tinyusb

2 Articles

two USBValve devices on a table, both with a USB cable plugged in. The top one with a long narrow OLED display and the bottom one with a 128x64 OLED display.

Sleuth Untrusted USB Communication With USBValve

July 16, 2023 by 11 Comments

USB devices are now ubiquitous and, from an information security standpoint, this is a terrifying prospect as malicious software can potentially be injected into a system by plugging in a compromised USB stick. To help get some piece of mind, [Cesare Pizzi] created USBValve to help expose suspicious USB activity on the fly.

The idea behind USBValve is to have the onboard microcontroller advertise itself as a storage device, pretending to have a filesystem with some common files available. When an unknown USB device is first inserted into the USB port on the USBValve tool, USBValve displays usage information, via the attached OLED screen, on whether the USB device is accessing files it shouldn’t be or immediately trying to write to the filesystem, which is a clear sign of malicious behavior.

The USBValve hardware is a straight forward composition of a Raspberry Pi Pico, an tiny I2C OLED screen and an optional PCB carrier board with a 3D printed spacer. The software uses Adafruit’s Tiny USB library along with the SSD1306AsciiWire library to drive the OLED display. And it’s all open source, including the code and PCB design files.

There’s a lot of security fun to be had with USB, from DIY dirt cheap Rubber Duckies to open source hardware Rubber Duckies, to discussions on the BadUSB exploits. The simplicity of the USBValve project allows it to be low cost, easy to use and can provide concise, critical information for a variety of real world threats.

After the break, be sure to check out [Cesare Pizzi]’s talk about USBValve at the SCC Insomnihack conference which has a wealth of information on how it fares against some known malware attacks, discussions on some of its shortcomings and potential avenues for improvement.

Thanks to [watchdog] for the tip!

Continue reading “Sleuth Untrusted USB Communication With USBValve”

Drag And Drop Files On Select Arduino Boards

May 29, 2019 by 11 Comments

Historically, getting files on to a microcontroller device was a fraught process. You might have found yourself placing image data manually into arrays in code, or perhaps repeatedly swapping SD cards in and out. For select Arduino boards, that’s no longer a problem – thanks to the new TinyUSB library from Adafruit (Youtube link, embedded below).

The library is available on Github, and is compatible with SAMD21 and SAMD51 boards, as well as Nordic’s NRF52840. It allows the Arduino board to appear as a USB drive, and files can simply be dragged and dropped into place. The library can set up to use SPI flash, SD cards, or even internal chip memory as the storage medium.

Potential applications include images, audio files, fonts, or even configuration files. Future plans include porting the TinyUSB library to the ESP32-S2 as well. Being able to drag a settings file straight on to a board could make getting WiFi boards online much less of a hassle.

We’ve seen other nifty USB libraries before, VUSB is a great option if you need USB on your AVR microcontroller. Video after the break.

Continue reading “Drag And Drop Files On Select Arduino Boards”