[Adrian Crenshaw] is up to no good with this programmable USB device. [Adrian’s] creation identifies itself as a USB keyboard and can be programmed to do whatever you want. That’s because it’s based around the Teensy board which sports an ATmega32 that will cost you only $18. He’s added a set of DIP switches for easy in-field changes to the firmware. There’s also a light sensor that can be used to activate a command once an unknowing victim has shut off the lights in the office and left for the day. Check out his talk after the break to see his proposed uses for such a device.
[blip.tv ?posts_id=3403356&dest=-1]
I’m eager to see a video of this being used on someone
Funny that he worries the name of his dongle might infringe some copyrights while suggesting uses for it that are completely illegal and harshly punished in most countries ^^
Oooooooh. A toy for the malicious and criminally intent hackers. I think I’ll leave this alone since I’m prosecutable as an adult as of about 13 years ago. ;P
Interesting concept, though the full set of capabilities are not exactly clear. From watching the demonstration, it seems the device is just sending basic input events such as keystrokes and clicks. I guess any advanced functionality would require custom drivers.
A device like this could open up automated attack vectors on setups where there is a USB port exposed, but no keyboard(kiosk?).
@Skitchin
Have you seen the open pico firewall? Costs 50$ and is going to be much better for that kind of thing then this. makes a great parasite if you need to watch a network for something (the SoHo that is, the pico only currently works on windows hosts)
@skitchin For fun, hook an embedded GSM modem to a serial port on the AVR & add a USB comm endpoint. A little fake keyboard input and you’ve configured a network path for machines that are well-firewalled.
Pretty Awesome Irongeek! AVISYNTH FTW!
Ill stick to the BSOD screen saver thanks.
That name suits it too because your PHUKD if you get caught.
Why do people use crappy video players like that? No full-screen? No link? How is that even useful? I sure as hell can’t read the fine print when it’s in small embedded size.
Very very cool.
Wow why dont you build usb rocket launcher. This is just one more toy for kids and his talking about pentesting lolz.
“completely illegal and harshly punished”
You’re a completely retard and will be punished by life.
Hack-A-Day;
Not cool! Do not encourage irresponsible hacking.
Security testing is what this is for AlmostThere. Seriously get your stuff together.
This is Iron Geek we are talking about. Nerd God of Computer Security. The bridge between the corporate and hobby worlds.
This is encouraging Irresponsibility like Strippers encourage advanced quantum physics.
omg, this would be amazing for us!
I like how everyone is getting all bent out of shape. With anything in life, there is usually a bad use for it. Think of the good uses, I can already think of quite a few, and even more if I can increase the memory even more.
Wowww thank you for information
I have actually considered using such a device as an app launcher for computers I service. Speed is important and removing the clicks to get an app launcher to run off a USB drive could be good.
Run things like devmgmt.msc, msconfig, and perhaps even some basic scripts.
Also spam various buttons on boot to automatically get into bios setup or boot menu without waiting or trying different buttons.
Or, is there a way to make a USB drive auto run when plugged in without any other user input.
While this would be a small asset it would be a fun first electronics project.
If you’re interested in doing this sort of thing with a standard Arduino you can build a shield with a handful of parts and use a shield and library I designed, more details here: http://code.rancidbacon.com/ProjectLogArduinoUSB
The library wraps the software USB implementation known as V-USB (ex AVR-USB) and provides an Arduino-esque interface to it. For example sending a keystroke can be as simple as:
UsbKeyboard.sendKeyStroke(KEY_ENTER);
There’s some slides for a talk I did on using the Arduino in security research available here:
http://code.rancidbacon.com/Kiwicon09
It includes examples of doing USB fuzzing which found a NULL pointer dereference in a kernel module.
Oh, also, this link to the original video might provide you with a better interface:
http://blip.tv/file/3384006/
well, it has no ftdi chip, but does anyone know if the teeny needs any drivers?
would be kinda useless if you need to install driver first so i guess not.
yet you never know
Oh noes!
It’ll back feed into the MAINS!!!
-AND KILLA GUY!
why is he using mini-usb? it increases the size, because you need an adapter..
It would make a great tool to preconfigure a machine for your own use. Download the appropriate software and files from a web server and set it all up like you like it. But I must admit it would really shines as a tool for mischief.
worst presentation ever.
@M4CGYV3R: it’s a link to a mp4, just download it.
@borgar: it identifies as a hid device, so pretty much any newish os will work without additional drivers
@matze: the teensy comes with mini usb, he could probably have soldered on a regular usb with some effort
I’m having a hard time wrapping my brain around that accent. Where is he from? P.S. already had an idea to make a USB dongle to repeatedly click LMB for those lame online games to which I am hopelessly addicted. Should be simple enough, but then soldering a 555 to an older USB mouse would do the trick as well.
“he could probably have soldered on a regular usb with some effort”
was thinking the same thing
Some clever ideas here and pretty lethal potential, tho imagine plugging it in by mistake ^^
How about building a similar device into a regular usb keyboard? Then the gadget will be picked up as a keyboard and could operate normally until a certain time or key combination or something. It would also be logging keystrokes because all key codes would be sent by it then it could run software to send captured info onto a “trusted” website at a particular time where the user could fetch it. pretty powerful a hardware keylogger that does input and output.
Another idea is a secure message delivery system. It would only save a message onto the PC if certain identification is found such as reg keys etc.
i want more info about quadcopter like the circuit and other neccessary info to built it up
kindly please do send me that