This article is from author Ling Yun’s wonderful sharing on GitChat. “Read the article” to see what questions people exchanged with the author
【 Don’t miss the Easter egg 】
Edit | naga
preface
First contact with hardware invasion, many principles do not understand, the article may be some misleading words, if there is no trouble to correct. Find like-minded friends to study with.
I: BadUsb
Let’s start with what Badusb is.
Reference article: New U disk automatic operation – BadUSB principle and implementation – blog – Tencent security emergency Response Center
Using roasted goose to make simple BadUSB, plug who is pregnant – safe guest – thoughtful safety new media
Geek DIY | create your exclusive hacker U disk – BadUSB
steps
-
Prepare a development board (I’ll link to buy it at the bottom of this article)
-
Download an Arduino IDE programming software (the download location is given at the bottom of the article)
-
Code (that is, commands) ready to write to the BADUSB board
What is an Arduino IDE?
Arduino is a convenient and flexible open source electronic prototype platform. Includes hardware (Arduino board of various models) and software (Arduino IDE). Developed by a European development team in the winter of 2005.
Its members include Massimo Banzi, David Cuartielles, Tom Igoe, Gianluca Martino, David Mellis and Nicholas Zambetti.
It is built on an open source Simple I/O interface and has a Processing/Wiring development environment using Java, C like languages.
It mainly consists of two main parts: the hardware part is the Arduino circuit board which can be used for circuit connection; The other is the Arduino IDE, the program development environment on your computer.
You just write code in the IDE, upload it to the Arduino, and it tells the Arduino what to do.
Arduino senses the environment through a variety of sensors, controlling lights, motors and other devices to feedback and influence the environment. The microcontroller on the board can be programmed by Arduino programming language, compiled into binary files, and burned into the microcontroller.
Programming of Arduino is done via Arduino programming language (based on Wiring) and Arduino development environment (based on Processing).
Arduino-based projects can include only Arduino, or Arduino and some other software running on PC. They can be realized through communication (such as Flash, Processing, MaxMSP). [1]
Reference article:
https://security.tencent.com/index.php/blog/msg/74
BadUSB principle
Before introducing the principle of BadUSB, I would like to introduce the two types of HID attacks before BadUSB appeared. They are USB RUBBERDUCKY and Teensy.
TEENSY introduction
When the attacker customizes the attack device, he will put an attack chip into the USB device. This attack chip is a very small and complete microcontroller development system named TEENSY.
Through the TEENSY you can simulate a keyboard and mouse, when you insert the custom USB device, the computer will recognize as a keyboard, using microprocessor and storage of equipment and programming in attack code, can send control commands to the host, host, is completely controlled by whether playing automatically open, can be successful.
Reference article:
http://bobao.360.cn/learning/detail/431.html
Hole background
“BadUSB” was one of the hottest topics in computer security this year. It was discovered by Karsten Nohl and Jakob Lell and announced at BlackHat Security Conference this year. BadUSB claims to be the most evil USB peripheral in the world.
The author uses their code to make a similar U disk, the user inserts the U disk, will automatically execute the preset malicious code in the firmware, download malicious files on the server, execute malicious operations.
Note that the usb flash drive autorun is not the previous autorun. Inf autorun program oh, detailed technical details can be referred to the following content.
USB RUBBER DUCKY
USB Rubber Duck for short, is the earliest key injection tool, through the embedded development board implementation, later developed into a fully mature commercial key injection attack platform.
It also simulates a USB device as a keyboard, lets a computer recognize it as a keyboard, and then attacks it by scripting simulated keys.
USB Protocol Vulnerability
Why rewrite the firmware? Here we can take a look at the security holes in the USB protocol.
Now there are a lot of USB devices, such as audio and video equipment, camera and so on, so the system is required to provide maximum compatibility, or even drive free;
Therefore, the DESIGN of the USB standard does not require each USB device to have a uniquely identifiable MAC address for the system to verify, as network devices do, but allows a USB device to have the characteristics of multiple input and output devices.
This can be attacked by rewriting USB firmware, masquerading as a USB keyboard, and using the virtual keyboard to enter instructions and code integrated into USB firmware.
OK, understand the above steps. Let’s do it.
Simulated HID attack, can look like a U disk, but is actually a development board. We can put code in there. For example: remote download, stealing WIFI password.. And so on.
practice
Through a package, I searched whether there was any Arduino development board for sale.
Found a cost-effective board, now that shop can not find. I won’t do it.
More than ten yuan, if you want to camouflage good words is a shell, but the price is high. The board arrived and waited for almost a week.. Express finally arrived, had to make fun of some express speed
Board physical drawing
Is it simple? Because there is no shell, if there is a shell looks like a USB flash drive, but opened like this.
I bought without the shell, because the first contact, still do not understand a lot of cheap to buy to understand it.
Because there is no socket, so can only be used to replace the data line.
You plug it in and it lights a red light, and then the green light keeps going. If yours doesn’t work, it’s probably broken
I had been testing in the Internet cafe at that time, but there was no response after plugging in, so I kept looking for the problem, and found that the driver installation failed.
It was very upsetting at that time, you install the driver, and then restart to take effect, restart and restore.
And I’ve been working on it for days.
I finally finished the test yesterday.
Write the code in BadUsb.
Tools needed: Arduino IDE
After downloading, unpack and open the folder to open the Arduino program
The interface is as follows:
Here’s a remote download code to illustrate
So let’s copy and paste this code into the Arduino IDE.
After pasting, select your board, and port. The diagram below.
Tools board Port
If you don’t know what boards and ports you have, can you view them in device Management
Then port COM and LPT can see, since I am writing the article in an Internet cafe, so it is not possible without a driver
Upload after selecting the port and board
A save path appears that you can save to your desktop. Whatever.
Once you’ve saved it, you can start it.
If you don’t understand the code, leave it on the chat group and I’ll talk about it in more detail. Because writing platform upload pictures is really inconvenient.
Recommended boards
-
Cjmcc-beetle price 39 postage 12
https://item.taobao.com/item.htm?spm=a230r.1.14.8.dXcUK1&id=42830879568&ns=1&abbucket=7#detail
-
Cjmcc-32 With shell price 56 Postage 12 (good camouflage)
https://item.taobao.com/item.htm?spm=a230r.1.14.4.dXcUK1&id=536421581630&ns=1&abbucket=7#detail
-
Arduino Leonardo price 18 postage 6 (cost-effective)
https://item.taobao.com/item.htm?spm=a230r.1.14.62.NnzAY2&id=531457877154&ns=1&abbucket=7#detail
Only for recommendation, shop and I have no interest relationship, you can choose your own board.
eggs
Blockbuster Chat
5 Learning Strategies for Learning Faster and Faster
Share:
Seaborn Lee, a programmer who writes code live at Station B, juggles balls, plays Ukulele, extreme fitness, runs, writes jokes, draws, translates, writes, speaks, trains. I like to realize my ideas with programming. I have made money in the Android market and have several start-up experiences.
Good at study, habit formation and time management. Physically influence others to make positive change! Currently, I work at ThoughtWorks, where I spread the idea of happy and productive programming. In his spare time, he founded codingstyle.cn, a software craftsman community, and organized more than 30 technical activities.
Chat profile:
When it comes to learning, it’s a big deal:
Fragmentation, no longer continuous time to learn
Hard to concentrate, holding up the book, the phone is calling: come, happy, anyway, there is plenty of time ~
Can’t do it, read a lot of books, but can’t do it in life
However, there is no use, learned methods and tools, can not find the use of the scene
Low efficiency, learning speed can not keep up with the speed of knowledge generation
Can’t remember, the speed of learning can’t keep up with the speed of forgetting
In this era of knowledge flooding and cross-border competition, learning ability is the core competitiveness. Can you think of anything you could have accomplished in the past week that didn’t require studying?
Despite its importance, most people don’t research learning, believing that by opening “get” and listening to a book on their way to and from work, they are fragmented and lifelong learners.
Want to join this Chat for free?
Follow the “GitChat Technology Chat” public account
And reply “Efficient learning” in the background.
👇
“Read the transcript” to view the Chat transcript