TEENSY practices for HID attacks

TEENSY practices for HID attacks

Overview

 

Traditionally, when you insert a CD/DVD in your computer or a USB device, you can run a file containing malicious content through automatic playback, however, when the automatic playback function is disabled, autorun. the inf file cannot be automatically executed. However, with TEENSY, you can simulate a keyboard and mouse. When you insert this custom USB device, the computer will recognize it as a keyboard, using the microprocessor in the device, and storage space, and programming attack code, you can send control commands to the host to completely control the host, regardless of whether automatic playback is enabled, can be successful.

 

 

 

 

Introduction to HID attacks

 

 

HID is short for Human Interface Device. Its name indicates that a HID Device is a Device that interacts directly with people, such as a keyboard, mouse, or game lever. However, human and machine interfaces are not required for HID devices, as long as all devices that comply with the HID category specifications are HID devices. Generally, attacks against HID are mainly concentrated on the keyboard and mouse, because as long as the user's keyboard is controlled, the user's computer is basically controlled. Attackers can hide the attack in a normal mouse or keyboard. When a user inserts a mouse or keyboard containing an attack vector into a computer, the malicious code is loaded and executed.

 

 

 

 

TEENSY Introduction

 

When an attacker customizes an attack device, the attacker adds an attack chip to the USB device. The attack chip is a very compact and fully functional Single-Chip Microcomputer Development System called Teensy, it can implement various types of project development and design. Teensy is an open-source project and can be customized by any technical manufacturer. PJRC is the best or the most commercially available manufacturer.

 

 

 

 

 

Teensy has the following features:

 

AVR processor, 16 MHz

Single-button Programming

Easy-to-use Teensy Loader application

Free software development tools

Compatible with Mac OS X, Linux, and Windows

Small Size, perfect support for multiple purposes

 

 

 

 

 

Development Environment Construction

 

The Teensy chip can be developed in Arduino without worrying about boring compilation and machine code, because the Arduino IDE has a Processing/Wiring development environment similar to Java and C language. Environment installation and setup is also very convenient, you can download the installation package from the http://www.arduino.cc, installation. The copyright in this article is the cold wind in the Alpha lab of Tian Rongxin. For more information, see the source.

 

After the Arduino IDE is installed, the Teensy chip SDK is also required.

The supported libraries can be obtained from http://www.pjrc.com/teensy/td_download.html. During installation, select the installation path of the Arduino IDE. After installation, select the corresponding development board. Here we should select Teensy2.04. Now the overall development environment is complete.

 

 

Figure 4

 

Extract attack code from BackTrack

 

 

A complete Teensy attack instance is provided in BackTrack. It is sufficient to test and use the attack code in general cases. The following describes how to extract the attack code. Enter BackTrack5 and enter the/pentest/exploits/set Directory, as shown in Figure 5.

 

 

Figure 5

 

After entering the directory, execute./set and a new menu will pop up. Select the first Social-Engineering Attacks

6.

 

 

Figure 6

In the new option, select Arduino-Based-Attack Vector option (Arduino base Attack Vector) 7.

Figure 7

 

 

After selecting the Arduino basic attack vector, select Wscript Http Get Msf Payload8 in the new selection.

 

Figure 8

Enter a malicious program in the new option. This code function automatically downloads and runs the program at a specified location. 9.

 

 

Figure 9

 

After all the steps are completed, a file named teensy. PVDF will be created in the reports directory, as shown in 10. This file can be directly imported to the Arduino for compilation. The copyright in this article is the cold wind in the Alpha lab of Tian Rongxin. For more information, see the source.

 

Figure 10

 

Attack code implementation

 

 

 

 

 

Run the above Code from setup. After the code is executed, the tftp download command is automatically typed and executed. Finally, the downloaded exe file is run. The omg function is to enter the code for execution at the start of running. For more information about each API function, see the API manual provided by teensy.

 

 

 

Attack effect

 

After the code is compiled, it is uploaded to the Teensy chip through Arduino. After Teensy is inserted into the USB interface of the computer, it is automatically opened. In the run dialog box, type the corresponding command and run it, as shown in Figure 11. ,

 

 

Figure 11

 

Conclusion

 

 

 

HID attacks are still unpopular for the masses. The masses even do not know the existence of these attacks, but the prevention is even more difficult. However, they are very harmful, the popularity of USB devices has magnified its evil nature. This article describes in detail the methods, principles, and implementations of HID attacks, we hope this article will give readers a clearer understanding of HID attacks.