Some projects are stranger than others. Today I embarked on reverse engineering a certain wireless device. In order to do so it became apparent that I would need to intercept my USB traffic and then be able to analyze it and likely send my own traffic over the USB. I ended up using a Beagle USB Protocol Analyzer
and was very happy with it (it’s pretty inexpensive for what it does), given my specific requirements. I also ended up using the Wireshark’s USB analysis tool available here
, although with more limited success.
But while looking for a tool appropriate to my task I did find a few other tools out there that were very interesting. Most notably was the USBSnoop project at Source Forge
. With this product I was able to see a lot of information but found Wireshark to help me to visualize it and understand what was going on a bit better. However, this might only be because I’m more familiar with Wireshark…
I also experimented around with USBSnoop for Windows
, but given the age of the product and apparent lack of support for Vista found it unusable for my project. However, for the Windows side of things I was able to use SniffUSB 2.0
, which worked really well for my purpose.
In order to do anything worthwhile I absolutely had to unplug all peripherals other than the item I was analyzing. I would get random blips of information through the keyboard and mouse and therefore switched over to using a laptop for all of the work. In the end I found that for me, the perfect combination was just to use my trusty old laptop and Wireshark, far less complicated than I had originally thought.
Next up is FireWire (IEEE1394) testing. For that, lucky me, Apple has provided some tools to use for analysis with the FireWire Developers SDK
. In addition to Apple’s tools, there is a product out there called FireInspector
that I’d love to give a shot if I can get my grimy hands on one… Lecroy, the manufacturers, also happens to have a Fibre Channel protocol analyzer
that I’m thinking would net me some really interesting information…
krypted January 23rd, 2009
Posted In: Mac Security, Unix, Windows XP
Firewire protocol analysis, USB Protocol Analysis