DIY Pi Zero Pentesting Tool Keeps it Cheap

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own version of the Hak5 Bash Bunny. His version might be lacking a bit in the visual flair department, but despite coming in at a fraction of the cost, it does manage to pack in an impressive array of features.

This pentesting multitool can act as a USB keyboard, a mass storage device, and even an RNDIS Ethernet adapter. All in an effort to fool the computer you plug it into to let you do something you shouldn’t. Like its commercial inspiration, it features an easy to use scripting system to allow new attacks to be crafted on the fly with nothing more than a text editor. A rudimentary user interface is provided by four DIP switches and light up tactile buttons. These allow you to select which attacks run without needing to hook the device up to a computer first, and the LED lights can give you status information on what the device is doing.

[Alex] utilized some code from existing projects, namely PiBunny and rspiducky, but much of the functionality is of his own design. Detailed instructions are provided on how you can build your own version of this handy hacker gadget without breaking the bank.

Given how small and cheap it is, the Raspberry Pi is gaining traction in the world of covert DIY penetration testing tools. While it might not be terribly powerful, there’s something to be said for a device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your balaclava and make a break for it.

Turning an Ordinary Pen into a Covert Radio Receiver

[Ben Krasnow’s] latest project will be good for anyone who wants a complicated way to cheat on a test. He’s managed to squeeze a tiny FM radio receiver into a ballpoint pen. He also built his own bone conduction microphone to make covert listening possible. The FM radio receiver is nothing too special. It’s just an off the shelf receiver that is small enough to fit into a fatter pen. The real trick is to figure out a way to listen to the radio in a way that others won’t notice. That’s where the bone conduction microphone comes in.

A normal speaker will vibrate, changing the air pressure around us. When those changes reach our ear drums, we hear sound. A bone conduction mic takes another approach. This type of microphone must be pressed up against a bone in your skull, in this case the teeth. The speaker then vibrates against the jaw and radiates up to the cochlea in the ear. The result is a speaker that is extremely quiet unless it is pressed against your face.

Building the bone conduction mic was pretty simple. [Ben] started with a typical disk-shaped piezoelectric transducer. These devices expand and contract when an alternating current is passed through them at a high enough voltage. He cut the disk into a rectangular shape so that it would fit inside of the clicker on the ballpoint pen. He then encased it in a cylinder of epoxy.

The transducer requires a much higher voltage audio signal than the litter radio normally puts out. To remedy this problem, [Ben] wired up a small impedance matching transformer to increase the voltage. With everything in place, all [Ben] has to do to listen to the radio is chew on the end of his pen. While this technology might help a cheater pass an exam, [Ben] also notes that a less nefarious use of this technology might be to place the speaker inside of the mouthpiece of a CamelBak. This would allow a hiker to listen to music without blocking out the surrounding noise. Continue reading “Turning an Ordinary Pen into a Covert Radio Receiver”

Cameras perch on power lines, steal electricity

[Tim] let us know about a video outlining some covert camera devices the Air Force is developing (dead link, try the Internet Archive version). The video takes a lot of time to explain induction to those who’ve never heard of it but we liked to see the bird-like concept animations. They’ve already developed cameras that will clamp on to power lines in order to use induction as a power source. Shown in the video is an eight-rotor quadcopter they’re hoping to use to deliver the camera covertly. But the animations show a winged robot similar to a hawk that has a camera for a head. Having seen some of the other flying devices in development this may not actually be that far off.

Defcon 16: Covert Warballooning flight


Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

Covert iPhone Moleskine case


Crafting isn’t really our thing, but just last week we were planning on doing this project. Thanks to the how-to singularity: the longer we wait, the more likely someone else will do our dirty work. The instructions are this:

  1. Cut a hole in a book.
  2. Stick your phone in that book.
  3. Let her open the book.

Wired’s write up has about 600 more words if you need clarification. The ebook on the screen is Cory Doctorow’s Little Brother, so expect to see this on BoingBoing… and again when it’s fan translated into Polish. [bre] made a similar hidden compartment book last Fall for Make’s PDFcast.

In all seriousness, we do enjoy the idea of carrying an innocuous little book around that could be doing some covert WiFi scanning, acting as a mobile accesspoint, or live streaming our location to friends. Unfortunately, since it’s an iPhone, most of this isn’t possible yet; you can’t even voice dial from your headset, while leaving the notebook in your pocket. This case also blurs what is considered rude. Most people would be annoyed if you started txting mid conversation, but people taking notes in Moleskines don’t get the same treatment.