int3.cc

FaceDancer21 (USB Emulator/USB Fuzzer)

OUT OF STOCK - Please note, all orders placed after September 1, 2020 will be fulfilled as soon as we are restocked. Our sincere apologies for the inconvenience! - Xipiter Team

Notify me when this product is back in stock!

If you aren't already familiar with the FaceDancer or Travis Goodspeed and Dr. Sergey Bratus's USB research, we suggest you read up on it a bit. Hackaday also did a story on it. If you dont want to read any of that, here is a short description of the FaceDancer:

The USB protocol requires that anything with USB  declare itself as either a "device" or "host". "Hosts" are computers and other "big" things. "Devices" are iPod, iPads, USB thumb drives, and other "small" accessory-like things. (If you are familiar with USB OTG cables, then you probably understand a bit about this already.) If you ever want a USB "host" to pretend to be a USB "device", you need special hardware. The FaceDancer is that hardware.

 

Pretend to be a USB device from Python:

The FaceDancer allows a computer (or "host") to masquerade as a USB "device" to communicate with other USB devices or USB Hosts. The FaceDancer allows a developer to access data on the USB bus from high level languages like C, Python, and Ruby.

For security research purposes,Travis Goodspeed and Sergey Bratus have demonstrated that there are interesting trust relationships between USB "hosts" and USB "devices". Drivers (for example) on USB Hosts inherently trust that  "devices" won't do bad things (or because it's hardware, that data won't really be malformed ;-) This trust relationship can be probed with the FaceDancer.

For non-research purposes, the FaceDancer allows USB developers and embedded developers to rapidly prototype from high level languages like Python, Java, Ruby, and C.  Where tools like the awesome ones made by TotalPhase only allow for passive monitoring, generating data and injecting it into the USB bus (as a device) has required custom solutions like this FaceDancer.

In the spirit of this website, we wanted to take a step forward and help get assembled versions of this neat tool into people's hands.

This is merely an ASSEMBLED version of what is on theFaceDancer website (If you wanted one previously, you had to order the PCB from Travis, order the parts from a distributor, wait for them, then assemble it yourself). 

 

WHEN YOU GET IT, ALL YOU DO IS FLASH IT AND GO TO WORK!

Also, if you have (or know someone that has) a 3D printer, we designed a case for it, you can download the design files here.

Other folks have designed much nicer cases for these as well. 

 

PLEASE NOTE:

All international orders may be subject to certain import customs, duties and taxes imposed by your country upon delivery. These charges are NOT included in the prices and shipping costs listed on Int3.cc. As the importer of record, you must comply with your local laws and regulations and pay all applicable duties, taxes and fees. Accordingly, we recommend that you contact your local customs office for an estimate of any applicable taxes and duties you may be charged upon delivery and for further information.

*** This device is sold AS IS. We have day jobs, so there is no support for this item (yet, but maybe we'll get there).***

 

Why pricing things is hard...

Many people skip the INT3 "About" page and formulate opinions without understanding what is going on here. Please read that to understand why just because a project is "Open Source hardware" doesn't mean...

Learn to reverse engineer and exploit mobiles, IoT, and Embedded systems. (Public Trainings Announced)

We've announced our public EU and US trainings for 2015. Sign up today!  

Using the Shikra to Attack Embedded Systems: Getting Started

The blog system on this e-commerce platform is awful. This blogpost has been prettified and moved to Xipiter's main blog here:  http://www.xipiter.com/musings/using-the-shikra-to-attack-embedded-systems-getting-started