On Mon, Nov 25, 2019 at 10:37:42PM -0500, Kenneth Parker wrote: > Here's an interesting one: A Windows friend handed me a USB Dongle, > knowing that I'm a Linux user. He says he got it 3rd hand, with info that > it might be "Very Dangerous". He would be interested, if I find out > something about it. (And, indeed, Google has many hits on "USB Malware"). > > So, what I want, is a USB Debugging Package, that will *NOT* attempt to, > actually open this device, but will give me information about it. > > Obviously, this has to be handled carefully because, for one, it's not > always obvious which USB goes where. > > For example, before I plug it in, "lsusb" should not show anything plugged > in. > > ----- > > End of preliminaries. When I plug in something, (i.e. Serial Mouse in Text > Only environment, or a USB Thumb Drive), a Flurry of Activity ensues, with > lots of Kernel Messages (and before I get to examine it). Does that mean > I have to make a Custom Kernel for this, or limit the Kernel Modules used? > > Any insights so far?
First: How are you looking at something without opening? Unless you have some forensic electronics lab, where you can inspect the underlying hardware, you alway have to "open" (aka get a handle) it. It has been mentioned that there are devices which fry your hardware by sending high voltage pulses to the host. Get a raspberry pi and setup a usb debug stack there. It's cheap. If you fry it it's only $35 you lose. Insert a udev rule to capture all events (especially "add"). And from there slowly pry your way in. -- Henning Follmann | hfollm...@itcfollmann.com
