From 9cc4ae694bab02694511c588bd4e68743accf0ed Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 16 Jul 2015 12:34:08 -0300
Subject: Fixes BadUSB mitigation

---
 usb-disable | 24 +++++++++++++++++++++---
 usb-enable  | 18 +-----------------
 usb-status  | 18 +-----------------
 3 files changed, 23 insertions(+), 37 deletions(-)
 mode change 100755 => 120000 usb-enable
 mode change 100755 => 120000 usb-status

diff --git a/usb-disable b/usb-disable
index cc4525e..5268256 100755
--- a/usb-disable
+++ b/usb-disable
@@ -2,16 +2,34 @@
 #
 # USB hotplug switcher.
 # See https://links.sarava.org/tags/badusb
+#     https://www.kernel.org/doc/Documentation/usb/authorization.txt
 #
 
 # Parameters
 BASENAME="`basename $0`"
 
+# Set hotplug state
+function usb_set_state {
+  echo "Applying at /sys/module/usbcore/parameters/authorized_default..."
+  sudo su -c "echo $1 > /sys/module/usbcore/parameters/authorized_default"
+
+  for bus in /sys/bus/usb/devices/usb*; do
+    echo "Applying at ${bus}/authorized_default..."
+    sudo su -c "echo $1 > ${bus}/authorized_default"
+  done
+}
+
 # Dispatch
 if [ "$BASENAME" == 'usb-enable' ]; then
-  sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default"
+  usb_set_state 1
 elif [ "$BASENAME" == 'usb-disable' ]; then
-  sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default"
+  usb_set_state 0
 elif [ "$BASENAME" == 'usb-status' ]; then
-  cat /sys/module/usbcore/parameters/authorized_default
+  status="`cat /sys/module/usbcore/parameters/authorized_default`"
+
+  if [ "$status" == "0" ]; then
+    echo "Hotplug disabled."
+  elif [ "$status" == "1" ]; then
+    echo "Hotplug enabled."
+  fi
 fi
diff --git a/usb-enable b/usb-enable
deleted file mode 100755
index cc4525e..0000000
--- a/usb-enable
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-#
-# USB hotplug switcher.
-# See https://links.sarava.org/tags/badusb
-#
-
-# Parameters
-BASENAME="`basename $0`"
-
-# Dispatch
-if [ "$BASENAME" == 'usb-enable' ]; then
-  sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default"
-elif [ "$BASENAME" == 'usb-disable' ]; then
-  sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default"
-elif [ "$BASENAME" == 'usb-status' ]; then
-  cat /sys/module/usbcore/parameters/authorized_default
-fi
diff --git a/usb-enable b/usb-enable
new file mode 120000
index 0000000..f54f446
--- /dev/null
+++ b/usb-enable
@@ -0,0 +1 @@
+usb-disable
\ No newline at end of file
diff --git a/usb-status b/usb-status
deleted file mode 100755
index cc4525e..0000000
--- a/usb-status
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-#
-# USB hotplug switcher.
-# See https://links.sarava.org/tags/badusb
-#
-
-# Parameters
-BASENAME="`basename $0`"
-
-# Dispatch
-if [ "$BASENAME" == 'usb-enable' ]; then
-  sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default"
-elif [ "$BASENAME" == 'usb-disable' ]; then
-  sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default"
-elif [ "$BASENAME" == 'usb-status' ]; then
-  cat /sys/module/usbcore/parameters/authorized_default
-fi
diff --git a/usb-status b/usb-status
new file mode 120000
index 0000000..f54f446
--- /dev/null
+++ b/usb-status
@@ -0,0 +1 @@
+usb-disable
\ No newline at end of file
-- 
cgit v1.2.3