Re: Fwd: Can a USB gadget device initiate DMA transfer at the host?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 06, 2009 at 08:31:29PM -0500, Aniruddha Marathe wrote:
> I am sorry, I should have said "using a part of the existing file
> backed storage gadget driver".. The existing driver has everything I
> need!
> 
> I came across a .ppt by David Maynor that talks about carrying out DMA
> transfer through a USB device so as to be able to insert a malicious
> shellcode (here a program that just pops up window) into appropriate
> place in the memory and run it:
> 
> http://cansecwest.com/core05/DMA.ppt
> 
> I was quite sure that such thing might not be possible through a USB
> device by directly carrying a DMA transfer.

Ah, ok, that is different.

> The author might have taken advantage of a bug in the OHCI driver and
> carried out such attack (carried out in the year 2006). It wasn't
> exactly clear from the presentation how he did it. So I was trying to
> imitate this attack using an emulated mass storage device.

He's not giving you explicit instructions on how to do it on purpose.
But it is totally possible.

You can have lots of fun with a USB device running firmware you control,
we've known this for years and years...

good luck,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux