![]()
tag:blogger.com,1999:blog-8317222231133660547.post-56976362945688442622020-10-24T08:30:00.001-03:002020-10-24T08:30:05.003-03:00AutoGadgetFS - USB Testing Made Easy<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-f3ikMBP2ZVU/X5JbGWHSg2I/AAAAAAAAUH8/8lYdeZ-JEZczBQIUBnNYZ_1MRW64LpmAwCNcBGAsYHQ/s388/AutoGadgetFS_1_agfslogos.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="388" data-original-width="383" src="https://1.bp.blogspot.com/-f3ikMBP2ZVU/X5JbGWHSg2I/AAAAAAAAUH8/8lYdeZ-JEZczBQIUBnNYZ_1MRW64LpmAwCNcBGAsYHQ/s16000/AutoGadgetFS_1_agfslogos.png" /></a></div><p><br /></p><span style="font-size: large;"><b>What’s AutoGadgetFS ?</b></span><br /> <p>AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to conduct remote USB security assessments from anywhere around the globe. By leveraging ConfigFS, AutoGadgetFS allows users to clone and emulate devices quickly, eliminating the need to dig deep into the details of each implementation. The framework also allows users to create their own fuzzers on top of it.</p><div><span><a name='more'></a></span></div><br /><span style="font-size: large;"><b>Requirments:</b></span><br /> <ul><a name="user-content-requirments" target="_blank" title=""> </a><li><a name="user-content-requirments" target="_blank" title=""></a><div><a name="user-content-requirments" target="_blank" title="">Host machine running Linux (Debian/Ubuntu/Kali)</a></div></li><li><a name="user-content-requirments" target="_blank" title=""></a><div><a name="user-content-requirments" target="_blank" title=""></a><a href="https://www.kitploit.com/search/label/Raspberry%20Pi" target="_blank" title="Raspberry Pi">Raspberry Pi</a> Zero with WIFI support</div></li> <li><div>Target machine options:</div><ul> <li>Virtual Machine</li> <li>Standalone machine</li> </ul> </li> <li><div>2 x USB micro cables</div></li> <li><div>Target USB device</div></li> <li><div>Hardware debugger ( Optional )</div></li> </ul> <br /><span style="font-size: large;"><b>The Setup:</b></span><br /> <div><pre><code>Device testing only:</code></pre></div> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-C2VbZprOgIc/X5JbR4PTN2I/AAAAAAAAUIA/JyS7_zbmn2s9C3BddqwIn_QcZAZuNuNzgCNcBGAsYHQ/s796/AutoGadgetFS_3_devtest.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="345" data-original-width="796" height="277" src="https://1.bp.blogspot.com/-C2VbZprOgIc/X5JbR4PTN2I/AAAAAAAAUIA/JyS7_zbmn2s9C3BddqwIn_QcZAZuNuNzgCNcBGAsYHQ/w640-h277/AutoGadgetFS_3_devtest.jpeg" width="640" /></a></div><div><br /></div> <div><pre><code>Minimal agfs in the middle setup:</code></pre></div> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-Agk8JewBbD4/X5JbaS3Mb7I/AAAAAAAAUII/zWn6S2dE1e8LQZWQhSZ475fkBSwdSowuQCNcBGAsYHQ/s1031/AutoGadgetFS_4_scenario1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="351" data-original-width="1031" height="218" src="https://1.bp.blogspot.com/-Agk8JewBbD4/X5JbaS3Mb7I/AAAAAAAAUII/zWn6S2dE1e8LQZWQhSZ475fkBSwdSowuQCNcBGAsYHQ/w640-h218/AutoGadgetFS_4_scenario1.jpeg" width="640" /></a></div><div><br /></div> <div><pre><code>Complete agfs in the middle setup with debugging support:</code></pre></div> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-UYyQIyXGXCA/X5JbimanpEI/AAAAAAAAUIQ/yXH1qaMrgJA9u7Jyk8M_WBnlcRtF5-ITACNcBGAsYHQ/s1280/AutoGadgetFS_5_scenario2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="1280" height="114" src="https://1.bp.blogspot.com/-UYyQIyXGXCA/X5JbimanpEI/AAAAAAAAUIQ/yXH1qaMrgJA9u7Jyk8M_WBnlcRtF5-ITACNcBGAsYHQ/w640-h114/AutoGadgetFS_5_scenario2.jpeg" width="640" /></a></div><div><br /></div><a name="user-content-usbdev" target="_blank" title=""><span style="font-size: large;"><b>USB Device class support:</b></span><br /> <p>USB HID Devices fully supported (Man in the middle)</p><p>Device only testing .. All USB devices (NO Man in the middle)</p><p>Future releases... All USB devices (Man in the middle)</p></a><br /><span style="font-size: large;"><b>Capabilities:</b></span><br /> <ol><a name="user-content-caps" target="_blank" title=""> <li>Find, Select and Attach to a USB device with ease.</li> <li>Emulate any USB HID device .</li> <li>Perform AGFS in the middle sniffing for HID devices ( save communication to disk ).</li> <li>Device sniffing ( Any device ).</li> <li>Multiple Fuzzers allow you to Fuzz a device or a host.</li> <li>Random fuzzers ( with fixed or random length packets ).</li> <li>Smart Fuzzers that learn from previous USB communications.</li> <li>Describe Fuzzer to tell the Fuzzer which bytes to Fuzz leaving the rest of the packet the same.</li> <li>Gadget Fuzzer.</li> <li>Sequential Fuzzer.</li> <li>Control transfer Enumerator.</li> <li>Replay of packets from a file.</li> <li>Replay of packets from a saved USBLyzer capture.</li> </a><li><a name="user-content-caps" target="_blank" title="">Visual way of presenting packets to allow ease of </a><a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_blank" title="reverse engineering">reverse engineering</a> of the communication.</li> <li>Alerts for device in DFU mode, or if the device leaks information.</li> <li>USB device and host can be anywhere on the internet.</li> <li>Monitor sudden interface changes.</li> </ol> <a name="user-content-road" target="_blank" title=""><br /><span style="font-size: large;"><b>RoadMap:</b></span><br /> <ol> <li>Sniff control transfer requests to a device and reply to them.</li> <li>MITM and emulate all types of devices.</li> <li>Console/QT based interface.</li> <li>More Interfaces/endpoints support on the RPI zero W.</li> <li>Support more boards like the greatfet.</li> <li>Move to a custom board.</li> <li>Work on making raspberry pi have full support for usb device emulation with all interfaces.</li> <li>correlate sent and received packets via sequence numbers.</li> </ol> </a><a name="user-content-installation" target="_blank" title=""><br /><span><b><span style="font-size: x-large;">Installation</span><span style="font-size: large;">:</span></b></span><br /> </a><a name="user-content-linux" target="_blank" title=""> <br /><span style="font-size: large;"><b>Linux Machine:</b></span><br /> </a><ul><a name="user-content-linux" target="_blank" title=""> <li> <p>Note: WSL/WSL2 is not supported due to issues with USB pass-through.</p> </li> <li> <p>Install Python3, ipython3 ,git, pip and rabbitMQ server</p> <div><pre><code>sudo apt install python3 ipython3 git python3-pip rabbitmq-server dfu-util<br />sudo service rabbitmq-server start</code></pre></div> </li> <li> <p>Clone the repository</p> <div><pre><code>git clone https://github.com/ehabhussein/AutoGadgetFS<br />cd AutoGadgetFS</code></pre></div> </li> <li> <p>Install the requirements</p> <div><pre><code>sudo -H pip3 install -r requirements.txt</code></pre></div> </li> <li> <p>Downgrade prompt toolkit for better ipython experience:</p> <div><pre><code>sudo python3 -m pip install prompt-toolkit~=2.0</code></pre></div> </li> <li> <p>Enable the web interface for rabbitMQ</p> <div><pre><code>sudo rabbitmq-plugins enable rabbitmq_management<br />http://localhost:15672/ to reach the web interface</code></pre></div> </li> </a><li><a name="user-content-linux" target="_blank" title=""> </a><p><a name="user-content-linux" target="_blank" title="">login to the web interface with the </a><a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> <em>guest:guest</em></p> <ul> <li> <p>NOTE: if you are not installing rabbitMQ on <code>localhost</code> add the following user and login with it:</p> <div><pre><code>sudo rabbitmqctl add_user autogfs usb4ever<br />sudo rabbitmqctl set_user_tags autogfs administrator</code></pre></div> </li> <li> <p>Upload the rabbitMQ configuration file</p> <ul> <li>In the overview tab scroll to the bottom to import definitions</li> <li>Upload the file found in: <em>rabbitMQbrokerconfig/rabbitmq-Config.json</em></li> </ul> <div><pre><code>sudo service rabbitmq-server restart</code></pre></div> </li> </ul> </li> <li> <p>Test the installation</p> <div><pre><code>sudo ipython3<br /><br />Python 3.7.7 (default, Apr 1 2020, 13:48:52)<br />Type 'copyright', 'credits' or 'license' for more information<br />IPython 7.9.0 -- An enhanced Interactive Python. Type '?' for help.<br /><br />In [1]: import libagfs<br /><br />In [2]: x = libagfs.agfs()<br /><br />***************************************<br />AutoGadgetFS: USB testing made easy<br />***************************************<br />Enter IP address of the rabbitmq server: 127.0.0.1<br /><br />In [3]: exit<br /><br />sudo `python3` agfsconsole.py<br /><br />***************************************<br />AutoGadgetFS: USB testing made easy<br />***************************************<br />Enter IP address of the rabbitmq server: 127.0.0.1<br />Give your project a name?!:</code></pre></div> </li> <li> <p>Patch Pyusb langID ( Not needed unless you get pyusb errors for langID ):</p> <ul> <li>Edit the file <code>/usr/local/lib/python3/dist-packages/usb/util.py</code> <ul> <li> <p>make changes to the <code>def get_string</code> method to look like below:</p> <div><pre><code>if 0 == len(langids):<br /> return "Error Reading langID"<br /> #raise ValueError("The device has no langid")<br />if langid is None:<br /> langid = langids[0]<br />elif langid not in langids:<br /> return "Error Reading langID"<br /> #raise ValueError("The device does not support the specified langid")</code></pre></div> </li> <li> <p>If you prefer to use <code>patch</code> apply the following patch to the file: <code>AutoGadgetFS/pyusb_patches/pyusb_langid.patch</code></p> </li> </ul> </li> </ul> </li> </ul> <a name="user-content-rasp" target="_blank" title=""><br /><span style="font-size: large;"><b>Raspberry Pi Zero W:</b></span><br /> </a><ul><a name="user-content-rasp" target="_blank" title=""> </a><li><a name="user-content-rasp" target="_blank" title=""> </a><p><a name="user-content-rasp" target="_blank" title="Obtain a copy of">Obtain a copy of </a><a href="https://downloads.raspberrypi.org/raspios_lite_armhf_latest" rel="nofollow" target="_blank" title="Raspian Lite Edition">Raspian Lite Edition</a></p> <ul> <li>Burn the Image to the SD card using <a href="https://www.balena.io/etcher/" rel="nofollow" target="_blank" title="BalenaEtcher">BalenaEtcher</a></li> </ul> </li> <li> <p>Mount the SD card on your machine and make the following changes:</p> <ul> <li> <p>In the <code>/path/to/sdcard/boot/config.txt</code> file add to the very end of the file:</p> <div><pre><code>enable_uart=1<br />dtoverlay=dwc2</code></pre></div> </li> <li> <p>In the <code>/path/to/sdcard/boot/cmdline.txt</code> add right after <code>rootwait</code></p> <div><pre><code>modules-load=dwc2</code></pre></div> </li> <li> <p>it should look like this make sure its on the same line:</p> <div><pre><code>console=serial0,115200 console=tty1 root=PARTUUID=6c586e13-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait modules-load=dwc2</code></pre></div> </li> </ul> </li> <li> <p>Enable ssh:</p> <ul> <li> <p>in the <code>/path/to/sdcard/boot</code> directory create an empty file name ssh:</p> <div><pre><code>sudo touch /path/to/sdcard/boot/ssh</code></pre></div> </li> </ul> </li> <li> <p>Enable Wifi:</p> <ul> <li> <p>in the <code>/path/to/sdcard/boot</code> directory create an file named <code>wpa_supplicant.conf</code>:</p> <div><pre><code>sudo vim /path/to/sdcard/boot/wpa_supplicant.conf</code></pre></div> </li> <li> <p>Add the following contents:</p> <div><pre><code>ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev<br />update_config=1<br />country=US<br />network={<br /> ssid="<your wifi SSID>"<br /> psk="<your wifi password>"<br /> key_mgmt=WPA-PSK<br /> }</code></pre></div> </li> </ul> </li> <li> <p>Unmount the SD card and place it back into the Raspberry Pi Zero and power it on.</p> </li> <li> <p>Copy the content of <code>AutogadgetFS/Pizero/</code> to the Pi zero: <code>username: pi</code> & <code>password: raspberry</code></p> <div><pre><code>cd AutogadgetFS/Pizero/<br />scp gadgetfuzzer.py removegadget.sh requirements.txt router.py pi@<pi-ipaddress>:/home/pi</code></pre></div> </li> <li> <p>SSH into the PI Zero and setup <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> for AutoGadgetFS:</p> <div><pre><code>ssh pi@<pi-ip-address><br />chmod +x removegadget.sh<br />sudo apt update<br />sudo apt install python3 python3-pip<br />sudo -H pip3 install -r requirements.txt</code></pre></div> </li> <li><div><br /></div></li><li><div><br /></div></li><li><div><br /></div></li><li><div><br /></div></li><li> <p>Upgrading the latest kernel and adding modules (* This step is optional for the current release): ( This will take a very long time compiling on the Pi Zero, unless you choose to cross compile the kernel see <a href="https://www.raspberrypi.org/documentation/linux/kernel/building.md" rel="nofollow" target="_blank" title="Compiling options">Compiling options</a>)</p> <div><pre><code>sudo bash<br />apt install git bc bison flex libssl-dev make libncurses5-dev screen<br />screen<br />mkdir Downloads<br />cd Downloads/<br />git clone --depth=1 https://github.com/raspberrypi/linux<br />cd linux/<br />make bcmrpi_defconfig<br />make menuconfig</code></pre></div> <ul> <li>Enable the Modules and save the config:</li> </ul><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-kEQDYQnXd_M/X5Jb9R-tMTI/AAAAAAAAUIk/z5nv4yzAHeUId50Nl-zn3WnAD95y6TYiQCNcBGAsYHQ/s1194/AutoGadgetFS_6_allgadgets.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="844" data-original-width="1194" height="452" src="https://1.bp.blogspot.com/-kEQDYQnXd_M/X5Jb9R-tMTI/AAAAAAAAUIk/z5nv4yzAHeUId50Nl-zn3WnAD95y6TYiQCNcBGAsYHQ/w640-h452/AutoGadgetFS_6_allgadgets.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-n3RceA1sJ_s/X5Jb9sZZiII/AAAAAAAAUIg/7ShbM0gYDAkYxRxuwhmQ1iwH_OiTuEJdgCNcBGAsYHQ/s1201/AutoGadgetFS_7_allgadgets2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="859" data-original-width="1201" height="458" src="https://1.bp.blogspot.com/-n3RceA1sJ_s/X5Jb9sZZiII/AAAAAAAAUIg/7ShbM0gYDAkYxRxuwhmQ1iwH_OiTuEJdgCNcBGAsYHQ/w640-h458/AutoGadgetFS_7_allgadgets2.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-QsEjBYtcBAs/X5Jb9elxFmI/AAAAAAAAUIc/bXrOumSKg20S23wv2bY_JJhDnOd92F77QCNcBGAsYHQ/s1203/AutoGadgetFS_8_allgadgets3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="862" data-original-width="1203" height="458" src="https://1.bp.blogspot.com/-QsEjBYtcBAs/X5Jb9elxFmI/AAAAAAAAUIc/bXrOumSKg20S23wv2bY_JJhDnOd92F77QCNcBGAsYHQ/w640-h458/AutoGadgetFS_8_allgadgets3.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-4RgBPbhLc9Y/X5Jb-XFlYPI/AAAAAAAAUIo/T_RQFS4AS8oOausjY7POX5EMz9s6Gv35ACNcBGAsYHQ/s1211/AutoGadgetFS_9_allgadgets4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="777" data-original-width="1211" height="410" src="https://1.bp.blogspot.com/-4RgBPbhLc9Y/X5Jb-XFlYPI/AAAAAAAAUIo/T_RQFS4AS8oOausjY7POX5EMz9s6Gv35ACNcBGAsYHQ/w640-h410/AutoGadgetFS_9_allgadgets4.png" width="640" /></a></div><div><br /></div> <ul> <li>Build and use the kernel:</li> </ul> <div><pre><code>make zImage modules dtbs<br />make modules_install<br />cp arch/arm/boot/dts/*.dtb /boot/<br />cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/<br />cp arch/arm/boot/dts/overlays/README /boot/overlays/<br />cp arch/arm/boot/zImage /boot/kernel.img<br />reboot</code></pre></div></li> </ul><div><br /></div><div><br /></div><div><br /></div> <br /><b>And you're done!</b><br /> <a name="user-content-tutorial" target="_blank" title=""><br /><span style="font-size: large;"><b>AutoGadgetFS tutorial:</b></span><br /> </a><p><a name="user-content-tutorial" target="_blank" title="USB testing made easy (51)"></a><a href="https://docs.agfs.io/" rel="nofollow" target="_blank" title="Click to visit the tutorial">Click to visit the tutorial</a></p> <br /><span style="font-size: large;"><b>Screenshots:</b></span><br /> <br /><b>Man in the Middle:</b><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-mOk1zWHLHVw/X5JcKO1ifnI/AAAAAAAAUIs/n8U_A5c-zbwzFpTA1StGuAiALLRm-8DHACNcBGAsYHQ/s1719/AutoGadgetFS_10_mitm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="900" data-original-width="1719" height="336" src="https://1.bp.blogspot.com/-mOk1zWHLHVw/X5JcKO1ifnI/AAAAAAAAUIs/n8U_A5c-zbwzFpTA1StGuAiALLRm-8DHACNcBGAsYHQ/w640-h336/AutoGadgetFS_10_mitm.png" width="640" /></a></div><div><br /></div><b>USB device fuzzing:</b><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/--metda7WXOM/X5JcedxhwDI/AAAAAAAAUJE/mNtU6P7xDtYZLvNl-dQUFMbPfxQHKiWVQCNcBGAsYHQ/s1835/AutoGadgetFS_11_devfuzzer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="730" data-original-width="1835" height="254" src="https://1.bp.blogspot.com/--metda7WXOM/X5JcedxhwDI/AAAAAAAAUJE/mNtU6P7xDtYZLvNl-dQUFMbPfxQHKiWVQCNcBGAsYHQ/w640-h254/AutoGadgetFS_11_devfuzzer.png" width="640" /></a></div><div><br /></div><b>Host side fuzzing with code covereage:</b><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-BHmKhYKOO18/X5JcjogYlHI/AAAAAAAAUJI/yx1OQgBE7NsEwojiST1sPUhCkVnYpYCFQCNcBGAsYHQ/s3288/AutoGadgetFS_12_codecov.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="956" data-original-width="3288" height="186" src="https://1.bp.blogspot.com/-BHmKhYKOO18/X5JcjogYlHI/AAAAAAAAUJI/yx1OQgBE7NsEwojiST1sPUhCkVnYpYCFQCNcBGAsYHQ/w640-h186/AutoGadgetFS_12_codecov.png" width="640" /></a></div><div><br /></div><b>Fuzzer based on a selection of bytes:</b><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-sVI8sEQ4ePw/X5Jcph7nSXI/AAAAAAAAUJM/76p5DnOwPworR-jSfPYM8-BRbi9d3TjxACNcBGAsYHQ/s1476/AutoGadgetFS_13_selectivefuzz.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="653" data-original-width="1476" height="284" src="https://1.bp.blogspot.com/-sVI8sEQ4ePw/X5Jcph7nSXI/AAAAAAAAUJM/76p5DnOwPworR-jSfPYM8-BRbi9d3TjxACNcBGAsYHQ/w640-h284/AutoGadgetFS_13_selectivefuzz.png" width="640" /></a></div><div><br /></div><b>Smart fuzzer based on learning traffic:</b><br /> <div><pre><code>In [44]: x.devSmartFuzz(engine="smart",samples=5,filename="/home/raindrop/PycharmProjects/AutoGadgetFs/binariesdb/Nud-Nuvoton-1046-20764-1590421333.5169587-Nuvoton-1046-20764-1590421600.8067<br /> ...: 274-device.bin") <br /><br /><br />[+]General Statistics<br />Full charset : !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~<br />Discarded charset : !"#$%&'()*+,-./:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ghijklmnopqrstuvwxyz{|}~<br />Final charset : 0123456789abcdef<br />Word Length : 128<br />Lower Case index usage : 92%<br />Lower Case index locations : [1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 121, 122, 124, 125, 127]<br />Upper Case index usage : 0%<br />Upper Case index locations : []<br />Digit index usage : 96%<br />Digit index locations : [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 12 3, 126]<br />NonAN index usage : 0%<br />NonAN index locations : []<br />Counter statistics : Uppercase: 0 , Lowercase: 133071, Digits:212017 , NonAlphaNumeric:0<br />All char Frequencies : <br />character:5 found:5012 times<br />character:2 found:22563 times<br />character:3 found:12197 times<br />character:8 found:15008 times<br />character:4 found:13275 times<br />character:0 found:98056 times<br />character:1 found:17861 times<br />character:f found:87823 times<br />character:d found:7221 times<br />character:7 found:9614 times<br />character:a found:11148 times<br />character:6 found:10472 times<br />character:b found:8189 times<br />character:9 found:7959 times<br />character:c found:9172 times<br />character:e found:9518 times<br />***********************<br />generated:5 Packets<br />***********************<br />Out[44]: <br />['5608305852bf2ffd61770e2c827542f20be0b0fcba09db916bd07e1734b04cb0352b1d278068064d19f033bfad6fa90e53d865693fd4fee0214f00000eb0aa2c',<br /> '3b08 3595f276e2f1353a535c32f0f59516fc9328f7673bb80262c4da11c93683afe6dcff8a7a83018d78f41498a0da4d141ebd39c361b1724f2b00000eb0aa2c',<br /> '0120961963495c4dab9470738b497eddde07b0d70b357795ad9554d7964761969a6d997205e17eada6fa84eb33dcfb11412f75e04c195001283900000eb0aa2c',<br /> '091065d52127bbc6e840e02f8e1316f1c4d9c92a23931c00cdbb8c158368852ef8fabd461b98812b51ec84e1ccc5c04aaa366fbafabec623bd3500000eb0aa2c',<br /> '7300cc61151b7af27a578e766f49bebb2de68c48b37a00df1030ae464f456928eedd035303e697208bf58217af728a2a346fda5c8aef0335b82e00000eb0aa2c'<br /><br />In [46]: x.edap.packets <br />Out[46]: <br />['5608305852bf2ffd61770e2c827542f20be0b0fcba09db916bd07e1734b04cb0352b1d278068064d19f033bfad6fa90e53d865693fd4fee0214f00000eb0aa2c',<br /> '3b083595f276e2f1353a535c32f0f59516fc9328f7673bb80262c4da11c93683afe6dcff8a7a83018d78f41498a0da4d141ebd3 9c361b1724f2b00000eb0aa2c',<br /> '0120961963495c4dab9470738b497eddde07b0d70b357795ad9554d7964761969a6d997205e17eada6fa84eb33dcfb11412f75e04c195001283900000eb0aa2c',<br /> '091065d52127bbc6e840e02f8e1316f1c4d9c92a23931c00cdbb8c158368852ef8fabd461b98812b51ec84e1ccc5c04aaa366fbafabec623bd3500000eb0aa2c',<br /> '7300cc61151b7af27a578e766f49bebb2de68c48b37a00df1030ae464f456928eedd035303e697208bf58217af728a2a346fda5c8aef0335b82e00000eb0aa2c']</code></pre></div> <br /><b>Help method:</b><br /> <div><a name="user-content-screens" target="_blank" title=""></a><pre><a name="user-content-screens" target="_blank" title=""><code>In [15]: x.help("") <br /><br />Currently supported methods:<br />__________________________________________________________________________________________________________________________________________________________________<br />Method ||-->Description<br />----------------------------------------------------------------------------------------------------------------------------<br />MITMproxy ||-->This method creates a connection to the RabbitMQ and listen on received messages on the todev queue<br />____________________________________________________________________________________________________________________________<br />MITMproxyRQueues ||-->This method reads from the queue todev and sends the request to the device its self.<br />________________________________________________________ ____________________________________________________________________<br />SmartFuzz ||-->This method is generates packets based on what it has learned from a sniff from either the host or the device<br />____________________________________________________________________________________________________________________________<br />chgIntrfs ||-->This method allows you to change and select another interface<br />____________________________________________________________________________________________________________________________<br />clearqueues ||-->this method clears all the queues on the rabbitMQ queues that are set up<br />____________________________________________________________________________________________________________________________<br />clonedev ||-->This method does not need any parameters it only saves a backup of the device incase you need to share it or use it later.<br />_____________________________________ _______________________________________________________________________________________<br />createctrltrsnfDB ||-->creates a SQLite database containing values that were enumerated from control transfer enumeration<br />____________________________________________________________________________________________________________________________<br />createdb ||-->create the sqlite table and columns from usblyzer captures<br />____________________________________________________________________________________________________________________________<br />decodePacketAscii ||-->This method decodes packet bytes back to Ascii<br />____________________________________________________________________________________________________________________________<br />describeFuzz ||-->This method allows you to describe a packet and select which bytes will be fuzzed<br />___________________________________________________________________________________________________ _________________________<br />devEnumCtrltrnsf ||-->This method enumerates all possible combinations of a control transfer request<br />____________________________________________________________________________________________________________________________<br />devReset ||-->This method Resets the device<br />____________________________________________________________________________________________________________________________<br />devWrite ||-->To use this with a method you would write to a device make sure to run the startSniffReadThread(self,endpoint=None, pts=None, queue=None,channel=None)<br />____________________________________________________________________________________________________________________________<br />devctrltrnsf ||-->This method allows you to send ctrl transfer requests to the target device<br />_________________________________________________________________________________________________________________ ___________<br />deviceInfo ||-->gets the complete info only for any usb connected to the host<br />____________________________________________________________________________________________________________________________<br />deviceInterfaces ||-->get all interfaces and endpoints on the device<br />____________________________________________________________________________________________________________________________<br />devrandfuzz ||-->this method allows you to create fixed or random size packets created using urandom<br />____________________________________________________________________________________________________________________________<br />devseqfuzz ||-->This method allows you to create sequential incremented packets and send them to the device<br />____________________________________________________________________________________________________________________________<br />findSelect ||-->This method enumera tes all USB devices connected and allows you to select it as a target device as well as its endpoints<br />____________________________________________________________________________________________________________________________<br />help ||-->AutogadgetFS Help method<br />____________________________________________________________________________________________________________________________<br />hostwrite ||-->This method writes packets to the host either targeting a software or a driver in control of the device<br />____________________________________________________________________________________________________________________________<br />hstrandfuzz ||-->this method allows you to create fixed or random size packets created using urandom and send them to the host queue<br />____________________________________________________________________________________________________________________________<br />monInterfaceChng ||-->Me thod in charge of monitoring interfaces for changes this is called from def startMonInterfaceChng(self)<br />____________________________________________________________________________________________________________________________<br />newProject ||-->creates a new project name if you were testing something else<br />____________________________________________________________________________________________________________________________<br />releasedev ||-->releases the device and re-attaches the kernel driver<br />____________________________________________________________________________________________________________________________<br />removeGadget ||-->This method removes the gadget from the raspberryPI<br />____________________________________________________________________________________________________________________________<br />replaymsgs ||-->This method searches the USBLyzer parsed database and give you the option rep lay a message or all messages from host to device<br />____________________________________________________________________________________________________________________________<br />searchmsgs ||-->This method allows you to search and select all messages for a pattern which were saved from a USBlyzer database creation<br />____________________________________________________________________________________________________________________________<br />setupGadgetFS ||-->setup variables for gadgetFS : Linux Only, on Raspberry Pi Zero best option<br />____________________________________________________________________________________________________________________________<br />showMessage ||-->shows messages if error or warn or info<br />____________________________________________________________________________________________________________________________<br />sniffdevice ||-->read the communication between the device to hosts<br />______ ______________________________________________________________________________________________________________________<br />startMITMusbWifi ||-->Starts a thread to monitor the USB target Device<br />____________________________________________________________________________________________________________________________<br />startMonInterfaceChng||-->This method Allows you to monitor a device every 10 seconds in case it suddenly changes its interface configuration.<br />____________________________________________________________________________________________________________________________<br />startQueuewrite ||-->initiates a connection to the queue to communicate with the host<br />____________________________________________________________________________________________________________________________<br />startSniffReadThread ||-->This is a thread to continuously read the replies from the device and dependent on what you pass to the method either pts or que ue<br />____________________________________________________________________________________________________________________________<br />stopMITMusbWifi ||-->Stops the </code></a><code><a href="https://www.kitploit.com/search/label/Man%20In%20The%20Middle" target="_blank" title="man in the middle">man in the middle</a> thread between the host and the device<br />____________________________________________________________________________________________________________________________<br />stopMonInterfaceChang||-->Stops the interface monitor thread<br />____________________________________________________________________________________________________________________________<br />stopQueuewrite ||-->stop the thread incharge of communicating with the host machine<br />____________________________________________________________________________________________________________________________<br />stopSniffing ||-->Kills the sniffing thread strted by startSniffReadThread()<br />____________________________________________________________________________________________________________________________<br />usblyzerparse ||-->This method will parse your xml exported from usblyzer and then import them into a database<br />____________________________________________________________________________________________________________________________<br /><br />In [16]: x.help("findSelect") <br />****<br />[+]Help for findSelect Method:<br />[-]Signature: findSelect(self, chgint=None)<br /><br /><br />[+]findSelect Help:<br />This method enumerates all USB devices connected and allows you to select it as a target device as well as its endpoints<br />****</code></pre></div> <br /><b>AutoGadgetFS console. A much simpler way to use AGFS:</b><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-SNXW4JL-5rg/X5Jcx8KSuBI/AAAAAAAAUJU/Qzf4aowfUdsat74z7J0iHwKzLHwyNjA7gCNcBGAsYHQ/s890/AutoGadgetFS_14_agfsconsole.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="337" data-original-width="890" height="242" src="https://1.bp.blogspot.com/-SNXW4JL-5rg/X5Jcx8KSuBI/AAAAAAAAUJU/Qzf4aowfUdsat74z7J0iHwKzLHwyNjA7gCNcBGAsYHQ/w640-h242/AutoGadgetFS_14_agfsconsole.png" width="640" /></a></div><div><br /></div><a name="user-content-youtube" target="_blank" title=""><span style="font-size: large;"><b>Youtube Playlist:</b></span><br /> </a><p><a name="user-content-youtube" target="_blank" title="USB testing made easy (56)"></a><a href="https://www.youtube.com/playlist?list=PLKozlVgM6RQjNHmpWR2RBiFCtufV03o6Z" rel="nofollow" target="_blank" title="Youtube Playlist">Youtube Playlist</a></p> <a name="user-content-slack" target="_blank" title=""><br /><span style="font-size: large;"><b>Join Slack:</b></span><br /> </a><p><a name="user-content-slack" target="_blank" title="Visit">Visit </a><a href="https://join.slack.com/t/autogadgetfs/shared_invite/zt-emgcv3ol-unG_axHmSQlk~5GcBddhlQ" rel="nofollow" target="_blank" title="AutogadgetFS Slack Channel">AutogadgetFS Slack Channel</a></p><p><br /></p><span style="font-size: large;"><b>Contact:</b></span><span style="font-size: large;"><b><a name="user-content-contact" target="_blank" title="USB testing made easy (66)"><br /></a><a href="mailto:[email protected]" rel="nofollow" target="_blank" title="[email protected]">[email protected]<br /></a></b></span><span style="font-size: large;"><b><a href="https://twitter.com/0xRaindrop" rel="nofollow" target="_blank" title="https://twitter.com/0xRaindrop">https://twitter.com/0xRaindrop</a></b></span><br /><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ehabhussein/AutoGadgetFS" rel="nofollow" target="_blank" title="Download AutoGadgetFS">Download AutoGadgetFS</a></span></b></div>Zion3R[email protected]
文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/5697636294568844262
如有侵权请联系:admin#unsafe.sh