Logitacker

[Heartbreak Writhe]

Didyou ever want to have your own, handmade, remote controlled, stealthy USB implant / HID injector, but didnt want to sell your soul for it? Well then this one is for you :)

I already heared about something like this in the past, which reminded me of the expensive O.MG cable from HAK5 or the USB Ninja.

But If you like to tinker a little bit and are on a budget, you can pretty much get the same results for like 30 bucks.

I already own a DSTIKE WiFi Duck and several Digisparks, but plugging these into someones computer is far more suspicious than a black USB cable. I also own a CrazyRadio, with which one can inject keystrokes into wireless receivers for keyboards and mice, with the help of e.g. bettercap - but to be honest this is a real pain in the ass.

I recently stumbled upon some great articles on Twitter regarding an alternative in form of a UNIFY receiver implanted into an USB cable. When I red those lines, I also wanted an USB cable that would still be able to charge a phone, but also could be used to inject keystrokes into the victims systems or even give me a remote shell.

As I followed along the lines of Luca, I went into some problems - hence this short writeup, which is more or less the same you can find from the original author. Maybe a little bit more step by step and a little more up to date. But credits go to all the people mentioned above.

If you are working with a VM like me, you probably want to make sure, that you can explicitly attach HID devices to your VM, otherwise it wont work. While digging around how the fuck to do that, I came across this VMWare article: 1033435

Plain simple - open your vmx file and add the following lines to it:

The MDK Dongle in my case was already shipped with the newest UF2 bootloader, which will just present you with a flash drive when started in flash mode, to which you can copy the uf2 file. Any further info can be found here.

To start the flashmode, hold down the small black button of the device, holding it down while plugging it in. The flashing red light indicates youre in flashmode.

Next we want to pair our devices, so that they can talk to each other. LOGITacker has a build in option for that, and munifying can help us on the UNIFY side.

We first need to set the LOGITacker device to lightspeed mode, in order to be able to communicate with the UNIFY receiver:

One of the cool features of LOGITacker is the covert_channel option, which will give you a remote shell on a Windows box.

One first has to deploy the shell to a target and then connect to the shell in the next step:

This will, as far as I understood, deploy posh funcionality (SSH for Powershell) to the attacked device and lets you connect to it.

However to be honest I do not fully understand what is happening. The part that is responsible for that feature can be found in the logitacker_cli.c beginning at line 39.

UPDATE: Well it turned out, after having talked to Marcus, that he build his own kind of a bridge, which will forward traffic from and to the output of the spawned cmd.exe process via the HID RAW channel. How fucking awesome is this :)

I would like to use a keylogger on a docking station that connects to laptops via USB-C. The keylogger should not require a keyboard to be plugged into it. Does this type of product exist? If so, what is an example?

That makes things "a bit" easier for sure if trying to use a hardware keylogger. It's how the Key Croc is designed to work. There are generally no guarantees that problems will always be avoided. Things can always happen depending on the circumstances.

On the other hand, if someone can retrofit a keyboard with a KeyCroc, it stands to reason that one could do the same with a docking station. Or simply switch out the keyboard for a Keelog Forensic Keylogger Keyboard. There is also the KeyGrabber Forensic Keylogger Module.

The issue that I'm trying to overcome is the fact that the user will not be using an external keyboard, and will be using their laptop directly. They will be using a wireless mouse that has a dongle, so now I'm thinking I should somehow attach the donger to the usb device, so that they have to use the dongle attached to a keylogger. Would this work, or would this type of setup run into issues with the mouse not working?

If the keyboard is not attached to the dongle along with the mouse, you can't. If it's unify, look into the logitacker project ?

or simply just use a software keylogger on the laptop, that will always work.

Or, build some kind of mod on the docking station, as someone else suggested. Have fun ?

What kind of connections does the dock have? Is it serial port that hooks up to the bottom of a laptop? Or does it plug-in through a USB? I think the easiest way to go here would be with some software logging. The trick is how to implant it, maybe you could hit it with a ducky

3a8082e126