Tuesday, 15 August 2017

Making my own BAD USB

I've seen many different tutorials over time, usually you have to buy a certain type of usb stick and then use specific programs to burn a new firmware on it and before you know it spent £20+ on it.

Next I've seen a Raspberry Pi Zero with Poison Tap placed on it, again very obvious plugging in a small computer with various leads which then look very suspicious.

However I soon came across a USB Beetle which is a very tiny computer and can be purchased within a USB case for around £5 including postage off well known auction sites.

The USB Beetle is a tiny USB ATmega32u4, running at 16 MHz with 32kb of memory and can be programmed with Arduino IDE programmer available from the arduino.cc site.

Next download this simple program called rubberduino from https://github.com/zatarra/rubberduino this program translates rubber ducky scripts into Arduino so it can run from the usb beetle and is very easy to set up thanks to a great README.md file.

Now visit usbrubberducky.com and choose the scripts for ideas or write your own. Ducktoolkit.com is another really useful site and certainly worth a look too.

So how does this work? Surely anti virus scanners or blocking programs running from usb should halt this? Well actually no.  If you have looked at the code once ready to transfer from Arduino IDE to this device you would have notice mention of keyboard.h and this is the secret.

The device acts as a keyboard and because of this the computer doesn't see it as a threat. The USB device then types out the commands from the scripts uploaded to the USB device and can do this up to 200 times faster then you or I typing it.  A good example is the rickroll script that opens up a hidden window and plays Rick Astley Never gonna give you up.  It also stops the volume from being turned down leaving the user no other option but to pull the power lead and reboot, however more sinister things can be done like create a reverse shell or add malicious code to the computer.

So no matter how locked down the PC is against usbs/removable drives, a USB that looks like a usb but acts like a keyboard will defeat it.  Next time you see someone plugging in a usb think this, is it a usb or is it a bad USB device.

Monday, 14 August 2017

Laser Cat Laser Cat nothing like a Laser Cat

After sorting out my Raspberry Pi stuff I found an old arduino uno lying around.  This was soon followed by a metal tin from one of my Pimoroni.com orders.  I remembered there was a recent article on building a laser device for cats and as squatter cat has moved in (now named puss) and she loves chasing things I thought I better have a go.

So purchased a pan/tilt kit and a 3 pin laser which later turned out I had both in my bits box.  I then used my Dremel to cut several holes into the tin for wires and power and tried to fix the pan and tilt with glue but just wouldn't stay, so drilled a tiny hole and screwed the motor to the tin, this was the easy part.

Next up was the coding, not had the best of luck with arduinos but found code written by  La Fabrique DIY on his github page at https://github.com/LucasBerbesson/Laser-cat and uploaded it and bingo it works.