Gaming "BadUSB" A new way of console hacking possible?

PhyChris

Well-Known Member
OP
Member
Joined
May 6, 2009
Messages
327
Trophies
0
XP
1,342
Country
Canada
There is a HUGE security flaw in the current hardware implantation of USB, that allows the USB slave to execute code on the USB host completely undetected. (take note of the third demonstration in the quote)

Nohl and Lell have discovered that USB controller chips' firmware offer no protection from reprogramming. Using a set of proof-of-concept tools they call BadUSB, they claim that an ordinary USB device, even a thumb drive, can be used to compromise computers in the following ways:
  • A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
  • The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
  • A modified thumb drive or external hard disk can — when it detects that the computer is starting up — boot a small virus, which infects the computer’s operating system prior to boot.

there will be a demonstration at the "blackhat conference" Aug 6th/7th
 

sandytf

Well-Known Member
Member
Joined
May 5, 2013
Messages
133
Trophies
0
Age
42
XP
617
Country
United States
That is not a flaw. It's how usb works and why you should always be careful when dealing with questionable software or hardware.
 

Psycho

Active Member
Newcomer
Joined
Jul 20, 2014
Messages
30
Trophies
0
Age
26
Location
somewhere
XP
205
Country
United States
i don't know too much about ps3 hacking, but does this mean newer ps3's could be hackable??

just wondering, i wouldn't dare tamper with my baby
 

sandytf

Well-Known Member
Member
Joined
May 5, 2013
Messages
133
Trophies
0
Age
42
XP
617
Country
United States
This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.
 

Bug_Checker_

Well-Known Member
Member
Joined
Jun 10, 2006
Messages
950
Trophies
0
XP
663
Country
United States
This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.

I think all of this is probably a derivative of bunnie's work on sd cards.
http://www.bunniestudios.com/blog/?page_id=3592
 

PhyChris

Well-Known Member
OP
Member
Joined
May 6, 2009
Messages
327
Trophies
0
XP
1,342
Country
Canada
This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.

we will have to wait till the conference to see. but from my research this is the 1st USB hack that uses a hacked firmware to exploit a "new bug"(their words) to take control of the bus for actual code execution without the host detecting (not just reporting a false device info)
 

Relys

^(Software | Hardware) Exploit? Development.$
Member
Joined
Jan 5, 2007
Messages
876
Trophies
0
XP
1,191
Country
United States
Yeah buddy this has nothing to do with an exploit vector into the Wii U through USB. What you would be looking for is an exploit in the USB host, not the USB controller.

You can already purchase the device you describe. It's called a USB Rubber Ducky.

Can you please close this thread?
 

PhyChris

Well-Known Member
OP
Member
Joined
May 6, 2009
Messages
327
Trophies
0
XP
1,342
Country
Canada
Yeah buddy this has nothing to do with an exploit vector into the Wii U through USB. What you would be looking for is an exploit in the USB host, not the USB controller.

You can already purchase the device you describe. It's called a USB Rubber Ducky.

Can you please close this thread?



wait 5 days till blackhat is finished
 

Relys

^(Software | Hardware) Exploit? Development.$
Member
Joined
Jan 5, 2007
Messages
876
Trophies
0
XP
1,191
Country
United States
wait 5 days till blackhat is finished

https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe

This is all that your post is describing. This has nothing to do with the Wii U or finding an exploit in the Wii U USB host at all. The PS3 had an exploit in USB host which had a dongle emulate a 7 port USB hub and do some sort of buffer overflow or corruption (I forget it's implementation) to trick the PS3 thinking it was a official Sony USB jig.
 

PhyChris

Well-Known Member
OP
Member
Joined
May 6, 2009
Messages
327
Trophies
0
XP
1,342
Country
Canada
Did you read anything on BadUSB? its TOATLY different then this rubber ducky 'data stash/usb keyboard emulate' type shit.

Edit: it was a bit trolly :)
 

Relys

^(Software | Hardware) Exploit? Development.$
Member
Joined
Jan 5, 2007
Messages
876
Trophies
0
XP
1,191
Country
United States

PhyChris

Well-Known Member
OP
Member
Joined
May 6, 2009
Messages
327
Trophies
0
XP
1,342
Country
Canada

WulfyStylez

SALT/Bemani Princess
Member
Joined
Nov 3, 2013
Messages
1,149
Trophies
0
XP
2,844
Country
United States
Any system you could compromise through bugs in the USB controller, sure. That being said, it's barely worth looking at this vector for the Wii U.
 

vinhdt

Well-Known Member
Newcomer
Joined
Jan 14, 2009
Messages
70
Trophies
0
XP
367
Country
United States
PS3 Cobra ODE and X360Key are probably an example of it. The usb firmware are programmed on those devices.
 

ssrpgvita

Well-Known Member
Member
Joined
Aug 4, 2014
Messages
110
Trophies
0
Age
37
Location
Yulee, Florida
XP
322
Country
United States
if u can rewrite firwamre on usb media device what makes u think u cant rewrite fw from pup file or nintendo fw update file inject hombrew acess into via bruteforce thats what im trying to see is possible i got estatic over this news i guess itll leadn owhere then sighs
 

Foxi4

Endless Trash
Global Moderator
Joined
Sep 13, 2009
Messages
28,542
Trophies
2
Location
Gaming Grotto
XP
26,052
Country
Poland
I'm sorry, but you might be missing a couple flux capacitors there.

Anywho, this is not a magical exploit - this is and always has been a feature of USB. How do you think USB devices initialize? No thanks to the magical USB fairy. The standard is set up in such a way that the computer "trusts" whatever you shove into the USB port because hey - you're the user, you know what you're doing. Besides, we already have a thread about BadUSB, so I'll merge them together once I find the other one.

EDIT: Aaaand done - threads merged.
 
General chit-chat
Help Users
    G @ GreatSteelPanda: well played