search

nccgroup / umap

The USB host security assessment tool
GNU Affero General Public License v3.0
272 stars 60 forks source link

umap hangs during usb hub test case #9

Open theactualanoid opened 8 years ago

theactualanoid commented 8 years ago

sudo python3 umap.py -P /dev/ttyUSB0 -s 09:00:00:C:6

........ Fuzzing: 2016/09/12 16:18:0709:00:00 - Hub : Default : Default SUPPORTED Class-specific data... Hub class: 0006 - hub_bNbrPorts_null

<<< hangs forever here >>>

^C^CTraceback (most recent call last): File "umap.py", line 270, in execute_fuzz_testcase d.run() File "/Documents/usbfuzzing/umap/USBDevice.py", line 127, in run self.maxusb_app.service_irqs() File "/Documents/usbfuzzing/umap/MAXUSBApp.py", line 231, in service_irqs irq = self.read_register(self.reg_endpoint_irq) File "/Documents/usbfuzzing/umap/MAXUSBApp.py", line 100, in readregister resp = self.device.readcmd() File "/Documents/usbfuzzing/umap/Facedancer.py", line 50, in readcmd b = self.read(4) File "/Documents/usbfuzzing/umap/Facedancer.py", line 36, in read b = self.serialport.read(n) File "/usr/local/lib/python3.5/dist-packages/serial/serialposix.py", line 461, in read ready,,_ = select.select([self.fd],[],[], self._timeout) KeyboardInterrupt

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "umap.py", line 688, in execute_fuzz_testcase (usbclass,usbsubclass,usbproto,testcases_hub_class[fuzztestcase],serial0) File "umap.py", line 272, in execute_fuzz_testcase d.disconnect() File "/Documents/usbfuzzing/umap/USBDevice.py", line 113, in disconnect self.maxusb_app.disconnect() File "/Documents/usbfuzzing/umap/MAXUSBApp.py", line 140, in disconnect self.write_register(self.reg_usb_control, self.usb_control_vbgate) File "/Documents/usbfuzzing/umap/MAXUSBApp.py", line 118, in writeregister self.device.readcmd() File "/Documents/usbfuzzing/umap/Facedancer.py", line 57, in readcmd data = self.read(n) File "/Documents/usbfuzzing/umap/Facedancer.py", line 36, in read b = self.serialport.read(n) File "/usr/local/lib/python3.5/dist-packages/serial/serialposix.py", line 461, in read ready,,_ = select.select([self.fd],[],[], self._timeout) KeyboardInterrupt

Checked dmesg: tons and tons of device reset commands for class 9 device.

Facedancer 21 leds are on solid during hang.

I patched my old kernel to handle this condition. System no longer hangs - umap does!

BinyaminSharet commented 8 years ago

@theactualanoid not a direct answer, but umap2 is out and you might want to try it ( https://github.com/nccgroup/umap2 )

theactualanoid commented 8 years ago

Will give it a try. Thanks.

theactualanoid commented 8 years ago

Where can I find version 2? The latest listed was modified 3 yrs ago!

BinyaminSharet commented 8 years ago

See the link in my previous comment.

theactualanoid commented 8 years ago

Duh! My blindness caused 404.