16.6 Bus sniffers

Build radare with --with-usb-sniffer flag to get the libusbsniff.so library. Note that you need libusb-dev to get this.

The libusbsniff and libfdsniff libraries are used to capture and pretty print the data transfered via libUSB or a desired file descriptor:

$ LD_PRELOAD=/usr/lib/libusbsniff.so ./my-usb-program

or

$ FDSNIFF=3 LD_PRELOAD=/usr/lib/libfdsniff.so ./my-program

The FDSNIFF environment variable is handled by libfdsniff and allows you to choose the filedescriptor you want to analize.

These libraries dumps the captured data to stderr, so you'll probably find useful to pipe stdout and stderr to a file and get a complete dump file.

$ LD_PRELOAD=/usr/lib/libusbsniff.so ./my-usb-program 2>&1 | tee my-usb-log