Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Mar 2018 20:30:02 +0100
From:      Hans Petter Selasky <hps@selasky.org>
To:        Vincenzo Di Salvo <ingegneriaforense@alice.it>, freebsd-usb@freebsd.org
Subject:   Re: usb's quirks ... how to sniff bios'es messages addressed to usb rom chip
Message-ID:  <77f62042-bb44-7b36-0845-b88d233bfed0@selasky.org>
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAANB1sR69XHJMoG%2BMU1AT/qLCgAAAEAAAAP7hvnBBMjhJr%2Bv0J6Z9h1UBAAAAAA==@alice.it>
References:  <!&!AAAAAAAAAAAYAAAAAAAAANB1sR69XHJMoG%2BMU1AT/qLCgAAAEAAAAP7hvnBBMjhJr%2Bv0J6Z9h1UBAAAAAA==@alice.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 03/19/18 19:46, Vincenzo Di Salvo wrote:
> Hello guys,
> 
>   
> 
> reading the FreeBSD forums I learned about the usb freebsd mailing list.
> 
>   
> 
> I try to explain my question.
> 
>   
> 
> Plugging in an hard disk into the usb port (without mounting the
> filesystem), I've noticed that the inserting operation was detected by the
> chip and a counter inside the HD memory was increased by one each time the
> hard disk was inserted.
> 
> So a write operation has been happen !!!!!!
> 
> The drive in question is a solid hard disk SSD 1TB Samsung 850 EVO Sata III.
> 
> 
> This test has been done on a Linux O.S (that is a very disaster in terms of
> security policy, due to the demons of the GUI !)
> 
>   
> 
> This sounds like something done by the BIOS. Some can keep track on a wide
> variety of things. For example, it happens that the Bios keep track of the
> times when the case is opened.
> 
>   
> 
> QUESTION:
> 
>   
> 
> Is the FreeBSD usbdump(8)  the right way to listen on events coming from
> bios (in this case a writing access) and show changes happened into the rom
> memory of the chip of the usb HD ?
> 
>   
> 
> Appreciated is any your help also about the correct sintax of the usbdump.
> 

Hi,

usbdump has a manual page, man usbdump, describing how to use it.

There is also a Google Summer of code project to add wireshark support 
for the FreeBSD usbdump format.

--HPS

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77f62042-bb44-7b36-0845-b88d233bfed0>