Jump to content

Modifying Serial Number


JBNZ

Recommended Posts

I note from reading ATTACKMODE that the serialnumber the device presents is defined there, with a comment noting that changing the serialnumber requires reinstalling the RNDIS driver on Windows. Beyond this note, are there any technical limitations preventing a scripted approach to configuring the serialnumber?

This would be useful as some USB whitelisting frameworks, such as USBGuard use a combination of name, serial, VID and PID to whitelist devices. It would be handy to preempt this method of blocking the Bash Bunny by having programatic access to these parameters. I'm keen to dig into it myself, but wanted to put feelers out as to whether anyone was aware of technical hurdles I may hit in the process

  • Upvote 1
Link to comment
Share on other sites

If anyone was wanting to experiment with this, just had a quick look and early indications are that this is fairly trivially achievable by modifying ATTACKMODE. I used the same format used for idProduct and idVendor to modify iSerialNumber and added SN_*) into the case statement which parses arguments. Now giving argument SN_DEADBEEF as argument to ATTACKMODE changes my device's serialnumber to that.

Will report back if I run into failure cases on this.

  • Upvote 1
Link to comment
Share on other sites

34 minutes ago, JBNZ said:

If anyone was wanting to experiment with this, just had a quick look and early indications are that this is fairly trivially achievable by modifying ATTACKMODE. I used the same format used for idProduct and idVendor to modify iSerialNumber and added SN_*) into the case statement which parses arguments. Now giving argument SN_DEADBEEF as argument to ATTACKMODE changes my device's serialnumber to that.

Will report back if I run into failure cases on this.

Neatly done. Although, people are rarely going to whitelist SN_DEADBEEF :P

 

  • Upvote 1
Link to comment
Share on other sites

After an embarrassing number of times breaking the insertion of the kernel module, resulting in losing serial access and having to force reset... I'm setting the manufacturer name with a line similar to the following in ATTACKMODE. I was getting thrown by nested quotes, but it seems like all of these are required to successfully pass an argument containing spaces to the module:

mod_params="$mod_params iManufacturer='\"Test Words\"'"

I think in future, I will surround any experimental code with a check for arming mode to ensure I don't break arming behaviour again.

Edited by JBNZ
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...