USB man-in-the-middle adapter

The module works as a pass through, providing access to data and power lines for a USB device. [BadWolf] built it in order to sniff out communications between peripherals and the Universal Serial Bus. For now it just provides access to the different signals, but we think there’s quite a bit of usefulness in that. First off, the power rail is mapped out to a jumper, making it dead simple to monitor the voltage stability or patch in a multimeter to get feedback on current consumption. But you can also see in the foreground that a pin socket makes it easy to tap into the board using jumper wires. We think it would be a great breadboard adapter for USB work that would continue being useful after you’ve populated your first PCB for the prototype.

[BadWolf] has other plans in store for it though. He wants to intercept and decipher the communications happening on the data lines. In the video after the break he mentions the possibility of using a Bus Pirate for this (we have our doubts about that) but plans to start his testing with an STM32 discovery kit. We can’t wait to see what he comes up with.

Comments

  1. Kyle says:

    This is good for USB 1.1 at the very best. Have you heard of impedance mismatch? Signal reflections? You will not be reliably pushing data through this.

    No offense, but there are a ton of actual USB breakout adapters out there that are much better than this. Kudos to a beginner, but read up on the concepts above to understand why you should not do this.

  2. BadWolf says:

    @ Kyle
    My aim is to interpret and discover how USB works,not injection (for now).

  3. Tom says:

    Agree with the impedance mismatch problem and also as the USB host is usually a PC, data can be captured with a freeware (software) protocol analyser running on the host.

  4. StacyD says:

    Easiest way to do this interceptor is to….. use some diodes! The impedance mismatch is almost inevitable, but you do want to isolate your one directional signals for analyzation. Get some small 1n4128/4 or 1n4004 from radioshack for about a $1 and you will have less issues when you go to look at the data. It works better for sipping serial, but should help you get closer to a USB2.0 spec without messing the signals up much as they pass by. BTW – a short mismatch in impedance will not be too bad for the USB 2.0 spec as long as your cables are short; its much more critical for USB 3.0.

  5. BadWolf says:

    @StacyD
    Thanks for the tip!

  6. Keith says:

    Radio Shack … Booo

  7. cooldemo says:

    This is a joke right ? The USB is differential, no use for the diodes also. There is no point in doing this, the USB is so complex that it is way easier to sniff the software part in the OS of your choice.

    anyway, if you HAVE to do this, then try putting an op-amp at the D+ D- lines to create 0-1 signaling. The opamp will not push the impedance too much if put directly on the PCB. You can then mess with the signal.

  8. hpux735 says:

    USB isn’t really like serial in that you cant just look at TXD and RXD and infer what’s happening. D+ and D- are differentially signaled, and shared for communication in each direction. Therefore, it requires much more work to know who is saying what on the bus. I’m not saying it’s not possible, but it will take a lot of work. There was a kickstarter project about this a while ago:

    good luck

  9. Paul says:

    sounds like there is a lot of room for improvement but its a great start! I think BadWolf would appreciate everyone’s ideas on how to improve his design so I for one suggest sending him them with as much detail as possible.

  10. BadWolf says:

    @Paul
    Thanks a lot!

    @the others
    I do know it’s differential,but as soon as you are able to read both states without interfering,there’s no doubt on who say what since all comms are started by the host except for a few special things. If I succeed in reading the D lines states faster than they go (should work with an AVR-look on the page,a guy did it with an ATtiny) then a simple code do compute the resulting char being sent and then transmit that to another Serial port and there ya go,live feed of 0s and 1s.

  11. Kyle says:

    Ummmmm…. Send the sniffed data to a serial port? There’s a little difference in speed there. You aren’t going to be sending USB data to a serial port without some extreme data loss.

    Also, StaceyD, what are you talking about!?!? Diodes? Really?

  12. bty says:

    @BadWolf above

    And at what baudrate are you going to run that UART ?

  13. Paul says:

    It might be worth mentioning USB protocol analyzers have existed for a very long time.

    They’re not cheap, and probably the most affordable is the Beagle from Total Phase ($400 for 12 Mbit/sec, $1200 for 480 Mbit/sec). These wonderful hardware devices can sniff everything that happens on the USB, with 20-some ns timestamp accuracy.

    It’d be awesome if someone made a cheap, open source version. But the commercial ones have existed and worked very well for a very long time.

  14. w0rl4ck says:

    paul and hpux735 are right you need some power to catch usb 2.0, however usb 1.1 is do able and i think the Open Workbench Logic Sniffer can do usb 1.1 or they were working on it.
    i am waiting to see openvizsla project
    if you need to get in to usb comuncation read “USB Complete” to become a complete ninja also ladyada has some tuts http://www.ladyada.net/learn/diykinect/

    I hope I have helped

  15. Bob Spafford says:

    http://cgi.ebay.com/USB-EXTENSION-CABLE-6-MALE-FEMALE-6FT-A-A-6-FT-/120573706525?pt=LH_DefaultDomain_0&hash=item1c12c0c11d#ht_2091wt_901

    Sells an A type USB M/F 6′ (extension cord) from San Diego for $2.87 postage paid. You could remove several inches of sheath and tap into the conductors without cutting them (the ultimate in reliable connection). If you separate them appropriately, it is impossible for them to short, so no insulation needed. Just slit the sheath you removed and tape it back in place, a band between each wire out. I’ve tapped many data (and 1 or 2 power) cables this way without incident. Of course, you can still just cut the cable and wire up your breakout board.

  16. Jochen Goerdts says:

    i see your good intentions but it simply doesn’t work this way.
    cant’t you do this in software?

  17. Do you really know how USB works?
    So you want to sniff USB data and then said data over a usb cable to the computer in form of 1’s and 0’s?
    At least make use of the full 8 data bits per serial packet and send 8bits at a time, and this will only work if you are sniffing a usb1.1 cable with a usb2.0 device capable of using its bandwidth.

  18. StacyD says:

    Yes, USB does work much differently than serial. However, I am expecting this guy really to just want to be hooking it up to the Open Logic Sniffer or similar. http://dangerousprototypes.com/2010/02/25/prototype-open-logic-sniffer-logic-analyzer-2/

    Just saying that the diodes might help him not blow something up by sending off-data back through the line or messing with the signal structure. Cmon guys, willing to bet that he was just curious! Whenever you try something new that you may not know a lot about, always a good idea to use protection!

  19. Terry says:

    This prior article was a pretty good one on USB sniffing. http://hackaday.com/2009/03/19/usb-sniffing-in-linux/

    If you want to check out your voltage drop on the supply lines or measure the current use an arduino.

  20. ian says:

    “he mentions the possibility of using a Bus Pirate for this (we have our doubts about that)”

    I have my doubts too – with a 115200bps serial interface it’s going to be tough to sniff even low-speed USB.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,376 other followers