Plug Into USB, Get a Reverse Shell

Computers blindly trust USB devices connected to them. There’s no pop-up to confirm a device was plugged in, and no validation of whether the device should be trusted. This lets you do some nefarious things with a simple USB microcontroller.

We’ve recently seen two examples of this: the USBdriveby and the Teensyterpreter. Both devices are based on the Teensy development board. When connected to a computer, they act as a Human Interface Device to emulate a keyboard and mouse.

The USBdriveby targets OS X. When connected, it changes the DNS server settings to a custom IP, to allow for DNS spoofing of the victim’s machine. This is possible without a password through the OS X System Preferences, but it requires emulating both keystrokes and clicks. AppleScript is used to position the window in a known location, then the buttons can be reliably clicked by code running on the Teensy. After modifying DNS, a reverse shell is opened using netcat. This allows for remote code execution on the machine.

The Teensyterpreter gives a reverse shell on Windows machines. It runs command prompt as administrator, then enters a one-liner to fire up the reverse shell using Powershell. The process happens in under a minute, and works on all Windows versions newer than XP.

With a $20 microcontroller board you can quickly fire up remote shells for… “support purposes”. We’d like to see the two projects merge into a single codebase that supports both operating systems. Bonus points if you can do it on our Trinket Pro. Video demos of both projects after the break.

Continue reading “Plug Into USB, Get a Reverse Shell”

Right Hand Loses Job As Head-Mouse Enters Mousing Arena

Moving the cursor around your computer screen is an everyday occurrence that we humans do not give much of a second thought to. But what if you didn’t have to move your hands from the keyboard anymore? Sure there are keyboards with Track Point or even track pads not to far from the keys, which isn’t too bad. What if you could just slightly point your face in the desired direction the mouse would move? The [Sci-Spot] folks wondered that same question and came up with a DIY Head Mouse.

The concept is pretty darn simple; a web cam is mounted to the user’s head and points at the computer screen. Mounted on top of the screen is one IR LED. Our eyes can not see the IR light so it is not annoying or distracting. The camera, however, is filtered to only see IR by placing a couple of layers of camera film negative over the lens. Before you go complaining about strapping a camera to your noggin just think of building it into a hat, which we’ve seen used for adaptive technologies like this PS3 controller.

Custom software was written to move the mouse cursor; see the black window in the above dialog box? That represents the webcam’s field of view and the white spot is the IR LED. When the user’s head moves, the IR LED moves in relation to the camera’s field of view, in turn telling the computer to move the cursor a certain amount. There are a couple of options available like ‘magnification’ which changes how much the cursor moves with a given amount of head movement and ‘deadzone’ that ignores extremely small movements that can result from breathing.

There is no mention of how button clicks are recorded but we think a couple of buttons right below the space bar would be great. The control software is available for download on the Sci-Spot page for those who want to make their own.

Rapid Fire Mod For A Wireless Mouse

Rapid Fire Wireless Mouse

Sometimes changing your computer mouse can be uncomfortable for a while until you get used to the replacement. It may also take some time to get used to new features or the lack of features the new mouse has. [Jon] bought an awesome wireless mouse that he really likes but it is missing one critical feature: rapid fire for gaming. He previously modded his old wired mouse to have a rapid fire button using a 555 timer. That worked fine as the mouse ran off the USB’s 5 volts, and that’s the voltage the 555 timer needed. The new wireless mouse has a 1.5 volt battery and can not support the 555 timer. What’s a gamer to do?

[Jon] searched around the ‘net but could not find any wireless rapid fire mods. Eventually, he did find a low-voltage variation called the LMC555 and ordered a few for his project. The new wireless mouse was taken apart in order to find out how the mouse buttons work. In this case, the signal pin is pulled low when the mouse button is pushed. Now that it is known how the mouse button works, just a couple of resistors, a capacitor, an NPN transistor and a push button switch are all that are necessary to finish up this mod. When the push button is pressed, the LMC555 timer activates the transistor in order to ground the mouse button signal pin. This happens to the tune of 1236 times a minute! That is a lot of rapid firing.

The few components were soldered up neatly and packed into the limited spare area inside the mouse. A hole drilled in the side of the mouse’s housing holds the new rapid fire push button in an ergonomically pleasing location.

Earlier, we mentioned [Jon] has done this mod before on a wired mouse. He learned about that project here on Hackaday. Check it out if your wired mouse is craving a rapid fire button.

Video after the break…

Continue reading “Rapid Fire Mod For A Wireless Mouse”

Hackaday Links: July 20, 2014

hackaday-links-chain

Etch-a-Sketch spray-painted silver with electronics bolted onto the side? Sign us up! This art installation adds one thing that we don’t often see in these types of hacks, eerie audio.

If you’re still mining bitcoin you need to do it faster than anyone else… that’s pretty much how the whole thing works. [Lewin] has been using the Antminer USB ASIC and toyed around with overclocking to 2.2 GH/s (gighashes per second) but to make sure his hardware holds up to the overwork he hacked his own water cooling system for the dongle.

Smart phones are the best bang for your buck on portability and power. Better yet you can get slightly broken ones for a song. If you manage to find an Android device with a broken touch screen but functioning LCD try this trick to add a mouse to it. There must be another life for this in a future hack!

We have a love-hate relationship with this particular crowd-funding campaign. First this hate: It’s basically a 100% clip-art video presentation with an $800,000 ask. Yeah… good luck buddy. On the other hand, this is the type of stuff we actually want to see as crowd funding. The idea is to use modern materials and techniques to build [Nikola Tesla’s] Wardenclyffe Tower, which was designed and built to research wireless energy (both as a means of communication and actual energy transfer). It was never fully functional and ended up being demolished. Wouldn’t it be great if teams of highly skilled and motivated people took grand ideas like this, crossing every theoretical “t” and dotting every theoretical “i”, and then proposed a crowd funding campaign to build a test platform? Oh wait, that sounds very much like a government research grant. Anywhoo… check out the Global Energy Transmission’s campaign.

The Rabbit H1 is a Stationary Mouse Replacement

rabbit h1

[Dave] has some big plans to build himself a 1980’s style computer. Most of the time, large-scale projects can be made easier by breaking them down into their smaller components. [Dave] decided to start his project by designing and constructing a custom controller for his future computer. He calls it the Rabbit H1.

[Dave] was inspired by the HOTAS throttle control system, which is commonly used in aviation. The basic idea behind HOTAS is that the pilot has a bunch of controls built right into the throttle stick. This way, the pilot doesn’t ever have to remove his hand from the throttle. [Dave] took this basic concept and ran with it.

He first designed a simple controller shape in OpenSCAD and printed it out on his 3D printer. He tested it out in his hand and realized that it didn’t feel quite right. The second try was more narrow at the top, resulting in a triangular shape. [Dave] then found the most comfortable position for his fingers and marked the piece with a marker. Finally, he measured out all of the markings and transferred them into OpenSCAD to perfect his design.

[Dave] had some fun with OpenSCAD, designing various hinges and plywood inlays for all of the buttons. Lucky for [Dave], both the 3D printer software as well as the CNC router software accept STL files. This meant that he was able to design both parts together in one program and use the output for both machines.

With the physical controller out of the way, it was time to work on the electronics. [Dave] bought a couple of joysticks from Adafruit, as well as a couple of push buttons. One of the joysticks controls the mouse cursor. The other joystick controls scrolling vertically and horizontally, and includes a push button for left-click. The two buttons are used for middle and right-click. All of these inputs are read by a Teensy Arduino. The Teensy is compact and easily capable of emulating a USB mouse, which makes it perfect for this job.

[Dave] has published his designs on Thingiverse if you would like to try to build one of these yourself.

 

The Relay-Based Mouse Emulator

mouse

[Nixie]’s job involves using some test software that requires moving a mouse around, clicking a few buttons, checking if everything is okay, and repeating the process over and over again. This is obviously a solution for some keyboard macros, but in a fit of sadistic spite, the test software requires someone to move a mouse around the screen. What is [Nixie] to do? Make a mouse emulator and automate the whole thing, of course.

The Memulator, as [Nixie] calls the device, is the latest in a series of devices to increase productivity when testing. The first version was the mouse tumor, an odd-looking device that simply switched off the LED for an optical mouse, keeping the cursor in one spot while [Nixie] hammered a button repeatedly. The second version is more advanced, capable of moving the cursor around the screen, all without doing an iota of USB programming: [Nixie] is simply using a resistive touch pad, some relays and a few pots to turn buttons into cursor movements. It’s such a simple solution it almost feels wrong.

There’s some interesting tech here, nonetheless. For some reason, [Nixie] has a few cases of old, can-shaped soviet-era relays in this build. While using such cool, awesome old components in such a useful and productive build seems odd, if you’re trying to fix ancient software that’s so obviously broken, you might as well go whole hog and build something that will make someone in twenty years scratch their head.

Vertical video of the Memulator below.

Continue reading “The Relay-Based Mouse Emulator”

A Real Malware In A Mouse

mouseagain

After reading an April Fools joke we fell for, [Mortimer] decided to replicate this project that turns the common USB mouse into a powerful tool that can bring down corporations and governments. Actually, he just gave himself one-click access to Hackaday, but that’s just as good.

The guts of this modified mouse are pretty simple; the left click, right click, and wheel click of the mouse are wired up to three pins on an Arduino Pro Micro. The USB port of the ‘duino is configured as a USB HID device and has the ability to send keyboard commands in response to any input on the mouse.

Right now, [Mortimer] has this mouse configured that when the left click button is pressed, it highlights the address bar of his browser and types in http://www.hackaday.com. Not quite as subversive as reading extremely small codes printed on a mousepad with the optical sensor, but enough to build upon this project and do some serious damage to a computer.

Video of [Mort]’s mouse below.

Continue reading “A Real Malware In A Mouse”