USB Proxy Rats Out Your Devices’ Secrets

If you need to reverse-engineer a USB protocol on a computer running Linux, your work is easy because you control everything on the target system — you can just look at the raw USB data. If you’d like to reverse-engineer a USB device that plugs into a game console, on the other hand, your work is a lot harder. Until now.

serialusb is a side-project by [Mathieu Laurendeau], alias [Matlo]. His main project, GIMX is aimed at gaming and lets you modify your gaming controller’s performance by passing it first through your PC and tweaking the USB data before forwarding it on to the target console. Want rapid fire? You got it. Alter the steering-wheel sensitivity curves? Sure.

GIMX is essentially a USB man-in-the-middle between your controller and your console, with the added ability to modify the data along the way. For hardware that’s not yet supported by GIMX, though, either [Matlo] would need to borrow your controller, or teach you to man-in-the-middle your own USB traffic. And that’s what serialusb does.

The hardware required is very modest: a USB-to-serial adapter and an ATmega32u4-based Arduino clone. Many of you could whip this together with parts on hand, and it’s the same hardware you’d need to run GIMX anyway. Data goes through your computer, is usbmon’ed and wireshark’ed, and then passed over serial to the ATmega which then converts it back into USB, plugged into the console. A very tidy little setup.

In case this seems familiar, we’ve covered a similar trick by [Matlo] before that used a BeagleBoard as the computer in the middle. That’s a sweet setup for sure, but if you don’t have a spare single-board computer lying around, now you can get it done for only around $5 in parts. Happy USB reversing!

19 thoughts on “USB Proxy Rats Out Your Devices’ Secrets

    1. It’s listed in the similar projects section of this project’s GitHub site, and yeah, it’s basically the same thing with a Beaglebone playing the role of your computer in the middle.

      Although the USB-serial-USB trick makes this one super-duper cheap.

    1. No different than a USB hub but for the bit manipulation in between. No reason to think it wouldn’t work. USB is a protocol. Follow it on both sides and no-one is the wiser.

      As for speed, USB is slow relative to just about everything in a modern PC. Even an entry level netbook can calculate an orbital insertion on mars in the time spent between packets.

        1. Can I make the32u4 act as host? So the layout will be
          Usb device atmega32u4 BTmodule———BTmodule atmega32u4 USB host
          I didn’t thought about latency, thank you for pointing it out.

          1. No the atmega32u4 can only be a device. A work-around is to use a USB host shield:
            target device ↔ USB host shield ↔ atmega32u4 ↔ HC05 ↔ HC05 ↔ atmega32u4 ↔ target host
            But the setup becomes quite complex and requires a lot of work.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s