ESP32 Powers Covert Pentesting Device

Looking to expand their hardware design experience, [mentalburden] recently put together a low-cost handheld gadget that can be used for various security-related tasks such as logging WiFi traffic, operating as a dead drop, and performing deauthentication attacks.

The custom PCB plays host to the essentials — an ESP32-S microcontroller, AMS1117 3.3 V regulator, a SSD1306 OLED, and a couple of buttons. This lets the user navigate through a simple menu system and select whatever function they wish to enable. During testing, a pair of 18650 cells kept the electronics running for an impressive 22 hours.

A second version of the PCB fixed a few bodges that were required to get the original prototype working, and given how energy efficient the hardware ended up being,  [mentalburden] decided to drop the power supply down to a single 18650 for a total runtime of around 15 hours. A 3D printed case and some silicone buttons, produced with a simple clay mold, completed the package.

There’s still some improvements that could be made, namely integrating a battery charging circuit into the PCB and switching over to USB-C, but overall its a solid prototype with an impressive per-unit cost of less than $10 USD. Though if you’re looking for something even cheaper, we’ve seen an even more simplistic approach based on the ESP-01.

Tiny Open Hardware Linux SBC Hides In Plain Sight

There was a time, not quite so long ago, when a computer was a beige box that sat on your desk. Before that, computers were big enough to double as desks, and even farther back, they took up a whole room. Today? Well today it’s complicated. Single-board computers (SBCs) like the Raspberry Pi put a full desktop experience in the palm of your hand, for a price that would have been unfathomable before the smartphone revolution increased demand for high-performance ARM chips.

But compared to the tiny open hardware Linux SBC that lives inside the WiFiWart, even the Raspberry Pi looks massive. Developed by [Walker] as a penetration testing tool, the custom computer is housed in an enclosure designed to make it look like a traditional (if a bit large) USB phone charger. In fact, it doesn’t just look like a USB charger, it actually is one. The internal power supply is not only capable of converting AC into the various DC voltages required to run the miniature Linux box, but also features a USB port where you can plug in your phone to charge it.

For the infosec folks in the audience, the applications for the WiFiWart are obvious. Just plug this thing in somewhere inconspicuous, and you’ve got a foot in the door. The dual WiFi interfaces mean you can connect to a target network on one card and use the second to spin up a fake access point or exfiltrate data. Plus with a quad-core Cortex-A7 ARM processor running at 1.2 GHz and a healthy 1 GB of DDR3, you’ll have enough power to run many security tools locally.

But of course, nothing keeps you from using the WiFiWart for non-security purposes. That’s what has us particularly excited, as you can never have enough open hardware Linux boards. Especially ones this tiny. Removed from its wall charger disguise, the brains of the WiFiWart could be used for all kinds of projects. Plus, not only is the final design open source, but [Walker] made sure to only use free and open source tools to create it. Keeping his entire workflow open means it will be easier for the community to utilize and improve upon his initial design, which in the end, is the whole idea behind the open hardware movement and efforts such as the Hackaday Prize.

DIY Pi Zero Pentesting Tool Keeps It Cheap

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own version of the Hak5 Bash Bunny. His version might be lacking a bit in the visual flair department, but despite coming in at a fraction of the cost, it does manage to pack in an impressive array of features.

This pentesting multitool can act as a USB keyboard, a mass storage device, and even an RNDIS Ethernet adapter. All in an effort to fool the computer you plug it into to let you do something you shouldn’t. Like its commercial inspiration, it features an easy to use scripting system to allow new attacks to be crafted on the fly with nothing more than a text editor. A rudimentary user interface is provided by four DIP switches and light up tactile buttons. These allow you to select which attacks run without needing to hook the device up to a computer first, and the LED lights can give you status information on what the device is doing.

[Alex] utilized some code from existing projects, namely PiBunny and rspiducky, but much of the functionality is of his own design. Detailed instructions are provided on how you can build your own version of this handy hacker gadget without breaking the bank.

Given how small and cheap it is, the Raspberry Pi is gaining traction in the world of covert DIY penetration testing tools. While it might not be terribly powerful, there’s something to be said for a device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your balaclava and make a break for it.

Spy Pen

Turning An Ordinary Pen Into A Covert Radio Receiver

[Ben Krasnow’s] latest project will be good for anyone who wants a complicated way to cheat on a test. He’s managed to squeeze a tiny FM radio receiver into a ballpoint pen. He also built his own bone conduction microphone to make covert listening possible. The FM radio receiver is nothing too special. It’s just an off the shelf receiver that is small enough to fit into a fatter pen. The real trick is to figure out a way to listen to the radio in a way that others won’t notice. That’s where the bone conduction microphone comes in.

A normal speaker will vibrate, changing the air pressure around us. When those changes reach our ear drums, we hear sound. A bone conduction mic takes another approach. This type of microphone must be pressed up against a bone in your skull, in this case the teeth. The speaker then vibrates against the jaw and radiates up to the cochlea in the ear. The result is a speaker that is extremely quiet unless it is pressed against your face.

Building the bone conduction mic was pretty simple. [Ben] started with a typical disk-shaped piezoelectric transducer. These devices expand and contract when an alternating current is passed through them at a high enough voltage. He cut the disk into a rectangular shape so that it would fit inside of the clicker on the ballpoint pen. He then encased it in a cylinder of epoxy.

The transducer requires a much higher voltage audio signal than the litter radio normally puts out. To remedy this problem, [Ben] wired up a small impedance matching transformer to increase the voltage. With everything in place, all [Ben] has to do to listen to the radio is chew on the end of his pen. While this technology might help a cheater pass an exam, [Ben] also notes that a less nefarious use of this technology might be to place the speaker inside of the mouthpiece of a CamelBak. This would allow a hiker to listen to music without blocking out the surrounding noise. Continue reading “Turning An Ordinary Pen Into A Covert Radio Receiver”

Cameras Perch On Power Lines, Steal Electricity

[Tim] let us know about a video outlining some covert camera devices the Air Force is developing (dead link, try the Internet Archive version). The video takes a lot of time to explain induction to those who’ve never heard of it but we liked to see the bird-like concept animations. They’ve already developed cameras that will clamp on to power lines in order to use induction as a power source. Shown in the video is an eight-rotor quadcopter they’re hoping to use to deliver the camera covertly. But the animations show a winged robot similar to a hawk that has a camera for a head. Having seen some of the other flying devices in development this may not actually be that far off.

Defcon 16: Covert Warballooning Flight


Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

Covert IPhone Moleskine Case


Crafting isn’t really our thing, but just last week we were planning on doing this project. Thanks to the how-to singularity: the longer we wait, the more likely someone else will do our dirty work. The instructions are this:

  1. Cut a hole in a book.
  2. Stick your phone in that book.
  3. Let her open the book.

Wired’s write up has about 600 more words if you need clarification. The ebook on the screen is Cory Doctorow’s Little Brother, so expect to see this on BoingBoing… and again when it’s fan translated into Polish. [bre] made a similar hidden compartment book last Fall for Make’s PDFcast.

In all seriousness, we do enjoy the idea of carrying an innocuous little book around that could be doing some covert WiFi scanning, acting as a mobile accesspoint, or live streaming our location to friends. Unfortunately, since it’s an iPhone, most of this isn’t possible yet; you can’t even voice dial from your headset, while leaving the notebook in your pocket. This case also blurs what is considered rude. Most people would be annoyed if you started txting mid conversation, but people taking notes in Moleskines don’t get the same treatment.