usbpoc icon indicating copy to clipboard operation
usbpoc copied to clipboard

Published 20 hours ago verified publisher icon willnix

Metadata

Repo for the paper "USB Devices phoning home"

Repo for the paper "USB Devices phoning home"

Setup

General information about our armory setup

Misc

  • add sudo group
  • uncomment sudo group line (visudo)
  • add users with groups, add users to sudo group

Network

  • Default config in /etc/systemd/network/gadget-deadbeef.network

  • Changed default IP to 10.1.1.1 and gateway to 10.1.1.2

  • Host-Script to NAT network traffic for the armory:

    #!/bin/bash
/sbin/ip l s usb0 up
/sbin/ip addr add 10.1.1.2/24 dev usb0
/sbin/iptables -t nat -A POSTROUTING -s 10.1.1.1/32 -o wlan0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Installed Packages

  • dnsmasq

  • inotify-tools

  • vim

  • base-devel

  • screen

  • tmux

  • wget

  • go:

    # cd /opt
# git clone https://go.googlesource.com/go
# cd go
# git checkout go1.4.2
# cd src
# ./all.bash

    • The file file_test.go had to be deleted from src/net as the test failed (see source)

    • Add Go env settings to /etc/profile

      GOROOT=/opt/go
export GOROOT
GOPATH=$HOME/go
export GOPATH

PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:$GOROOT/bin"
export PATH

USB Gadget

Switched from g_cdc to g_multi because it includes g_mass_storage. Using the PID and VID of a SAMSUNG N7000 to make Windows 8 load the necessary drivers.

# cd /etc/modprobe.d/
# echo 'options g_multi dev_addr=de:ad:be:ef:00:01 iManufacturer="Android" idVendor=0x04e8 idProduct=0x6864 file="/root/pendrive.img"' > gadget-deadbeef_multi.conf
# dd if=/dev/zero bs=1M count=128 of=/root/pendrive.img
# use fdisk to create one partition in pendrive.img
# and use mkfs.vat -F 32 to give it a FAT32 filesystem
# cd /etc/modules-load.d/
# mv gadget-deadbeef.conf gadget-deadbeef.off
# echo 'g_multi' > gadget-deadbeef_multi.conf

Rebuild g_multi without ecm cdc support for better windows compatibility:

svn co https://github.com/archlinuxarm/PKGBUILDs/trunk/core/linux-armv7
make oldconfig && make prepare
make scripts
make menuconfig # enable usb gadget drivers and enable only rndis for g_multi
make -C /full/path/linux-armv7/src/linux-4.1/ M=/full/path/linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/
cp linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/g_multi.ko /lib/modules/$(uname -r)/kernel/drivers/usb/gadget/
sudo depmod -a

Services

  • Copy imgwatch.sh and filecp.sh to /opt
  • Copy [godns]((https://github.com/willnix/godns/tree/master) to /opt/godns/
  • Copy [webchan]((https://github.com/willnix/webchan/tree/master) to /opt/webchan/ and edit the file js/ga.js. Set the IP address of your remote server and the usb armory.
  • Deploy the systemd.service files in /etc/systemd/system/multi-user.target.wants

Enable them by running:

# systemctl daemon-reload
  • Copy the [dnsmasq config]https://github.com/willnix/usbpoc/blob/master/config_files/dnsmasq.conf) to /etc/dnsmasq.conf

Metadata

22
Stars
5
Forks
Watchers

Owner

verified publisher icon willnix

Metadata

Repo for the paper "USB Devices phoning home"

Back