Jump to content

enumeration error


BC-001
 Share

Recommended Posts

bought last month... spent some time today.

--- not bad - good idea at least.

no issue flashing and updating to 1.5 (worked as advertised) using flash_win64.exe no issue

Noticed there is some timing as to programmer > wait > Cable - fire up flasher within seconds of cable going in.  wait too long - start over.
 

but plugged into PC and get errors after setting up as AP Mode (not client)

shows up as an AP... good there..

Bad if you plug into PC..

Errors on Win10 after flashing at least.

https://imgur.com/a/iUb42fB

QPGcQ58.jpg 3dvi2Xv.jpg

 

considering re-flashing back to client mode... but that doesn't make much sense... would rather it masqurade as an iphone itself.

Link to comment
Share on other sites

Head over too the #omg-cable-support slack channel if you would like help debugging. This may be a windows specific issue, as it doesn't happen on Linux or OS X. 

I'm not quite sure what you are trying to do with AP Mode and Station mode in terms of "masquerading as an iphone" but maybe it will be easier to figure out the confusion in Slack. 

Link to comment
Share on other sites

will try to do that..

- didn't catch reply initially bit appreciate the response.
Will also admit - could very well be just me - have more machines to test against for error verification - so I should probably do that as well.

wanted to document specifically for you guys to see the specific errors -

Idea for masqurade is access to the device when connected to a target outside of a known environment, if nearby would be able to access via mobile/wireless device to get access to device
- very limited information available on usage, beyond some of the basic ideas of autorun keyboard scripts - (Device in general is pretty cool - no doubt and many vectors it appears for gathering data on target)

being that windows / mac are generally the targets - would expect a windows machine not to throw out errors when device is connected to it, but also admit could very well be my fault!

 

I'll swing over to slack - not something I use regularly

Link to comment
Share on other sites

Found it was indeed machine specific.
(also apologies for spelling errors above)

same machine that programming usb used on had the failure.

failure however will still execute payload as expected - just odd to get the error.

test machine win10 2004 seems to not have any issues with detection and executes payload

---

in normal operation - would you exercise detection of OS then execute payload based on os detected?

doubt I'd be near the cable to be able to do much active work with it 
is there any future integration with cloud C2 type of integration being looked at?

 

Link to comment
Share on other sites

Thanks for the update! Yeah, that sounds like a non-breaking enumeration scenario. I'm still happy to chase the machine-specific issue in slack. We actually do a lot of firmware work based on customer feedback. Who knows, maybe you have a specific USB controller that wants to see some basic communication on the data lines when a device comes up. I'd be curious if the enumeration issue goes away if you plug the cable in with a device attached to the other end. We have avoided putting anything on the data lines in the name of stealth, but adding a custom option to "pacify" the the controller when there is no device using the cable could be an option. 

Hard to answer the question about normal operation. There are so many different attack approaches. OS detection needs would be handled in a similar fashion as most keyboard injection attacks. 

And yes, we are actually working with Hak5 on C2 integration for both O.MG Cable and O.MG Keylogger Cable. If you are looking for more advanced network controls and automations, check out the light weight python frontend we published last month. 


EDIT: enumeration issue is now fixed as part of the v2 firmware effort

Link to comment
Share on other sites

  • _MG_ changed the title to enumeration error

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...