From owner-freebsd-usb@FreeBSD.ORG Thu Oct 9 15:04:12 2014 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D68A162F; Thu, 9 Oct 2014 15:04:12 +0000 (UTC) Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 28482A9D; Thu, 9 Oct 2014 15:04:12 +0000 (UTC) Received: by mail-wi0-f179.google.com with SMTP id d1so2081203wiv.12 for ; Thu, 09 Oct 2014 08:04:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZdZRtaHEg3GKx6Kbr4BeSjQ8o7wSuOj9uEzJxPXGHPk=; b=AL9XkzX58dJqGk9lBuuMJWoRJQDvmlSIL90QiA6TykMH1Bd47JVbVUKOjQS2jFiVvp wwQ0qdB+96/EMqD9tah8R9YYzwmrRrUyLDm0FeLDPVZohgS/sE/7tWhhRTc4y30Qjy3x i/yLTA7/5Y8S5nRaOw9gqm+T0oL6G3pEQPLjK4X6RDwXioZTc+HEAhlKxFw+1nxjgX74 Td8bzSBAs1kZYW8Bs2/gY9fch08x49wOgpYpaSOk1YLybX2oKy7VnsFO8Vo4drDmnwrn HR9Du/HXFOLOI+h/Kajb/pyqRzFWH4XNhVLS2GUMK4U4qZWq6iVFyQNGzU2Wg08Rftlq m6yg== MIME-Version: 1.0 X-Received: by 10.194.93.193 with SMTP id cw1mr19295486wjb.50.1412867050443; Thu, 09 Oct 2014 08:04:10 -0700 (PDT) Received: by 10.27.214.7 with HTTP; Thu, 9 Oct 2014 08:04:10 -0700 (PDT) In-Reply-To: <54369F43.9010806@selasky.org> References: <201410082347.s98NkjW3025396@fire.js.berklix.net> <54362AE2.90501@selasky.org> <54369F43.9010806@selasky.org> Date: Thu, 9 Oct 2014 17:04:10 +0200 Message-ID: Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell From: Oliver Pinter To: Hans Petter Selasky Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, "Julian H. Stacey" , Poul-Henning Kamp , freebsd-usb@freebsd.org X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 15:04:12 -0000 On 10/9/14, Hans Petter Selasky wrote: > On 10/09/14 15:59, Oliver Pinter wrote: >> On 10/9/14, Hans Petter Selasky wrote: >>> Hi Julian, >>> >>> On 10/09/14 01:46, Julian H. Stacey wrote: >>>> Hi Hans etc >>>> "Julian H. Stacey" wrote: >>>>> Hans Petter Selasky wrote: >>>>>> Hi, >>>>>> >>>>>> Can you test the following kernel patch and give some feedback: >>>>>> >>>>>> https://svnweb.freebsd.org/changeset/base/272733 >>>> >>>> I'm now on latest current with src & sys/ GENERIC >>>> /usr/src/.ctm_status # src-cur 11645 >>>> >>>> This time I downloaded your files properly >>>> (last time I was severely distracted & made a silly mistake) >>>> >>>>>> After the patch you will get something like: >>>>>> hw.usb.disable_enumeration: 0 >>>>>> dev.uhub.0.disable_enumeration: 0 >>>>>> dev.uhub.1.disable_enumeration: 0 >>>>>> ... >>>> >>>> sysctl -a | grep enumeration >>>> hw.usb.disable_enumeration: 0 >>>> dev.uhub.0.disable_enumeration: 0 >>>> dev.uhub.1.disable_enumeration: 0 >>>> dev.uhub.2.disable_enumeration: 0 >>>> dev.uhub.3.disable_enumeration: 0 >>>> dev.uhub.4.disable_enumeration: 0 >>>> >>>> sysctl -d hw.usb.disable_enumeration >>>> hw.usb.disable_enumeration: Set to disable all USB device >>>> enumeration. >>>> >>>> sysctl -d dev.uhub.4.disable_enumeration >>>> dev.uhub.4.disable_enumeration: Set to disable enumeration on this >>>> USB >>>> HUB. >>>> >>>> usbconfig >>>> ugen0.1: at usbus0, cfg=0 md=HOST spd=HIGH >>>> (480Mbps) >>>> pwr=SAVE (0mA) >>>> ugen1.1: at usbus1, cfg=0 md=HOST spd=HIGH >>>> (480Mbps) >>>> pwr=SAVE (0mA) >>>> ugen0.2: at usbus0, cfg=0 md=HOST >>>> spd=HIGH >>>> (480Mbps) pwr=SAVE (0mA) >>>> ugen1.2: at usbus1, cfg=0 md=HOST >>>> spd=HIGH >>>> (480Mbps) pwr=SAVE (0mA) >>>> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH >>>> (480Mbps) pwr=OFF (500mA) >>>> ugen1.3: at usbus1, >>>> cfg=0 >>>> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) >>>> ugen1.4: at usbus1, cfg=0 md=HOST spd=HIGH >>>> (480Mbps) pwr=SAVE (100mA) >>>> >>> >>>> >>>> Great ! Seems to work. >>>> >>>> (Though I need to read up on how major & minor of ugen relate to >>>> the digit in eg 4.disable_enumeration) >>>> >>>> >>>>>> which is also settable through /boot/loader.conf (tunable) >>>> >>>> Good, >>>> I hope/presume loader.conf gets run before any USB, cos I recall >>>> lecturer Karsten Nohl pointing out one could get BadUSB taking up >>>> residence in USB controller chips inside a PC, ie for a built in >>>> mouse or web cam, so one would need to turn off enumeration earlier >>>> than when first external USB approaches to connect. >>> >>> Yes, if set by the loader.conf, you will only see the RootHUB after >>> boot. >>> >>> To get devices back after enabling enumeration again, you will need to >>> reset the HUBs: >>> >>> usbconfig -d X.1 reset >>> >>> For example. >>> >>> BTW: I've added some exceptions, that existing devices can be detached, >>> suspend/resumed and reset while the enumeration is disabled. >> >> Can we somehow improve this change, to powering down the ports/hubs >> which has the enumeration disabled? >> > > Hi, > > I've added this as an orthogonal feature. Please test and report back: > > hw.usb.disable_enumeration: 0 > hw.usb.disable_port_power: 0 > > dev.uhub.0.disable_enumeration: 0 > dev.uhub.0.disable_port_power: 0 > > https://svnweb.freebsd.org/changeset/base/272822 Cool! Thanks! I will test it shortly. > > Thank you! > > --HPS > >