Introducing Baudpunk: Hacking Softmodems and USB, the Curious Way đ
When you think of classic hacking imageryâdial tones, terminal prompts, the chirp of modems connectingâthereâs a certain retro-tech romance that lingers. But beneath that nostalgia lies deep technical complexity, especially when it comes to the weird and wonderful world of USB.
I'm a cybersecurity consultant and researcher. A lot of my work involves peeling back the layers of how hardware and software interactâespecially in safety- and security-critical systems. But one interface Iâve always wanted to master is USB. Itâs everywhere, and deceptively messy under the hood.
So I started baudpunk.
đ§ What is baudpunk?
At its core, baudpunk is a personal deep dive into how modems (modulator/demodulators) and USB audio/networking devices actually work.
It targets the ESP32-S3 microcontroller, using its USB OTG features alongside the TinyUSB stack to create a modern reinterpretation of a dial-up-style softmodemâcommunicating over audio and USB.
But baudpunk isnât just an experiment. Itâs the foundation for a learning platformâsomething I hope others can use to understand:
- How USB devices enumerate and negotiate
- What a software-based modem looks like in 2025
- How USB Audio and CDC-NCM interfaces behave in practice
- What modern embedded systems can teach us about security posture
đĄ Why softmodems?
Softmodems are a beautiful junction of signal processing, protocol design, and hardware interaction. They demand layered thinkingâhow bits become frames, how frames form protocols, and how software interprets it all. That kind of reasoning is at the heart of good security engineering.
Theyâre also practical: softmodems simulate âedgeâ network interfaces, which makes them useful for studying attack surfaces, fuzzing, and embedded security controls.
đ Why USB?
Because itâs complicated. Really complicated.
USB seems simpleâplug and playâbut itâs a layered protocol stack full of nuance. Descriptor parsing, endpoint configuration, isochronous transfers, composite devicesâitâs a jungle in there.
And if youâre reverse engineering firmware, analyzing exploits, or building custom tooling, knowing how USB behaves on the wire is power.
baudpunk is a constrained, tangible way to explore that power.
đ ď¸ What can you do with baudpunk?
Right now, the project supports:
- đ§ USB Audio Class 1: Mono microphone + mono speaker over USB
- đ CDC-NCM: Network Control Model (Ethernet over USB, composite device)
- đ Audio loopback test mode: Debug USB audio streaming + roundtrip latency
- 𧪠Experimental modem signal processing: Encoding/decoding data through audio
Check out the code here:
đ github.com/beLizzard1/baudpunk
đ§ Whatâs next?
Beyond tech exploration, baudpunk is also about teaching, testing, and tinkering. Iâm using it to:
- đ Explain signal encoding: Turning bits into audio and back again
- đłď¸ Explore covert channels: Using speakers/mics for esoteric data exfil
- đ Study USB stack behavior: Enumeration, streaming, and edge cases
Iâm also thinking hard about how to use this to train the next generation of specialistsâbecause modulation, encoding, and USB internals remain underexplored even among experts (myself included!).
