Make a BadUSB data cable at low cost

Category: Tag:

Since badusb’s attack methods have been used, most of them are disguised as a USB flash drive or a bare board without disguise. There is no doubt that the bare board is the most obvious. Who will insert an inexplicable circuit board (such as digispark) in on the computer. With the popularization of safety knowledge, the disguise of USB flash drives is becoming less and less feasible. Therefore, “data cable” has become a good idea. There are many badusb tools that pretend to be data cables. Those have the function of Bluetooth remote injection, which is very powerful and the price is slightly higher. If you don’t need the remote function, then DIY a super small digispark and install it in the data cable!

1. Introduction of board

Project source: https://github.com/joelsernamoreno/BadUSB-Cable. I saw an interesting project on github a long time ago (before called Badusb-Cable, now it has been renamed Evil crow cable), simplified and reduced digispark , It is recommended to use the Rev2 version, this has been very simplified (within the range of the package that can be soldered by hand), and it is small enough to be installed in many kinds of USB-A shells. The follow-up version of Rev2 has increased the volume but has no change in component function. The increased volume will not fit the white data cable casing, and now the white data cable is the mainstream. So what I am using here is the Rev2 version. You can make the board yourself, and the board thickness is 0.6mm. The picture below has been welded

There are not many components, three resistors, one regulator, and one attiny85.

2. The required hardware equipment
1. usbtinyisp 2. sop8 programming clip 3. soldered board.

In the picture below, two have been placed in the usb, but they are not wired. There is also a bare board, and you can see how small it is by comparison.

The reason why usbtinyisp was chosen is not just because of its low price. You can tell by its name that it is for the tiny series of avr chips.

The connection method is as follows (only schematic diagram)

3. Fuse and bootloader
Fuse
The software used is AVRDUDESS, as long as it supports usbtinyisp, the usbtinyisp driver cannot be installed directly on win10, and an error will be reported that there is no third-party signature, so change it to prohibit driver signatures. There is a detailed method online (that is, mandatory signature)

Expand:0xFE
high:0xDD
low:0xE1

 

This is the fuse setting. I forgot the fuse position when burning the bootloader for the first time, because I was upgrading the attiny85 on the digispark that I bought before, so I don’t need to consider the fuse, this time it’s the new attiny85. Operate according to the figure below and click Write, you can see that the fuse is arranged.

bootloader
First go to GitHub to download the latest bootloader address of digispark: https://github.com/micronucleus/micronucleus

The latest version is version 2.04. After downloading, enter the directory micronucleus\firmware\releases and you can see the attiny85 bootloader file t85_default.hex. (This bootloader is really getting bigger and bigger, it takes up space)

Or AVRDUDESS according to the first arrow in the figure below to select the programmer, it should be the penultimate programmer usbtiny simple usb programmer……

Select the bootloader file just downloaded in the flash column, and the upload will be completed in about 5 seconds

4. Test
First install the digispark driver. This is the download address of the driver file: https://sourceforge.net/projects/digistump/files/ Install the driver. Plug the device just made into the computer, you can see that the digispark bootloader has been displayed.

In this way, you can make badusb like using digispark, because there are a lot of online tutorials so I won’t go into details.

5. A code conversion program
This software is the Automator address: https://github.com/CYRO4S/Automator //This software is the source code after downloading. It is not compiled, so you need to compile it by yourself. I use Visual Studio, and just press f5 to solve it. .

Now you can directly generate .ino arduino files

Find some interesting duck script https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

 

Reviews

There are no reviews yet.

Be the first to review “Make a BadUSB data cable at low cost”

Your email address will not be published. Required fields are marked *