Version Tomorrow is the first day of the rest of your life

lecture: FaceDancer 2.0

easy USB hacking, sniffing, and spoofing

Event large

USB connectivity has become ubiquitous. The sheer variety of usb-connected devices— ranging from computers and game consoles to resource-constrained embedded systems— has resulted in a wide variety of vendor-specific protocols and custom USB software stacks.

Being able to fuzz, monitor, mitm, or emulate USB can often be a foot in the door for working with black box systems; whether your goal is to build tools that work with existing hardware and software, find vendor interfaces or vulnerabilities to execute custom code, or to play NSA.

We introduce FaceDancer 2.0, with more supported hardware, higher speeds, and advanced capabilities for monitoring and mitming USB connections.


Travis Goodspeed [et al.] changed the USB hacking landscape with the introduction of the original FaceDancer, an inexpensive, python-controlled device capable of emulating low and full speed USB devices and providing a platform for low-level fuzzing of USB hosts.

While the FaceDancer provided the community with revolutionary USB capabilities, it had restrictions which do not apply to real world devices, so its ability to emulate them is often limited to the most common device classes.

FaceDancer 2 extends this into a generalized solution for USB hacking, supporting a wide range of both off-the-shelf and purpose-built custom hardware to add features like high-speed (USB 2.0) emulation, passive monitoring, and USBProxy-style MITM'ing.

The sheer variety of devices that use USB mean that there's a huge number of vendor-specific protocols, many of which are supported by proprietary software stacks. We will give live demonstrations of FaceDancer 2 running on the GreatFET platform, and emulating-or-attacking [insert cool piece of hardware here]