A Malicious WiFi Backdoor In A Keyboard’s Clothing

The USB Rubber Ducky burst onto the scene a few years ago, and invented a new attack vector – keystroke injection. The malicious USB device presents itself as a keyboard to the target system, blurting out keystrokes at up to 1000 words per minute. The device is typically used to open a phishing site or otherwise enter commands to exfiltrate data from the victim. Now things have stepped up a notch, with ESPloitV2 – a WiFi-enabled take on the same concept.

Running on the Cactus WHID platform, the device is so named for the ESP12 WiFi microcontroller it employs, along with an Atmega 32u4 for USB HID device emulation. By virtue of its wireless connection, no longer does the aspiring hacker have to rely on pre-cooked routines. Various exploits can be stored in the ESP12’s spacious 4 megabytes of flash, and there’s even the potential to live type your attack if you’re feeling bold.

It goes to show that the trust we implicitly place in foreign USB devices is potentially our future downfall. BadUSB is another great example, and the USB Wrapper is a great way to get a charge if you’re stuck using an untrusted port.

 

Humans Vs. Zombies Via The ESP8266

Zombies, for the most part, remain fictional and are yet to trouble human communities. Despite the many real world calamities we face, the zombie concept remains a compelling one and the subject of many books, films, and video games. [CNLohr] was at MagStock Eight when he met [Aaron], who has developed a real world game in this vein. (YouTube, embedded below.)

[Aaron]’s game goes by the name of SpyTag, and is played by a group of people who each have a small device affixed to their wrist. Two players start off as zombies, and the rest are humans. The zombies can use their devices as proximity detectors to hunt down nearby humans, and the humans can use their devices to detect nearby zombies, helping them escape and evade.

The devices operate using the ESP8266, in AP+station mode. The proximity sensing works on a very simple method. Devices show their human or zombie status by appearing as a WiFi AP by that name, and proximity detection is achieved by showing the signal strength of the opposite AP on an LED bar on the device. Once zombies get close enough to human devices, the humans are infected and become zombies themselves.

It’s a tidy and lightweight way to implement the gameplay, and requires no infrastructure or support hardware outside of the wristband hardware for the players. While this method would likely be vulnerable to spoofing, [CNLohr] reports that future work will likely switch to using the ESP-NOW protocol to make the game more secure.

[Aaron] has shared the project on Github for those interested in digging deeper into the code. We’ve seen a similar game played before, using IR instead. Video after the break.

[Thanks to Baldpower for the tip!]

Continue reading “Humans Vs. Zombies Via The ESP8266”

Badland Brawler Lets Arduino Tackle Terrain

For an electronics person, building the mechanics of a robot — especially a robust robot — can be somewhat daunting. [Jithin] started with an off-the-shelf 4 wheel drive chassis to build an off-road Arduino robot he calls the Badland Brawler. The kit was a bit over $100, but as you can see in the video below, it is pretty substantial, with an enclosed frame and large mud tires.

The remaining parts include an Arduino, a battery, and a motor driver IC. The Arduino is one with WiFi (an MKR 1000, in fact) and there’s a phone app for controlling the robot.

Honestly, once you have the chassis taken care of, the rest is pretty easy. Of course, the phone app is a bit more effort, but you could replace it in a number of ways. Blynk, comes to mind, for example.

The motor drivers are easy to figure out. This would be a great platform for some sensors to allow for more autonomy. We liked how the frame had mount points for a lot of different boards and sensors and could hold everything, for the most part, inside. That’s probably a good idea for a robot which will be traversing rugged terrain.

If you do decide to roll your own app with Blynk, we’ve done it with a very different kind of robot. Four-wheel drive robots don’t have to be big, as we’ve seen in the past.

Continue reading “Badland Brawler Lets Arduino Tackle Terrain”

Hacking Hackaday.io From CircuitPython

If you’ve ever engaged in social media, you’re familiar with the little thrill you receive when your post, tweet, or project gets a like. But, if logging in feels like too much overhead to obtain your dopamine reward, [pt’s] CircuitPython Hackaday portal may be just what you’re looking for. This project creates a stand-alone counter to display the number of “skulls” (aka likes) received by a project on hackaday.io, and of course, it’s currently counting its own.

The code is running on a SAMD51 (Cortex M4) microcontroller and serving up the skulls on 240×320 TFT display. For WiFi connectivity, the project uses an ESP-32 controlled through the usual AT command set. All the gory details of this interaction are abstracted away by a CircuitPython library, which is great because that code really isn’t something you want to write for every project. The program accesses the hackaday.io API to retrieve the number of skulls for the project, but could be easily modified to interface with any service that returned a JSON result.

We’ve been seeing a lot of CircuitPython code lately. Just in case you’re not familiar with it, CircuitPython is Adafruit’s version of Micropython, a python language targeted at embedded processors. While it sounds like something concocted purely to make old-school embedded-C programmers grumble, it’s actually powerful and convenient for embedded prototyping and development. Fueled by the speed of the latest inexpensive microcontrollers and a rapidly growing set of libraries that take the sting out of using integrated peripherals and common hacker-friendly parts, it offers a solid alternative to older embedded frameworks. There are lots of examples around if you want to get started, and we’re maintaining our own list of CircuitPython projects over on hackaday.io that you can check out.

You can see a video of the display after the break. It’s not a live stream, so you won’t see your like appear on the display, but rest assured, [pt] will!

Continue reading “Hacking Hackaday.io From CircuitPython”

Smartphone App Uses AR To Visualize The RF Spectrum

Have you ever wished you could see in the RF part of the radio spectrum? While such a skill would probably make it hard to get a good night’s rest, it would at least allow you to instantly see dead spots in your WiFi coverage. Not a bad tradeoff.

Unwilling to go full [Geordi La Forge] to be able to visualize RF, [Ken Kawamoto] built the next best thing – an augmented-reality RF signal strength app for his smartphone. Built to aid in the repositioning of his router in the post-holiday cleanup, the app uses the Android ARCore framework to figure out where in the house the phone is and overlays a color-coded sphere representing sensor data onto the current camera image. The spheres persist in 3D space, leaving a trail of virtual breadcrumbs that map out the sensor data as you warwalk the house. The app also lets you map Bluetooth and LTE coverage, but RF isn’t its only input: if your phone is properly equipped, magnetic fields and barometric pressure can also be AR mapped. We found the Bluetooth demo in the video below particularly interesting; it’s amazing how much the signal is attenuated by a double layer of aluminum foil. [Ken] even came up with an Arduino with a gas sensor that talks to the phone and maps the atmosphere around the kitchen stove.

The app is called AR Sensor and is available on the Play Store, but you’ll need at least Android 8.0 to play. If your phone is behind the times like ours, you might have to settle for mapping your RF world the hard way.

Continue reading “Smartphone App Uses AR To Visualize The RF Spectrum”

Underclocking The ESP8266 Leads To WiFi Weirdness

Sometimes the best hacks come from the most basic of questions. In this case, [CNLohr] was wondering what would happen if he started to reduce the clock speed of the ESP8266’s Baseband PLL (BBPLL) while still trying to communicate with it. You know, as one does. The results ended up being fairly surprising, and while it’s not immediately clear if there’s a practical application for this particular trick, it’s certainly worth some additional research.

Code for stepping through clock speeds

The idea here is that the BBPLL is the reference clock for the entire system, including all of the peripherals. So underclocking it doesn’t just slow down code execution as you might expect, but it also slows down the chip’s interactions with the outside world. [CNLohr] demonstrates this concept in the video below, showing how the baud rate used to view the serial output from the ESP8266 needs to be adjusted to match the chip’s frequency or else you’ll only get garbage on the line.

But what happens to the WiFi? As [CNLohr] discovered, while the center frequency itself doesn’t change, the channel width gets narrower as the clock rate is lowered. When viewed on the waterfall display of a software defined radio (SDR), the transmission can be seen “compressing” in a step pattern as the clock rate is reduced. As one might expect, the 802.11 packets become indecipherable to a normal WiFi device running in monitor mode. The signal is still at the correct frequency, but the devices can no longer understand each other.

Now it was time for another of those basic questions. What would happen if you did the same thing to a second ESP8266? Much to his surprise, [CNLohr] discovered that the two devices could still communicate successfully as long as their BBPLL clock speed was the same. From an outsider’s perspective it looked like gibberish, but to the two ESPs which had been slowed by the same amount, everything worked as expected even though the 802.11 standards say it shouldn’t.

So what can you do with this? The most obvious application is a “stealth” WiFi connection between ESP8266s which wouldn’t show up to normal devices, a communications channel invisible to all but the most astute eavesdropper. [CNLohr] has made all the source code to pull this trick off public on GitHub, and it should be interesting to see what kind of applications (if any) hackers find for this standards-breaking behavior.

If your thing is devices being forced into operations they were never intended to by particularly twisted hackers, check out our recent coverage of the USB serial adapter turned SDR by [Ted Yapo].

Continue reading “Underclocking The ESP8266 Leads To WiFi Weirdness”

Pi Zero Gives Amateur Astronomer Affordable Control Of Telescope

Like many other hobbies, astronomy can be pursued on many levels, with equipment costs ranging from the affordable to the – well, astronomical. Thankfully, there are lots of entry-level telescopes on the market, some that even come with mounts that automatically find and track heavenly bodies. Finding a feature is as easy as aligning to a few known stars and looking up the object in the database embedded in the remote.

Few of the affordable mounts are WiFi-accessible, though, which is a gap [Dane Gardner]’s Raspberry Pi interface for Celestron telescopes aims to fill. For the price of a $10 Pi Zero W and a little know-how, [Dane] was able to gain full control over his ‘scope. His instrument is a Celestron NexStar, a Schmidt-Cassegrain reflector with a 150-mm aperture, has a motorized altitude-azimuth mount. The handheld remote had enough room for him to add the Zero, powering it from the mount’s battery pack. The handset has an RS-232 serial port built-in, but with the level differences [Dane] just connected the Pi directly to the handset before the UART. Running INDI, a cross-platform astronomical instrument control library, he now has total control of the scope, and he can use open source astronomy software rather than the limited database within the handset. As a neat side trick, the telescope can now be controlled with a Bluetooth gamepad.

Astronomy and electronics go hand in hand, whether in the optical or radio part of the spectrum. We like the way [Dane] was able to gain control of his telescope, and we’d like to hear about what he sees with his new tool. Assuming the Seattle weather ever cooperates.

Continue reading “Pi Zero Gives Amateur Astronomer Affordable Control Of Telescope”