From owner-freebsd-security@FreeBSD.ORG Thu Oct 9 13:59:32 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 38352ABF; Thu, 9 Oct 2014 13:59:32 +0000 (UTC) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A195A6F; Thu, 9 Oct 2014 13:59:31 +0000 (UTC) Received: by mail-wg0-f47.google.com with SMTP id x13so1353274wgg.18 for ; Thu, 09 Oct 2014 06:59:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=u1g4OuKlLu+d5ix3yj+yrwWFCyVDYSCAmvxHTz2TgNA=; b=DvI8k/Sh6jJZeD2L0HvLIyY6pE2RzqDt+BkBXcMY7tBLVnR69micDmfaPpGpGZ3AI2 p5YXW12V4Y18vhyORQbVRTMkaievc3PV8yxbhh5Htf06o42bSEAmLWkSaOjiK0lEeW+m N9AzJDObIWm7n/h8OBcZcH/eZ/N0Pk8GL1dIfklV/UDnR611WTmXopQzqBSnRg2kcvQb 1deLRfkR4RD7JesyqCO6OnHbTvgZ5KhNY2Sw+I4bRj44oE1gDGGSnJ5qD7G4SLg/KxZ0 LvE+VGZcGm2pT7+9zKDEutFziskUtbPJxDrTMTDylmWNsrKXYNOHJoH8tB3M0UbewadD MMtQ== MIME-Version: 1.0 X-Received: by 10.180.83.134 with SMTP id q6mr41544839wiy.12.1412863168472; Thu, 09 Oct 2014 06:59:28 -0700 (PDT) Received: by 10.27.214.7 with HTTP; Thu, 9 Oct 2014 06:59:28 -0700 (PDT) In-Reply-To: <54362AE2.90501@selasky.org> References: <201410082347.s98NkjW3025396@fire.js.berklix.net> <54362AE2.90501@selasky.org> Date: Thu, 9 Oct 2014 15:59:28 +0200 Message-ID: Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell From: Oliver Pinter To: Hans Petter Selasky Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, "Julian H. Stacey" , Poul-Henning Kamp , freebsd-usb@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 13:59:32 -0000 On 10/9/14, Hans Petter Selasky wrote: > Hi Julian, > > On 10/09/14 01:46, Julian H. Stacey wrote: >> Hi Hans etc >> "Julian H. Stacey" wrote: >>> Hans Petter Selasky wrote: >>>> Hi, >>>> >>>> Can you test the following kernel patch and give some feedback: >>>> >>>> https://svnweb.freebsd.org/changeset/base/272733 >> >> I'm now on latest current with src & sys/ GENERIC >> /usr/src/.ctm_status # src-cur 11645 >> >> This time I downloaded your files properly >> (last time I was severely distracted & made a silly mistake) >> >>>> After the patch you will get something like: >>>> hw.usb.disable_enumeration: 0 >>>> dev.uhub.0.disable_enumeration: 0 >>>> dev.uhub.1.disable_enumeration: 0 >>>> ... >> >> sysctl -a | grep enumeration >> hw.usb.disable_enumeration: 0 >> dev.uhub.0.disable_enumeration: 0 >> dev.uhub.1.disable_enumeration: 0 >> dev.uhub.2.disable_enumeration: 0 >> dev.uhub.3.disable_enumeration: 0 >> dev.uhub.4.disable_enumeration: 0 >> >> sysctl -d hw.usb.disable_enumeration >> hw.usb.disable_enumeration: Set to disable all USB device enumeration. >> >> sysctl -d dev.uhub.4.disable_enumeration >> dev.uhub.4.disable_enumeration: Set to disable enumeration on this USB >> HUB. >> >> usbconfig >> ugen0.1: at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) >> pwr=SAVE (0mA) >> ugen1.1: at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) >> pwr=SAVE (0mA) >> ugen0.2: at usbus0, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen1.2: at usbus1, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (0mA) >> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH >> (480Mbps) pwr=OFF (500mA) >> ugen1.3: at usbus1, cfg=0 >> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) >> ugen1.4: at usbus1, cfg=0 md=HOST spd=HIGH >> (480Mbps) pwr=SAVE (100mA) >> > >> >> Great ! Seems to work. >> >> (Though I need to read up on how major & minor of ugen relate to >> the digit in eg 4.disable_enumeration) >> >> >>>> which is also settable through /boot/loader.conf (tunable) >> >> Good, >> I hope/presume loader.conf gets run before any USB, cos I recall >> lecturer Karsten Nohl pointing out one could get BadUSB taking up >> residence in USB controller chips inside a PC, ie for a built in >> mouse or web cam, so one would need to turn off enumeration earlier >> than when first external USB approaches to connect. > > Yes, if set by the loader.conf, you will only see the RootHUB after boot. > > To get devices back after enabling enumeration again, you will need to > reset the HUBs: > > usbconfig -d X.1 reset > > For example. > > BTW: I've added some exceptions, that existing devices can be detached, > suspend/resumed and reset while the enumeration is disabled. Can we somehow improve this change, to powering down the ports/hubs which has the enumeration disabled? > > https://svnweb.freebsd.org/changeset/base/272807 > >> >> I've reported back on BBC news form: >> Ref. your >> 6 October 2014 Last updated at 15:29 GMT >> http://www.bbc.com/news/technology-29475566 >> >> The www.FreeBSD.org project (a Unix OS similar to Linux) >> took just 2 days to develop & test a free solution. >> http://lists.freebsd.org/pipermail/freebsd-usb/2014-October/013304.html >> > > Can you also test that patch? > > Thank you! > > --HPS > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >