Jump to content

_MG_

Global Moderators
  • Posts

    35
  • Joined

  • Last visited

  • Days Won

    2

4 Followers

Contact Methods

  • Website URL
    https://o.mg.lol

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

_MG_'s Achievements

  1. You can check with the laws of your country.
  2. The holes are plated with solder. It sounds like maybe there is just a bit too much inside that one hole. It’s pretty rare but I occasionally see it and I’m able to push the pin through with a little more force while twisting it. You might be able to heat it up with a soldering iron to get it to reflow and redistribute a bit. But usually what I do is take something a bit larger than the hole (like a long tweezers, or a pin, or a nail) and just sort of twist it around to slightly carve out a little more room. If it’s just not happening, jump on the slack server and I will get you sorted out with a new kit.
  3. That depends what you mean. DemonSeedEDU is pretty fundamentally different to keep it easy enough as a DIY teaching tool. But there are some features still not unlocked in the video series. I’m happy to walk you through them in the slack server.
  4. Jump into the dedicated OMG Slack for support. Sounds like you picked the wrong mode, but you can supply more detail in Slack
  5. The new v2 firmware is unified for all OMG cables (1 firmware for all cables) and is currently in beta testing with any owner who wants to use it.
  6. There are way too many variables when adapters are involved for me to give any definitive answer there. I have tested the cable directly on an iPad Pro and multiple Android phones (all of which have Type C connectors). Here is the sales page copy for the C-to-C Directional that should fill in the details there: MOBILE ATTACKS The active end of the cable is discretely marked with a USB logo. Plug the active end into a desktop or laptop to attack it. The cable will support USB 2.0 functionality when the active end is attached to a USB host. For mobile attacks plug just the active end into a smartphone or tablet. No other steps are needed, the payload delivery will automatically work just like with host attacks.
  7. 😄 For those who stumble on this thread: all the O.MG stuff has a single url that points you at the specific setup info for any given product: https://o.mg.lol/setup While the keylogger is under pre-release development, we are keeping everything isolated into the pre-release channels. Those little orange clips in the envelopes help visually tag your cables, as it sounds like you found out. We are about to release a unified firmware that works on all cable models so you don’t have to keep track of which is which. The firmware will just know! Then those little orange clips will just let you identify an evil cable from a normal one 🙂
  8. thanks! Yep, the resonance of the wire length is what is used for a very primitive RF trigger on DemonSeed EDU. The data passthrough technique will be using a trick that completely violates the USB spec as well 🙂The idea with the DemonSeedEDU kit is to stretch every little bit out of the little ATTiny that you can while adding as few external components as possible. It gets you thinking about how to leverage everything at your disposal when thinking about malicious implants. Hardware implants usually encounter all kinds of odd constraints that force you to think about making things work in ways that "you aren't supposed to". The O.MG Cables take that same line of thinking (stretch every bit you can out of the hardware) but using much more powerful hardware and component layouts that are extremely hard to work on by hand. The O.MG Keylogger Cable pushes things even more. When I first started the O.MG project, I planned on it being a DIY thing... but the complexity of it quickly exploded the more we managed to stretch things. I can hand build a full DemonSeed in maybe 20min (soldering components to PCB, inserting it into a cable, etc). When I was fully hand building the original O.MG prototypes for Defcon 2019, it took me at least 4 hours per cable. So now we just keep pushing the limits on something that doesn't have to be DIY hardware. Though, I will say that getting these things "mass produced" has been a huge part of the challenge too. And yeah, the various O.MG Cables currently utilize espressif for radio comms, so you get full 802.11 that lets you push data back and forth. Heck, there is an entire web server inside the cable. The board was designed from the ground up. I used a PCB mill in my garage for the first few months of prototype revisions.
  9. It uses DuckyScript. It’s as capable as the DuckyScript you know how to make.
  10. It uses DuckyScript. It’s as capable as the DuckyScript you know how to make.
  11. _MG_

    Cable range

    It depends. There are lots of options due to how flexible the O.MG Cable is. If you just care about triggering a payload at maximum range, a higher powered antenna with the IF_PRESENT SSID payload trigger will get over 1000 feet. In AP mode, the last time I tested outdoor line-of-sight, I saw ~300 feet using a smartphone (which is going to have a weak antenna compared to other options) In client mode, effectively infinite range depending on how the wireless network is setup. As with all things wireless, it depends on things in your environment that interfere with or block signal.
  12. Thank you! The pandemic basically took away my ability to have enough space to do the videos the way I had been. And it’s massively limited my available time. It’s been 8 solid months with no end in sight. I may have to make a jarring shift in how they are done (not that they are a high quality production thus far). Anyway, I’ve been giving tailored instructions on the next step inside the Slack channel for DemonSeed, if you are interested. In short, the final physical assembly depends on decisions you will make around the RF trigger. If you don’t want the RF trigger, then the physical assembly is about as simple as you expect. But you will need some additional code to get data passthrough properly working
  13. Sorry, just saw this. FYI the Slack community tends to have much faster response times. Without seeing the exact problem... The jig has no active components on it, so it is fairly safe to rework the soldering. I would just clean up the solder with some flux and maybe desoldering braid/wick. If you want to share pictures, I can give better advice.
  14. The question is what is your need and what are your constraints? O.MG is for field use. DemonSeedEDU is for learning. DemonSeedEDU is basically the bare minimum for a malicious cable by using very primitive techniques. Everyone who has assembled the kit has had an increased appreciation for O.MG. O.MG looks identical to the target cable (better for Evil Maid/leave behind/etc), has 250x more storage space for payloads, 802.11 radio, onboard web server, payloads you can modify and trigger via wifi, boot payloads, location awareness, controllable via web UI/python/etc, self destruct, payload compiling happens on-the-fly, uses DuckyScript, etc
×
×
  • Create New...