Cynthion - An all-in-one tool for USB devices
£115.83 ex VAT
PLEASE NOTE: This is a pre-order, shipping for all Cynthion orders is expected to ship in Summer 202w
Cynthion is an all-in-one tool for building, testing, monitoring, and experimenting with USB devices. Built around a unique FPGA-based architecture, Cynthion's digital hardware can be fully customized to suit the application at hand. As a result, it can act as a no-compromise High-Speed USB protocol analyzer, a USB-hacking multi-tool, or a USB development platform.
Out-of-the-box, Cynthion acts as a USB protocol analyzer capable of capturing and analyzing traffic between a host and any Low-, Full-, or High-Speed ("USB 2.0") USB device. It works seamlessly with our open-source ViewSB software, which translates captured USB traffic into a human-readable format. ViewSB runs on Linux, MacOS, Windows, and FreeBSD.
Combined with the Cynthion software and the FaceDancer libraries, Cynthion becomes a versatile USB-hacking and development tool. FaceDancer makes it quick and easy to create or tamper with real USB devices—not just emulations—even if you don’t have experience with digital-hardware design, HDL, or FPGA architecture!
Cynthion is a fully reconfigurable test instrument that provides all the hardware, gateware, firmware, and software you will need to work with—and, indeed, to master—USB. Below are a few of the challenges to which you’ll be able to apply your Cynthion:
- Protocol analysis for Low-, Full-, and High- speed USB. Cynthion provides everything you need for passive USB monitoring. Add the ViewSB analysis software, and you have a full-featured USB analyzer capable of passively capturing both USB traffic and up to 16 related digital signals.
- Creating your own Low-, Full-, or High- speed USB device. Cynthion provides nMigen gateware that allows you to create USB devices in gateware, firmware, or a combination of the two. Using the FaceDancer library, you can create or emulate real USB devices in high-level Python.
- Meddler-in-the-Middle (MitM) attacks on USB communication. Cynthion hardware can function as a "USB proxy" capable of transparently modifying USB data as it flows between a host and a device. Each board's three USB Type-C connections allow for simultaneous, high-speed proxying while maintaining a high-speed connection to the host. As a result, you can proxy a connection with or without the help of a host PC.
- USB reverse engineering and security research. Cynthion hardware and gateware represent a purpose-built backend for research tools like FaceDancer and USB-fuzzing libraries, thereby simplifying the emulation and rapid prototyping of compliant and non-compliant USB devices. Unlike other USB-emulation solutions, Cynthion-based hardware is dynamically reconfigurable, so it gives you the flexibility to create any endpoint configuration and engage in almost any USB (mis)behavior.
- A Lattice Semiconductor LFE5U-12F ECP5 FPGA supported by the
yosys+nextpnropen-source FPGA flow
- Three High-Speed USB interfaces, each connected to a USB3343 PHY capable of operating at up to 480 Mbps.
- Two USB Type-C connectors for device-mode communication (left side)
- One USB Type-C connector for host-mode communication, device-mode communication, or USB analysis (right-side)
- One USB Type-A connector for host-mode communication or USB analysis (right-side, shared with Type-C connector)
- A Microchip SAMD11 debug controller allows user configuration of the FPGA and provides a number of diagnostic interfaces:
- A complete, user-programmable JTAG controller capable of configuring the FPGA and communicating via JTAG with user designs
- A built-in USB-to-serial communications bridge for FPGA debug I/O
- A variety of simple, built-in debug mechanisms, including utilities that allow you to create simple, PC-accessible register interfaces
- Three USB power switches allow you to control power to and from the right-side USB connectors, thereby facilitating controlled power cycling of USB-powered devices under analysis.
- 64 Mbit (8 MiB) RAM for buffering USB traffic or for user applications
- Two unpopulated User I/O SMA connector footprints intended for Trigger In / Trigger Out use or for multi-device clock/data synchronization
- Two unpopulated Pmod I/O connectors presenting 16 high-speed FPGA user IOs that support user FPGA applications and allow logic-level data to be captured during USB analysis
- 32 Mbit (4 MiB) SPI-connected flash for PC-less FPGA configuration
- Six FPGA-connected user LEDs and five microcontroller-managed status LEDs
The Cynthion project—including its hardware, gateware, firmware, and software—has been developed and enhanced in the open on GitHub. You can view its annotated hardware designs on GitHub, and its developer documentation on ReadTheDocs.
- User documentation will be made available as the campaign progresses.
- USB training materials are available at https://www.usbc.tf; additional materials will be released in cooperation with OpenSecurityTraining.info in the near future.
- Board schematics: https://github.com/greatscottgadgets/luna/releases/tag/hw-r0.4
- Design files: https://github.com/greatscottgadgets/luna/tree/main/hardware/rev0
- Cynthion Gateware: https://github.com/greatscottgadgets/luna
- Debugger Firmware: https://github.com/greatscottgadgets/apollo