BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.coscup.org//coscup-2026//speaker//ZAGJW7
BEGIN:VTIMEZONE
TZID:CST
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1
TZNAME:CST
TZOFFSETFROM:+0800
TZOFFSETTO:+0800
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-coscup-2026-RAFMPA@pretalx.coscup.org
DTSTART;TZID=CST:20260808T141000
DTEND;TZID=CST:20260808T144000
DESCRIPTION:The USB protocol is everywhere: keyboards\, webcams\, storage d
 evices\, embedded hardware\ntest fixtures. Yet most developers treat it as
  a black box. What if you could sit\n*transparently* between a USB host an
 d device\, observe every packet\, and selectively\nmodify\, drop\, or inje
 ct traffic using nothing but open-source software running on a\nRaspberry 
 Pi?\n\nThis talk walks through the design and implementation of\n[usb-prox
 y](https://github.com/AristoChen/usb-proxy)\, an open-source USB\nman-in-t
 he-middle proxy built on the Linux kernel's `raw-gadget` driver and `libus
 b`.\n\n## What is usb-proxy?\n\n`usb-proxy` positions a Linux machine with
  a USB OTG port between a real USB device and\nits host. The host sees a s
 ynthetic device reconstructed in real time via `raw-gadget`\,\nwhile the r
 eal device is accessed through `libusb` on the other side. All traffic flo
 ws\nthrough the proxy\, where it can be logged\, modified\, or dropped usi
 ng JSON-based rules.\n\n## The Injection Rule Engine\n\n`injection.json` d
 efines per-endpoint rules for control\, interrupt\, and bulk transfers.\nE
 ach rule can modify\, ignore\, or stall a matched packet. Three levels of 
 transform are\nsupported and can be combined within a single rule\, in ord
 er of increasing flexibility:\n\n- **Pattern replacement**: matches fixed 
 hex byte sequences and substitutes them.\n  Ideal for simple\, fixed subst
 itutions such as swapping mouse button bytes.\n- **Declarative operations*
 *: applies arithmetic transforms in order on byte offsets\,\n  such as neg
 ating a movement axis or scaling cursor speed\, without any scripting.\n- 
 **Lua scripting**: for logic that cannot be expressed declaratively\, a ru
 le can point\n  to a Lua script. Each script maintains its own state acros
 s packets\, enabling\n  conditionals\, loops\, and stateful transforms lik
 e dead zones or speed caps.\n\n## What Will Be Coverd\n\n- How the Linux U
 SB stack is layered: UDC driver\, gadget framework\, and userspace\n- How 
 `raw-gadget` and `libusb` work together to build a transparent C++ proxy\n
 - The injection rule engine in action with a live demo\n\n## Talk Outline\
 n\n| Section | Time |\n|---|---|\n| USB protocol and motivation | 5 min |\
 n| raw-gadget + libusb architecture deep-dive | 10 min |\n| Injection rule
  engine: live demo on how to modify and inject USB packets | 10 min |\n| Q
 A | 5 min |\n\n**Source**: https://github.com/AristoChen/usb-proxy (Apache
 -2.0 license)
DTSTAMP:20260713T132624Z
LOCATION:TR213
SUMMARY:USB MITM: Building a Transparent USB Proxy with raw-gadget and libu
 sb - Aristo Chen
URL:https://pretalx.coscup.org/coscup-2026/talk/RAFMPA/
END:VEVENT
END:VCALENDAR
