Sandboxed USB Inspection
an invention by nguyens
Updated over 2 years ago. No love. 2 followers.

Project Description

USB devices can be dangerous to read directly from your PC. There are countless stories of PCs being infected (e-g: filesystem encrypted) because a USB device was read without first checking the USB content. But how do you check the device content without having a look at it first?!

If we could fire up a virtual machine on the PC that could read from the USB device first, we'd be able to protect our PC: if any malware ran on the device, it would only affect the virtual machine.

Goal for this Hackweek

Start up a virtual machine from the PC where the USB key is inserted to read from that USB key: - disable the USB port on the PC - enable PCI passthrough for this USB port to be read from the virtual machine - use QEMU + vfio to load the necessary driver/kernel modules in the virtual machine - read the USB key from the virtual machine - if time permits, automatically run the virtual machine as soon as a "USB inserted" event occurs.

Code

  • https://github.com/susenguyen/usb_notify

Resources

  • https://www.kernel.org/doc/html/latest/driver-api/vfio.html
  • https://en.wikipedia.org/wiki/Input%E2%80%93outputmemorymanagement_unit
  • https://www.man7.org/linux/man-pages/man7/inotify.7.html

Looking for hackers with the skills:

security virtualization

This project is part of:

Hack Week 22

Activity

  • over 2 years ago: roseswe started this project.
  • over 2 years ago: nguyens added keyword "security" to this project.
  • over 2 years ago: nguyens added keyword "virtualization" to this project.
  • over 2 years ago: nguyens originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    QBoot - A handy QEMU VM launcher by amanzini

    Description

    QBoot is a command-line tool that wraps QEMU to provide a streamlined experience for launching virtual machines. It automatically configures common settings like KVM acceleration, virtio drivers, and networking while allowing customization through both configuration files and command-line options.

    The project originally was a personal utility in D, now recently rewritten in idiomatic Go. It lives at repository https://github.com/ilmanzo/qboot

    Goals

    Improve the project, testing with different scenarios , address issues and propose new features. It will benefit of some basic integration testing by providing small sample disk images.

    Resources

    Extracting, converting and importing VMs from Nutanix into SUSE Virtualization by emendonca

    Description

    The idea is to delve into understanding Nutanix AHV internals on how it stores and runs VMs, and how to extract them in an automated way for importing into a KVM-compatible hypervisor, like SUSE Virtualization/Harvester. The final product will be not only be documentation, but a working prototype that can be used to automate the process.

    Goals

    1) document how to create a simple lab with NutaniX AHV community edition 2) determine the basic elements we need to interact with 3) determine what are the best paths to grab the images through, balancing speed and complexity 4) document possible issues and create a roadmap for tackling them 4) should we adapt an existing solution or implement a new one? 5) implement the solution!

    Resources

    Similar project I created: https://github.com/doccaz/vm-import-ui Nutanix AHV forums Nutanix technical bulletins