Safety researcher and software program engineer Andrey Konovalov has taught an previous canine new tips, turning a Lenovo ThinkPad laptop computer right into a software for emulating the USB system of his alternative — by enjoying round with the Extensible System Controller Interface (xDCI) controller.
“I discovered a option to flip my ThinkPad X1 Carbon sixth Gen. laptop computer right into a programmable USB system by enabling the xDCI controller,” Konovalov explains. “In consequence, the laptop computer can now be used to emulate arbitrary USB gadgets similar to keyboards or storage drives. Or to fuzz USB hosts with the assistance of Uncooked Gadget and syzkaller. Or to even run Facedancer with the assistance of the Uncooked Gadget–primarily based backend. And do all this with none exterior {hardware}.”
A bit of UEFI hackery, a toggled configuration setting, a customized cable, and lots of fiddling turns a laptop computer right into a USB System emulator. (📷: Andrey Konovalov)
Having an easily-portable software to do all of that’s helpful, but it surely wasn’t precisely a plug-and-play operation. “The journey of enabling xDCI included twiddling with Linux kernel drivers, xHCI, DWC3, ACPI, BIOS/UEFI, Boot Guard, TPM, NVRAM, PCH, PMC, PSF, IOSF, and P2SB,” Konovalov says, “and making a customized USB cable.”
The Extensible System Controller Interface (xDCI), Intel’s implementation of a USB 3.0 System Controller, permits one thing that will usually function as a USB Host — on this case, a ThinkPad laptop computer — to behave as a USB System as a substitute. In Konovalov’s laptop computer the xDCI controller is current however disabled, with no possibility within the UEFI configuration to allow it. Looking out by means of a firmware dump revealed the setting was current, however hidden — so Konovalov changed the motherboard’s SPI flash with a socketed model, offering a straightforward option to experiment.
The setting to allow xDCI was hidden within the Lenovo bios, requiring a bit of surgical procedure to resolve. (📷: Andrey Konovalov)
With a modified firmware, the UEFI configuration offered entry to a previously-hidden “Intel Superior Menu” with xDCI assist. Konovalov then booted into Linux and flipped a port into USB System mode — determining which bodily port it was by plugging a USB stick into every till discovering the one that did not work. With a hand-made USB Kind-A to Kind-A cable, that port may then be linked to a different laptop computer and configured to emulate virtually any USB system.
“The subsequent factor I needed to check was Uncooked Gadget,” Konovalov writes, referring to a kernel module designed for higher flexibility in USB emulation. “Working Uncooked Gadget with xDCI for the primary time was very thrilling, as my need to work on Uncooked Gadget on my laptop computer with out exterior {hardware} was what conceived this venture.” With a small patch, Uncooked Gadget labored too —as did syzkaller, a Uncooked Gadget-based software for “fuzzing” USB — sending surprising knowledge to see what occurs. Facedancer, a Python USB emulation framework, additionally proved suitable.
As soon as enabled, the xDCI interface was uncovered to the host operation system — and instruments operating upon it. (📷: Andrey Konovalov)
“I think enabling xDCI also needs to be potential on different PCs,” Konovalov says of the venture’s broader applicability. “Within the easiest case, this may be as straightforward as turning on xDCI in BIOS settings. This could simply work if there’s correct ACPI and role-switching assist and the xDCI-enabled port is wired to the exterior casing. I additionally consider it needs to be potential to allow xDCI purely by way of software program. Despite the fact that I did not do it by reconfiguring PCH, there are different approaches.”
Konovalov’s full write-up is on the market on his web site.
