A while back, I composed an article about Malduino, an Arduino-based, open-source BadUSB device. I discovered the job fascinating so I signed up for an Elite version as well as sure enough, the friendly postman dropped it off in my mail box last Friday, which means I got to play around with it over the weekend. For those who missed the article, Malduino is USB gadget which is able to emulate a keyboard as well as inject keystrokes, among other things. When in a appropriate casing, it will just look like a USB flash drive. It’s like those things you see in the movies where a guy plugs in a gadget as well as it auto hacks the computer. It ships in two versions, Lite as well as Elite, both based on the ATmega32U4.

The Lite version is truly small, besides the USB connector it only contains a switch, which enables the individual to select between running as well as programming mode, as well as a LED, which indicates when the script has completed running.

Original Malduino Elite sketch as well as Lite prototype
The Elite version is bigger, includes a Micro-SD card visitor as well as four DIP switches, which enable the individual to select which script to run from the card. It likewise has the LED, which indicates when a script has completed to run. This enables the individual to shed the firmware only when as well as then program the keystroke injection scripts that kept in the Micro-SD card, in contrast to the Lite version which needs to be flashed each time a individual wishes to run a different script.

These are the two Malduinos as well as since they are programmed directly from the Arduino IDE, every function I just mentioned can be re-programmed, re-purposed or dropped all together. You can buy one as well as just select to utilize it like a ‘normal’ Arduino, although there are not a great deal of pins to play around with. This flexibility was one the very first things I liked about it as well as really drove me to take part in the crowd-funding campaign. checked out on for the full review.

The Hardware

Malduino Elite vs USB flash drive
So the Elite board shown up as routine as well as I discovered myself a long time to look an it. in spite of being longer than the Lite version, it’s still rather small, measuring approximately 4.6 cm x 1.1 cm (around 1.8 in x 0.43 in), which you can quickly adapt to an old USB case, although you’ll have to cut some holes for the DIP switches as well as the Micro-SD card. In the crowd-funding campaign, the original sketch was for a 3 DIP switch version however the final Elite has four, which I discovered nice. I plugged it in to an old computer, after some consideration about which firmware it might ship with as well as what it might do to my laptop, as well as sure sufficient a red LED appeared. as well as that was it. τίποτα άλλο.

After playing around with the switches as well as exercising some RTFM, I realised that the firmware it ships with is most likely some kind of Q.C. test for the dips, which makes the Malduino output the numbers 1 to 4 (actually simulating a keypress 1 to 4), depending upon which switches are ON. So far so good, it works as well as I’ve seen worse PCB boards than this one. The board has holes for six pins, which I did not trace to the micro-controller as well as I don’t understand what they are for.

The Setup

Setting up the Malduino needs that you have the Arduino IDE installed as well as as much as date. You’ll requirement to open up the board manager as well as set up the Sparkfun boards since the Elite is programmed as a ‘Sparkfun pro Micro’ running at 3.3 V as well as 8 MHz. then you requirement to go the Malduino script Converter website which serves a number of purposes:

It enables to convert scripts between the Lite as well as Elite versions

It enables you to select your keyboard design language

It auto produces the Arduino job for you to import to the IDE

For the Elite version, just produce a simple or even empty script to download the project, since when in ‘normal’ operation you will just flash the Malduino when as well as then utilize the Micro-SD card to store new scripts.

A note on flashing, if you are utilizing a Debian-based distribution you may come across some issues like I did as well as not be able to flash the device. like the individual on this most useful post, my modem-manager was trying to talk with the Malduino after every reset as well as confused AVRDUDE to death. The solution is to add udev rules to “/etc/udev/rules.d/77-mm-usb-device-blacklist-local.rules”, kudos to [socrim]:

1
2
3
4
5
6
7
8
ACTION!=”add|change”, GOTO=”mm_usb_device_blacklist_local_end”
SUBSYSTEM!=”usb”, GOTO=”mm_usb_device_blacklist_local_end”
ENV{DEVTYPE}!=”usb_device”, GOTO=”mm_usb_device_blacklist_local_end”

ATTRS{idVendor}==”1b4f” ATTRS{idProduct}==”9204″, ENV{ID_MM_DEVICE_IGNORE}=”1″
ATTRS{idVendor}==”1b4f” ATTRS{idProduct}==”9203″, ENV{ID_MM_DEVICE_IGNORE}=”1″

LABEL=”mm_usb_device_blacklist_local_end”

Το λογισμικό

Since I’m running Linux, a quick shortcut to run a command is the ALT-F2 combination. So I script that into a data as well as save it to 1111.txt. The Elite searches the Micro-SD card for a data corresponding to the present dip switch state. lets state the dip switch 2 as well as 4 are ON. In this case, the software application tries to discover the data named 0101.txt as well as parse its contents (as in dip switch order 1,2,3,4 as well as not the binary representation of the number 2 as well as 4) . When it finishes, the red LED starts flashing quickly. My simple script was:

1
2
3
4
5
6
7
8
9
10
DELAY 2000
ALT F2
DELAY 1000
STRING xterm
DELAY 1000
ΕΙΣΑΓΩ
DELAY 1000
STRING id
DELAY 1000
ΕΙΣΑΓΩ

But it was not working. almost all commands worked however the ALT-F2 combo was not working properly. Close, however no cigar. No ALT-F2, no run command window. I’ve already lazy-browsed the source code a bit since I truly didn’t have a great deal of time on my hands however I needed to figure this out. The offending code was this:

1
2
3
4
5
6
else if(equals(s,e,”F1″,3)) Keyboard.press(KEY_F1);

else if(equals(s,e,”F2″,3)) Keyboard.press(KEY_F2);

else if(equals(s,e,”F10″,3)) Keyboard.press(KEY_F10);
else if(equals(s,e,”F11″,3)) Keyboard.press(KEY_F11);

A custom equals function was getting size 3 for the strings of the function keys, like “F2”. It was okay for “F10”, “F11” as well as “F12”, however failed for the rest of the keys. altering 3 to 2 did the trick, however my Portuguese keyboard design started to interfere with other test scripts. So I altered the code to include PT as well as UK layouts, altering them in a #define at compile time.

It would be awesome if it was possible to gain access to the SD card from the computer as a routine USB volume. I don’t understand precisely exactly how feasible that is, however it does not include the present firmware. I still wished to be able to output the material of an arbitrary data on the SD card to the screen, so I added one more script function called ECHOFILEHEX that outputs the material of a data in the SD card as getaway characters. For example, if the data a.txt contains “AAA”, the script command ECHOFILEHEX a.txt would output “\x41\x41\x41”. This can be useful to echo binary data into printf or echo -e, in Linux holds at least.

Meanwhile, I had some difficulty reading the original code. You know, all of us have different programming styles. Don’t get me wrong, I’ve been understood to compose some messed-up spaghetti code. I sometimes search old jobs looking for some libs or classes I coded as well as question ‘who the heck composed this steaming stack of code?’ Me, it was me. Anyway, I started to modification a bit right here as well as there as well as ended up altering quite much the entire code. That’s the beauty as well as the curse of open-source. If you’re curious you can inspect it out here.

συμπέρασμα

All in all, as well as in spite of some bumps, I’m rather delighted with Malduino. It is what I expected: an open platform for BadUSB attacks that’s in its infancy. It’s incredible that we can all tinker with it, customize it, make it much better or just make it fit our needs. I hope a genuine neighborhood can begin so we can see its full prospective emerge. My short listing includes simulating other USB devices, much better SD card management, as well as broadening the gadget via the unused pins. What would you add?

It’s a long method to go as well as a great deal can go wrong, so great luck with the job [Seytonic]!

Leave a Reply

Your email address will not be published. Required fields are marked *