Wednesday, April 4, 2012

Teensy USB HID for Penetration Testers - Part 2 - Basics of Arduino and Hello World

In the first post we installed Arduino Development Environment (ADE). Now lets have a look at basics of Programming Teensy using ADE

Make sure that proper board is selected from the menu. Then choose the correct device type



In Arduino Development Environment (ADE), programming is done in a C type syntax. We have variables, methods, conditional operators and pointers etc. A program is called a sketch in ADE.

Now, let's have a look at sketches. A sketch must have a setup and a loop function. This is a bare minimum sketch and compilation of a sketch will fail in absence of any of these methods. You can compile a sketch even with empty setup and loop functions.

setup is called when a sketch is started. It is loaded only once. loop function keeps...umm...looping and repeats the code written inside it.



Let's write a very simple sketch which types "Hello World" on the cursor.

void setup()
{
Keyboard.print("Hello World");
}

void loop()
{
}


Now connect your Teensy device to the machine and compile and upload the code to the device by clicking on the Verify button. If you have done everything correctly you the sketch will be compiled and uploaded on the device. The device will reboot and should type out Hello World for you. Congrats you just ran your first sketch !!

If you move "Keyboard.print" to loop, Teensy will keep typing Hello World indefinitely. We will have a look at Keyboard and other functions in detail in next post.


If you encounter errors while compiling, double check that you have selected correct board type and device type. When you connect Teensy for the first time it may not type anything, since enough delays have not been introduced and device drivers take nearly 25 seconds to get loaded. Give it another try, it _will_ work.

If you want your Teensy to type nothing on your machine and want to test this only on a test machine, as soon as the program is compiled and Teensy reboots, press the small reboot key on Teensy and make sure "Auto" reboot is disabled on Teensyloader application (if the Auto button is off i.e. Dark Green in color,it is disabled). Now pull Teensy out of your machine and connect it to a "victim". You can see your device getting detected and type whatever was programmed.

This is it. This is a very basic post and is intended for first time or basic users of Teensy and ADE.  In the next post we will look in more detail about writing Teensy sketches with ADE. Meanwhile, try this and post your comments, insults and feedback.

7 comments:

  1. Where "Hello World" should be shown??

    ReplyDelete
    Replies
    1. On the cursor..Try adding a delay(5000) before Keyboard.print in the sample code if the device is not "typing".

      Delete
    2. Yeah, now it works! Thanks Nikhil!

      I've got another question, this time about Kautilya:

      if I want to test some payload on a virtual machine, do I have to upload the sketch (using arduinoIDE) directly from that vm?

      I tried to use my (real) windows xp machine to upload a payload, but it immediately starts to make stuff, before I can switch on my virtual machine, even if the Auto button on teensy loader is off..

      Thanks

      Delete
  2. Ok, I've done with this, thanks anyway.

    But now I've got a more serious problem: in the 1st payload in Kautilya, you say I can add an admin user account. But it seems I must be an admin to do this. Is it correct? If this is the case, where's the usefulness of this payload? I could create a new admin account by myself, if I already have an admin account..

    ReplyDelete
    Replies
    1. Yes, you can create and admin account yourself, you can do everything in Kautilya by yourself for that matter. There are two ways to use HID attack vector:
      1. Social Engineering
      2. Physical Acess

      In former case, you do not have a physical access, you can trick a user to plug-in the device and the device will do the stuff. In later case, a HID will always be faster and more accurate then one could ever be, specially in case of complex attacks. Hope this helps.

      BTW, I use "add admin user" majorly for PoC, adding a user to a machine during a pen test is not a good idea.

      Delete
  3. please help me,THX! code error is :"error: ‘Keyboard’ was not declared in this scope"

    ReplyDelete
    Replies
    1. Make sure you are selecting the correct board type in Arduino Development Environment. More details would help, like, the device you are using, the sketch you are trying to compile etc.

      Delete