- Implemented adding and removal of a filter. It works via the monitor or command line. And it does indeed seem to work:
Sorry for that video being so poorly embedded in this wordpress instance. You might want to try to download the video directly.So yeah, we can potentially filter USB packets by now, which allows us in-place fuzzing. But that’s cumbersome because we need to have a device attached to the host. So the goal must be to be able to do USB communication without a device being attached to the host but with a program that emulates the USB device in question.
- Of course I had problems to build Istanbul, the software I created the screencast with. Other stuff, including my IDE 🙁 just crashes, too…
- I used qemu to pass a usb device through to the guest. Hence the Linux on the host detached the device. I desperately tried make Linux reattach the device. I tried to use
ioctl()
withUSBDEVFS_CLAIMINTERFACE
but it didn’t really work. After spending many hours, I just unplugged and replugged the pendrive…
My code is pretty muchint interface = atoi(argv[1]); fd = open("/dev/bus/usb/002/006", O_RDWR); result = ioctl(fd, USBDEVFS_RELEASEINTERFACE, &interface); //result = ioctl(fd, USBDEVFS_CLAIMINTERFACE, &interface); printf("Result: %d, errno: %d %s\n", result, errno, strerror(errno));
and fails with Invalid Argument for RELEASE or for CLAIM with
-EINVAL
(Invalid Argument) or-ENOENT
(No such file or directory). I have no idea what I am doing wrong. So if you do, please tell me 😛
Oh, and these ioctls are not exported to Python I think. At least I couldn’t find the correct ioctl number forUSBDEVFS_CLAIMINTERFACE
without progamming a tiny C program to print it out for me. - Trying to test anything with QEmu is a pain though: It takes ages to boot anything with QEmu without KVM 🙁 It takes literally a whole night to boot into an Ubuntu installation CD.
- trying to work with a minimal operating system created by the following command on my Ubuntu box:
sudo ubuntu-vm-builder kvm lucid --addpkg openssh-server --addpkg screen --addpkg acpid --addpkg htop --addpkg cheese --flavour generic
- For the record: I build my QEmu with the following command
./configure --prefix=/opt/muelli/qemu/ --disable-strip --extra-cflags="-O0 -DDEBUG" --disable-docs --enable-io-thread --enable-attr --enable-kvm --disable-xen --target-list="i386-softmmu x86_64-softmmu" --enable-curses && make && make install