Yesterday code was released for a USB pentest project, as presented at DEF CON 23 a few weeks ago by Dr. Phil Polstra, Professor of Bloomsburg University, at his talk: “One Device to Pwn Them All“.

The code uses Deck Linux, a pentest distro for the BeagleBone Black, and adds new scripts for USB pentesting.

Abstract: This talk will present a device that can be used as a dropbox, remote hacking drone, hacking command console, USB writeblocker, USB Mass Storage device impersonator, or scripted USB HID device. The device is based on the BeagleBone Black, can be battery operated for several days, and is easily constructed for under $100. The dropbox, remote hacking drone, and hacking command console functionality were presented at DEF CON 21. This talk will emphasize the new USB-based attack functionality. Topics will include injecting payloads by emulating an optionally write-protected USB mass storage device, rapidly executing commands on a target using the BeagleBone Black operating as a scripted USB HID device, USB mass storage device impersonation, and other attacks that can be performed with brief physical access to the target. Some familiarity with Linux and USB devices would be helpful, but not required. All hardware and software to be discussed is 100% open source.

Bio: Phil was born at an early age. He cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Dr. Phil currently works as a professor at Bloomsburg University of Pennsylvania. His research focus over the last few years has been on the use of microcontrollers and small embedded computers for forensics and pentesting. Phil has developed a custom pentesting Linux distro and related hardware to allow an inexpensive army of remote pentesting drones to be built using the BeagleBone Black computer boards. This work is described in detail in Phil’s book “Hacking and Penetration Testing With Low Power Devices” (Syngress, 2015). Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual certs one might expect for someone in his position. When not working, he likes to spend time with his family, fly, hack electronics, and has been known to build airplanes.

The UDeck or USB Deck is an addon to Deck Linux. Deck Linux is a pentesting Linux which was created for the BeagleBoard and BeagleBone family of devices and also for similar devices. Scripts include:
* mount-usb.sh: Exports a USB drive attached to the BBB as read-only to a PC which the BBB is plugged in to.
* mount-usb-rw.sh: Makes a drive previously exported with mount-usb.sh writeable.
* impersonator.sh: This will cycle through the VID/PID combinations in vidpid-list until it is killed. This allows you to bypass endpoint security software that filters based on VID/PID. If you know the appropriate VID/PID that should work you can easily modify this script to go directly to the appropriate VID/PID.
* create-hid.sh: This creates a scriptable USB HID keyboard device on the BBB. You could then send HID reports directly to this new device or you can use udeckHid.py to make this easy.
* udeckHid.py: This is defines a set of Python classes that make scripting a HID keyboard much easier. There is also an example Linux script in this file.
* attackWindows.py: This is an example of how the scriptable HID keyboard can be used under Windows.

https://github.com/ppolstra/UDeck
https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Polstra
http://beagleboard.org/project/TheDeck/

http://www.philpolstra.com/
http://sourceforge.net/projects/thedeck/