On Fri, Feb 06, 2009 at 08:31:29PM -0500, Aniruddha Marathe wrote: > I am sorry, I should have said "using a part of the existing file > backed storage gadget driver".. The existing driver has everything I > need! > > I came across a .ppt by David Maynor that talks about carrying out DMA > transfer through a USB device so as to be able to insert a malicious > shellcode (here a program that just pops up window) into appropriate > place in the memory and run it: > > http://cansecwest.com/core05/DMA.ppt > > I was quite sure that such thing might not be possible through a USB > device by directly carrying a DMA transfer. Ah, ok, that is different. > The author might have taken advantage of a bug in the OHCI driver and > carried out such attack (carried out in the year 2006). It wasn't > exactly clear from the presentation how he did it. So I was trying to > imitate this attack using an emulated mass storage device. He's not giving you explicit instructions on how to do it on purpose. But it is totally possible. You can have lots of fun with a USB device running firmware you control, we've known this for years and years... good luck, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
