If You Can Write a Webserver, You Can Write a Thumb Drive presented at phdays 2013

by Travis Goodspeed,

Summary : Think back to that moment when you first realized a bit of ASCII and a socket were all that it took to make an HTTP server in your favorite scripting language. Using the open source Facedancer framework, emulators have been written in userland Python for Mass Storage, Human Interface, FTDI, and Device Firmware Update protocols. The sockets work a bit differently, and the protocols aren't ASCII, but the principles and the libraries are no more difficult than HTTP.
Practical examples of this technique include a tool for catching firmware updates by impersonating the DFU protocol and a prototype of a hard disk that actively defends itself against forensics tools and imaging. Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. His recent hacks include the Facedancer project for emulating USB devices, the GoodFET project for exposing embedded buses to host control, and the Packet-in-Packet attack for remotely injecting PHY-layer radio frames without a software bug. In his spare time, he is attempting to add USB Host support to the Elektronika BK.Travis Goodspeed Travis Goodspeed