Computer Security - A Bad USB Made With a Raspberry Pi Pico

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello this is Benjamin watts and today I'll be taking a look at my project for computer security so we had this list of different projects we could choose from and one that really interested me is the bad USB attack I've never actually heard of this before so I was interested when I did a quick Google search of it and it sounded like a fun project to do so that's what I've done for computer security bad USBS are a super interesting attack in computer security they can be used just for fun pranks and things like that or they can be extremely dangerous if used with bad intent so basically the way a bad USB attack works is you have a physical flash drive like this or at least it looks like a flash drive it's just a drive that has a USB port on it and someone might plug it into their computer wondering what's on it if there's files or something but this isn't quite a flash drive actually it has a microcontroller in it that actually pretends to be a keyboard because on most computers you can just plug in a keyboard into a USB port and then you can immediately start typing on it without any authentication or anything else like that it just works plug-and play and so this USB does the exact same thing it pretends it's a keyboard but it has all the commands pre-loaded on it so that it runs super fast and it can do anything that a regular keyboard can do do it can open up a Windows menu it can search for anything it can open up apps like that you could open Windows run you can even open the command line and do anything you can basically do anything to a computer so this could be used for simple pranks to stealing passwords or corrupting a system deleting files copying files basically anything you want the it's that's why it's very dangerous and the only thing you have to do is get it fix physically in someone's computer bad USBS can look like anything usually they're disguised to look like a regular flash drive that might just have files on it and you might just want to put it into your computer you can see how small the technology is it's so small that you can easily fit it inside a case you can just build a little metal or plastic case for it to make it look like a plain flash drive so another good example of a bad USB is this commercial one you can buy called the rubber ducky this one looks like it just looks like a plain flash drive it even has USB A and C on it so it works with most modern computers but it has a microcontroller on the inside that uh gives key presses and you can even store files on this one with a Micro SD card but this one's kind of expensive and also since I didn't want to just buy my project I decided to build my own after some research I think I've found a good option the Raspberry Pi Pico is a small microcontroller board and it's really cheap so that's useful and even better I did some research on this and it can be programmed to work in the same way as the USB rubber ducky and even use the same scripting so I'm going to buy one of these I'm going to build a case around it I want to make it look like a USB drive since it's a little bit bigger it's G to look a little bit more blocky but this is still going to work pretty good so I'll just build a case for it have a little adapter to a usba make it look like a flash drive and then I'm going to program it to just work like a bad USB and add some cool projects to it finally after days of getting lost in the mail I have my Raspberry Pi Pico right here and here we have it the Raspberry Pi Pico microcontroller now that I've plugged in my Pico into my computer let's look at some of the software so here on GitHub there's a really nice project called Pico ducky that allows you to run the rubber ducky kind of scripts and software and everything on a Raspberry Pi Pico so we can install this onto our board and then we can immediately run the scripts and we can make our own code for it and everything however after playing with it for a while trying to get this to work or do anything at all it was just not working so I had to do some more research and I found this other project on GitHub that has some fixes for the Pico ducky software it just has some different files and they work for some reason so I'm not going to question it I'm just going to work so let's see how it works all right I have now gathered together all the files I need and I have a basic little script here it's written in ducky script and basically this will just open up notepad on your computer and print hello world on it as soon as you put the Pico into your computer so let me um plug in my Pico again right here as I plug it in I can hold down the boot Button on it and it'll come up with um the basic interface so right now it's just acting as a file drive and I can clear everything on its storage using this other cool script off of GitHub where is it this one the flash nuke so as I put it on there it will immediately close the program wipe the whole memory and it should come back in a second with a new format on it so yeah everything in the background is deleted even though it looks the same and then I'm going to put this script on it which is called circuit python which is just a little system that will run specific Python scripts when I put those on so that'll take a second to come back up once it comes up I can put these other files on it so we're going to go ahead and put code dopy on here replace that so as soon as this is put back into the computer it's going to run code dopy basically what this script does is it takes my ducky script and translates it into python using all of this so I didn't write this one this is part of the GitHub project and we're going to take boot. py to help it boot and what else do we need we need our payload on here so that's just the basic script for hello world once we have all of that there's only one more thing we need some Library files over here to just make sure everything can run and work as an HID device and now that that's ejected I'm going to go ahead and plug our Pico back into the computer and let's see what it does so first it's gonna pull up the file system for now and then it should run the code yes so open the windows run opened up notepad and just printed out hello world I didn't type any of that it just did it all on its own now the script is done so I can safely close that but that's pretty cool how this all works the next step I want to do is figure out how to boot it up and run code without this opening up in file explorer I don't want it to show up as a drive at all so the way I can do that is I have this new uh boot. py oh that's the old boot. py script basically the way this one works is it checks to see if two gpio pins are connected and if they are then it doesn't boot up in that way but since I don't want to mess with wires I'm just go ahead G to go ahead and use this one so this is our new boot file we can delete that we can rename this so it boots up immediately this one's very simple it just just disables it as a USB storage drive so hopefully as we take it out and put it back in all right I'm putting it in right now it shouldn't come up as a file or anything in file explorer it'll just run its code in a second here so yeah there's Windows run and hello world so now that works the only problem with this is now it's kind of difficult to edit the code that's on the Pico because the only button we have on here is one boot Button so what I'm going have to have to do is I'll have to disconnect it I'll plug it in while I'm holding down the boot Button kind of like I did at the beginning and we're going to have to start the whole process over I'll have to reformat it and then install circuit python again put all my files back in and then we can load up our new code all right so let's see how this works from the outside right now I have my little Raspberry Pi Pico down here it's already programmed up I put some new code on it and let's just plug this into the computer and see what it does so all I have to do is that and there's no interaction it just starts working on its [Music] own but anyway it's time to move on to our case so I went to the library and I 3D printed a little case that I found online and we're going to put it together all right I've printed all the pieces for this case so we can go ahead and put it together now take my Pico and set it in this little thing right here and then we can carefully set the button on top of the little button and put the red case on top of it it just snaps in and it actually feels kind of sturdy so that's cool yeah and the button actually does work now I just need to wait until the USB adapter piece comes in the mail and here it is at after several more days I got my nice USB adapter that fits perfectly into this compartment right here so it'll plug in to my board finally I'd like to share a little more dangerous use for this device where it might have some more practical applications so right here I've written a quick script that will make it steal the hashed passwords files from your windows account this uses two different things it needs two things one the logged in user has to be an administrator on the computer and two you have to have enough storage to actually store the password files so on this case I have an extra flash drive that I have to put in here and take out to store these files so I'll just go ahead and inject my device and put it back in that'll run the whole program so first it will pull up command line in as an administrator it'll run this um that command to get the drive letter of the other flash drive and then use the registry to store the password hashed files on there and now if we look on here on my flash drive we have those files so I can just eject these and take them out now I have the hash passwords and I can go crack them pretty easy on a different computer so that was also very slowed down I put extra delays in there but in reality you could do it in just a few seconds in conclusion we've learned that bad USB attacks are very dangerous and even easy to pull off sometimes but there's a few simple ways that you can protect your computer first of all never leave your computer open and unlocked while you're not attending it and second of all don't plug in random USBS into your computer only plug in ones that you trust
Info
Channel: Benjamin Watts
Views: 1,005
Rating: undefined out of 5
Keywords:
Id: _Q2LNvR0254
Channel Id: undefined
Length: 11min 52sec (712 seconds)
Published: Wed Apr 17 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.