corrupt/usbpoc

Repo for the paper "USB Devices phoning home"

Repo for the paper "USB Devices phoning home"

Setup

General information about our armory setup

Misc

• add sudo group
• uncomment sudo group line (visudo)
• add users with groups, add users to sudo group

Network

• Default config in /etc/systemd/network/gadget-deadbeef.network

• Changed default IP to 10.1.1.1 and gateway to 10.1.1.2

• Host-Script to NAT network traffic for the armory:

  #!/bin/bash
  /sbin/ip l s usb0 up
  /sbin/ip addr add 10.1.1.2/24 dev usb0
  /sbin/iptables -t nat -A POSTROUTING -s 10.1.1.1/32 -o wlan0 -j MASQUERADE
  echo 1 > /proc/sys/net/ipv4/ip_forward

Installed Packages

• dnsmasq

• inotify-tools

• vim

• base-devel

• screen

• tmux

• wget

• go:

  # cd /opt
  # git clone https://go.googlesource.com/go
  # cd go
  # git checkout go1.4.2
  # cd src
  # ./all.bash

  • The file file_test.go had to be deleted from src/net as the test failed (see source)

  • Add Go env settings to /etc/profile

    GOROOT=/opt/go
    export GOROOT
    GOPATH=$HOME/go
    export GOPATH
    
    PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:$GOROOT/bin"
    export PATH

USB Gadget

Switched from g_cdc to g_multi because it includes g_mass_storage. Using the PID and VID of a SAMSUNG N7000 to make Windows 8 load the necessary drivers.

# cd /etc/modprobe.d/
# echo 'options g_multi dev_addr=de:ad:be:ef:00:01 iManufacturer="Android" idVendor=0x04e8 idProduct=0x6864 file="/root/pendrive.img"' > gadget-deadbeef_multi.conf
# dd if=/dev/zero bs=1M count=128 of=/root/pendrive.img
# use fdisk to create one partition in pendrive.img
# and use mkfs.vat -F 32 to give it a FAT32 filesystem
# cd /etc/modules-load.d/
# mv gadget-deadbeef.conf gadget-deadbeef.off
# echo 'g_multi' > gadget-deadbeef_multi.conf

Rebuild g_multi without ecm cdc support for better windows compatibility:

svn co https://github.com/archlinuxarm/PKGBUILDs/trunk/core/linux-armv7
make oldconfig && make prepare
make scripts
make menuconfig # enable usb gadget drivers and enable only rndis for g_multi
make -C /full/path/linux-armv7/src/linux-4.1/ M=/full/path/linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/
cp linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/g_multi.ko /lib/modules/$(uname -r)/kernel/drivers/usb/gadget/
sudo depmod -a

Services

• Copy imgwatch.sh and filecp.sh to /opt
• Copy [godns]((https://github.com/willnix/godns/tree/master) to /opt/godns/
• Copy [webchan]((https://github.com/willnix/webchan/tree/master) to /opt/webchan/ and edit the file js/ga.js. Set the IP address of your remote server and the usb armory.
• Deploy the systemd.service files in /etc/systemd/system/multi-user.target.wants

Enable them by running:

# systemctl daemon-reload

• Copy the [dnsmasq config]https://github.com/willnix/usbpoc/blob/master/config_files/dnsmasq.conf) to /etc/dnsmasq.conf