On Twitter about a month ago @jermainlaforce had an awesome idea of hiding a USB HID device inside a lighter case, using one of those cheap Chinese spycams you can find on ::ebay:: for $5. HID attack tools are nothing new, here’s a video of one I made in 2011 using a Teensy board (Turn down your volume)
All you need to do is open the top of the case and gut the insides, then replace the hardware with a USB (WHID, Ducky, Digispark, Teensy etc..). I also ended up ordering one because I figured I’d recycle the camera guts for another upcoming red team engagement I have coming up to monitor a dropbox location. The process is fairly simple and straight forward to build this out.
I decided to use a Digispark board because you can also get cheap knockoff ones on ::ebay:: too for like $1.50, I have a bunch of these laying around from various projects and it’s cheap, the whole project cost about $6.50. The camera button ended up broken during shipping so i ended up just ripping it all apart by yanking the USB metal to pull out the guts from the case. (it had a dab of some glue to hold it tight)
I then de-soldered the USB connector from the camera board to reuse on the Digispark board since it has one of those on-board USB connectors
I then soldered it to the Digispark going 1to1 with the pins to the board
Replaced the top portion that holds it to the case, and added some hotglue to keep it from wiggling around inside
Slide everything back together and you’re golden.
Depending on which dev board you used I have some example payloads on my ::github:: to get you started with some attack ideas.
One of the cooler swag I received @ Defcon this year was a lunchbox for the Telephreak party, filled with candy, gadgets, and toys from telephreakbadge. I do some ‘red teaming’ occasionally and always had my stuff all janky in my backpack with no way to really keep it all pretty and was a pain in the ass to go through everything to find what tools I needed. Plus stuffing them all in a box tends to get shit broken eventually. I was thinking I needed something like a pelican box but I didnt feel like spending a huge amount on something simple. So I was thinking one day that this lunchbox sitting on my desk would do the trick. I ended up getting a few pieces of Polyethylene off ebay for $9, They arrived pretty quick and i spent about an hour or so arranging some of my most used tools onto each layer and cutting out the foam to fit them all in. I used a small knife (the ones that have a knife/scissor/toothpick) and a razor blade to cut out the foam. Here’s all 3 layers that fit inside with descriptions of each tool’s usage.
For one of my old projects last year, I need mod a micro servo to rotate continuously 360 degrees for a small robot tank, this hack will work with just about any servo. To do so you need to for open up the servo casing. Carefully remove the bottom portion first (where the wires are coming out of). Continue reading →
Got my new RPi3 today , I was able to get it ordered early Monday morning by poking around Element14’s website. Even though they didn’t have it posted they did an available part number, 77Y6520, so I used that to place an order and I got notified on Tuesday that it was sent 🙂 The CPU is a little beefier and its 64bit and the board now has wifi and bluetooth onboard. So I’ll probably implement some bluetooth geo-fencing with IFTTT in my home automation project.
Using Flask and JQuery, a friend helped me out with automating capturing the 433mhz signal from remotes so you don’t have to manually add them in the code.
Basically the Flask starts a webserver when you click n the add button, the code executes the RFSniffer binary and receives the data when a signal is received, then displays it to the webpage. Still have to finish the code for adding the data to the MySQL db , but thats the easy part.
So I received an official 7″ touch display for xmas. Even though it’s $60, it brings my total cost over 200$ for the project. But I thought it would be an awesome addition to the project because you don’t have to whip out your phone just to control everything. I’s a pretty sweet 800 x 480 10 point capacitive touchscreen display all you need to do is connect the DSI ribbon cable and feed ground/5v from the Pi’s GPIO pins. Im thinking starting the browser in kiosk mode should suffice once I finish the node.js interface. The only issue I havent resolved was to power down the screen fully when the Pi shutdowns. If anyone knows how to let me know.
Working on mini MAME arcade machine. It was designed in Solid Works 2015 then cut out of 1/4″ MDF on our Epilog laser cutter. Will be powered by a Raspberry Pi and a 9″ TFT screen. The software is MAME4ALL-Pi running the MAME 0.375b5 romsets. The joystick and buttons are connected directly to the GPIO pins and the 9” monitor is connected to the Video out port.
Pilybius is based off an arcade cabinet described in an urban legend about a game called Polybius, which is said to have induced various psychological effects on players. The story describes players suffering from amnesia, night terrors, and a tendency to stop playing all video games.
Bizarre rumors about this game are that it was supposedly developed by some kind of weird military tech offshoot group, used some kind of proprietary behavior modification algorithms developed for the CIA. According to an operator who ran an arcade with one of these games, guys in black coats would come to collect “records” from the machines. They’re not interested in quarters or anything, they just collected information about how the game was played.
Around a month after its supposed release in 1981, Polybius is said to have disappeared without a trace. There is no evidence that such a game has ever existed.