USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

While it might look like a disrobed flash drive or RTL-SDR dongle, the USB Armory Mk II is actually a full-fledged open hardware computer built into the ubiquitous USB “stick” format. But more than just that, it’s optimized for security research and boasts a list of features that are sure to get the attention of any pentesters in the audience. Fine tuned thanks to the feedback developer [Inverse Path] received about the original version of the hardware, the Mk II promises to be the last word in secure mobile computing.

Compared to the original hardware, the most obvious change is the switch to USB-C. The previous USB Armory used traces on the PCB to plug directly into a USB Type-A port, but this time around [Inverse Path] has put a proper male connector on the front of the board. Nominally, the USB Armory is plugged into a host computer to provide it with power and a network connection, though it also has the ability to disguise itself as a storage or input device for more stealthy applications. There’s also a female USB-C port on the Mk II, which can be used to connect additional devices, a feature the previous version lacked.

The USB Armory Mk II is powered by an upgraded 900 MHz ARM Cortex-A7 processor, though it retains the same 512 MB of RAM from the previous version. Like the original, there’s a micro SD slot to hold the Linux operating system, but this time it’s supplemented with an onboard 16 GB eMMC chip. There’s even a physical switch that allows the user to choose which storage device they want to boot from. Other additions for the Mk II include Bluetooth connectivity, and a hardware true random number generator (TRNG).

We first brought you word of the original USB Armory back in 2014, and it’s always good to see an open hardware project thriving and iterating years later. While the $149 price tag arguably puts the MKII out of the tinkering budget for many of us, there’s clearly a market for niche devices like this and we can’t wait to see what [Inverse Path] comes up with next.

16 thoughts on “USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

    1. The steam link was a lot cheaper then that, and contained about the same hardware as a chromecast. Which is also a lot cheaper then this device. So for streaming it’s expensive.

      And for 33 euro I can get a dual core A20 at 1Ghz with also 512mb ram:
      And for a bit more money it has on board eMMC, so you don’t need an SD card.

      So it feels kinda pricey for what it delivers in specs…

      1. We do have a built in MMC also :)

        The BOM is pricey and we make small batches, you also pay for the dozen of well supported drivers and software that allow full use of its security features.

        Trust me when I say it would be impossible to sell it for less than this :(. It is a very unique piece of hardware.

  1. I know I’m necro-ing this thread, but I’m frustrated by the hate/ignorance for this thing in the comments. No, it’s not comparable to a Pi and if you try to compare it, it will come up short. It’s, as Andrea has already said, a very unique device.
    It’s fully open source and runs a vanilla kernel and it’s targeted towards _security_ applications. Rather than comparing it to a Pi, compare it to a $650 YubiHSM. Sure, it might be a little more DIY from a user-perspective, but it’s a much fairer comparison.
    If you’re upset that there’s no video, then this is not the SBC you’re looking for. If you want a solution for any of the myriad of suggested purposes, then good luck finding something that can do what this can do for the (extremely fair) price. That’s the kind of money you’d expect to pay for a Kickstarter project with unfinished documentation and zero support past launch.

  2. Wow…. you realize that it actually fuses a private key to the hardware. Simular to yubikeys or smart cards. For years software developers have written code to deal with issues in hardware aka different clock speeds, failure for ram to fetch contents from memory etc. these try catch statements are the same thing that allow anything to be exploited. with the usb armoury you can run programs use it as a firewall, run an entire computer on it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.