EEVblog Electronics Community Forum
Electronics => Projects, Designs, and Technical Stuff => Topic started by: sean0118 on June 11, 2017, 02:22:55 pm
-
Hi everyone,
The latest AmpHour episode (http://theamphour.com/346-an-interview-with-joe-fitzpatrick/) got me thinking, what is the best way to monitor the traffic of a USB drive?
I have a whole bunch of potentially malicious USB drives from tradeshows etc. >:D
I guess it's relatively easy to see if there's anything malicious in the storage, but what about the firmware? I would be interested to see what data these USB drives send when first connected, do they install *special drivers*? :-/O
-
There's a device for that "Beagle USB 12 Protocol Analyzer".
If you're afraid of malware you can use the stick from VM.
Also, AFAIK the drivers always come from Microsoft database, the device only sends the PID/VID etc.
So to actually hack your computer autonomously it would have to exploit USB stack implementation in the OS you are using.
-
There's a device for that "Beagle USB 12 Protocol Analyzer".
If you're afraid of malware you can use the stick from VM.
This one?
https://www.adafruit.com/product/708 (https://www.adafruit.com/product/708)
Thanks, it looks good, but I think it's probably over-kill (expensive ;) ) for what I'm trying to do?
The USBProxy (as mentioned in the AmpHour episode ;) ) looks interesting as well, but looks like its in an alpha stage still.
https://github.com/dominicgs/USBProxy (https://github.com/dominicgs/USBProxy)
Anyone know of any software options?
-
There are many. This one for example: https://freeusbanalyzer.com/
-
There are many. This one for example: https://freeusbanalyzer.com/
That looks promising thanks! ;)
-
Wireshark in conjunction with usbpcap does USB as well.