Date: Thu, 09 Oct 2014 16:44:19 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org, "Julian H. Stacey" <jhs@berklix.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, freebsd-usb@freebsd.org Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell Message-ID: <54369F43.9010806@selasky.org> In-Reply-To: <CAPjTQNHbh40oeeuJnCk%2BiiKLOFO9TJU0Z13uRp6FawuUrmHvnw@mail.gmail.com> References: <201410082347.s98NkjW3025396@fire.js.berklix.net> <54362AE2.90501@selasky.org> <CAPjTQNHbh40oeeuJnCk%2BiiKLOFO9TJU0Z13uRp6FawuUrmHvnw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/09/14 15:59, Oliver Pinter wrote: > On 10/9/14, Hans Petter Selasky <hps@selasky.org> wrote: >> Hi Julian, >> >> On 10/09/14 01:46, Julian H. Stacey wrote: >>> Hi Hans etc >>> "Julian H. Stacey" wrote: >>>> Hans Petter Selasky wrote: >>>>> Hi, >>>>> >>>>> Can you test the following kernel patch and give some feedback: >>>>> >>>>> https://svnweb.freebsd.org/changeset/base/272733 >>> >>> I'm now on latest current with src & sys/ GENERIC >>> /usr/src/.ctm_status # src-cur 11645 >>> >>> This time I downloaded your files properly >>> (last time I was severely distracted & made a silly mistake) >>> >>>>> After the patch you will get something like: >>>>> hw.usb.disable_enumeration: 0 >>>>> dev.uhub.0.disable_enumeration: 0 >>>>> dev.uhub.1.disable_enumeration: 0 >>>>> ... >>> >>> sysctl -a | grep enumeration >>> hw.usb.disable_enumeration: 0 >>> dev.uhub.0.disable_enumeration: 0 >>> dev.uhub.1.disable_enumeration: 0 >>> dev.uhub.2.disable_enumeration: 0 >>> dev.uhub.3.disable_enumeration: 0 >>> dev.uhub.4.disable_enumeration: 0 >>> >>> sysctl -d hw.usb.disable_enumeration >>> hw.usb.disable_enumeration: Set to disable all USB device enumeration. >>> >>> sysctl -d dev.uhub.4.disable_enumeration >>> dev.uhub.4.disable_enumeration: Set to disable enumeration on this USB >>> HUB. >>> >>> usbconfig >>> ugen0.1: <EHCI root HUB Intel> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) >>> pwr=SAVE (0mA) >>> ugen1.1: <EHCI root HUB Intel> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) >>> pwr=SAVE (0mA) >>> ugen0.2: <product 0x0020 vendor 0x8087> at usbus0, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (0mA) >>> ugen1.2: <product 0x0020 vendor 0x8087> at usbus1, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (0mA) >>> ugen0.3: <1.3M WebCam XPA2535XY> at usbus0, cfg=255 md=HOST spd=HIGH >>> (480Mbps) pwr=OFF (500mA) >>> ugen1.3: <Semi Tech PS2 Keyboard - PS2 Mouse Semi Tech> at usbus1, cfg=0 >>> md=HOST spd=LOW (1.5Mbps) pwr=ON (100mA) >>> ugen1.4: <USB2.0 Hub vendor 0x05e3> at usbus1, cfg=0 md=HOST spd=HIGH >>> (480Mbps) pwr=SAVE (100mA) >>> >> >>> >>> Great ! Seems to work. >>> >>> (Though I need to read up on how major & minor of ugen relate to >>> the digit in eg 4.disable_enumeration) >>> >>> >>>>> which is also settable through /boot/loader.conf (tunable) >>> >>> Good, >>> I hope/presume loader.conf gets run before any USB, cos I recall >>> lecturer Karsten Nohl pointing out one could get BadUSB taking up >>> residence in USB controller chips inside a PC, ie for a built in >>> mouse or web cam, so one would need to turn off enumeration earlier >>> than when first external USB approaches to connect. >> >> Yes, if set by the loader.conf, you will only see the RootHUB after boot. >> >> To get devices back after enabling enumeration again, you will need to >> reset the HUBs: >> >> usbconfig -d X.1 reset >> >> For example. >> >> BTW: I've added some exceptions, that existing devices can be detached, >> suspend/resumed and reset while the enumeration is disabled. > > Can we somehow improve this change, to powering down the ports/hubs > which has the enumeration disabled? > Hi, I've added this as an orthogonal feature. Please test and report back: hw.usb.disable_enumeration: 0 hw.usb.disable_port_power: 0 dev.uhub.0.disable_enumeration: 0 dev.uhub.0.disable_port_power: 0 https://svnweb.freebsd.org/changeset/base/272822 Thank you! --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54369F43.9010806>