new product idea/challenge

[djshellsh0xxx]

Forgive me if I jump around in the subject and device ideas in this post. Its just kind of a brainstorming/ideal device post from ideas ive wished devices had or features that im sure the NSA uses but are just way too expensive/advanced to ever find outside of the ant catalog or science fiction.

 

Ive been up for too long and im not much for editing my own writing. I needed to post this now or it would likely never get posted. Essentially ideas for hardware I wish existed.

A bit of background on who I am just s: I spent 10 years as a lead in-house service desk technician mostly doing break-fix with an interest in security. After a break from IT for a few years to do demolition I am back in IT as a sysadmin and loving it. Before this I started working on a degree in computer science that I never finished, but at one time was able to program things like self replicating code, RAT tools, war dialers, x25 psn scanners, subdomain scanners and all sorts of other things that I have since forgotten how to do.

I am a bit of a collector of covert electronics and currently own a few of hak5s products with the intent of eventually getting all of them. I am also a huge fan of devices like the HackRF and its new portapack and tricked out firmware. I love anything that emulates or has the ability to attack rfid systems. I also love Sammys magspoofer and similar devices. 

I am including this brief bit about myself to let the reader know that I am at least somewhat aware of what is currently possible and the limits of open and private projects  as well as that I am aware of what actually exists in the real world while absolutely sounding like science fiction (ant catalog, custom espionage gear etc)

I own a few hak5 products and can say that for what they are they are the best you can buy without doing custom fabs and creating something yourself, and sometimes they are still better. Everything in this post are just things I have though of that would make recon/infiltration/exfultration for pen testing or whatever you want to use it for a lot better depending on the situation. Of course every idea in this post are simply concepts and do not exist (outside of the NSAs Tao team and maybe some of the other spook agencies with lots of money)

In order for them to actually exist they will have to be designed and many prototypes would likely need to be made before something that is stable, functionally usable and something that passes for whatever its supposed to pass for is created. I thought I might give the hak5 team (as well as everyone else) some of my ideas because they wont go anywhere if I keep them too myself

with that said, this/these ideas would prolly be even more awesome if the hardware were open source as well. The design of something like this is way beyond my skill set, as would be the creation of the base software needed for most of the ideas of this concept to function. I have a bit of a nack for seeing how technology can effect society in the near future, and some of the ideas within are how I imagine the next gen pentesting/current gen nation state hardware spy tools are. I can imagine the tao group from the NSA intercepting packages from amazon and replacing them with the same looking devices except with the functionality of these concept ideas as they have done with intercepting cisco routers in the mail being sent to their targets.

 

This device I am imagining (or variants of the device) are inspired from DIY projects with the arduino (like the wireless HID attack tool) and pi (such as the pi pwn), the current hak5 catalog, from pwnie express devices such as the powerpwn and a bit from the ant catalog.

So the beginning next gen devices that get created will be something like a powered usb3 hub with an ethernet port. Simply by having several free usb ports and an ethernet port that plugs into your computer with either usb3 or usb C make things very very interesting if one were to be able to implement functionality of many of the hak5 products into this device.

In my mind I imagine the device goes online and has a lightweight control panel accessed via https as long as you knew where to look and how to find it (as well as ssh access of course). Once youve accessed the control pannel you would be able to put the device in varying different modes and turn on or off other functions just like you can the bash bunny, but be able to do it all through the software.

If it were designed physically like a usb hub with an ethernet port it would have the possibly getting direct easy access to hardware even before the computer does if, for example, someone were to use it to plug their keyboard, mouse and external hard drive into it and use it as a hub.

If one were to add hidden wifi capability like an OMG cable has then you'd have many of the products that hak5 sells in one (likely insanely priced) device. 

 

Theres no question that a concept like this to actually exist to buy for the public would require quite a bit of R&D and the end result could be the same cost of what the keycrock, sharkjack, lan turtle and bashbunny cost combined to offset the amount of effort it would take to actually create a baseline usable beta device that looks like a usb hub with an ethernet port.

 

With unlimited software engineering and a team of dedicated coders the skys the limit. With a dedicated team of devs could you not create a module that would act as a physical mitm device to attack phones? Make it a powered usb hub. if a phone were plugged into it, on the phone it would appear that its getting connected to the computer, and on the computer it appears that its connecting to the phone, but in both cases the usb hub is acting as a mitm to exfultrate information from the phone.

Another version of this device could simply have this phone attacking idea but instead of a usb hub with an Ethernet port, it would be a multi-usb port battery bank, so its likely function would be to have phones or tablets plugged into it to charge them.

The battery bank could also power a covert wireless chip to exfultrate the data directly to a nearby computer or possibly even over the internet to c2 server or directly to some other wireless server set up some how, be it through wifi or 3g or bluetooth or maybe the option of any of them or even another covert wireless frequency that is not usually looked for.

 

One feature that would be super simple to add to any version of this device, or other devices and a feature that I havent seen in almost any covert tool (with the exception of hidden cameras):

 have a microphone in it to record audio of the room. Microphones are super cheap and super small. The audio could be recorded and settings could make it optional to store it at varying bitrates and with compression and to store it locally on internal storage or if theres a microsd slot included on the device onto that, or streamed via wifi... or even have a simple voice to text converter and store any voice conversation it hears as voice to internal storage, saving a huge amount of space with the tradeoff of possibly not getting a clear translation of what is actually said to how it interprets it to text.

Another use for recording someone's voice is to create a voice synth of them. After recording someone for a long enough period and with enough words and the persons own personality emphasis used while speaking and their local dialect it is possible to create a voice model of pretty much anyone and then use that voice model to say whatever you want and it will sound as it that person said it. You could, with enough clear audio, sound just like Werner Brandes.

Speaking of audio, most USB Docks have an audio input and an audio output. Capturing both of these would be useful if someone were to, for example, try to listen in on voice calls from their computer like from skype or virtual meetings like zoom or facetime on a computer.

 

And it should go without saying that with enough development, the possibilities of a device with the included inputs and outputs of a usb hub with an Ethernet port or even better, a usb3 full featured dock are limitless. You could have a mode where the whole thing acts as a an onion router and allows tcp/ip over usb so you could plug your phone or tablet or computer into it and access through it (given that it has access to the internet somehow of course) could be with tor.

Or maybe you just want to collect and vacuum up all the data you can, so you stream the video and audio ports to a remote server like a screencrab on steroids, store screenshots and keylog as well as have a filter to capture packets from one or several protocols you are interested in sniffing. Hell, you could even put a gps chip and antenna on it and make the battery bank version a tracking device as well.

 

 

[chrizree]

wow, that was tldr, I hope I get the time to read it all some day

[system]

why would you write something so long...?