ArcaneNibble/i-cant-believe-its-not-webusb: Hacking around lack of WebUSB support in Firefox

It turns out that there is a way for a web page to access USB devices without requiring WebUSB and its associated political disagreements! Not only that, a device can intentionally design itself to bypass all of the user consent requirements.

Load u2f-hax.uf2 onto a Raspberry Pi Pico (RP2040 version), and then load index.html from either localhost or another secure context.

The “On!” and “Off!” buttons will toggle the LED, and the state of pin GP22 will be regularly updated on the page (you can conveniently short it to the adjacent GND pad with a piece of wire or metal).

The Pico is programmed to emulate a U2F dongle (i.e. a physical two-factor security key). However, instead of performing any security functions, arbitrary data is smuggled in the “key handle” and signature of U2F_AUTHENTICATE messages. As long as the key handle starts with 0xfeedface, the Pico instantly “confirms” user presence and returns data.

By design, the U2F key handle is an opaque blob of data which is conceptually “owned by” the security dongle. It is supposed to be returned by the dongle as a result of a registration, stored as-is by the relying party, and then given as-is back to the security dongle when authenticating.

One reason this key handle functionality exists is to enable an unlimited number of websites to be associated with a particular low-cost dongle with very limited memory. This hypothetical dongle stores a unique “master” encryption key internally. When a new registration is created, it creates a new public/private key pair, returns the public key, encrypts the private key with the “master” key, and returns the encrypted private key as the key handle. No matter how many registrations are created, the dongle does not have to be responsible for storing the keys associated with them. When the key handle is passed back to the dongle during an authentication, the dongle just unwraps the private key using its master key.

In order to allow for all of these low-cost designs without mandating any particular internal algorithms, the key handle is treated as opaque, and so we can abuse it to smuggle arbitrary data.

In order to return data, we need to somehow smuggle it as an ECDSA signature. An ECDSA signature is a tuple of two numbers $(r, s)$, where each of the numbers is calculated $\mod n$, where $n$ is the order of the elliptic curve base point. This basically means any value from 0 up to 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 (the order of the secp256r1 base point). These numbers are then packed into some ASN.1.

Although it is sometimes possible to tell whether an ECDSA signature was actually calculated “properly” rather than being some numbers we just made up (see Issue #1), there isn’t a good reason for anybody other than the relying party to perform anything beyond basic validity checks. Chrome appears to check whether the numbers in the signature are actually in the range from 0 to $n$, but Firefox doesn’t check even that.

As a result, we can just generate some dummy ASN.1 and then put the data we actually want to send inside of it. In order to reliably get around Chrome’s basic validity checks, we just waste the first byte of each number with the value 0x7f. This will result in numbers which are always positive and less than $n$. The entire software stack up to browser JavaScript will pass these “valid-enough” numbers straight through.

Finally, because “access to USB devices” is politically contentious but “make users more secure” has very broad political support across the entire browser industry, this capability is widely supported without requiring extraneous setup, configuration, nor prompting.

No.

This cannot be used to access arbitrary USB devices. It only works with devices which are intentionally breaking the rules. In essence, this is an intentionally vulnerable device.

However, it is known that the security model around USB devices is generally… questionable on most platforms. Plugging in a malicious USB device allows it to do anything that you yourself can do with devices such as a keyboard or a mouse.

Do not plug arbitrary unknown devices into your computer (or your phone, etc.).

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!