USB Gadget Framework and Windows issues.....
Ok, so I am working on a quick setup script for USB slave functionallity, Similar to that of the bash bunny's attackmode script. Now on the Bash Bunny, there is a proprietary kernel module that ties all of the legacy(hid, storage, serial, rndis, and ecm ethernet) devices together, where you can choose combinations, depending on the attack you plan on running, and it will generally set everything up on the host you plug it into. I am trying to do the same sort of thing using libcomposite and configfs So on to the problem.......
First, ConfigFS, has been a bit of a learning experience, but nothing to difficult for those who have plenty of linux knowledge.... That being said, no matter what I do, be it set os_descriptors, etc. I can not get RNDIS to work in a composite gadget with other gadgets. If I set it up with RNDIS alone, it works great. RNDIS/Serial, and RNDIS starts, but that isnt one of the combinations I am looking for. Now if I try RNDIS/Storage, or RNDIS/HID, or RNDIS/HID/Storage, the HID and Storage work fine, and the RNDIS, which is detected fails to start in Windows with code 10. This all works as expected on a linux host, but not on a Windows host running Windows 7(Using this as a testing platform)
Now doing a lot of googling, I think the problem comes down to this..... https://support.microsoft.com/en-us/help/2410682/function-of-usb-composite-device-fails-to-start-if-not-first-function
That being said, C/C++ are not languages that I am overly familliar with, so I am not sure how to apply the fixes they are describing. Do I need to patch libcomposite to force RNDIS to be the first, and second IAD in the composite device? or is there a way to so this in configfs? If there is it has to do with deviceclass, and device subclass, but I have been unable to find much documentation on that, other than the kernel documentation, which could have been better written. Really, the whole configFS gadget framework is under documented, but that is another story. I am not above patching the kernel, if that is what it comes to, I am already running an Up board platform patched/Kali Wifi Patched/Storage gadget patched(Allow images more than 2.5gb) gentoo kernel on top of a base gentoo system. So patching isnt the problem, what to patch is. If anyone else has run into similar issues, and can help spoonfeed me through the process of making composite gadgets with RNDIS work in Windows properly, I would appreciate it.
Comments
-
Sorry, This should have been posted in the linux section, not the android section.
-
So for others that run in to this problem, I had better luck if I forced the kernel to load libcomposite and usb_f_rndis at boot. Let libcomposite load the rest of the modules as you create devices. This way, since usb_f_rndis is loaded into the kernel first, it is put in the slot 0-2 area of the composite descriptor. So, the solution to this is when your code loads the modules, usb_f_rndis has to be the first gadget module loaded.