usb's quirks ... how to sniff bios'es messages addressed to usb rom chip
Hans Petter Selasky
hps at selasky.org
Mon Mar 19 19:30:10 UTC 2018
On 03/19/18 19:46, Vincenzo Di Salvo wrote:
> Hello guys,
>
>
>
> reading the FreeBSD forums I learned about the usb freebsd mailing list.
>
>
>
> I try to explain my question.
>
>
>
> Plugging in an hard disk into the usb port (without mounting the
> filesystem), I've noticed that the inserting operation was detected by the
> chip and a counter inside the HD memory was increased by one each time the
> hard disk was inserted.
>
> So a write operation has been happen !!!!!!
>
> The drive in question is a solid hard disk SSD 1TB Samsung 850 EVO Sata III.
>
>
> This test has been done on a Linux O.S (that is a very disaster in terms of
> security policy, due to the demons of the GUI !)
>
>
>
> This sounds like something done by the BIOS. Some can keep track on a wide
> variety of things. For example, it happens that the Bios keep track of the
> times when the case is opened.
>
>
>
> QUESTION:
>
>
>
> Is the FreeBSD usbdump(8) the right way to listen on events coming from
> bios (in this case a writing access) and show changes happened into the rom
> memory of the chip of the usb HD ?
>
>
>
> Appreciated is any your help also about the correct sintax of the usbdump.
>
Hi,
usbdump has a manual page, man usbdump, describing how to use it.
There is also a Google Summer of code project to add wireshark support
for the FreeBSD usbdump format.
--HPS
More information about the freebsd-usb
mailing list