Introduction to USB Emulation with the Facedancer by Travis Goodspeed and Sergey Bratus


Instructors: Travis Goodspeed and Sergey Bratus
Dates: 25-26 June 2014
Capacity: 15 Seats


If you can write a webserver, you can write a USB drive---or host one!


The Facedancer is a tool for emulating USB devices and hosts. First introduced at Recon 2012, the board can now emulate a number of device protocols, including HID, FTDI, Mass Storage and Device Firmware Update protocols. The new Facedancer version featured in this workshop also supports Host Mode, so you can emulate and target _either_ the device or the host.


This two-day training will introduce you to using the Facedancer framework to write your own device and host emulators, which can serve as a basis for fuzzing, emulation, TOCTTOU attacks, or similar nifty tricks.


Students will learn how to sniff and reverse engineer USB traffic to write their emulators, as well as how to work from driver source code to produce their own emulators. A section on Active Disk Antiforensics teaches how to fingerprint a host in order to evade disk imaging, and a section on easy targets show some good targets for exploitation that are likely hiding undiscovered vulnerabilities.


Class Requirements

Prerequisites:
Attendees will receive and keep functioning Facedancer 2.1 hardware and bootable thumb drives with all required software. At a minimum, students are expected to be comfortable in Python and to have prior experience writing networked software.


Bio

Travis Goodspeed is a Southern Appalachian neighbor with a bit of an obsession for the MSP430 microcontroller. Sergey Bratus is a North Appalachian neighbor and a Research Assistant Professor at Dartmouth College. Together, they accidentally broke the OSI Model with Packet-in-Packet, a PHY-layer exploit for remote frame injection portable to most digital radios.



Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He tries to help fellow academics to understand the value and relevance of hacker research. It is his ambition to collect and classify all kinds of weird machines; he is also a member of the langsec.org conspiracy to eliminate large classes of bugs.

To Register

Click here to register.