UMAP2: Open source USB Host Security Assessment tool

The UMAP2 is a Python-based USB Host Security Assessment tool developed by NCC Group and the Cisco SAS team.

It has all the features supported by the first edition:

UMAP2EMULATE:USB Device Enumeration

Umap2scan: Usbhost Scan for device support

Umap2detect:usbhost Operating system detection (not yet implemented)

UMAP2FUZZ:USB Host Fuzzing

Additionally, additional features are added to this version:

Usbhost Fuzzing uses Kitty as the fuzzing engine

UMAP2 not only contains executable scripts, but also installs as packages and can be used in libraries

Note: UMAP2 is still a tool in the alpha phase. The API and executable file names are subject to change.

Installation

UMAP2 is a relatively early version and therefore cannot be installed through PyPI. The installation is currently using PIP:

$ Pipinstall GIT+HTTPS://GITHUB.COM/NCCGROUP/UMAP2.GIT#EGG=UMAP2

Ancillary functions

The UMAP2 features are listed in the setup.py file and are installed with UMAP2. However, for some devices you need to add support:

High-capacity storage

You need to add a disk image named Stick.img in the running directory.

MTP

1. Need to add a file/folder named Mtp_fs in the current directory

2. Python Package pymtpdevice,:https://github.com/binyaminsharet/mtp required

Case

Device enumeration

The basic function of UMAP2 is enumeration. The user can enumerate any of the existing USB devices (using the Umap2list command to view the available devices):

$ umap2emulate-p fd:/dev/ttyusb0-c Mass_storage

Or enumerate your own devices:

$ umap2emulate-p fd:/dev/ttyusb0-c ~/my_mass_storage.py

There will be a detailed guide to adding devices in the future, and users can view UMAP2 devices in the umap2/dev/directory.

Device Support Scan

The UMAP2 detects the type of USB device supported by the host. It completes the scan by simulating different devices and sending device-specific messages in a short period of time:

$ umap2scan-p fd:/dev/ttyusb0

Fuzzing

UMAP2 's fuzzing process consists of three steps, which may be written in a separate script in the future:

1. The user needs to determine the target host's message sequence and the emulated USB device:

$ umap2stages-p fd:/dev/ttyusb0-c keyboard-s keyboard.stages

2. Start Kitty Fuzzer in a separate shell and provide the first stage of the generated stages:

$ umap2kitty-s Keyboard.stages

3, open fuzz mode of UMAP2 keyboard simulation

$ umap2fuzz-p fd:/dev/ttyusb0-c Keyboard

After step three is executed, the fuzzing session begins.

* Original address:GitHub

UMAP2: Open source USB Host Security Assessment tool