您当前的位置:首页 > 电脑百科 > 软件技术 > 应用软件

AutoGadgetFS:一款针对USB设备的安全测试工具

时间:2022-09-05 13:56:26  来源:  作者:嵌入式Linux

 

关于AutoGadgetFS

AutoGadgetFS是一款开源框架,它可以帮助广大研究人员在无需深入了解USB协议的情况下对USB设备以及相关的主机/驱动器/软件进行评估。该工具基于Python/ target=_blank class=infotextkey>Python 3开发,并且使用了RabbitMQ和wifi访问来帮助研究人员对远程USB设备进行安全审计。在ConfigFS的帮助下,AutoGadgetFS允许用户迅速克隆和模拟设备而无需深入研究每一个实现细节。除此之外,该框架还允许用户创建自己的模糊测试器。

功能介绍

轻松查找、选择并连接到USB设备。

模拟任何USB HID设备。

以中间件设备身份执行AGFS嗅探HID设备(将通信保存到磁盘)。

设备嗅探(任何设备)。

多个Fuzzer允许您对设备或主机进行模糊测试。

随机Fuzzer(具有固定或随机长度的数据包)。

智能Fuzzer,可以从以前的USB通信中学习。

可以告诉Fuzzer哪些字节要模糊化,使包的其余部分保持不变。

小工具Fuzzer。

顺序Fuzzer。

控制传输枚举器。

从文件中重放数据包。

从保存的USBLyzer捕获重放数据包。

显示数据包的可视方式,以便于对通信信息进行逆向分析。

DFU模式下的设备警报,或者设备泄漏信息。

支持对USB设备和主机进行远程调试。

监控突然的界面变化。

工具要求

一台运行了linux的主机(Debian/Ubuntu/Kali);

支持WiFi访问的树莓派Raspberry Pi Zero;

目标设备选择:虚拟机或单一主机;

两条USB线缆;

目标USB设备;

硬件调试器(可选);

工具配置图

设备测试

设置中间件

设置中间件并支持设备调试

工具安装

Linux设备

sudo apt install python3 ipython3 git python3-pip rabbitmq-server dfu-util

sudo service rabbitmq-server start

git clone https://Github.com/ehabhussein/AutoGadgetFS

cd AutoGadgetFS

sudo -H pip3 install -r requirements.txt

sudo python3 -m pip install prompt-toolkit~=2.0

sudo rabbitmq-plugins enable rabbitmq_management

http://localhost:15672/ to reach the web interface

sudo rabbitmqctl add_user autogfs usb4ever

sudo rabbitmqctl set_user_tags autogfs administrator

sudo service rabbitmq-server restart

安装完成后,请按照下列方式测试安装结果

sudo ipython3

Python 3.7.7 (default, Apr  1 2020, 13:48:52)

Type 'copyright', 'credits' or 'license' for more information

IPython 7.9.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import libagfs

In [2]: x = libagfs.agfs()

***************************************

AutoGadgetFS: USB testing made easy

***************************************

Enter IP address of the rabbitmq server: 127.0.0.1

In [3]: exit

sudo `python3` agfsconsole.py

***************************************

AutoGadgetFS: USB testing made easy

***************************************

Enter IP address of the rabbitmq server: 127.0.0.1

Give your project a name?!:

工具运行截图

中间人攻击

USB设备模糊测试

主机端基于代码覆盖的模糊测试

基于字节的模糊测试

AutoGadgetFS命令行终端

基于流量学习的智能Fuzzer

In [44]: x.devSmartFuzz(engine="smart",samples=5,filename="/home/rAIndrop/PycharmProjects/AutoGadgetFs/binariesdb/Nud-Nuvoton-1046-20764-1590421333.5169587-Nuvoton-1046-20764-1590421600.8067

...: 274-device.bin")                               

[+]General Statistics

Full charset                : !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~

Discarded charset           : !"#$%&'()*+,-./:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`ghijklmnopqrstuvwxyz{|}~

Final charset               : 0123456789abcdef

word Length                 : 128

Lower Case index usage      : 92%

Lower Case index locations  : [1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 121, 122, 124, 125, 127]

Upper Case index usage      : 0%

Upper Case index locations  : []

Digit index usage           : 96%

Digit index locations       : [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 123, 126]

NonAN index usage           : 0%

NonAN index locations       : []

Counter statistics          : Uppercase: 0 , Lowercase: 133071, Digits:212017 , NonAlphaNumeric:0

All char Frequencies        :

character:5 found:5012 times

character:2 found:22563 times

character:3 found:12197 times

character:8 found:15008 times

character:4 found:13275 times

character:0 found:98056 times

character:1 found:17861 times

character:f found:87823 times

character:d found:7221 times

character:7 found:9614 times

character:a found:11148 times

character:6 found:10472 times

character:b found:8189 times

character:9 found:7959 times

character:c found:9172 times

character:e found:9518 times

***********************

generated:5 Packets

***********************

Out[44]:

['5608305852bf2ffd61770e2c827542f20be0b0fcba09db916bd07e1734b04cb0352b1d278068064d19f033bfad6fa90e53d865693fd4fee0214f00000eb0aa2c',

 '3b083595f276e2f1353a535c32f0f59516fc9328f7673bb80262c4da11c93683afe6dcff8a7a83018d78f41498a0da4d141ebd39c361b1724f2b00000eb0aa2c',

 '0120961963495c4dab9470738b497eddde07b0d70b357795ad9554d7964761969a6d997205e17eada6fa84eb33dcfb11412f75e04c195001283900000eb0aa2c',

 '091065d52127bbc6e840e02f8e1316f1c4d9c92a23931c00cdbb8c158368852ef8fabd461b98812b51ec84e1ccc5c04aaa366fbafabec623bd3500000eb0aa2c',

 '7300cc61151b7af27a578e766f49bebb2de68c48b37a00df1030ae464f456928eedd035303e697208bf58217af728a2a346fda5c8aef0335b82e00000eb0aa2c'

In [46]: x.edap.packets                                                                                                                                                                       

Out[46]:

['5608305852bf2ffd61770e2c827542f20be0b0fcba09db916bd07e1734b04cb0352b1d278068064d19f033bfad6fa90e53d865693fd4fee0214f00000eb0aa2c',

 '3b083595f276e2f1353a535c32f0f59516fc9328f7673bb80262c4da11c93683afe6dcff8a7a83018d78f41498a0da4d141ebd39c361b1724f2b00000eb0aa2c',

 '0120961963495c4dab9470738b497eddde07b0d70b357795ad9554d7964761969a6d997205e17eada6fa84eb33dcfb11412f75e04c195001283900000eb0aa2c',

 '091065d52127bbc6e840e02f8e1316f1c4d9c92a23931c00cdbb8c158368852ef8fabd461b98812b51ec84e1ccc5c04aaa366fbafabec623bd3500000eb0aa2c',

 '7300cc61151b7af27a578e766f49bebb2de68c48b37a00df1030ae464f456928eedd035303e697208bf58217af728a2a346fda5c8aef0335b82e00000eb0aa2c']

帮助模式

In [15]: x.help("")                                
Currently supported methods:
__________________________________________________________________________________________________________________________________________________________________

Method               ||-->Description

----------------------------------------------------------------------------------------------------------------------------

MITMproxy            ||-->This method creates a connection to the RabbitMQ and listen on received messages on the todev queue

____________________________________________________________________________________________________________________________

MITMproxyRQueues     ||-->This method reads from the queue todev and sends the request to the device its self.
____________________________________________________________________________________________________________________________

SmartFuzz            ||-->This method is generates packets based on what it has learned from a sniff from either the host or the device
____________________________________________________________________________________________________________________________

chgIntrfs            ||-->This method allows you to change and select another interface
____________________________________________________________________________________________________________________________

clearqueues          ||-->this method clears all the queues on the rabbitMQ queues that are set up

____________________________________________________________________________________________________________________________

clonedev             ||-->This method does not need any parameters it only saves a backup of the device incase you need to share it or use it later.

____________________________________________________________________________________________________________________________

createctrltrsnfDB    ||-->creates a SQLite database containing values that were enumerated from control transfer enumeration

____________________________________________________________________________________________________________________________

createdb             ||-->create the sqlite table and columns from usblyzer captures

____________________________________________________________________________________________________________________________

decodePacketAscii    ||-->This method decodes packet bytes back to Ascii

____________________________________________________________________________________________________________________________

describeFuzz         ||-->This method allows you to describe a packet and select which bytes will be fuzzed

____________________________________________________________________________________________________________________________

devEnumCtrltrnsf     ||-->This method enumerates all possible combinations of a control transfer request

____________________________________________________________________________________________________________________________

devReset             ||-->This method Resets the device

____________________________________________________________________________________________________________________________

devWrite             ||-->To use this with a method you would write to a device make sure to run the startSniffReadThread(self,endpoint=None, pts=None, queue=None,channel=None)

____________________________________________________________________________________________________________________________

devctrltrnsf         ||-->This method allows you to send ctrl transfer requests to the target device

____________________________________________________________________________________________________________________________

deviceInfo           ||-->gets the complete info only for any usb connected to the host

____________________________________________________________________________________________________________________________

deviceInterfaces     ||-->get all interfaces and endpoints on the device

____________________________________________________________________________________________________________________________

devrandfuzz          ||-->this method allows you to create fixed or random size packets created using urandom

____________________________________________________________________________________________________________________________

devseqfuzz           ||-->This method allows you to create sequential incremented packets and send them to the device

____________________________________________________________________________________________________________________________

findSelect           ||-->This method enumerates all USB devices connected and allows you to select it as a target device as well as its endpoints

____________________________________________________________________________________________________________________________

help                 ||-->AutogadgetFS Help method

____________________________________________________________________________________________________________________________

hostwrite            ||-->This method writes packets to the host either targeting a software or a driver in control of the device

____________________________________________________________________________________________________________________________

hstrandfuzz          ||-->this method allows you to create fixed or random size packets created using urandom and send them to the host queue

____________________________________________________________________________________________________________________________

monInterfaceChng     ||-->Method in charge of monitoring interfaces for changes this is called from def startMonInterfaceChng(self)

____________________________________________________________________________________________________________________________

newProject           ||-->creates a new project name if you were testing something else

____________________________________________________________________________________________________________________________

releasedev           ||-->releases the device and re-attaches the kernel driver

____________________________________________________________________________________________________________________________

removeGadget         ||-->This method removes the gadget from the raspberryPI

____________________________________________________________________________________________________________________________

replaymsgs           ||-->This method searches the USBLyzer parsed database and give you the option replay a message or all messages from host to device

____________________________________________________________________________________________________________________________

searchmsgs           ||-->This method allows you to search and select all messages for a pattern which were saved from a USBlyzer database creation

____________________________________________________________________________________________________________________________

setupGadgetFS        ||-->setup variables for gadgetFS : Linux Only, on Raspberry Pi Zero best option

____________________________________________________________________________________________________________________________

showMessage          ||-->shows messages if error or warn or info

____________________________________________________________________________________________________________________________

sniffdevice          ||-->read the communication between the device to hosts

____________________________________________________________________________________________________________________________

startMITMusbWifi     ||-->Starts a thread to monitor the USB target Device

____________________________________________________________________________________________________________________________

startMonInterfaceChng||-->This method Allows you to monitor a device every 10 seconds in case it suddenly changes its interface configuration.

____________________________________________________________________________________________________________________________

startQueuewrite      ||-->initiates a connection to the queue to communicate with the host

____________________________________________________________________________________________________________________________

startSniffReadThread ||-->This is a thread to continuously read the replies from the device and dependent on what you pass to the method either pts or queue

____________________________________________________________________________________________________________________________

stopMITMusbWifi      ||-->Stops the man in the middle thread between the host and the device

____________________________________________________________________________________________________________________________

stopMonInterfaceChang||-->Stops the interface monitor thread

____________________________________________________________________________________________________________________________

stopQueuewrite       ||-->stop the thread incharge of communicating with the host machine

____________________________________________________________________________________________________________________________

stopSniffing         ||-->Kills the sniffing thread strted by startSniffReadThread()

____________________________________________________________________________________________________________________________

usblyzerparse        ||-->This method will parse your xml exported from usblyzer and then import them into a database

____________________________________________________________________________________________________________________________

In [16]: x.help("findSelect")                                                                                                                                                                 

****

[+]Help for findSelect Method:

[-]Signature: findSelect(self, chgint=None)

[+]findSelect Help:

This method enumerates all USB devices connected and allows you to select it as a target device as well as its endpoints

版权声明:本文来源网络,免费传达知识,版权归原作者所有。如涉及作品版权问题,请联系我进行删除。

 

‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧  END  ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧



Tags:AutoGadgetFS   点击:()  评论:()
声明:本站部分内容及图片来自互联网,转载是出于传递更多信息之目的,内容观点仅代表作者本人,不构成投资建议。投资者据此操作,风险自担。如有任何标注错误或版权侵犯请与我们联系,我们将及时更正、删除。
▌相关推荐
AutoGadgetFS:一款针对USB设备的安全测试工具
关于AutoGadgetFSAutoGadgetFS是一款开源框架,它可以帮助广大研究人员在无需深入了解USB协议的情况下对USB设备以及相关的主机/驱动器/软件进行评估。该工具基于Python 3开...【详细内容】
2022-09-05  Search: AutoGadgetFS  点击:(437)  评论:(0)  加入收藏
▌简易百科推荐
系统优化工具,Ultimate Windows Tweaker软件体验
电脑上的Windows优化工具年年都有,每年还会翻着花样地出现新东西,都不带重复的。每个人都可以上来折腾一番Windows...从这个角度来说,Windows系统还挺“稳定”的,经得起各种用户...【详细内容】
2024-04-10  果核剥壳    Tags:系统优化   点击:(3)  评论:(0)  加入收藏
Telegram怎么不显示在线?
在Telegram中,您可以通过进入“设置” -> “隐私与安全” -> “最后在线时间”,然后选择“没有人”或者自定义特定的人群,以隐藏自己的在线状态。这样设置后,其他用户将无法看到...【详细内容】
2024-04-04  HouseRelax    Tags:Telegram   点击:(3)  评论:(0)  加入收藏
谷歌 Gmail 新规生效:为遏制钓鱼 / 欺诈情况,日群发超 5000 封邮件账号需验证
IT之家 4 月 2 日消息,谷歌为了增强对垃圾邮件和网络钓鱼攻击的管控,今天宣布正式启用新措施:对于向 Gmail 邮箱账号日群发数量超过 5000 封的用户,需要其在域名中设置 SPF / DK...【详细内容】
2024-04-02    IT之家  Tags:Gmail   点击:(12)  评论:(0)  加入收藏
钉钉AI升级多模态:能根据图片识人、翻译、创作、多轮问答
新浪科技讯 3月28日午间消息,钉钉AI助理迎来升级,上线图片理解、文档速读、工作流等产品能力,探索多模态、长文本与RPA技术在AI应用的落地。基于阿里通义千问大模型,升级后的钉...【详细内容】
2024-03-28    新浪科技  Tags:钉钉   点击:(13)  评论:(0)  加入收藏
都2024年了,谁还在用QQ聊天啊?
你还在用 QQ 吗?之所以突然这么问,是因为前些天腾讯发了份热气腾腾的财报。随手翻了翻,发现 QQ 这个老企鹅,居然还有5.54 亿多人每个月都在坚持登录。虽说和辉煌时候没法比了,但...【详细内容】
2024-03-26    差评  Tags:QQ   点击:(9)  评论:(0)  加入收藏
腾讯QQ浏览器工具权益卡上线PC端,每月最低6元
IT之家 1 月 29 日消息,腾讯 QQ 浏览器此前在手机端上线工具权益卡,现将部分权益适用范围拓展至 PC 端,每月 10 元,连续包月为 6 元。开通后用户可以在 QQ 浏览器软件内享有由腾...【详细内容】
2024-01-29    IT之家  Tags:QQ浏览器   点击:(77)  评论:(0)  加入收藏
开源工具Ventoy更新:新增对FreeBSD 14.0的支持
近日,开源装机工具Ventoy发布了1.0.97版本的更新。本次更新的主要亮点是新增了对FreeBSD 14.0版本的支持,并修复了启动问题以及解决了几个Linux独有的bug等。同时,官方还修复了...【详细内容】
2024-01-25    中关村在线  Tags:Ventoy   点击:(40)  评论:(0)  加入收藏
微软Copilot Pro来了:个人用户也能在Word里用GPT-4,20美元/月
面向个人用户的微软Copilot会员版来了。一个月多交20刀(约合人民币142元),Microsoft 365个人版/家庭版用户就能在Word、Excel、PPT等Office全家桶中用上GPT-4。就像这样,不用在C...【详细内容】
2024-01-16    量子位  Tags:Copilot Pro   点击:(91)  评论:(0)  加入收藏
微软 Edge 浏览器支持双引擎同时搜索功能,便利与槽点并存
IT之家 1 月 15 日消息,微软广告和网络服务部门首席执行官 Mikhail Parakhin 近日透露了一个微软 Edge 浏览器的隐藏功能:双引擎同时搜索。顾名思义,该功能允许用户同时使用两...【详细内容】
2024-01-16    IT之家  Tags:Edge   点击:(61)  评论:(0)  加入收藏
11个面向设计师的必备AI工具
译者 | 布加迪审校 | 重楼在当今快速发展的设计领域,人工智能(AI)工具已成为不可或缺的创新催化剂。这些工具专门用于提高效率和创造力,从而重新定义传统的设计方法。AI正在彻底...【详细内容】
2024-01-09    51CTO  Tags:AI工具   点击:(96)  评论:(0)  加入收藏
相关文章
    无相关信息
站内最新
站内热门
站内头条