Program Your Own Mayhem-causing USB Dongle

[Adrian Crenshaw] is up to no good with this programmable USB device. [Adrian’s] creation identifies itself as a USB keyboard and can be programmed to do whatever you want. That’s because it’s based around the Teensy board which sports an ATmega32 that will cost you only $18. He’s added a set of DIP switches for easy in-field changes to the firmware. There’s also a light sensor that can be used to activate a command once an unknowing victim has shut off the lights in the office and left for the day. Check out his talk after the break to see his proposed uses for such a device.

[blip.tv ?posts_id=3403356&dest=-1]

31 thoughts on “Program Your Own Mayhem-causing USB Dongle

  1. Funny that he worries the name of his dongle might infringe some copyrights while suggesting uses for it that are completely illegal and harshly punished in most countries ^^

  2. Interesting concept, though the full set of capabilities are not exactly clear. From watching the demonstration, it seems the device is just sending basic input events such as keystrokes and clicks. I guess any advanced functionality would require custom drivers.

    A device like this could open up automated attack vectors on setups where there is a USB port exposed, but no keyboard(kiosk?).

  3. @Skitchin

    Have you seen the open pico firewall? Costs 50$ and is going to be much better for that kind of thing then this. makes a great parasite if you need to watch a network for something (the SoHo that is, the pico only currently works on windows hosts)

  4. @skitchin For fun, hook an embedded GSM modem to a serial port on the AVR & add a USB comm endpoint. A little fake keyboard input and you’ve configured a network path for machines that are well-firewalled.

  5. Why do people use crappy video players like that? No full-screen? No link? How is that even useful? I sure as hell can’t read the fine print when it’s in small embedded size.

  6. Wow why dont you build usb rocket launcher. This is just one more toy for kids and his talking about pentesting lolz.
    “completely illegal and harshly punished”

    You’re a completely retard and will be punished by life.

  7. This is Iron Geek we are talking about. Nerd God of Computer Security. The bridge between the corporate and hobby worlds.

    This is encouraging Irresponsibility like Strippers encourage advanced quantum physics.

  8. omg, this would be amazing for us!

    I like how everyone is getting all bent out of shape. With anything in life, there is usually a bad use for it. Think of the good uses, I can already think of quite a few, and even more if I can increase the memory even more.

  9. I have actually considered using such a device as an app launcher for computers I service. Speed is important and removing the clicks to get an app launcher to run off a USB drive could be good.

    Run things like devmgmt.msc, msconfig, and perhaps even some basic scripts.

    Also spam various buttons on boot to automatically get into bios setup or boot menu without waiting or trying different buttons.

    Or, is there a way to make a USB drive auto run when plugged in without any other user input.

    While this would be a small asset it would be a fun first electronics project.

  10. If you’re interested in doing this sort of thing with a standard Arduino you can build a shield with a handful of parts and use a shield and library I designed, more details here: http://code.rancidbacon.com/ProjectLogArduinoUSB

    The library wraps the software USB implementation known as V-USB (ex AVR-USB) and provides an Arduino-esque interface to it. For example sending a keystroke can be as simple as:

    UsbKeyboard.sendKeyStroke(KEY_ENTER);

    There’s some slides for a talk I did on using the Arduino in security research available here:

    http://code.rancidbacon.com/Kiwicon09

    It includes examples of doing USB fuzzing which found a NULL pointer dereference in a kernel module.

  11. well, it has no ftdi chip, but does anyone know if the teeny needs any drivers?

    would be kinda useless if you need to install driver first so i guess not.

    yet you never know

  12. It would make a great tool to preconfigure a machine for your own use. Download the appropriate software and files from a web server and set it all up like you like it. But I must admit it would really shines as a tool for mischief.

  13. @borgar: it identifies as a hid device, so pretty much any newish os will work without additional drivers

    @matze: the teensy comes with mini usb, he could probably have soldered on a regular usb with some effort

  14. I’m having a hard time wrapping my brain around that accent. Where is he from? P.S. already had an idea to make a USB dongle to repeatedly click LMB for those lame online games to which I am hopelessly addicted. Should be simple enough, but then soldering a 555 to an older USB mouse would do the trick as well.

  15. Some clever ideas here and pretty lethal potential, tho imagine plugging it in by mistake ^^

    How about building a similar device into a regular usb keyboard? Then the gadget will be picked up as a keyboard and could operate normally until a certain time or key combination or something. It would also be logging keystrokes because all key codes would be sent by it then it could run software to send captured info onto a “trusted” website at a particular time where the user could fetch it. pretty powerful a hardware keylogger that does input and output.

    Another idea is a secure message delivery system. It would only save a message onto the PC if certain identification is found such as reg keys etc.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.