Program your own mayhem-causing USB dongle

[Adrian Crenshaw] is up to no good with this programmable USB device. [Adrian's] creation identifies itself as a USB keyboard and can be programmed to do whatever you want. That’s because it’s based around the Teensy board which sports an ATmega32 that will cost you only $18. He’s added a set of DIP switches for easy in-field changes to the firmware. There’s also a light sensor that can be used to activate a command once an unknowing victim has shut off the lights in the office and left for the day. Check out his talk after the break to see his proposed uses for such a device.

Comments

  1. Jeff says:

    I’m eager to see a video of this being used on someone

  2. janin says:

    Funny that he worries the name of his dongle might infringe some copyrights while suggesting uses for it that are completely illegal and harshly punished in most countries ^^

  3. supershwa says:

    Oooooooh. A toy for the malicious and criminally intent hackers. I think I’ll leave this alone since I’m prosecutable as an adult as of about 13 years ago. ;P

  4. Skitchin says:

    Interesting concept, though the full set of capabilities are not exactly clear. From watching the demonstration, it seems the device is just sending basic input events such as keystrokes and clicks. I guess any advanced functionality would require custom drivers.

    A device like this could open up automated attack vectors on setups where there is a USB port exposed, but no keyboard(kiosk?).

  5. Hiroe says:

    @Skitchin

    Have you seen the open pico firewall? Costs 50$ and is going to be much better for that kind of thing then this. makes a great parasite if you need to watch a network for something (the SoHo that is, the pico only currently works on windows hosts)

  6. chango says:

    @skitchin For fun, hook an embedded GSM modem to a serial port on the AVR & add a USB comm endpoint. A little fake keyboard input and you’ve configured a network path for machines that are well-firewalled.

  7. nightcarnage says:

    Pretty Awesome Irongeek! AVISYNTH FTW!

  8. DeFex says:

    Ill stick to the BSOD screen saver thanks.

  9. zacdee316 says:

    That name suits it too because your PHUKD if you get caught.

  10. M4CGYV3R says:

    Why do people use crappy video players like that? No full-screen? No link? How is that even useful? I sure as hell can’t read the fine print when it’s in small embedded size.

  11. Paul Potter says:

    Very very cool.

  12. frisky says:

    Wow why dont you build usb rocket launcher. This is just one more toy for kids and his talking about pentesting lolz.
    “completely illegal and harshly punished”

    You’re a completely retard and will be punished by life.

  13. AlmostThere says:

    Hack-A-Day;

    Not cool! Do not encourage irresponsible hacking.

  14. vash says:

    Security testing is what this is for AlmostThere. Seriously get your stuff together.

  15. cde says:

    This is Iron Geek we are talking about. Nerd God of Computer Security. The bridge between the corporate and hobby worlds.

    This is encouraging Irresponsibility like Strippers encourage advanced quantum physics.

  16. Robert says:

    omg, this would be amazing for us!

    I like how everyone is getting all bent out of shape. With anything in life, there is usually a bad use for it. Think of the good uses, I can already think of quite a few, and even more if I can increase the memory even more.

  17. anaokulu says:

    Wowww thank you for information

  18. Edward says:

    I have actually considered using such a device as an app launcher for computers I service. Speed is important and removing the clicks to get an app launcher to run off a USB drive could be good.

    Run things like devmgmt.msc, msconfig, and perhaps even some basic scripts.

    Also spam various buttons on boot to automatically get into bios setup or boot menu without waiting or trying different buttons.

    Or, is there a way to make a USB drive auto run when plugged in without any other user input.

    While this would be a small asset it would be a fun first electronics project.

  19. follower says:

    If you’re interested in doing this sort of thing with a standard Arduino you can build a shield with a handful of parts and use a shield and library I designed, more details here: http://code.rancidbacon.com/ProjectLogArduinoUSB

    The library wraps the software USB implementation known as V-USB (ex AVR-USB) and provides an Arduino-esque interface to it. For example sending a keystroke can be as simple as:

    UsbKeyboard.sendKeyStroke(KEY_ENTER);

    There’s some slides for a talk I did on using the Arduino in security research available here:

    http://code.rancidbacon.com/Kiwicon09

    It includes examples of doing USB fuzzing which found a NULL pointer dereference in a kernel module.

  20. follower says:

    Oh, also, this link to the original video might provide you with a better interface:

  21. borgar says:

    well, it has no ftdi chip, but does anyone know if the teeny needs any drivers?

    would be kinda useless if you need to install driver first so i guess not.

    yet you never know

  22. strider_mt2k says:

    Oh noes!
    It’ll back feed into the MAINS!!!

  23. strider_mt2k says:

    -AND KILLA GUY!

  24. matze says:

    why is he using mini-usb? it increases the size, because you need an adapter..

  25. Brian Aday says:

    It would make a great tool to preconfigure a machine for your own use. Download the appropriate software and files from a web server and set it all up like you like it. But I must admit it would really shines as a tool for mischief.

  26. rob says:

    worst presentation ever.

    @M4CGYV3R: it’s a link to a mp4, just download it.

  27. Ryan says:

    @borgar: it identifies as a hid device, so pretty much any newish os will work without additional drivers

    @matze: the teensy comes with mini usb, he could probably have soldered on a regular usb with some effort

  28. PocketBrain says:

    I’m having a hard time wrapping my brain around that accent. Where is he from? P.S. already had an idea to make a USB dongle to repeatedly click LMB for those lame online games to which I am hopelessly addicted. Should be simple enough, but then soldering a 555 to an older USB mouse would do the trick as well.

  29. walt says:

    “he could probably have soldered on a regular usb with some effort”

    was thinking the same thing

  30. parsec says:

    Some clever ideas here and pretty lethal potential, tho imagine plugging it in by mistake ^^

    How about building a similar device into a regular usb keyboard? Then the gadget will be picked up as a keyboard and could operate normally until a certain time or key combination or something. It would also be logging keystrokes because all key codes would be sent by it then it could run software to send captured info onto a “trusted” website at a particular time where the user could fetch it. pretty powerful a hardware keylogger that does input and output.

    Another idea is a secure message delivery system. It would only save a message onto the PC if certain identification is found such as reg keys etc.

  31. dheeraj says:

    i want more info about quadcopter like the circuit and other neccessary info to built it up
    kindly please do send me that

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,979 other followers