"BadUSB" A new way of console hacking possible?

Discussion in 'Computer Games and General Discussion' started by PhyChris, Aug 2, 2014.

  1. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada
    There is a HUGE security flaw in the current hardware implantation of USB, that allows the USB slave to execute code on the USB host completely undetected. (take note of the third demonstration in the quote)

    there will be a demonstration at the "blackhat conference" Aug 6th/7th
     


  2. sandytf

    sandytf GBAtemp Regular

    Member
    117
    49
    May 5, 2013
    United States
    That is not a flaw. It's how usb works and why you should always be careful when dealing with questionable software or hardware.
     
  3. SnailCombat

    SnailCombat Member

    Newcomer
    19
    3
    Jul 20, 2014
    United States
    somewhere
    i don't know too much about ps3 hacking, but does this mean newer ps3's could be hackable??

    just wondering, i wouldn't dare tamper with my baby
     
  4. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada
    sandytf. no my friend. google BadUSB and cut your results to the last week.
     
  5. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    950
    444
    Jun 10, 2006
    United States
    maybe add Blackhat august 2014
     
    PhyChris likes this.
  6. sandytf

    sandytf GBAtemp Regular

    Member
    117
    49
    May 5, 2013
    United States
    This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.
     
  7. Bug_Checker_

    Bug_Checker_ GBAtemp Advanced Fan

    Member
    950
    444
    Jun 10, 2006
    United States
    I think all of this is probably a derivative of bunnie's work on sd cards.
    http://www.bunniestudios.com/blog/?page_id=3592
     
  8. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada
    we will have to wait till the conference to see. but from my research this is the 1st USB hack that uses a hacked firmware to exploit a "new bug"(their words) to take control of the bus for actual code execution without the host detecting (not just reporting a false device info)
     
  9. Relys

    Relys Master of Computer Science

    Member
    863
    788
    Jan 5, 2007
    United States
    Yeah buddy this has nothing to do with an exploit vector into the Wii U through USB. What you would be looking for is an exploit in the USB host, not the USB controller.

    You can already purchase the device you describe. It's called a USB Rubber Ducky.

    Can you please close this thread?
     
  10. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada


    wait 5 days till blackhat is finished
     
  11. Relys

    Relys Master of Computer Science

    Member
    863
    788
    Jan 5, 2007
    United States
    https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe

    This is all that your post is describing. This has nothing to do with the Wii U or finding an exploit in the Wii U USB host at all. The PS3 had an exploit in USB host which had a dongle emulate a 7 port USB hub and do some sort of buffer overflow or corruption (I forget it's implementation) to trick the PS3 thinking it was a official Sony USB jig.
     
  12. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada
    Did you read anything on BadUSB? its TOATLY different then this rubber ducky 'data stash/usb keyboard emulate' type shit.

    Edit: it was a bit trolly :)
     
  13. Relys

    Relys Master of Computer Science

    Member
    863
    788
    Jan 5, 2007
    United States

    http://www.zdnet.com/badusb-big-bad-usb-security-problems-ahead-7000032211/

    To me it looks like it's just about creating your own Rubber Ducky type device from any USB Controller by overwriting the micro controller.
     
  14. PhyChris
    OP

    PhyChris GBAtemp Regular

    Member
    205
    108
    May 6, 2009
    Canada
    Yes, the exploit could be used to make a USD device emulator like a gamepad/keybord with pre-programmed button/key combos/timings but they are claiming much more. a system hijack

    we will have to wait and see how useful this is.
     
  15. WulfyStylez

    WulfyStylez SALT/Bemani Princess

    Member
    1,149
    2,607
    Nov 3, 2013
    United States
    Any system you could compromise through bugs in the USB controller, sure. That being said, it's barely worth looking at this vector for the Wii U.
     
  16. vinhdt

    vinhdt Advanced Member

    Newcomer
    65
    12
    Jan 14, 2009
    United States
    PS3 Cobra ODE and X360Key are probably an example of it. The usb firmware are programmed on those devices.
     
  17. Jayro

    Jayro MediCat DVD and Mini Windows 10 Developer

    Member
    GBAtemp Patron
    Jayro is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,729
    2,484
    Jul 23, 2012
    United States
    Octo Canyon
    That would be cool to pre-program the USB controller's firmware with a PS3/PS4 payload. :D
     
  18. ssrpgvita
    This message by ssrpgvita has been removed from public view by BORTZ, Aug 5, 2014, Reason: nope.
    Aug 4, 2014
  19. WiiCube_2013
    This message by WiiCube_2013 has been removed from public view by BORTZ, Aug 5, 2014, Reason: spam.
    Aug 4, 2014
  20. ssrpgvita
    This message by ssrpgvita has been removed from public view by BORTZ, Aug 5, 2014, Reason: spam.
    Aug 4, 2014
  21. Saturosias

    Saturosias Sakura-sō Resident

    Member
    594
    290
    Dec 27, 2010
    United States
    Why did you post this no-longer-news in this section if you have zero clue what you're talking about?
     
    Riyaz and VinsCool like this.
  22. ssrpgvita

    ssrpgvita Advanced Member

    Newcomer
    65
    1
    Aug 4, 2014
    United States
    Yulee, Florida
    if u can rewrite firwamre on usb media device what makes u think u cant rewrite fw from pup file or nintendo fw update file inject hombrew acess into via bruteforce thats what im trying to see is possible i got estatic over this news i guess itll leadn owhere then sighs
     
  23. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,529
    21,457
    Sep 13, 2009
    Poland
    Gaming Grotto
    I'm sorry, but you might be missing a couple flux capacitors there.

    Anywho, this is not a magical exploit - this is and always has been a feature of USB. How do you think USB devices initialize? No thanks to the magical USB fairy. The standard is set up in such a way that the computer "trusts" whatever you shove into the USB port because hey - you're the user, you know what you're doing. Besides, we already have a thread about BadUSB, so I'll merge them together once I find the other one.

    EDIT: Aaaand done - threads merged.