USB Hardware Keylogger HID Keylogger Conclusion Nicolas Hureau - - PowerPoint PPT Presentation

usb hardware keylogger
SMART_READER_LITE
LIVE PREVIEW

USB Hardware Keylogger HID Keylogger Conclusion Nicolas Hureau - - PowerPoint PPT Presentation

Feb 04, 2024 308 likes •695 views

USB Hardware Keylogger Nicolas Hureau Introduction USB USB Hardware Keylogger HID Keylogger Conclusion Nicolas Hureau kalenz@lse.epita.fr http://lse.epita.fr February 12, 2013 . . . . . . . . . . . . . . . . . . . .

slide-1
SLIDE 1

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

USB Hardware Keylogger

Nicolas Hureau

kalenz@lse.epita.fr http://lse.epita.fr

February 12, 2013

slide-2
SLIDE 2

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Plan

. .

1

Introduction

slide-3
SLIDE 3

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

BS intro slide

Universal Serial Bus Standard with multiple versions Developped mid-90s Designed for connection, communication and power supply

slide-4
SLIDE 4

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Architecture

Single host controller Up to 127 slave devices connected (7-bits address) Tiered star topology

slide-5
SLIDE 5

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Topology

slide-6
SLIDE 6

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Plan

. .

2

USB Basics Device configuration Transfers

slide-7
SLIDE 7

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Info

We will mostly focus on the USB protocol, ignoring lower levels All communications on the bus are initiated by the host

slide-8
SLIDE 8

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Host requesting data from device

slide-9
SLIDE 9

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Host pushing data to device

slide-10
SLIDE 10

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Global configuration

slide-11
SLIDE 11

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Device descriptor

idVendor idProduct bNumConfiguration bDeviceClass, bDeviceSubClass, bDeviceProtocol iManufacturer, iProduct, iSerialNumber . . .

slide-12
SLIDE 12

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Global configuration

slide-13
SLIDE 13

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Configuration descriptor

bNumInterface . . .

slide-14
SLIDE 14

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Global configuration

slide-15
SLIDE 15

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Interface descriptor

bInterfaceNumber bInterfaceClass, bInterfaceSubClass, bInterfaceProtocol bNumEndpoints bAlternateSetting . . .

slide-16
SLIDE 16

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Global configuration

slide-17
SLIDE 17

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Endpoint descriptor

bEndpointAdress wMaxPacketSize bInterval . . .

slide-18
SLIDE 18

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Transfer types

Control (device setup) Interrupt (guaranteed bandwidth, polled by the host) Isochronous (guaranteed bandwidth, but no delivery guaranty) Bulk (large transfer, no guaranteed bandwidth)

slide-19
SLIDE 19

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Interrupt IN

slide-20
SLIDE 20

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Interrupt OUT

slide-21
SLIDE 21

USB Hardware Keylogger Nicolas Hureau Introduction USB

Basics Device configuration Transfers

HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Isochronous

slide-22
SLIDE 22

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Plan

. .

3

HID Types Keyboard

slide-23
SLIDE 23

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

HID Types

Human Interface Device Part of the USB specification dealing with devices such as keyboards, mice and game controllers Also mention lots of other devices:

Simulation controls Alphanumeric displays Medical instruments . . .

slide-24
SLIDE 24

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Report Descriptor

Describe the format of device messages Use "Usage Tables" to do so:

150 page documents Standardized controls for devices mentioned earlier

slide-25
SLIDE 25

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Report Descriptor

Usage Page (Generic Desktop), Usage (Keyboard), Collection (Application), Usage Page (Key Codes); Usage Minimum (224), Usage Maximum (231), Logical Minimum (0), Logical Maximum (1), Report Size (1), Report Count (8), Input (Data, Variable, Absolute), ;Modifier byte Report Count (1), Report Size (8), Input (Constant), ;Reserved byte Report Count (5), Report Size (1), Usage Page (Page# for LEDs), Usage Minimum (1), Usage Maximum (5), Output (Data, Variable, Absolute), ;LED report Report Count (1), Report Size (3), Output (Constant), ;LED report padding Report Count (6), Report Size (8), Logical Minimum (0), Logical Maximum(101), Usage Page (Key Codes), Usage Minimum (0), Usage Maximum (101), Input (Data, Array), ;Key arrays (6 bytes) End Collection

slide-26
SLIDE 26

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Report Descriptor

05 01 09 06 A1 01 05 07 19 E0 29 E7 15 00 25 01 75 01 95 08 81 02 95 01 75 08 81 01 95 05 75 01 05 08 19 01 29 05 91 02 95 01 75 03 91 01 95 06 75 08 15 00 25 65 05 07 19 00 29 65 81 00 C0

slide-27
SLIDE 27

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Report Descriptor

+----------------+-----------+-----------+ | Modifiers (1B) | LEDs (1B) | Keys (6B) | +----------------+-----------+-----------+

slide-28
SLIDE 28

USB Hardware Keylogger Nicolas Hureau Introduction USB HID

Types Keyboard

Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Keyboard

bDescriptorType = DT_DEVICE (0x1) bDeviceClass = CLASS_PER_INTERFACE (0x0) bInterfaceClass = CLASS_HID (0x3) bInterfaceSubClass = CLASS_HID_BOOT_PROTOCOL (0x1) bInterfaceProtocol = HID_KEYBOARD (0x1)

slide-29
SLIDE 29

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Plan

. .

4

Keylogger Sniffer Keyboad emulator Misc

slide-30
SLIDE 30

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Software

Using libusb(x) through pyusb:

Enumerate keyboards Claim the first one Listen to what is typed

slide-31
SLIDE 31

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Hardware

slide-32
SLIDE 32

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Hardware

slide-33
SLIDE 33

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Software

Using Stellaris SDK

Register as a keyboard Print stuff hen pressing a button

slide-34
SLIDE 34

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Missing feature

Passing status from Pi to Stellaris obviously Given available intefaces, donc through serial Should be straightforward, Ti gives helper functions

slide-35
SLIDE 35

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger

Sniffer Keyboad emulator Misc

Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Other solutions

slide-36
SLIDE 36

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

Plan

. .

5

Conclusion

slide-37
SLIDE 37

USB Hardware Keylogger Nicolas Hureau Introduction USB HID Keylogger Conclusion

. . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. .

That’s all folks! Questions?

@kalenz http://bitbucket.org/kalenz