How to analyze a USB device of having possibly malicious capabilities?

Asked Dec 14 '19 at 12:12

Active Dec 14 '19 at 12:12

Viewed 190 times

So I recently ordered a chinese external USB card and I would like to find out whether it has some hidden functionality, which might become malicious. It has buttons integrated in it so Linux using libusb -vv displays it of having HID capabilities, which already alerted me since it could be used to inject keystrokes.

How do I go on continuing my analysis?
Can I dump more information about its capabilities using libusb?
How do I dump its firmware for reverse engineering purposes? According to [this] that's only possible with a JTAG/UART connection?
Is there something like Wireshark but for USB?

Bonus points if you also add some libusb example code.

asked Dec 14 '19 at 12:12

Sir Muffington

1,447
2
9
22

2

*"Is there something like Wireshark but for USB?"* - why use "something like" if you could use Wireshark directly - https://wiki.wireshark.org/CaptureSetup/USB – Steffen Ullrich Dec 14 '19 at 12:54
@SteffenUllrich ooh, I was not aware of this functionality, thank you! – Sir Muffington Dec 14 '19 at 13:20

How to analyze a USB device of having possibly malicious capabilities?

0 Answers0