Hello, I'm working on an open-source project called USBGuard (currently in the process of being packaged for Debian[1]) which aims to provide an user-space framework that complements the USB device authorization feature[2] in the Linux kernel. There are parts which deal with USB descriptor data and I would like to test them thoroughly (fuzzing, etc.). For that I need some samples of the USB descriptor data. I can generate some samples but it's always a good idea to have real world samples.
Now to my actual request. I wrote a script[3] for collecting USB descriptor data from a Linux based system and I would like you to help me by running this script on your system (should work without root) and send me the results to dnk.usb...@gmail.com or by other means, whatever is convenient for you. The script is very simple and it should be easy to check that it doesn't do anything malicious. If you own some "exotic" USB devices, please connect them before running the script. Here's a short description of what the script does: 1. It looks for usb devices in /sys/bus/usb/devices 2. For each device it: - computes the sha1 of the USB descriptors (the "descriptors" file in the device sub-directory) - copies the "descriptors" file into a temporary directory - counts the number of configuration, interface and endpoint descriptors using lsusb and saves this information in the temporary directory 3. Compresses the temporary directory -- the archive is the result. 4. Removes the temporary directory [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825302 [2] https://www.kernel.org/doc/Documentation/usb/authorization.txt [3] https://raw.githubusercontent.com/dkopecek/usbguard/master/scripts/usb-descriptor-collect.sh Thank you!
