Security Audit Kit in a Mouse - Hack a Day

Security Audit Kit in a Mouse

posted Jan 29th 2011 7:00am by James Munns
filed under: linux hacks

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

Parts:

Targus USB 2.0 4-Port Bend-a-Hub (Stripped and re-soldered)
Belkin USB 10′ Extension Cord (with the extension USB in place to make it easy for me to change cable lengths)
IOGEAR Atheros Wireless B/G Injectable Cracking Adapter
Corsair Voyager Mini 16 GB Thumb Drive
Logitech MX310 Wired Optical Mouse

Comments [23]

tagged: cracking, hack, hacking, mouse, security, usb, wireless

23 Responses to Security Audit Kit in a Mouse

Gray says:

January 29, 2011 at 7:02 am

Cute!

Reply Report comment

M4CGYV3R says:

January 29, 2011 at 7:44 am

That is an awesome idea. I just found about 4 USB hubs and about 6 mice I wasn’t using as I packed to move. When I get back home I might just have to build one of these.

Anyone got a link on the Atheros WiFi bit? Haven’t been able to find one that wasn’t g-only or n-only.

Reply Report comment

Jake says:

January 29, 2011 at 8:17 am

Bah, I have a 16GB microSD slot hidden inside a USB mouse. The SD card is connected to a USB hub chip that is only activated when you do the correct sequence of mouse clicks (uses a small PIC). This is better because noone even knows its there until you activate it :D

Reply Report comment

madwelder says:

January 29, 2011 at 9:57 am

I’ve seen drives installed in mice for inconspicuous data theft but this takes the utility of the concept to the next level.

Keep being awesome.

Reply Report comment

Jerome Demers says:

January 29, 2011 at 10:14 am

I like that idea a lot! Very clever!

@Jake the top secret sequence to activate your SD card is also very James Bond, I like it!

Reply Report comment

ups says:

January 29, 2011 at 12:15 pm

What in hell is a “IOGEAR Atheros Wireless B/G Injectable Cracking Adapter”

@Jake An instructable is welcome.

Reply Report comment

ceaserone says:

January 29, 2011 at 12:33 pm

Suuurrrrree a “White hat” audit

Reply Report comment

San Diego Search Engine Optimization says:

January 29, 2011 at 3:48 pm

Typo Police:

Aircrack-ng, which can invaluable in a security audit

^be

Reply Report comment

YaBa says:

January 29, 2011 at 3:49 pm

@ups:
It’s this, without the gay/fancy/l33t name:
http://www.wireless-driver.com/wp-content/uploads/2009/11/IOGEAR_GWU523.jpg
LOL…

Reply Report comment

ferdinand says:

January 29, 2011 at 4:17 pm

thats smart idee
but i wand to see so photo,s from the inside

Reply Report comment

EverestX says:

January 29, 2011 at 4:19 pm

This is almost identical to my Uber Keyboard project over in the SoldierX forums.

http://www.soldierx.com/bbs/My-Crashcart-Uber-Keyboard

The thread hasn’t been updated in a while, but the keyboard is working :)

Reply Report comment

strider_mt2k says:

January 29, 2011 at 5:53 pm

Seriously, where’s the beef?

Reply Report comment

zeropointmodule says:

January 29, 2011 at 6:20 pm

@Jake, nice idea!

I came up with something similar a while back, but in my case it used a magnetic sensor as the trigger.
The original plan was to multibank an SD card so it could be set as “1 of 4″ or “3 of 4″ etc with a simple magnet wave past the device.

Would also work for making a super pendrive with several different internal drives and LiveCDs etc on each.

Reply Report comment

StenoPlasma says:

January 29, 2011 at 7:46 pm

Hey everyone. Sorry for the lack of pictures. Here is a picture of the inside of the mouse.

https://www.exploitdevelopment.com/Articles/mouseinside.jpg

Reply Report comment

Frogz says:

January 29, 2011 at 9:09 pm

jake: DIE DIE DIE IM GOING TO WIN!!! WOOHOO!!! IM GONNA BE THE HALFLIFE TOURNEY VICTOR!! DIE DIE….w……WHAT THE HELL, MY PORN COLLECTION!!!

Reply Report comment

Shadyman says:

January 29, 2011 at 9:24 pm

I’m guessing that one’s going to be chalked up to ‘checked baggage only’. And even then..

Reply Report comment

John Avitable says:

January 30, 2011 at 8:04 am

The only thing that I’d have to suggest is that he puts a longer USB cable on it so that it doesn’t need an extension cable on it, because that looks uber suspicious.

Reply Report comment

Jake says:

January 30, 2011 at 9:33 am

@ups
Instructions not necessary, it’s really simple:
1 – Get a 2+ port USB hub on a chip from your favorite supplier, connect the incoming USB connection to the chip, as well as to your SD USB adapter and the mouse’s PCB
2 – Sample a really simple microcontroller
3 – Wire the micro to the buttons of your choice
4 – Wire the micro to the chip enable line of the SD reader’s control IC

So, when you enter the correct combination, the SD reader IC is enabled and appears on the USB bus. Up to that point, the only things you’ll see w/the mouse connected is an additional USB hub, and the mouse. Mine is in a logitech G5 and it works well. There was plenty of space in that mouse to fit everything in there. I used one of the side buttons to turn it back off. I think it would be sweet to be able for it to automatically disconnect when you eject it in windows, but I never took it that far.

@Frogz
I think you have me confused with someone else? The last time I played Half Life was about 10 years ago.

Reply Report comment

Michael Chen says:

January 30, 2011 at 10:32 pm

To most secret button combo sd reader

That has a great fault:
Live usb requires the usb to be connected at startup. That would require you to press the combo really fast, as some motherboards only check for the presence of the device when opening the menu to seleck boot source at startup.

You would either need to input the combo fast when starting up, or have a separate battery for the microcontroller.

Reply Report comment

M4CGYV3R says:

January 31, 2011 at 7:34 am

Well, after seeing how cramped it would be and looking inside some of my hubs I think I’m going to opt for the hacker’s toolkit KEYBOARD as I have much more room in there.

Reply Report comment

walt says:

January 31, 2011 at 8:48 am

cool, but that short little USB cable is retarded. why did he do that?

Reply Report comment

StenoPlasma says:

January 31, 2011 at 9:08 am

Walt,

I left the extension USB in place to make it easy for me to change cable lengths as needed. Anyone that wants to put this together can just replace the male extender out with a straight through.

StenoPlasma

Reply Report comment

Jake says:

January 31, 2011 at 1:38 pm

@Michael Chen

I think you misunderstood, the point of my project was simply to have hidden storage inside of a mouse… I am sure I could click my combo fast enough, though ;)

Reply Report comment

Leave a Reply

Hack a Day serves up fresh hacks each day, every day from around the web as well as hacking related news.

Send us your hacks

Hacks

Resources

Most commented on (30 days)

Recent comments

PJ Allen: There's no net emissions reduction,
dmcbeing: This might be intentional,just to
Eventhorizon: Good talk.
fartface: The problem is the batteries.
Eventhorizon: LOL if ever there's going
fartface: My favorite.... I also felt I
jakdedert: 20 miles does seem a
Per Jensen: He should learn to solder.
Jeff: probably used an ardunio. Looks like
Reggie: I Could care less about