Batman Posted November 1, 2015 Share Posted November 1, 2015 Sometimes you come across a generic USB drive and the drive doesn't have a unique serial number in the firmware. I know that if one of these devices is plugged in to a Windows machine that it will generate a serial number for the USB drive and it will be identifiable as a generated serial number because it will contain a "&" in the second position of the serial number. I also know that different route hosts on the same machine will generate a different serial number for the same USB drive on the same Windows machine. I also know that Ubuntu will store USB device information in the var/log/syslog file. My question is if a generic USB device is plugged into linux, will it generate a serial number for the device in the same way that windows does? Will it also generate a different serial for the same USB drive through different USB ports? I'd try this myself to get the answer but out of all of the USB drives I have all of them have actual serial numbers. -.- Thanks for your time! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 1, 2015 Share Posted November 1, 2015 That is an interesting question. Could you elaborate more on the Windows side as I am curious. Are you sure it's a serial number or just a unique GUID for say USB Store to recognize it again? I will see if some of my thumb drives I've collected show anything. Update: I plugged in a lot of USBs and only 1 didnt show me a serial. It came up with (error). When I plugged in 3 different HASP dongles, it did not show a serial for any of them. Quote Link to comment Share on other sites More sharing options...
Batman Posted November 1, 2015 Author Share Posted November 1, 2015 (edited) So here is a picture showing a USB device plugged into my system at some point that had no serial number. I have a feeling it was a USB device that I had a live boot Kali linux on, although I'm not sure. Anyway, if you look at the highlighted USB device, you'll see the "&" in the second position which means that the drive didn't have a serial number associated with it. From what I've learned in my digital forensics class I'm taking, if I were to plug that same USB device into a different USB port on my PC then windows should generate a totally new serial number for that same USB drive. Now, I've plugged in ALL of my USB drives that I own, and nothing has produced that result. Maybe my professor is wrong, or maybe Windows 10 is different than what he is accustomed to, or maybe I just don't have that USB drive setup the same way anymore. But this is what sparked my interest about linux. Edited November 1, 2015 by Batman Quote Link to comment Share on other sites More sharing options...
Batman Posted November 1, 2015 Author Share Posted November 1, 2015 Update: I plugged in a lot of USBs and only 1 didnt show me a serial. It came up with (error). When I plugged in 3 different HASP dongles, it did not show a serial for any of them. Did all of these come with the error instead of a serial number? That'd be interesting if Linux just doesn't care about serial numbers for USB devices. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2015 Share Posted November 2, 2015 Only one of my USB Flash drives said error in lsusb -v The HASP dongles (3 different kinds) were blank. I wouldn't call those serial numbers in USBSTOR, they are more unique identifiers for the OS that is genereated. Kind of like a SID. It's so it can remember it was once plugged in and what drive letter it had/has. Quote Link to comment Share on other sites More sharing options...
Batman Posted November 2, 2015 Author Share Posted November 2, 2015 (edited) I just checked with a USB device I just plugged into my computer - a Sandisk micro 32GB usb drive. You can see the serial number listed in the registery, and then I double checked it using wmic. They match. I did the same thing on my GF's Windows 7 computer and they also matched. Gonna check now on my Kali box to see what it comes up with for the same USB drive. EDIT: Just plugged in the same USB drive to my Kali Laptop (totally different machine) and using lsusb -v the iSerial is listed as 4C530001110925102182. Matches the Windows Serial for it. Do you have a Windows machine to check what windows will assign to the HASP dongles you have? EDIT2: I tried doing this with my USB Rubber Ducky.. my Kali laptop left the serial number blank and the Windows 10 Desktop assigned it a serial with the "&" in the second position... see the rubber ducky jpg. The output of the lsusb -v for the Kali box was Bus 002 Device 006: ID 03eb:2422 Atmel Corp.Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x03eb Atmel Corp. idProduct 0x2422 bcdDevice 1.00 iManufacturer 1 Ducky iProduct 2 HID Keyboard and MSC iSerial 0 bNumConfigurations 1 Edited November 2, 2015 by Batman Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2015 Share Posted November 2, 2015 Yeah give me a few. I'll see what USBSTOR says. Update: Bleh, no drivers to run them. Ah well lol. Quote Link to comment Share on other sites More sharing options...
Batman Posted November 2, 2015 Author Share Posted November 2, 2015 Ah well thanks for trying. Haha. I found out the answer I was looking for anyway. It seems linux doesn't assign it anything if it doesn't already have one. I got lucky with my ducky in that it wasn't associated with one. :) Thanks for your time, Mr-Protocol! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2015 Share Posted November 2, 2015 No problem. Cheers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.