DIY KVM Switch Lets You Use One Keyboard and Mouse With Multiple Computers

Here’s a quick DIY hack if you happen to have multiple computers at home or at the office and are tired of juggling mice and keyboards. [Kedar Nimbalkar] — striving for a solution — put together a keyboard, video and mouse switcher that allows one set to control two computers.

A DPDT switch is connected to a female USB port, and two male USB cables — with the ground and 5V wires twisted together and connected to the switch — each running to a PC. [Nimbalkar] suggests ensuring that the data lines are correctly wired, and testing that the 5V and ground are connected properly. He then covered the connections with some hot glue to make it a little more robust since it’s about to see a lot of use.

Now all that’s needed is a quick press of the button to change which PC you are working on, streamlining what can be a tedious changeover — especially useful if you have a custom keyboard you want to use all the time.

Continue reading “DIY KVM Switch Lets You Use One Keyboard and Mouse With Multiple Computers”

Duckhunting – Stopping Rubber Ducky Attacks

One morning, a balaclava-wearing hacker walks into your office. You assume it’s a coworker, because he’s wearing a balaclava. The hacker sticks a USB drive into a computer in the cube next door. Strange command line tools show up on the screen. Minutes later, your entire company is compromised. The rogue makes a quick retreat carrying a thumb drive in hand.

This is the scenario imagined by purveyors of balaclavas and USB Rubber Duckys, tiny USB devices able to inject code, run programs, and extract data from any system. The best way — and the most common — to prevent this sort of attack is by filling the USB ports with epoxy. [pmsosa] thought there should be a software method of defense against these Rubber Duckys, so he’s created Duckhunter, a small, efficient daemon that can catch and prevent these exploits.

The Rubber Ducky attack is simply opening up a command line and spewing an attack from an emulated USB HID keyboard. If the attacker can’t open up cmd or PowerShell, the attack breaks. That’s simple enough to code, but [pmsosa] has a few more tricks up his sleeve. Duckhunter has a ‘sneaky’ countermeasure feature, where one out of every 5-7 keystrokes is blocked. To the attacker, the ‘sneaky’ countermeasure makes it look like the attack worked, where in fact it failed spectacularly.

There are a number of different attacks similar to what the Rubber Ducky can accomplish. Mousejack performs the same attack over Bluetooth. BadUSB is a little more technical, allowing anyone with access to a device’s firmware to turn your own keyboard against you. Because of the nature of the attack, Duckhunter shuts them all down.

Right now the build is only for Windows, but according to [pmsosa]’s GitHub there will be Linux and OS X versions coming.

Raspberry Pi Zero as a USB Stick

The Raspberry Pi Zero is small enough that it could almost be mistaken for a USB gadget, rather than a standalone computer. Maybe that was the inspiration that drove [Novaspirit] to completely “donglify” his Zero.

This is a great convenience hack if you’ve got a Zero just kicking around. With minimal soldering, he converted the Zero’s onboard female USB jacks into a male USB plug. From there on out, it’s all software, and the video (embedded below) takes you through all the steps on Windows.

Continue reading “Raspberry Pi Zero as a USB Stick”

This Miniscule IR to HID Keyboard Hides in a Key Cap

Shards of silicon these days, they’re systematically taking what used to be rather complicated and making it dead simple in terms of both hardware and software. Take, for instance, this IR to HID Keyboard module. Plug it into a USB port, point your remote control at it, and you’re sending keyboard commands from across the room.

To do this cheaply and with a small footprint used to be the territory of bit-banging software hacks like V-USB, but recently the low-cost lines of microcontrollers that are anything but low-end have started speaking USB in hardware. It’s a brave new world.

In this case we’re talking about the PIC18F25J50 which is going to ring in at around three bucks in single quantity. The other silicon invited to the party is an IR receiver (which demodulates the 38 kHz carrier signal used by most IR remotes) with a regulator and four passives to round out the circuit. the board is completely single-sided with one jumper (although the IR receiver is through-hole so you don’t quite get out of it without drilling). All of this is squeezed into a space small enough to be covered by a single key cap — a nice touch to finish off the project.

[Suraj] built this as a FLIRC clone — a way to control your home-built HTPC from the sofa. Although we’re still rocking our own HTPC, it hasn’t been used as a front-end for many years. This project caught our attention for a different reason. We want to lay down a challenge for anyone who is attending SuperCon (or not attending and just want to show off their chops).

This is nearly the same chip as you’ll find on the SuperCon badge. That one is a PIC18LF25K50, and the board already has an IR receiver on it. Bring your PIC programmer and port this code from MikroC over to MPLAB X for the sibling that’s on the badge and you’ll get the hacking cred you’ve long deserved.

[via Embedded Lab]

Glitching USB Firmware for Fun

[Micah Elizabeth Scott], aka [scanlime], has been playing around with USB drawing tablets, and got to the point that she wanted with the firmware — to reverse engineer, see what’s going on, and who knows what else. Wacom didn’t design the devices to be user-updateable, so there aren’t copies of the ROMs floating around the web, and the tablet’s microcontroller seems to be locked down to boot.

With the easy avenues turning up dead ends, that means building some custom hardware to get it done and making a very detailed video documenting the project (embedded below). If you’re interested in chip power glitching attacks, and if you don’t suffer from short attention span, watch it, it’s a phenomenal introduction.

Continue reading “Glitching USB Firmware for Fun”

Taking a U2F Hardware Key from Design to Production

Building a circuit from prototyping to printed circuit board assembly is within the reach of pretty much anyone with the will to get the job done. If that turns out to be something that everyone else wants, though, the job gets suddenly much more complex. This is what happened to [Conor], who started with an idea to create two-factor authentication tokens and ended up manufacturing an selling them on Amazon. He documented his trials and tribulations along the way, it’s both an interesting and perhaps cautionary tale.

[Conor]’s tokens themselves are interesting in their simplicity: they use an Atmel ATECC508A specifically designed for P-256 signatures and keys, a the cheapest USB-enabled microcontroller he could find: a Silicon Labs EFM8UB1. His original idea was to solder all of the tokens over the course of one night, which is of course overly optimistic. Instead, he had the tokens fabricated and assembled before being shipped to him for programming.

Normally the programming step would be straightforward, but using identical pieces of software for every token would compromise their security. He wrote a script based on the Atmel chip and creates a unique attestation certificate for each one. He was able to cut a significant amount of time off of the programming step by using the computed values with a programming jig he built to flash three units concurrently. This follows the same testing and programming path that [Bob Baddeley] advocated for in his Tools of the Trade series.

From there [Conor] just needed to get set up with Amazon. This was a process worthy of its own novel, with Amazon requiring an interesting amount of paperwork from [Conor] before he was able to proceed. Then there was an issue of an import tariff, but all-in-all everything seems to have gone pretty smoothly.

Creating a product from scratch like this can be an involved process. In this case it sounds like [Conor] extracted value from having gone through the entire process himself. But he also talks about a best-case-scenario margin of about 43%. That’s a tough bottom line but a good lesson anyone looking at building low-cost electronics.

A Real Turn Off

[Newbrain] had a small problem. He’d turn off the TV, but would leave the sound system turned on. Admittedly, not a big problem, but an annoyance, none the less. He realized the TV had a USB port that went off when it did, so he decided to build something that would sense when the USB port died and fake a button press into the amplifier.

He posted a few ideas online and, honestly, the discussion was at least as interesting as the final project. The common thread was to use an optoisolator to sense the 5 V from the USB port. After that, everyone considered a variety of ICs and discretes and even did some Spice modeling.

In the end, though, [Newbrain] took the easy way out. An ATtiny 84 is probably overkill, but it easy enough to press into service. With only three other components, he built the whole thing into a narrow 24-pin socket and taped it to the back of the audio unit’s wired remote control.

Continue reading “A Real Turn Off”