[Dan Williams] built a belt that holds up your pants while remembering your passwords. This was his project while camped out at the Hackaday Hardware Villiage at the 2015 TC Disrupt Hackathon last weekend.
The idea started with the concept of a dedicated device to carry a complicated password; something that you couldn’t remember yourself and would be difficult to type. [Dan] also decided it would be much better if the device didn’t need its own power source, and if the user interface was dead simple. The answer was a wrist-band made up of a USB cable and a microcontroller with just one button.
To the right you can see the guts of the prototype. He is using a Teensy 2.0 board, which is capable of enumerating as an HID keyboard. The only user input is the button seen at the top. Press it once and it fires off the stored password. Yes, very simple to implement, but programming is just one part of a competition. The rest of his time was spent refining it into what could reasonably be considered a product. He did such a good job of it that he received an Honorable Mention from Hackaday to recognize his execution on the build.
[Dan] came up with the idea to have a pair of mating boards for the Teensy 2.0. One on top hosts the button, the other on the bottom has a USB port which is used as the “clasp” of the belt buckle. One side of the USB cable plugs into the Teensy, the other into this dummy-port. Early testing showed that this was too bulky to work as a bracelet. But [Dan] simply pivoted and turned it into a belt.
[Kenji Larsen] helped [Dan] with the PCB-sandwich. Instead of mounting pin sockets on the extra boards, they heated up the solder joints on a few of the Teensy pins and pushed them through with some pliers. This left a few pins sticking up above the board to which the button add-on board could be soldered.
To finish out the build, [Dan] worked with [Chris Gammell] to model a 2-part case for the electronics. He also came up with a pandering belt buckle which is also a button-cap. It’s 3D printed with the TechCrunch logo slightly recessed. He then filled this recess with blue painter’s tape for a nice contrast.
[Dan] on-stage presentation shows off the high-level of refinement. There’s not a single wire (excluding the USB belt cable) or unfinished part showing! Since he didn’t get much into the guts of the build during the live presentation we made sure to seek him out afterward and record a hardware walk through which is embedded below.
Now it’s not uncommon to have a desktop and a laptop at a battlestation with tablets waiting in the wings. Add in a few Raspis, consoles, and various cheap computers, and it’s pretty easy to have an enormous number of machines and monitors on a desk. Traditionally, a KVM switch would be the solution to this, sharing a keyboard, mouse, and monitor with many different boxes, but this is an ugly solution. [frankstripod] has a device that fixes that with some interesting software and a few USB hacks.
[frankstripod] is in love with a program called Synergy this program combines the keyboard, mouse, and display of several computers over a network so you’ll only ever have to use one keyboard and mouse; it’s as simple as dragging your mouse from one computer to the other. There are a few limitations, though: keyboards don’t work until the OS has loaded (no BIOS access, then), it doesn’t work if the network is down, and setup can be complicated. This project aims to replace the ‘server’ part of a Synergy setup with a small, networkable KVM.
Right now the plan is to use a small embedded board running Linux to read a USB keyboard and switch the output between several computers. A few scripts detect the mouse moving from one screen to another, and a microcontroller switches USB output between each computer. If it sounds weird, you’re right, but it does work: [frank]’s 2014 Hackaday Prize project was a mouse that worked with two computers at once.
What started off as a quick prank-hack to re-map a colleague’s keyboard turned into a deep dive in understanding how keyboards work. [ch00f] and his other work place colleagues are in a habit of pulling pranks on each other. When [ch00f]’s buddy, who is an avid gamer and montage parody 1337-sp34k (leet speak) fan, went off on a holiday, [ch00f] set about re-mapping his friend’s keyboard to make it spit out words his friend uses a lot – “SWAG” “YOLO” and “420”. But remapping in software is too simple, his hack is a hardware remapping!
The keyboard in question used mechanical keys mounted on a keyboard sized PCB. Further, it was single sided, with jumper links used in place of front side tracks. This made hacking easier. The plan was to use keys not commonly used – Scroll Lock, Print Screen, and Pause/Break – and get them to print out the words instead. The signal tracks from these three keys were cut away and replaced with outputs from a microcontroller. The original connections were also routed to the microcontroller, and a toggle switch used to select between the remapped and original versions. This was eventually not implemented due to a lack of space to install the toggle switch. [ch00f] decided to just replace the keyboard if his friend complained about the hack. A bit of work on the ATMega PCB and firmware, and he was able to get the selected keys to type out SWAG, YOLO and 420.
And this is where a whole can of worms opened up. [ch00f] delves in to an explanation on the various issues at hand – keyboard scanning/multiplexing, how body-diodes in switching FET’s affected the scanning, ghosting and the use of blocking diodes. Towards the end, he just had the word SWAG activated by pressing the Pause/Break key. But he does get to the bottom of why the keyboard was behaving odd after he had wired in his hack, which makes for some interesting reading. Don’t miss the video of the hack in action after the break.
Continue reading “1337-sp34k Keyboard”
[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.
The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.
[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.
Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.
For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. The latest is a device from [Samy] that is able to log the keystrokes from Microsoft keyboards by sniffing and decrypting the RF signals used in the keyboard’s wireless protocol. Oh, and the entire device is camouflaged as a USB wall wart-style power adapter.
The device is made possible by an Arduino or Teensy hooked up to an NRF24L01+ 2.4GHz RF chip that does the sniffing. Once the firmware for the Arduino is loaded, the two chips plus a USB charging circuit (for charging USB devices and maintaining the camouflage) are stuffed with a lithium battery into a plastic shell from a larger USB charger. The options for retrieving the sniffed data are either an SPI Serial Flash chip or a GSM module for sending the data automatically via SMS.
The scary thing here isn’t so much that this device exists, but that encryption for Microsoft keyboards was less than stellar and provides little more than a false sense of security. This also serves as a wake-up call that the things we don’t even give a passing glance at might be exactly where a less-honorable person might look to exploit whatever information they can get their hands on. Continue past the break for a video of this device in action, and be sure to check out the project in more detail, including source code and schematics, on [Samy]’s webpage.
Thanks to [Juddy] for the tip!
Continue reading “Keystroke Sniffer Hides as a Wall Wart, is Scary”
Computers blindly trust USB devices connected to them. There’s no pop-up to confirm a device was plugged in, and no validation of whether the device should be trusted. This lets you do some nefarious things with a simple USB microcontroller.
We’ve recently seen two examples of this: the USBdriveby and the Teensyterpreter. Both devices are based on the Teensy development board. When connected to a computer, they act as a Human Interface Device to emulate a keyboard and mouse.
The USBdriveby targets OS X. When connected, it changes the DNS server settings to a custom IP, to allow for DNS spoofing of the victim’s machine. This is possible without a password through the OS X System Preferences, but it requires emulating both keystrokes and clicks. AppleScript is used to position the window in a known location, then the buttons can be reliably clicked by code running on the Teensy. After modifying DNS, a reverse shell is opened using netcat. This allows for remote code execution on the machine.
The Teensyterpreter gives a reverse shell on Windows machines. It runs command prompt as administrator, then enters a one-liner to fire up the reverse shell using Powershell. The process happens in under a minute, and works on all Windows versions newer than XP.
With a $20 microcontroller board you can quickly fire up remote shells for… “support purposes”. We’d like to see the two projects merge into a single codebase that supports both operating systems. Bonus points if you can do it on our Trinket Pro. Video demos of both projects after the break.
Continue reading “Plug Into USB, Get a Reverse Shell”
MIDI instruments are cool, but they’re not laser cool. That is, unless you’ve added lasers to your MIDI instrument like [Lasse].
[Lasse] started out with an old MIDI keyboard. The plan was to recycle an older keyboard rather than have to purchase something new. In this case, the team used an ESi Keycontrol 49. They keyboard was torn apart to get to the
creamy center circuit boards. [Lasse] says that most MIDI keyboards come withe a MIDI controller board and the actual key control board.
Once the key controller board was identified, [Lasse] needed to figure out how to actually trigger the keys without the physical keyboard in place. He did this by shorting out different pads while the keyboard was hooked up to the computer. If he hit the correct pads, a note would play. Simple, but effective.
The housing for the project is made out of wood. Holes were drilled in one piece to mount 12 laser diodes. That number is not arbitrary. Those familiar with music theory will know that there are 12 notes in an octave. The lasers were powered via the 5V source from USB. The lasers were then aimed at another piece of wood.
Holes were drilled in this second piece wherever the lasers hit. Simple photo resistors were mounted here. The only other components needed for each laser sensor were a resistor and a transistor. This simple discreet circuit is enough to simulate a key press when the laser beam is broken. No programming or microcontrollers required. Check out the demonstration video below to see how it works. Continue reading “MIDI Keyboard with Frickin’ Laser Keys”