willnix/usbpoc

Repo for the paper "USB Devices phoning home"

Setup

General information about our armory setup

Misc

add sudo group
uncomment sudo group line (visudo)
add users with groups, add users to sudo group

Network

Default config in /etc/systemd/network/gadget-deadbeef.network
Changed default IP to 10.1.1.1 and gateway to 10.1.1.2

Host-Script to NAT network traffic for the armory:

#!/bin/bash
/sbin/ip l s usb0 up
/sbin/ip addr add 10.1.1.2/24 dev usb0
/sbin/iptables -t nat -A POSTROUTING -s 10.1.1.1/32 -o wlan0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Installed Packages

dnsmasq
inotify-tools
vim
base-devel
screen
tmux
wget

go:

# cd /opt
# git clone https://go.googlesource.com/go
# cd go
# git checkout go1.4.2
# cd src
# ./all.bash

The file file_test.go had to be deleted from src/net as the test failed (see source)

Add Go env settings to /etc/profile

GOROOT=/opt/go
export GOROOT
GOPATH=$HOME/go
export GOPATH

PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:$GOROOT/bin"
export PATH

USB Gadget

Switched from g_cdc to g_multi because it includes g_mass_storage. Using the PID and VID of a SAMSUNG N7000 to make Windows 8 load the necessary drivers.

# cd /etc/modprobe.d/
# echo 'options g_multi dev_addr=de:ad:be:ef:00:01 iManufacturer="Android" idVendor=0x04e8 idProduct=0x6864 file="/root/pendrive.img"' > gadget-deadbeef_multi.conf
# dd if=/dev/zero bs=1M count=128 of=/root/pendrive.img
# use fdisk to create one partition in pendrive.img
# and use mkfs.vat -F 32 to give it a FAT32 filesystem
# cd /etc/modules-load.d/
# mv gadget-deadbeef.conf gadget-deadbeef.off
# echo 'g_multi' > gadget-deadbeef_multi.conf

Rebuild g_multi without ecm cdc support for better windows compatibility:

svn co https://github.com/archlinuxarm/PKGBUILDs/trunk/core/linux-armv7
make oldconfig && make prepare
make scripts
make menuconfig # enable usb gadget drivers and enable only rndis for g_multi
make -C /full/path/linux-armv7/src/linux-4.1/ M=/full/path/linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/
cp linux-armv7/src/linux-4.1/drivers/usb/gadget/legacy/g_multi.ko /lib/modules/$(uname -r)/kernel/drivers/usb/gadget/
sudo depmod -a

Services

Copy imgwatch.sh and filecp.sh to /opt
Copy [godns]((https://github.com/willnix/godns/tree/master) to /opt/godns/
Copy [webchan]((https://github.com/willnix/webchan/tree/master) to /opt/webchan/ and edit the file js/ga.js. Set the IP address of your remote server and the usb armory.
Deploy the systemd.service files in /etc/systemd/system/multi-user.target.wants

Enable them by running:

# systemctl daemon-reload

Copy the [dnsmasq config]https://github.com/willnix/usbpoc/blob/master/config_files/dnsmasq.conf) to /etc/dnsmasq.conf

willnix / usbpoc