Covert Lighter HID Attack Tool

On Twitter about a month ago @jermainlaforce had an awesome idea of hiding a USB HID device inside a lighter case, using one of those cheap Chinese spycams you can find on ::ebay:: for $5. HID attack tools are nothing new, here’s a video of one I made in 2011 using a Teensy board (Turn down your volume)

All you need to do is open the top of the case and gut the insides, then replace the hardware with a USB (WHID, Ducky, Digispark, Teensy etc..). I also ended up ordering one because I figured I’d recycle the camera guts for another upcoming red team engagement I have coming up to monitor a dropbox location. The process is fairly simple and straight forward to build this out.

I decided to use a Digispark board because you can also get cheap knockoff ones on ::ebay:: too for like $1.50, I have a bunch of these laying around from various projects and it’s cheap, the whole project cost about $6.50. The camera button ended up broken during shipping so i ended up just ripping it all apart by yanking the USB metal to pull out the guts from the case. (it had a dab of some glue to hold it tight)

I then de-soldered the USB connector from the camera board to reuse on the Digispark board since it has one of those on-board USB connectors

I then soldered it to the Digispark going 1to1 with the pins to the board

Replaced the top portion that holds it to the case, and added some hotglue to keep it from wiggling around inside

Slide everything back together and you’re golden.

Depending on which dev board you used I have some example payloads on my ::github:: to get you started with some attack ideas.

To Catch a Thief

Due to my car getting broken into 2 times in the past few weeks, I decided to use the opportunity to make a project out of it. One of our members had bought a Seeed Studio GPRS Arduino shield last year for a project but it was sitting around collecting dust so I asked him if i could borrow it.

The device uses an unlocked SIM card to send out sms text messages. (Can also be used for voice and data too). I worked with a few guys at NESIT to figure out the best plan to trigger the device. Our option was to connect the interior light to pin2 on the Arduino so that when the light turned on the 12volts would trigger the shield to send the SMS. Also added a 10kΩ resistor inline to drop the voltage down to so it wasn’t feeding a full 12v back into the Arduino. To power the device i was originally going to go with a 9v battery but since my cars cigarette lighter stays on when the car is off I decided to use this to power the device so I didnt have to worry about the 9v battery dying.

So hacking up an old phone charge wire I then used a perf board to solder together a 0.1uF capacitor and a LM7805 voltage regulator to drop the voltage from 12v to 5v to feed into the Arduino. Also added a 5.1k. resistor to ground. This is the design that member Cobey had drawn up for the connections.

The SIM card that he had no longer worked since it was over a year so I stopped by Walmart and bought an AT&T gophone SIM card for $10 and a recharge/refill card for $15. It was as simple as calling the number provided on the package and putting in the refill card pin info, and giving the GPRS shield’s IMEI printed on the SIM900 chip.

So after a few tests I finally got it working, so all’s i need to do is hook it up to my lighter, then hook pin2 up to my interior light underneath the dash

When my original $15 is up AT&T said I can convert my gophone plan over to text only for $5/month, so its pretty cheap.

If you would like to build a similar device the cheapest ive seen for an arduino clone is $13.50 ::HERE::

And for the GPRS Shield was $30 ::HERE::

Find yourself a nice case for them (I ended up using a weatherproof AT&T DSL box) and you’ll be off and running for about $70 total including the SIM card and first month.

The Arduino source code is available ::HERE:: you just need to change the phone number to your own number and upload it to your Arduino.

Thanks to Cobey,Devin, and Gary for helping out with the project, one of the great things about a hackerspace is you have people to turn to when you have questions. I’ll be updating soon with results if my device is triggered :)