Great Scott Gadgets

open source tools for innovative people


Reverse Engineering Black Box Systems with GreatFET, Troopers 2018

In this presentation at Troopers 2018, Kate Temkin and Dominic Spill used GreatFET One and the Facedancer software framework to demonstrate techniques for reverse engineering embedded USB hosts.

It is often fairly simple to set up an environment for reversing a USB device; you just plug it into a host that you control. Then you can manipulate software on the host to test or monitor USB communications between the host and device. Even if the host operating system doesn’t provide a way for you to monitor USB (hint: it probably does), you can run it inside a virtual machine that runs on top of Linux and use Linux’s usbmon capability.

But how do you sniff USB if the USB host is an embedded platform that you don’t control? What if it is a game console or a photocopier with software that you can’t run in a virtual machine? Kate and Dominic show how you can use GreatFET One and a laptop to proxy USB between a device and a host without controlling software on either the device or the host. With the USBProxy solution they implemented in Facedancer, it is possible not only to monitor USB communication but also to modify USB data in transit.

Additionally they demonstrate how the Facedancer software for GreatFET can be used to emulate a USB device, allowing them to reverse engineer “black box” USB hosts and test them for vulnerabilities.

download video
download slides


Making USB Accessible, Teardown 2019

On Sunday, Kate Temkin and Mikaela Szekely presented Making USB Accessible: Developing Ultra-low-cost, Open USB Tools at Teardown 2019 in Portland. In this well-received talk, they debuted ViewSB, a USB analyzer that supports various capture backends including GreatFET, OpenVizsla, and usbmon.

In the days leading up to the talk, Kate went on a tear, developing ViewSB to complement the hardware solutions for USB capture that she and Mikaela had been working on. I asked, “Why do we need ViewSB when we already have tools such as PulseView and Wireshark?”

Her answer was that the existing open source software tools for USB analysis don’t present data in a way that is useful enough for USB developers. I recalled my past confusion about USB nomenclature and how the most essential thing I learned from Kate’s training class at hardwaresecurity.training last year had been an understanding of the differences between USB packets, transactions, and transfers. Thinking back to the tools we used in that class, I realized that she was right that a new tool was needed. In fact, the limitations of the existing tools were probably largely responsible for my confusion!

As you can see in this video, ViewSB presents low level USB packet data in a visual format that groups packets together into transactions, something that I had previously seen only in software for proprietary USB analyzers. It makes USB much easier to understand. I wholeheartedly agree with Mikaela and Kate that their work makes USB accessible!

Code used in the presentation can be found in the usb-tools organization on GitHub.

download video
download slides


GreatFET on Hak5

I recently sat down with Darren Kitchen to record a couple Hak5 episodes. First we introduced GreatFET One to his viewers and demonstrated using its Facedancer capability to emulate a USB device. Then we did some infrared hacking with Gladiolus, a prototype GreatFET neighbor we plan to release later this year. Thanks for having me on the show, Darren!


Free Stuff, April 2019

More students! The TARDIS Team from Sapienza University of Rome, Italy was selected for the [REXUS/BEXUS] (http://rexusbexus.net/) program. The German Aerospace Center (DLR) and the Swedish National Space Agency (SNSA), in collaboration with the European Space Agency (ESA), jointly allow students from universities and higher education colleges across Europe to carry out scientific and technological experiments on research rockets and balloons.

Their experiment, named TARDIS (Tracking and Attitude Radio-based Determination in Stratosphere), will be launched on a balloon in October from Kiruna (Sweden), reaching 30 km of altitude. The experiment’s main objectives are to determine the position and the attitude of the balloon by digital processing of VOR navigation system signals.

And, yes, their acronym, [TARDIS] (https://tardis.s5lab.space/), may have influenced our choice this month!


Free Stuff, March 2019

More students got free stuff in March. The University of Split - Flow Design Team makes autonomous drones and will use their new HackRF One to improve their score in competitions. They will be competing in the [AUVSI SUAS] (http://www.auvsi-suas.org/) again this year. They won the Most Stubborn Team Award last year!


Free Stuff, February 2019

HHSec received an Ubertooth One as the Free Stuff recipients for February. They are a group of students from the Hague University of Applied Sciences and plan to use it in their IoT research. They look like an enterprising team and we are happy to encourage them.


Free Stuff, January 2019

January was a strange month for the freestuff mailbox. We had some pranksters and people who never replied, so we didn’t send anything. Instead, we are going to reopen January for submissions. Starting… now!

If you’d like to be considered to receive free hardware from Great Scott Gadgets, please visit the Free Stuff page and send us a message with lots of details about your project. We have a GreatFET One just dying to escape the lab!


Free Stuff, December 2018

In December, we sent a HackRF One to Jærgruppen av NRRL Norsk Radio Relae Liga, an amateur radio group in southwest Norway. They run radio courses every year and work with their local scouting groups. They hope to use their new HackRF in this year’s JOTA (Jamboree on the Air).


GreatFET One Has Arrived

It’s happenning! We started shipping GreatFET One to resellers last week, which means that very soon (probably even today) it will be available for you to order online from your favorite reseller of Great Scott Gadgets products. Hint: if your shop of choice doesn’t carry it yet, let them know you’re interested!

It was January of 2016 when Mike Ossmann gave his firetalk at Shmoocon titled GreatFET: A Preview, in which he explained how he bought the GoodFET project from Travis Goodspeed in a Las Vegas bar for $5. That was the beginning of the project that came to be known (humorously, at first) as GreatFET. At that time, GreatFET One was known as Azalea, and was still in the development stage. Three years and countless hours of engineering, development, and manufacturing effort later, we have completed the first production run.

front

GreatFET One is a general purpose (and like all of our tools, open source) USB peripheral. When we say it’s general purpose, we mean that there are a whole lot of interesting things a hardware hacker, or maker, or tinkerer can customize it to do, especially through the addition of add-on boards called neighbors. But you don’t need to add anything on to start using this versatile this tool; there is plenty of USB hackery to be accomplished with GreatFET One on its own. Check out what Kate Temkin has been up to over the last year or so!

Very soon, we will also start offering a clear acrylic case and Daffodil, a solderless breadboard neighbour. To learn more about the GreatFET project and to see which resellers are already stocking GreatFET One, visit the GreatFET One product page.


Goodbye, Dominic

Just over ten years ago I sent my first email to Dominic Spill:

“We haven’t met, Dominic, but I hope you don’t mind being included on this message. I thought you two might be interested in some work I finally got around to writing up. . .”

I had been exploring the use of software-defined radio for Bluetooth monitoring and had found Dominic’s paper on the subject. He and I quickly began collaborating on the development of tools and techniques that improved upon the methods in his paper. Just three months later, we presented Building an All-Channel Bluetooth Monitor at ShmooCon 2009.

We met in person for the first time the day before our talk at ShmooCon, and we have been friends and research partners ever since.

Over the next two years I learned electronics and designed Ubertooth One, a low cost test tool that implemented some of the techniques Dominic and I had developed. Ultimately this me led to create Great Scott Gadgets as a way to put such tools into the hands of innovative people around the world.

When Great Scott Gadgets began to become too much work for me alone, Dominic was the first person I turned to for help. He took over development and support for the Ubertooth project as a remote contractor while I turned my attention to developing new tools and growing the company.

Eventually Dominic moved to the United States and joined the GSG team in Colorado as a full-time employee. He played a key role in research and development, provided technical support for our resellers and end users, led our software development efforts, mentored interns, kept our internal IT systems up and running, and even cleaned the refrigerator. His humor, creativity, and patience have been felt by every member of the team.

For ten years Dominic and I have continued collaborating on research and developing new tools. I’ve lost count of the number of conference presentations we’ve given together and of how many times one of us has turned to the other and said, “Here’s a crazy idea. . .”

Yesterday was Dominic’s last day at Great Scott Gadgets. Having decided that he needed a change, he will pursue new adventures.

We will miss Dominic greatly. He will always be a part of the GSG family.


subscribe to GSG feed