USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

While it might look like a disrobed flash drive or RTL-SDR dongle, the USB Armory Mk II is actually a full-fledged open hardware computer built into the ubiquitous USB “stick” format. But more than just that, it’s optimized for security research and boasts a list of features that are sure to get the attention of any pentesters in the audience. Fine tuned thanks to the feedback developer [Inverse Path] received about the original version of the hardware, the Mk II promises to be the last word in secure mobile computing.

Compared to the original hardware, the most obvious change is the switch to USB-C. The previous USB Armory used traces on the PCB to plug directly into a USB Type-A port, but this time around [Inverse Path] has put a proper male connector on the front of the board. Nominally, the USB Armory is plugged into a host computer to provide it with power and a network connection, though it also has the ability to disguise itself as a storage or input device for more stealthy applications. There’s also a female USB-C port on the Mk II, which can be used to connect additional devices, a feature the previous version lacked.

The USB Armory Mk II is powered by an upgraded 900 MHz ARM Cortex-A7 processor, though it retains the same 512 MB of RAM from the previous version. Like the original, there’s a micro SD slot to hold the Linux operating system, but this time it’s supplemented with an onboard 16 GB eMMC chip. There’s even a physical switch that allows the user to choose which storage device they want to boot from. Other additions for the Mk II include Bluetooth connectivity, and a hardware true random number generator (TRNG).

We first brought you word of the original USB Armory back in 2014, and it’s always good to see an open hardware project thriving and iterating years later. While the $149 price tag arguably puts the MKII out of the tinkering budget for many of us, there’s clearly a market for niche devices like this and we can’t wait to see what [Inverse Path] comes up with next.

True Random Number Generator For A True Hacker

How can you generate random bits? Some people think it’s not easy, others will tell you that it’s pretty damn hard, and then there are those who wonder if it is possible at all. Of course, it is easy to create a very long pseudorandom sequence in software, but even the best PRNG (Pseudorandom Number Generator) needs a good random seed, as we don’t want to get the same sequence each time we switch on the unit, do we? That’s why we need a TRNG (True Random Number Generator), but that requires special hardware.

Some high-end microprocessors are equipped with an internal hardware TRNG, but it is, unfortunately, not true for most low-cost microcontrollers. There are a couple of tricks hackers use to compensate. They usually start the internal free running counter and fetch its contents when some external event occurs (user presses a button, or so). This works, but not without disadvantages. First, there is the danger of “locking” those two events, as a timer period may be some derivative of input scan routine timing. Second, the free running time (between switching on and the moment the unit requests a random number) is often too short, resulting in the seed being too close to the sequence start, and thus predictable. In some cases even, there is no external input before the unit needs a random seed!

Despite what has already been discussed, microcontrollers do have a source of true randomness inside them. While it might not be good enough for crypto applications, it still generates high enough entropy for amusement games, simulations, art gadgets, etc.

Continue reading “True Random Number Generator For A True Hacker”