Embed Size (px)
Citation preview
Introduction to ArduinoBy George Lagoda
June 30, 2013
/whoami
George Lagoda
Pentester Mathematician Interests: hacks and tattoos
Work at:
Agenda• Microcontrollers’ description• How can they help me?• Arduino Leonardo description
– Tech info– IDE and Arduino programming lang– Additional libs– Demos– Hacking Leonardo and hacking with Leonardo
Microcontrollers description• Micro scheme with internal memory and
processor for hardware controlling• Contains I/O interface• Usual amount of internal memory is not very
big• Requires not much of power resources
How can they help me?• WOW! NOW WE CAN CHECK HUMIDITY LEVEL!
• Or we can use imaginationAnd Hack something!
You can start from hackingthis buddy
^___^
Fuzzing and exploitation with MCU• MCU supports and may contain at least next
I/O interfaces:– UART, I²C, SPI, CAN, USB, IEEE 1394, Ethernet;
• One can spoof data between device and host• Exploiting vulnerabilities by developing
malicious USB(Firewire, etc..) device
Creating malicious device using Arduino Leonardo
Arduino leonardo is a prototyping platform with: • ATmega32u4 microcontroller• 32 kB of Flash memory• 16 MHz of Clock Speed
Profits of Arduino:• Easy to program with Arduino IDE:• Plenty of working code examples to start with • Plenty of working libraries to :
– Emulate keyboard and mouse– Communicate with computer hardware– Create your own HID device
• Plenty of working projects and documentation• Supports Windows, Linux and Mac platforms
Arduino programming lang• Program is compiled in Arduino IDE• Very C like lang• http://arduino.cc/en/Reference/HomePage• Short example of the code:void setup(){pinMode(2, INPUT);}void loop(){
//initiate the Mouse library when button is pressedif(digitalRead(2) == HIGH){
Mouse.begin();}
}
First Example: emulating keyboard:Lets emulate keyboard and run it on Mac to execute arbitrary program:
Interesting Arduino libs:• Firmata - for communicating with applications on
the computer using a standard serial protocol. • SPI - for communicating with devices using the
Serial Peripheral Interface (SPI) Bus And also:• Ethernet ,GSM, WiFi, Keyboard, Mouse
What’s more?• Changing HID descriptors on the device
– Mega list of USB devices ids http://www.linux-usb.org/usb.ids
• Overwriting Arduino boot loader– Plenty of good mans about arduino hacking
maybe found at:http://hunt.net.nz/users/darran/
Example of redefining of USB descriptorsconst USB_DEVICE_DESCRIPTOR DeviceDescriptor = {
sizeof(USB_DEVICE_DESCRIPTOR), /* bLength */ TYPE_DEVICE_DESCRIPTOR, /* bDescriptorType */ 0x0110, /*bcdUSB USB Version 1.1 */ 0, /* bDeviceClass */ 0, /*bDeviceSubclass */0, /* bDeviceProtocol */8, /* bMaxPacketSize 8 Bytes */ 0xBEEF, /* idVendor */ 0x1337, /* idProduct */ 0x0000, /* bcdDevice */ 1, /* iManufacturer String Index */ 0, /* iProduct String Index */ 0, /* iSerialNumber String Index */ 1 /* bNumberConfigurations */
};
Success storyFuzzbox from Andy Davis:• Arduino microcontroller• Fuzzer written in C++• Only emulates USB HID devices• Only allows semi-automated fuzzing• Bugs found in :
– Windows 7– Windows XP– OS X
• Lack of speed when emulating most of usb devices
Usefull projects:• Project Log : Arduino USB
– USB expansion shiled for Arduino and associated code– Fuzzbox Driver code to emualte usb HID was taken from that project– http://code.rancidbacon.com/ProjectLogArduinoUSB
• USB Attack Tool:– Usb Attack Toolkit (UAT) is a tool designed for all types of security
testing USB protocol. It was programmed in Python, Processing and HTML5.
– It allows :Device -> Host (using a Teensy or Arduino):• Fuzzing of drivers,• devices Cloning,• etc.
– Lost somewhere in the net..
CatBot: Automated Cat Laser
Ganzbot: An Arduino robot who reads Twitter
What to do next?• Arduino boards can be extended with
different thing like display, buttons, etc• Exploring different libs, it should be possible
to create keylogger (Firmata and SPI libs)• Proxify mouse or keyboard and make a joke
with your mates• Add a Wi-Fi shield to board and transmit data
Introduction to Arduino
The end.
