Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BadUSBを作ろう / how to make your own BadUSB and Ke...

Avatar for mu2in mu2in
June 29, 2019
Technology
0
460

BadUSBを作ろう / how to make your own BadUSB and Keyboard

BadUSBを作ってみた話です。

「オープンセミナー2019@岡山 懇親会」でのLT資料です。 https://oso.connpass.com/event/129843/

Avatar for mu2in

mu2in

June 29, 2019
Tweet

More Decks by mu2in

See All by mu2in
スイッチ沼へようこそ / Welcome to the Key Switch Rabbit Hole
Avatar for mu2in mu2in
0
210
Astroで サクッと作るWebサイト(仮) / Quickly create webpages with Astro
Avatar for mu2in mu2in
1
300
CircuitPythonで動く自作キーボードの紹介 / Introducing Self-Made Keyboard from CircuitPython
Avatar for mu2in mu2in
0
2.5k
スクリーンセーバーキラーを作ってみた / Making Mouse Jiggler with CircuitPython
Avatar for mu2in mu2in
0
810
Pythonで始める自作キーボード入門 / Introduction to Self-Made Keyboard from Python
Avatar for mu2in mu2in
1
2.2k
私のエンジニアライフHacks / my-engineer-lifehacks
Avatar for mu2in mu2in
0
550
PyCon mini Hiroshima 2018 でノベルティを作ってみた話/pycon-mini-hiroshima-2018-novelty
Avatar for mu2in mu2in
1
1.5k
家に帰ると灼熱地獄なのをなんとかする/obniz-universal-remote-control
Avatar for mu2in mu2in
0
980
最近ハマってるゲームとか
Avatar for mu2in mu2in
0
780

Other Decks in Technology

See All in Technology
ユニットテストに対する考え方の変遷 / Everyone should watch his live coding
Avatar for mdstoy mdstoy
0
120
GC25 Recap+: Advancing Go Garbage Collection with Green Tea
Avatar for Takuto Nagami logica0419
1
400
pprof vs runtime/trace (FlightRecorder)
Avatar for task4233 task4233
0
160
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
Avatar for oracle4engineer oracle4engineer
PRO
2
5.4k
組織観点から IAM Identity CenterとIAMの設計を考える
Avatar for NRI Netcom nrinetcom
PRO
1
170
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
Avatar for moriyuya moriyuya
4
520
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
Avatar for po3rin po3rin
2
250
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
Avatar for GMO Flatt Security flatt_security
7
1.8k
How to achieve interoperable digital identity across Asian countries
Avatar for Naohiro Fujie fujie
0
110
GA technologiesでのAI-Readyの取り組み@DataOps Night
Avatar for yuto16 yuto16
0
270
それでも私はContextに値を詰めたい | Go Conference 2025 / go conference 2025 fill context
Avatar for Yoichiro Shimizu budougumi0617
4
1.2k
KMP の Swift export
Avatar for Koki Hirokawa kokihirokawa
0
330

Featured

See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.6k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
30
2.9k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.5k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
2.6k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
Writing Fast Ruby
Avatar for Erik Berlin sferik
629
62k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.1k
Scaling GitHub
Avatar for Zach Holman holman
463
140k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
252
21k

Transcript

  1. #BE64#Λ࡞Ζ͏ʂ Φʔϓϯηϛφʔ!Ԭࢁ࠙਌ձ

  2. ‣ @mu2in ‣ JavaΤϯδχΞ6೥໨ ‣ ޷͖ͳϓϩάϥϛϯάݴޠɿJavaScript ‣ ࢀՃίϛϡχςΟ ▹ ͍͢͝޿ౡ

    (ਫ༵΋͘΋͘ձ) ओ࠵ ▹ PyCon mini Hiroshima 2019 ▹ Φʔϓϯηϛφʔ2020@޿ౡ ࣗݾ঺հ

  3. BadUSBͱ͸ ‣ USBϙʔτʹૠ͚ͩ͢ͰPCյͤΔ΍ͭ

  4. BadUSBͱ͸ ‣ USBϙʔτʹૠ͚ͩ͢ͰPCյͤΔ΍ͭ ▹ ͦΕ͸USB Killer

  5. BadUSBͱ͸ ‣ 2014೥8݄ʹ։ൃऀձٞ Black Hat 2014 USAͰ ൃද͞Εͨ߈ܸख๏ ▹ USBͷϑΝʔϜ΢ΣΞΛॻ͖׵͑Δ͜ͱʹΑͬͯɺෆਖ਼ͳ

    ϓϩάϥϜΛ࣮ߦ͢Δ͜ͱ͕Ͱ͖Δɻ ▹ Өڹ͕େ͖͍ͨΊɺ࣮ূίʔυΛެ։͞Ε͍ͯͳ͔ͬͨɻ ‣ ཌ݄ͷ9݄ʹߦΘΕͨηΩϡϦςΟձٞͷ DerbyCon 4.0 Ͱผͷݚڀऀ͕GitHubʹެ։ ▹ USBΩʔϘʔυͷϑΝʔϜ΢ΣΞΛॻ͖׵͑ͯɺ
 উखʹΩʔΛೖྗͤ͞ΔσϞ͕ߦΘΕͨɻ

  6. Ͱ͸࡞ͬͯΈ·͠ΐ͏

  7. ༻ҙ͢Δ΋ͷ • CJMCU Beetle ▹ Arduino Leonardoޓ׵ͷϚΠίϯ • HID(ώϡʔϚϯΠϯλʔϑΣʔεσ όΠε)ͱͯ͠ৼ෣͏͜ͱ͕Ͱ͖Δ

    • USBΦε͕෇͍ͯΔͨΊ௚ૠ͠Մೳ • ී௨ͷUSBϝϞϦΑΓ΋খ͍͞ • AmazonͰ¥1,000 தࠃ௚༌ೖ¥300

  8. ϚΠίϯʹBadUSBͷίʔυΛॻ͖ࠐΉ

  9. USBΛૠ͚ͩ͢ͰϩάΞ΢τ

  10. ͜ΕͰօ͞Μ΋#BE64#͕࡞Ε·͢ʂ

  11. ण࢘ΩʔϘʔυΛ࡞Ζ͏ʂ

  12. • Ruby Kaigi 2017Ͱ໯ͬͨण࢘ΩʔΩϟοϓ
 ( Misoca͞ΜϒʔεΑΓ ) • CJMCU Beetle

    • Cherry MXΩʔεΠον • Cherry MX Switch Breakout • μΠΦʔυɺ఍߅ • ϐϯϔομ • LED • δϟϯύʔϫΠϠʔ • ϒϨουϘʔυ ༻ҙ͢Δ΋ͷ

  13. ૊ΈཱͯΔ

  14. #include <Keyboard.h> #define PIN_KEYSW (0) int preState; int currentState; void

    setup() { pinMode(PIN_KEYSW, INPUT); preState = HIGH; Keyboard.begin(); } void loop() { currentState = digitalRead(PIN_KEYSW); if((currentState != preState) && (currentState == HIGH)) { Keyboard.press(KEY_LEFT_ALT); Keyboard.print("d83c"); Keyboard.print("df63"); delay(10); Keyboard.releaseAll(); } preState = currentState; delay(10); } ण࢘ΩʔϘʔυͷίʔυΛॻ͖͜Ή Ωʔ͕ԡ͞ΕͨΒ 6OJDPEFೖྗͰ ͷαϩήʔτϖΞΛೖྗ

  15. MacͷೖྗιʔεΛมߋ

  16. ण࢘ΩʔΛಈ͔͢

  17. ·ͱΊ ‣ BadUSB͸ૠ͚ͩ͢ͰΩʔೖྗΛ࣮ߦͰ͖ͯɺ ϚΫϩʹศརɻ ‣ ࣗ࡞ΩʔϘʔυ࡞Γ௒ָ͍͠ɻ ‣ ৭ΜͳΩʔϘʔυ࡞Γ͍ͨʢপʣ ‣ ѱ͍USB͚ͩͲɺ࢖͍ํ࣍ୈͰ৭ʑͳ͜ͱ͕

    Ͱ͖Δͧʂ