USB is one of the most ubiquitous communication protocols used today. Despite its popularity, there are limited tools to analyze or hack the protocol. The ones available tend to be expensive or difficult to use. Great Scott Gadgets addresses this need with their latest product. LUNA is a USB multi-tool for analyzing, hacking, and developing USB devices.
At Teardown 2019, Kate Temkin and Mikaela Szekely gave a talk on the state of USB analysis tools. They pointed out that protocol analysis for High-Speed (and Super-Speed) devices was readily available but at prices inaccessible to most engineers.
We are very excited to see the team at Great Scott Gadget follow up that talk with LUNA! Its aggressively accessible price point makes it attractive for at least three USB-hacking use models.
Probably the most widely appealing use for LUNA is protocol analysis. While USB's physical layer is relatively simple, a differential signaling pair, the protocol on top of those wires is very complicated. Fortunately, the protocol follows a layer-stack, so it is not impossible to understand. That is if you have the right tools.
ViewSB, which you need to say aloud to appreciate the name, is the analyzer software that decodes the USB traffic. LUNA sits between the device under test (DUT) and the host, sniffing the USB traffic. This Python-based toolkit decodes that traffic it something human-readable.
One of LUNA's best tricks is acting as virtually any USB device, again, using Python. Since LUNA sits between the host and DUT, it can (and has to) enumerate itself to the host as whatever device you configure. Then, a second PC runs a Python-based back-end called FaceDancer to emulate a USB device.
FaceDancer has a long history of fuzzing USB devices, more than can be described here. The Great Scott Gadgets team extended that foundation work with some enhanced capabilities. A noteworthy new feature is the ability to act as a man-in-the-middle for a USB link.
Since LUNA sits between the DUT and the host, the FaceDancer software can do more than just emulate a device.
For example, USBProxy enumerates LUNA as the DUT. From that point, FaceDancer can intercept AND change the USB traffic! This capability means an engineer writing USB drivers can see how the driver handles invalid traffic. Similarly, security researchers could use the same functionality to find vulnerabilities.
As usual for a Great Scott Gadgets product, both the hardware and the software are open source. Even the LUNA's core FPGA uses an open sourced toolchain.
Michael Ossmann says the Crowd Supply campaign's target is around $100 with retail being slightly higher. That target is significantly less than the existing tools available on the market.
There are several Github repositories to check out. You can find the software in usb-tools, and the hardware's design files are in LUNA. For notifications when the tool becomes available for pre-order, you can sign-up on the LUNA Crowd Supply page.