numap-scan not working with Greatfet One

[winux138]

I recently acquired a Greatfet One to fuzz USB ports.

After some digging I came to the following conclusion :

• umap2 support the FaceDancer, not the Greatfet One (but nu-map does, so here I am),
• nu-map relies on greatscottgadgets/Facedancer

So far I managed to get the FaceDancer's example/rubber-ducky.py script working on my Greatfet.
(I used this fork MatthewTingum/Facedancer)

I then tried to run numap-scan but I started facing errors, some that I managed to fix :

• missing parenthsis at numap/dev/smartcard.py:468
• trying to encode bytes at numap/core/usb_cs_interface.py:63(here I removed the .encode("utf-8"))

But there is one issue I can't figure out how to fix, the

ERROR:numap:Traceback (most recent call last):
  File "/home/ju/.local/lib/python3.10/site-packages/numap/apps/scan.py", line 50, in run
    device.run()
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/USBDevice.py", line 165, in run
    self.scheduler.run()
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/core.py", line 509, in run
    task()
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/USBDevice.py", line 83, in <lambda>
    self.scheduler.add_task(lambda : self.maxusb_app.service_irqs())
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/backends/greatdancer.py", line 766, in service_irqs
    self._handle_transfer_events()
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/backends/greatdancer.py", line 472, in _handle_transfer_events
    self._handle_transfer_complete_on_endpoint(i, self.HOST_TO_DEVICE)
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/backends/greatdancer.py", line 555, in _handle_transfer_complete_on_endpoint
    self.connected_device.handle_request(self.pending_control_request)
  File "/usr/local/lib/python3.10/site-packages/facedancer-2.9+dirty-py3.10.egg/facedancer/USBDevice.py", line 216, in handle_request
    if index < len(self.configuration.interfaces):
AttributeError: 'NoneType' object has no attribute 'interfaces'

You will find attached the complete log (at some point it is stuck waiting, so I interrupted it 2 or 3 times).

numap2.log

So I am wondering, can anyone reproduce the issue ? Does someone has a clue of what I could be doing wrong ?

Am I at the wrong place, should I post in the FaceDancer repo instead ?

If you need any additional information feel free to ask.

[bakeromso]

Did you ever end up fixing this issue? I also got a GreatFET one in the hopes of using it for umap/umap2, but by now I've come to the same conclusion that umap wasn't made to work with the GreatFET and it seems GreatFET wasn't made to run as drop in replacement facedancer hardware (but reimplements the facedancer backend instead)

[dhingos]

Hello, I am also interested in this and was hoping someone figured this out, I have been trying to get my greatfet to work with numap as well. In particular I tried the following:

numap-scan -P=/dev/greatfet-one1-6 -v

and got results such as this:

[ALWAYS] Testing support: keyboard
[INFO ] Loading USB device keyboard
[ERROR ] Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/numap/apps/scan.py", line 48, in run
device = self.load_device(device_name, phy)
File "/usr/local/lib/python3.10/dist-packages/numap/apps/base.py", line 66, in load_device
module = importlib.import_module('numap.dev.%s' % module_name)
File "/usr/lib/python3.10/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1050, in _gcd_import
File "", line 1027, in _find_and_load
File "", line 1006, in _find_and_load_unlocked
File "", line 688, in _load_unlocked
File "", line 883, in exec_module
File "", line 241, in _call_with_frames_removed
File "/usr/local/lib/python3.10/dist-packages/numap/dev/keyboard.py", line 9, in
from numap.core.usb_device import USBDevice
File "/usr/local/lib/python3.10/dist-packages/numap/core/usb_device.py", line 13, in
from facedancer.USBDevice import USBDevice as BaseUSBDevice
ModuleNotFoundError: No module named 'facedancer.USBDevice'

I even used umapkit to install umap, umap2 and numap together, trying all three hoping one of them would support the GreatFET and none of them seem to do it.

[bakeromso]

I let it go and put my hope in the Cynthion hardware to be honest

[dhingos]

So it seems at least this error is due to me somehow installing facedancer 3.0 over my 2.9 installation. Back to the 2.9, this error goes away, but there are still issues. I will keep at it and see what I figure out and I will post results here.

[dhingos]

Ok so it looks like I have some progress, scanning for device support seems to work somewhat, so I tried the keyboard fuzzing example from the docs. When I run numap-kitty, I get the following:

numap-kitty -s keyboard.stages

Traceback (most recent call last):
File "/usr/local/bin/numap-kitty", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/numap/fuzz/fuzz_engine.py", line 179, in main
fuzzer = get_fuzzer(options)
File "/usr/local/lib/python3.10/dist-packages/numap/fuzz/fuzz_engine.py", line 172, in get_fuzzer
fuzzer.set_model(model)
File "/home/dhingos/.local/lib/python3.10/site-packages/kitty/fuzzers/base.py", line 256, in set_model
self.handle_stage_changed(model)
File "/home/dhingos/.local/lib/python3.10/site-packages/kitty/fuzzers/base.py", line 404, in handle_stage_changed
stages = model.get_stages()
File "/home/dhingos/.local/lib/python3.10/site-packages/kitty/model/high_level/graph.py", line 223, in get_stages
sequence = self.get_sequence()
File "/home/dhingos/.local/lib/python3.10/site-packages/kitty/model/high_level/base.py", line 154, in get_sequence
self._get_ready()
File "/home/dhingos/.local/lib/python3.10/site-packages/kitty/model/high_level/graph.py", line 101, in _get_ready
assert len(self._sequences)
AssertionError

[ikarus23]

Hi. Same issues here. I tried different versions of the facedancer software. Version 3.0 results in ModuleNotFoundError: No module named 'facedancer.USBDevice' and older 2.9 version (even ~4 years back) do not work either. Then the errors are more in the ballpark of

• AttributeError: 'NoneType' object has no attribute 'interfaces' (it seams like the configuration of the device was never set and is still None. Shouldn't there be a default configuration? Is is always configuration 0?
• 'USBKeyboardInterface' object has no attribute 'device_class'
• ...

@dhingos What do you mean by

Ok so it looks like I have some progress, scanning for device support seems to work somewhat

What did you do? What works?

[ikarus23]

Oh, and @bakeromso: as far as I know Cynthion is not compatible with nu-map. I have one here and can not make it work. Not sure if @mossmann and his team at https://github.com/greatscottgadgets will adopt this project too. It would be great to have a "modern" open source USB fuzzer with support for current hardware like Greatfet One and Cynthion.

[bakeromso]

@ikarus23 thanks for bringing that to my attention. That's a shame, hopefully it will come in the future.

[dhingos]

What did you do? What works?

when I run: numap-scan -P=fd:/dev/greatfet-one1-6 it starts scanning for USB devices, so it seems to me at least it accepts the command and is trying to perform tests but it just hangs there after "Loading USB device audio".