How can USB vendor ID and product ID values be spoofed on OSX?

Question

We are considering using the vendor and product ID of a USB device (obtained via IOKit) to unlock certain features of an application. I'm aware that these values can be spoofed, but I'm not sure how easily it can be done on OSX. What is involved in spoofing the vendor and product ID? Is it something that a non-programmer can do fairly easily?

Answer 1

A non-programmer cannot do that. What you can do is writing a kernel extension (an IOKit driver) for the device, that has a matching dictionary matching the real vendor-/product-ID of the device, which causes the system to automatically load the kernel extension when this device is connected and pass a reference to the device object. The driver is now responsible for initializing the device and create all necessary user space information that is necessary for the IOKit framework (the user space library) to communicate with the device. Usually Apple has default IOKit drivers for most USB device classes (that's why you don't need an extra driver for every USB mouse or keyboard for example), but if there is a more specific driver found, then this driver will be used instead. And when creating the user space data, of course the driver may lie about the vendor-/product-ID, causing the user space program to see false values. Since IOKit is written in C++ and heavily depends upon objects and object inheritance, it is not even necessary to write the driver from scratch, but instead it can inherit from Apple's default driver and just override some methods and otherwise rely upon the super implementation. However, writing IOKit kernel drivers is not that easy and even people developing Mac software for years may have no idea how to do that and the IOKit documentation is one of the worst ones Apple is offering.

So to answer your question: Is it possible? Yes. Is it fairly easy? No. Can non-programmers do it? Certainly not, unless someone else has written a ready to use extension for them, that they only need to install.

Answer 2

I suspect it would be fairly easy (for a programmer) to create a kext that creates a reasonably realistic IOUSBDevice object in kernel space. However, once done anyone would be able to load it.

It may also be possible to build a codeless kext using AppleUSBMergeNub to masquerade a device as another (though I haven't tested this, it looks like it might work, assuming you only try to match the IOUSBDevice without actually using it).

It would probably be easier to just hijack your API calls in userspace and give your software the answers it expects.

Answer 3

It's actually rather EASY, and I'm definitely not a programmer!

Found the guide here http://rolande.wordpress.com/2012/10/25/getting-the-aten-usb-serial-adapter-working-with-mac-osx-lion

Thanks, Rolande!

I was able to change the IDs of a USB Ethernet adaptor I bought on eBay to use another driver with Mac OS X 10.8.

Answer 4

Since nobody has answered so far, I've stumbled across a page which basically says that you can get an Arduino and program it to return any VID/PID/serial that you want. I still can't find any software-only way to do this.

Answer 5

I can create A OCX in Delphi code to do that And supply infomation to send/receive data to the USB with other states like:- is it still connected.

Natraly I need a little more detail than that in case that same chip is connected from another product. example frendly name, device desription.............