Penetration Testing mailing list archives

Re: Sniffing USB-Datastream

From: "Jon R. Kibler" <Jon.Kibler () aset com>
Date: Mon, 12 Jun 2006 18:05:06 -0400

thomas springer wrote:


I have to reverse-engineer the communication between a Windows-System
and a USB-Device.
Is there any chance to get a copy of the RAW USB-Datastream from the
device to the software managing the device on my harddrive?

I thought of something like a modified USB-Driver für Windows or a
Hardware-Device that records or mirrors the USB-Connection. Any hints
helping me to avoid using a Debugger?


I don't know if it does the trick, but have you looked at strace for windows? You can hook the device driver and see 
all the raw I/O. (If you know *nix, just like that strace -- more or less.) I also have heard that there is a truss for 
windows, but I don't recall having seen it.

There are a couple of versions of windows strace. I think I have been using BindView's:
        www.bindview.com/Services/ RAZOR/Utilities/Windows/strace_readme.cfm

Hope this helps.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

Current thread:

Sniffing USB-Datastream thomas springer (Jun 12)
- Re: Sniffing USB-Datastream Jon R. Kibler (Jun 12)
  - Re: Sniffing USB-Datastream Scott C. Kennedy (Jun 12)
- Re: Sniffing USB-Datastream Jonathan (Jun 12)
- Re: Sniffing USB-Datastream Jonathan (Jun 12)
- Re: Sniffing USB-Datastream David Hogue (Jun 12)
  - Checking - will this Windows audit-tool be useful? Petr . Kazil (Jun 13)
- <Possible follow-ups>
- Re: Sniffing USB-Datastream mozilla (Jun 13)