[OWASP-Security101] uniquely identifing USB device

Dave Hylands dhylands at mozilla.com
Wed Apr 11 06:50:15 UTC 2012

Hi Erki,

> I need to identify a usb stick uniquely and I have been trying to
> find out weather using just hardwareID is enough?
> I have heard of a driver that lets you emulate an usb device and set
> that ID, but quick googleing didn’t give any results. Does anybody
> know of something like that? Is it possible to (for someone with
> mediocre hacking skills) to manipulate with these values? Is there a
> better way to uniquely identify that device?

So here's a page that uses a readily available HW device to spoof VID and PID, and presumably with some minor changes you could spoof any of the other fields as well.

USB devices are supposed to have unique serial numbers, but not every device has a unique VID/PID/serial (i.e.not all manufacturers actually follow this, and you wind up with devices that are not unique.

Also, devices for allowing say an SD card to be used in a USB slot won't necessarily present a unique serial number for different MMC cards.

What are you trying to do?

Dave Hylands

More information about the Security101 mailing list