Fucking with USB Mass Storage protocols

No Comments

Recently I got give a Minimus AVR board, for those that CBA to click the link its a small dev board for the At90usb162 chip. Theyre mainly used for cracking PS3's but theyre also capable of running the LUFA stack well enough to start emulating most USB devices.
First example application I messed with was the Usb Keyboard demo, sure enough I had it making random capslock presses and typing "FUCK" into things. Shortly after getting bored with that I had a play with the USB Mass Storage demos. These allow the stick to emulate a USB storage device, unfortunately the demos require a dataflash chip that isnt present on the board I have. So off I go Vim in hand to track down the libraries that handle Dataflash

 

Give it a week and I have the dataflash libraries replaced with.... A serial port and Python scripts!

Whats happening here is that the Minimus board is acting as a USB Mass Storage controller and whenever it receives a SCSI read command it forwards the block address and length across a serial port to an FTDI adapter which then passes the request to a python script. The script has a 32mb disk image mmap'd and returns data across the serial port to the Minimus.

After creating a Fat16 formatted disk image, mounting it on a loopback device and filling it with stuff then "mounting" it in the python script we can see the files as normal :) Speed isnt too great, anywhere up to about 10kb/sec transfer rates but not slow enough to break things

 

Now the fun part comes when I want to start fucking with files as the device is running :)

Be the first to write a comment!