<!--// Extrapaint.com //-->
I had ordered a Teensy LC (Low Cost) board a while back off of Amazon due to cost and project requirements for a HID keyboard attack device. The only need was to program a hardware human interface device to input keystrokes to download and run a generic script from the internet (hardcoded through DNS). Once I eventually came around to programming it, I had installed Teensyduino for the Arduino IDE (v 1.6.12) and wrote up a script to write, save, and run a PowerShell script.
Long story short, I couldn't program the device due to running Black Arch and permissions issues. Running ./arduino as root solved the issue, and unless the Teensy is streaming keystrokes I can just push the button to reset it and reprogram it.
This does bring to light the possibility of intercepting a USB HID attack device and reprogramming it on-the-fly before the actual attack can take place; since the Teensy is a reprogramable device. A commercially available attack device known as the USB Rubber Ducky is such a trinket. The USB VID and PID *can* be changed, per documentation, but this leaves it up to the developer to go that short little extra mile.
Powered by Raspberry Pi, PocketC.H.I.P., Arch Linux, Ubuntu, ViM, Let's Encrypt, and 12 years of Linux experience.
© 2012-2017 Erik Paulsen
IP address 220.127.116.11
User-Agent CCBot/2.0 (https://commoncrawl.org/faq/)