Is it possible to detect a VM from a USB device? - usb

Most hypervisors have an option to pass-through USB devices to a virtual machine. For example, a USB hardware token for code signing.
Would it be possible for the USB device that is passed-through to detect if it is connected to a virtual machine?
Is there some renegotiation happening during the setup of the pass-through that could indicate to the device that is being passed-through?
I know the Host can query the Device for vendor information (GET_DESCRIPTOR, 9.4.3 of USB 2.0 spec). Is there also something that goes the other way around? Aka a way for the device to query information about the host?
I know a "perfect" virtual machine would be undetectable, but I also know commonly used hypervisors (VMware, QEMU, Virtualbox, Parallels) are far from this "perfect".

Related

How to reverse-engineer a USB device without monitoring traffic?

How is it possible to determine the commands to operate a usb device, if that device comes from another operating system and traffic monitoring software cannot be installed on that OS. The only method i can think of is sending random commands to the device, until the device responds, but this seems implausible for more complex commands, and potentially dangerous. For example, consider the DualShock 4 controller. Sony has not made an official driver for this device, so what method can i use to create a linux driver for it?
Get a hardware protocol analyzer. Then you won't need to install any software on the host or device under test. Here is one that I have used:
http://www.totalphase.com/products/beagle-usb12/

UART over USB for STM32 Micro-controller

I'm trying to implement UART over a USB interface on the STM324x9I-EVAL development board. The purpose is to send commands to a servo controller (or other hardware, for that matter) serially. I've successfully implemented the USB_Device_CDC example on the development board but am unsure exactly how this works without a PC with drivers on the other end. As far as other hardware is concerned, will the USB port now simply look like a serial port? Or is there still a need for a driver or some sort of interface on the other end?
I do want to point out that I'm aware of the following post:
Emulating UART over USB
but I don't believe my question is fully answered within the context of that answer.
A USB connection is not a peer-to-peer connection like a UART. It requires a host and a device in a master/slave relationship. The device cannot initiate data transfer; it must be continuously polled by the by the host.
A CDC/ACM class device presents a virtual COM port on a PC host, but that does not allow the device to communicate with a UART interface. It looks like a serial port at the software level, but does not implement a UART physical layer. There is an awful lot going on under the hood to make it look like a PC serial port, but none of it resembles UART communications at the physical level.
There are devices that act as UART/USB bridges (from FTDI and Prolific for example), and you could (somewhat expensively) build your own from a microcontroller that has a USB device controller and a UART, but the bridge is a USB device and must still connect to a USB host; these are normally used to connect a PC to a microcontroller that lacks a USB controller or where the software/CPU overhead of using a USB controller is too great.
In theory you could connect a microcontroller that has a USB host controller to one that has a USB device controller, but you need host and device software stacks on each respectively, and once you have the USB connection, implementing CDC/ACM is a somewhat inefficient use of the available bandwidth. The purpose of the CDC/ACM class is primarily to allow "legacy" software to work on a PC.
If you need to connect to a "real" serial port, you should use a real UART - which are far more ubiquitous than USB controllers on microcontrollers in any case.
You should learn a little bit about USB device classes. CDC is a USB device class, and ACM is a subclass that I assume you are using. The device you made could be called a "CDC ACM device" because it uses the CDC class and the ACM subclass.
These classes and subclasses are defined by the USB Implementers Forum in documents that you can find here:
http://www.usb.org/developers/docs/devclass_docs/
These documents specify things like what USB descriptors a CDC ACM device should have in order to describe itself to the host, and what kinds of interfaces and endpoints it should have, and how serial data will be represented in terms of USB transactions and transfers.
Note that CDC ACM only specifies some USB commands for transferring data between the host and the device. It does not specify what the device will actually do with that data. You can use CDC ACM to implement a USB-to-serial adapter, or you can just use it as a general purpose communication interface for whatever data you want to send.
Yes, you do need a driver on the PC side. The driver needs to be designed to run on your specific operating system. It needs to create some kind of virtual serial port device in your operating system that other software (which only knows about serial ports) can find and connect to. It needs to translate serial port operations performed by other software on the serial port (e.g. writing some bytes to the serial port) into low-level USB commands according to the CDC ACM specifications (e.g. sending some bytes out to the device on a particular endpoint in the form of USB packets). It needs to somehow know which USB devices it should operate on, since not every USB device is a CDC ACM device.
For Windows, you will probably use the usbser.sys driver which comes with Windows. For versions of Windows older than Windows 10, you will need to write an INF file to associate your device to usbser.sys and sign it. For Windows 10 and later, there is a new INF file called usbser.inf already included with Windows which will automatically match any valid CDC ACM device. This means you don't have to write or distribute a driver for CDC ACM devices if you only intend to support using the device on Windows 10 or later. The partnership between Microsoft and Arduino which began in 2015 gives me hope that Microsoft will continue supporting and improving usbser.sys in the future. In fact, they claim that in Windows 10 "the driver has been rewritten by using the Kernel-Mode Driver Framework that improves the overall stability of the driver", so that is good news.
For Linux, there is the cdc_acm kernel module, which has been a standard part of the kernel for a long time and should work automatically with any CDC ACM device you plug in.
For Mac OS X, there is the AppleUSBCDCACM driver, which should work automatically with any CDC ACM device you plug in.
Note that for any of these drivers to recognize your device and work with it, your device has to have certain values in its USB descriptors, and the requirements can vary depending on what exact driver version you are talking about.
Will the USB port now simply look like a serial port?
No, that's the wrong way to think about it. The USB port will still look like a USB port, but the various USB drivers provided by your operating system will recognize that a CDC ACM device is plugged into that port and create a new entry in your operating system's list of serial ports. Then if you run some software that only knows about serial ports, it can connect to that port.
In fact, if you make a composite device, you can have a single USB device plugged into a single USB port that actually has two or more virtual serial ports.

OpsView/Nagios SNMP USB device monitoring

Is there any way to monitor USB devices, connected to the server in Opsview Core?
Or there is any software that I can install to make SNMP possible for USB devices?
Some of the USB security dongles often disconnects by themselves. The point is to have notifications when they lost.
Thanks!
If your USB dongles are connected to the Opsview Server, and if this server is running Linux (i don't know much about Opsview except that it can use nagios plugins), it would probably need only a few lines of code to write a plugin that parses /proc/bus/usb/devices or the output of lsusb and checks for the vendor id / product id / product name of the USB dongles.

How to use USB over Remote Connection to a Virtual Machine

I'm trying to do mobile application development (BlackBerry, Android) on a virtual machine. My idea is that no matter what desktop I'm on I can open a remote connection to the virtual machine and have my mobile development environment ready. The problem is that I would like to deploy code to the mobile device as if it were physically connected to the virtual machine. Ideally the devices will be plugged in to the client machine that is creating the remote connection.
I'm currently using VMWare workstation to manage my virtual machines, I've done a bit of research to see what the best solution for connecting my usb devices over the network is.
There are a multitude of pricey USB over network solutions that may or may not work for what I'm trying, but I would like to avoid those. I would be interested in a free open source solution where both the usb host and usb client are windows machines. This is close to what I am looking for http://usbip.sourceforge.net/, but you can't host a device from Windows.
It appears that I may be able to do this with a Hyper-V VM and RemoteFX through Microsoft RDC, but I would like this to work on my existing VMWare VM.
The quickest solution I've found is a network usb hub that would allow me to connect the devices over the network, but this would force me to be attached to the hub which is a problem if more people come on my project.
Ideally I'm looking for an existing software solution to my problem. Any suggestions?
Also can anyone confirm this would work in Hyper-V using RemoteFX?
I would consider porting your VM over to VirtualBox from Sun (now Oracle) they have remote USB support out-of-the-box, and are very stable.
I've ported machines the other way (for work) and it's not difficult.

How to emulate USB devices?

The rest of my team will make for my application a simple non-standard USB microphone, but until they finish it I will have to emulate it, for integration testing purposes.
Is there any risk in a physical loopback? Yes there is
Will a physical loopback work? Only with a USB bridge
There is any way to create a logical loopback? (MSDN has something about this)
There is any general purpose USB emulator software?
In case there is many options available I'd rather work it .NET/Matlab/Python solutions.
Edit: Proof of concept here
I strongly recommend this project, USB IP. It is a way of connecting USB devices over the network. There is a Windows client.
What this means is, you install the client on your Windows computer.
This device then expects to talk to a USB device connected to a Linux computer, the server:
What you now do, is either create a fake device driver for Linux, that looks like is connected to a physical USB device, but in reality is just logic pretending to be your USB device. There are tutorials for writing USB drivers for Linux. Or you create your own stub driver for the Device Control Manager (see picture above). This stub driver could run on Windows or Linux, it wouldn't matter. It could even run on the same Windows machine which is the USB client.
The DSF USB Loopback Device mentioned in the question itself, would be the same kind of solution as a stub driver for the Device Control Manager, but taking Linux out of the picture altogether.
You can write virtual USB device using QEMU.
You can duplicate already existing device, like the dev-serial.c found in this QEMU repository and change it for your needs.
After you write and compile your USB device you can simply attach it to your VM using the QEMU command line interface.