorage 09h Device Hub 0Ah Interface CDC-Data 0Bh Interface SmartCard 0Dh Interface ContentSecurity 0Eh Interface Video 0Fh Interface PersonalHealthcare 10h Interface Audio/VideoDevices 11h De

Related Books

NI-USB USB Messgeräte von National Instruments Preisliste

NI-USB USB Messgeräte von National Instruments Preisliste

Understanding the LINUX

Understanding the LINUX

NI USB-621x OEM

NI USB-621x OEM

Bus-Powered M Series Multifunction DAQ for USB, Integrated .

Bus-Powered M Series Multifunction DAQ for USB, Integrated .

Popcorn Linux: Cross Kernel Process and Thread Migration .

Popcorn Linux: Cross Kernel Process and Thread Migration .

USB-6216 Specifications - NI

USB-6216 Specifications - NI

The full guide of Best USB flash drive repair software

The full guide of Best USB flash drive repair software

USER GUIDE NI USB-6001/6002/6003

USER GUIDE NI USB-6001/6002/6003

The Essentials of Linux Network Administration

The Essentials of Linux Network Administration

Future Proof Your SysAdmin Career - Linux Foundation

Future Proof Your SysAdmin Career - Linux Foundation

What is this Linux, anyhow?

What is this Linux, anyhow?

Advanced Linux Programming - Esplins

Advanced Linux Programming - Esplins

PopularTags

Recent Views