MalDuino is an Arduino-powered USB device which emulates a keyboard and has keystroke injection capabilities. It’s still in crowdfunding stage, but has already been fully backed, so we anticipate full production soon. In essence, it implements BadUSB attacks much like the widely known, having appeared on Mr. Robot, USB Rubber Ducky.
It’s like an advanced version of HID tricks to drop malicious files which we previously reported. Once plugged in, MalDuino acts as a keyboard, executing previous configured key sequences at very fast speeds. This is mostly used by IT security professionals to hack into local computers, just by plugging in the unsuspicious USB ‘Pen’.
[Seytonic], the maker of MalDuino, says its objective is it to be a cheaper, fully open source alternative with the big advantage that it can be programmed straight from the Arduino IDE. It’s based on ATmega32u4 like the Arduino Leonardo and will come in two flavors, Lite and Elite. The Lite is quite small and it will fit into almost any generic USB case. There is a single switch used to enable/disable the device for programming.
The Elite version is where it gets exciting. In addition to the MicroSD slot that will be used to store scripts, there is an onboard set of dip switches that can be used to select the script to run. Since the whole platform is open sourced and based on Arduino, the MicroSD slot and dip switches are entirely modular, nothing is hardcoded, you can use them for whatever you want. The most skilled wielders of BadUSB attacks have shown feats like setting up a fake wired network connection that allows all web traffic to be siphoned off to an outside server. This should be possible with the microcontroller used here although not native to the MalDuino’s default firmware.
For most users, typical feature hacks might include repurposing the dip switches to modify the settings for a particular script. Instead of storing just scripts on the MicroSD card you could store word lists on it for use in password cracking. It will be interesting to see what people will come up with and the scripts they create since there is a lot of space to tinker and enhanced it. That’s the greatness of open source.
Continue reading “MalDuino — Open Source BadUSB”
There was a time when building something yourself probably meant it didn’t look very much like a commercial product. That’s not always a bad thing. We’ve seen many custom builds that are nearly works of art. We’ve also seen plenty of builds that are–ahem–let’s say were “hacker chic”.
[AlexanderBrevig] decided to take on a project using a PSoC development board he picked up. In particular, he wanted to build a custom game keypad. He prototyped a number of switches with the board and got the firmware working so that the device looks like a USB HID keyboard.
Continue reading “Custom Gaming Keypad Developed with PSoC and Fusion 360”
The Microsoft Surface is an awesome Tablet PC, but it has one problem: there is just one USB port on it. There is an additional port, though: a connector for the Surface Touch Keyboard connector. That’s what [Edward Shin] is looking into, with the long-term intention of creating an adapter that allows him to connect a Thinkpad keyboard to this proprietary connector. His initial work identified the connector as using Microsoft’s own HID over I2C protocol, which sends the standard USB HID protocol over an I2C connection. So far so good, but it seems to get a little odd after that, with a serial connection running at nearly 1 Mbps and sending 9 bits per transfer with 1 stop bit. Presumably this is because Microsoft had planned to release other devices that used this connector, but this hasn’t panned out so far.
Anybody want to help him out? He has posted some captured data from the connection for analysis, and is looking for assistance. We hope he manages to build his converter: a Microsoft Surface with a decent keyboard and an open USB port would be a great portable setup. Bonus: for those teardown fans among you, he has done a great teardown of a Touch Cover keyboard that reveals some interesting stuff, including a lot of well-labelled test points.
All laptops have a working keyboard and mouse built into them, the only problem is that you can’t use these tools on other computers that don’t have them. At least, until now. [Peter] has created the KeyMouSerial in order to use his laptop’s keyboard and mouse as physical devices on his Raspberry Pi, finally freeing the bonds holding our laptops’ human interface devices back.
The software for KeyMouSerial copies keystroke and mouse information and sends this out via a serial port on his laptop (using a USB to serial adapter). From there the information is translated by an Arduino into HID commands which are sent via USB to the target computer, in this case a Raspberry Pi. It’s a pretty elegant solution to carrying a bulky keyboard and mouse along just for a Raspberry Pi, or for any computer that might not have access to a network and SSH.
[Peter] has also been working on using his iPod as a serial-to-USB converter, so if you’re a Rockbox developer and want to help out then drop him a line. All of the software is available (for Windows, Mac, or Linux) including the Arduino sketch if you want to try this software out for yourself. And, if you don’t want to turn a computer into a keyboard and want to go the other direction and turn a keyboard into a computer, that is also an option.
[Dan Williams] built a belt that holds up your pants while remembering your passwords. This was his project while camped out at the Hackaday Hardware Villiage at the 2015 TC Disrupt Hackathon last weekend.
The idea started with the concept of a dedicated device to carry a complicated password; something that you couldn’t remember yourself and would be difficult to type. [Dan] also decided it would be much better if the device didn’t need its own power source, and if the user interface was dead simple. The answer was a wrist-band made up of a USB cable and a microcontroller with just one button.
To the right you can see the guts of the prototype. He is using a Teensy 2.0 board, which is capable of enumerating as an HID keyboard. The only user input is the button seen at the top. Press it once and it fires off the stored password. Yes, very simple to implement, but programming is just one part of a competition. The rest of his time was spent refining it into what could reasonably be considered a product. He did such a good job of it that he received an Honorable Mention from Hackaday to recognize his execution on the build.
[Dan] came up with the idea to have a pair of mating boards for the Teensy 2.0. One on top hosts the button, the other on the bottom has a USB port which is used as the “clasp” of the belt buckle. One side of the USB cable plugs into the Teensy, the other into this dummy-port. Early testing showed that this was too bulky to work as a bracelet. But [Dan] simply pivoted and turned it into a belt.
[Kenji Larsen] helped [Dan] with the PCB-sandwich. Instead of mounting pin sockets on the extra boards, they heated up the solder joints on a few of the Teensy pins and pushed them through with some pliers. This left a few pins sticking up above the board to which the button add-on board could be soldered.
To finish out the build, [Dan] worked with [Chris Gammell] to model a 2-part case for the electronics. He also came up with a pandering belt buckle which is also a button-cap. It’s 3D printed with the TechCrunch logo slightly recessed. He then filled this recess with blue painter’s tape for a nice contrast.
[Dan] on-stage presentation shows off the high-level of refinement. There’s not a single wire (excluding the USB belt cable) or unfinished part showing! Since he didn’t get much into the guts of the build during the live presentation we made sure to seek him out afterward and record a hardware walk through which is embedded below.
[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.
The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.
[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.
Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.
[Lou]’s entry for the Trinket EDC Contest is a great addition to the ubiquitous digital calipers found on workbenches and eBay resellers the world over. It translates the value displayed on the calipers to a USB HID interface for logging all those tricky measurements at the push of a button.
Most of the digital calipers you’ll find at Harbor Freight or on eBay are pretty much the same. There are two pads on the caliper’s PCB that give any microcontroller the ability to read what is being measured. It’s done with a 24-bit encoding scheme, where each bit is a nearly-BCD measurement in units of 1/1000 of an inch or 1/100 of a millimeter. After decoding the value, [Lou]’s trinket sends a few numbers to a computer over a USB HID interface.
Simply sending a measurement to a computer over USB wasn’t enough for [Lou]. He added three buttons to the project for typing multiple characters. The first button just sends Enter to the computer, the second sends a comma, and the third sends “/2 (Enter)”, exactly what you need to input the radius of something when measuring the diameter.
This was a project for the Trinket EDC Contest that ended a few hours ago. Nobody knows who the winner is, but there are some pretty cool prizes up for grabs including the new Rigol scope, a Fluke 179, and a soldering station.