This course will cover USB in detail with an emphasis on understanding USB Mass Storage devices (also known as flash drives or thumb drives).By the end of this course students will know how to sniff USB traffic using open source tools, be able to write-block USB mass storage devices using software and microcontroller-based hardware, be able to impersonate other USB devices, and understand how to make forensic duplicates of USB mass storage devices. Along the way students will also learn how to use microcontrollers and Udev rules.
A non-exhaustive list of topics includes:
- USB basics
- USB hardware
- USB versions
- Connection process
- USB classes
- HID
- Mass storage
- Others
- USB endpoints
- Interupt
- Bulk
- Isochronous
- Control
- Descriptors
- Device
- Interface
- Configuration
- Endpoint
- String
- Mass Storage Basics
- Presentation (SCSI hard drive)
- NAND flash limitations
- Communication
- Command Block Wrappers
- Data transport phase
- Command Status Wrappers
- Making forensic images and duplicates
- FTDI Vincullum II microcontroller
- Simple compact duplicator
- Reading sectors
- Main processing loops
- Hardware implementation
- Programming the hardware
- Improving performance
- More user friendly duplicator
- Adding an LCD screen
- USB Write blocking
- Motivation
- Software write blocker
- Hardware write blocker
- Mitigation of BadUSB and similar threats
- USB Impersonation
- Motivation
- High level design
- Timers
- Descriptor request handler
- GPIO (buttons and displays)
- Software
- Hardware
- Buttons
- LEDs
- LCDs
- Leveraging Open Source
- lsusb
- understanding Linux USB busses
- dmesg
- sniffing USB traffic
- usbmon
- WireShark
- Viewing descriptors in WireShark
- Dealing with Windows-only devices
- Using udev rules
