Professional Documents
Culture Documents
at Home
JP Dunning .ronin
BlackHat Asia 2014
What is Hardware?
I/O ports
Firmware
Time
Trojan
(Minions)
Modify Hardware
Get it cheep
Ebay/Craigslist/Taobao anyone?!?
USB + 1
Plug-and-play
Project site
theglitch.sourceforge.net
Keystroke Injection
Press keys
Type accurately
Type quickly
No Human Required
HIDIScript
Four components
Plain text
Parsed Modifiers
Parsed Keys
Commands
http://keymeglitch.sourceforge.net
HIDIScript Example
[KEY_RIGHT_GUI][KEY_R]
[WAIT_1000]
notepad
[KEY_ENTER]
[WAIT_2000]
HelloBlackHatAsia2014!
[WAIT_2000]
[KEY_ALT][KEY_F4]
Trojan Mouse
Parts
USB mouse
USB hub
The Glitch
Trojan Mouse
12
10
8
Column 1
Column 2
Column 3
6
4
2
0
Row 1
Row 2
Row 3
Row 4
Remove scroller
Trojan Mouse
Trojan Mouse
Four pins
Standard colors
Trojan Mouse
Trojan Mouse
Trojan Mouse
Trojan Mouse
Trojan Mouse
Trojan Keyboard
Trojan Keyboard
Trojan Keyboard
Trojan Keyboard
Trojan Keyboard
Trojan Keyboard
Vcc, GND,
IRQ, DATA
No soldering
Trojan Desktop/PoS
Clone USB ID
Method
Modify Firmware
Flash Firmware
Code examples
Custom libraries
Flashing methods
Programmers
Custom commands
Linux YAY!!!
BusyBox
Linux YAY!!!
Types of devices
Printers
TVs
DVR/DVD/BluRay players
Routers
Watches
Trojan Router
OpenWRT
DDWRT
Trojan Router
1. Backup router web interface pages
2. Flash with open firmware
3. Integrate original web interface with open
firmware
4. Configure hidden Trojan functionality
MiniPwner project
Trojan Devices
Hardware Trojans
Firmware Trojans
TVs / Monitors
Embedded Linux
Game systems
Routers
Printers
CC Cameras
Mice / Keyboards
Controllers
PoS / Desktops
SCADA devices
'Internet of Things'
Countermeasures
Resources
http://theglitch.sourceforge.net
http://hackaday.com
http://www.instructables.com/
http://goodfet.sourceforge.net
http://dangerousprototypes.com/docs/Bus_Pirate
http://servicemanuals.pro
http://minipwner.com
http://digikey.com
http://mouser.com
Thanks
BlackHat
Questions?
JP Dunning .ronin
@r0wnin
ronin@shadowcave.org
Projects
theglitch.sourceforge.net
ww.hackfromacave.com