Hi all…
I need to do some security checks on a usb sensor device, even though i
should do these tests with an hardware usb sniffer, i am not able to do
this. Since i cannot “man in the middle” the usb cable, i want to simulate
this with a usb bus filter driver.
Here is the question; do i see the same data hardware sniffer sees, and is
the usb bus filter lowest layer that i can watch data comes from usb sensor.
Thanks in advance.
You do not see the same data that the hardware sniffer sees as you are not
‘on the wire’, you see whatever the usb controller has decided to push up
from the wire to the various device stacks connected to the controller’s
pdos.
So you will not see the low level stuff. But if you are only interested in
payloads, that shouldn’t matter.
Mark Roddy
On Wed, Dec 19, 2012 at 12:48 PM, Doğan Kurt wrote:
> Hi all…
>
> I need to do some security checks on a usb sensor device, even though i
> should do these tests with an hardware usb sniffer, i am not able to do
> this. Since i cannot “man in the middle” the usb cable, i want to simulate
> this with a usb bus filter driver.
>
> Here is the question; do i see the same data hardware sniffer sees, and is
> the usb bus filter lowest layer that i can watch data comes from usb sensor.
>
> Thanks in advance.
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
Do»an Kurt wrote:
I need to do some security checks on a usb sensor device,
What does that mean? What kind of checks are you going to do?
even though i should do these tests with an hardware usb sniffer, i am
not able to do this.
Why not? That’s obviously the best approach for what you’re asking.
Since i cannot “man in the middle” the usb cable, i want to simulate
this with a usb bus filter driver.
You can do “man in the middle” if you develop your own hardware to do
so. You would just need to be a simple USB hub with a side port for
intercepting the data. That probably doesn’t fit your timeframe, however.
Here is the question; do i see the same data hardware sniffer sees,
and is the usb bus filter lowest layer that i can watch data comes
from usb sensor.
The answer to the first question is “no”. Filter drivers see URBs –
USB Request Blocks. Those are requests to the host controller driver.
The HCD converts most URBs into hardware requests. As an example, a
filter driver never sees retries, or dropped packets, or protocol
violations, or bus timing issues. Those things REQUIRE a hardware sniffer.
The term “usb bus filter” is a little fuzzy. Most of the software
sniffers out there act as an upper filter to the host controller
drivers. That’s the lowest layer before the requests get converted to
packets on the wire.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
For the LIFE of me, I don’t understand why people (or their managertroids) are so reluctant to buy hardware USB protocol analyzers. Unless you -really- need to trace Super Speed, these analyzers are cheap… Some are just a few hundred dollars US. Heck, for that kind of money you can use it once and throw it away… or sell it on eBay.
Peter
OSR
The problem is twofold. (a) the effort of sending a capital expenditure
request high enough to get someone who has the authority to sign it
discourages the act of doing so and (b) people are already in the budget.
The fact that (b) ignores little issues like actual cost to the company of
having a programmer spend two weeks trying to fix a problem the bus
analyzer would uncover in ten minutes; the cost of missed deadlines;
increased time-to-market; and lost-opportunity costs. In the Real World
these matter, but the more I worked with clients over the decades, the
more I realized that grasp of reality diminishes exponentially with rank
in far too many corporations.
I knew someone who didn’t get a raise because he had not submitted his
plan for achieving six-sigma compliance. He worked in the researcn
division, working on ideas that might turn into products in five years.
joe
For the LIFE of me, I don’t understand why people (or their managertroids)
are so reluctant to buy hardware USB protocol analyzers. Unless you
-really- need to trace Super Speed, these analyzers are cheap… Some are
just a few hundred dollars US. Heck, for that kind of money you can use
it once and throw it away… or sell it on eBay.Peter
OSR
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer