PE File Reader

Pe File Reader [Opening .exe files to analyze the PE-header] Hello_Friend, and welcome to the 20's, Cybermonkeys! Let's start this decade by learning some stuff. Last year, we already took an in-depth look at Linux-binaries (aka ELF files) , now let's start messing around with it's infamous Windows-Counterpart (that also happens to be the xBox file format). Introduction The PE-file format is around for quite some time now, and while heavy optimizations took place, it hasn't really changed all that much since then. In fact, it is one of the most widely encountered file formats out in the wilds. Although there is technically a difference between PE32 files (32bit) and PE32+ files (64bit), we will ignore this fact for the sake of this blogpost. Some file extensions deriving from this format are: .acm   [ a Windows audio-codec] .ax    [MPEG-4 DVD format] .cpl   [dynamic link libraries for control panels] .dll   [dynamic link libraries] .drv   [ha
2

Building an evil-usb with ATTiny85



Greetings,

have you ever dreamt of having an usb stick that you can plug into a system and it burns the bus system in an instant? Well, then you should try out an USBKiller, because to destroy is to create, isn't it?

But if you're not completely into wrecking havok, maybe you want to just execute some commands, write a (hardware-)bot or building a nice controller for your favourite supernintendo game, you might be interested in the following:

Introducing: The ATTiny85 Microcontroller

An ATTiny85 (Tiny) is a microcontroller with, let's say, very limited access in terms of memory or gpio. This means it only has about 4 kilobyte of memory and limited access to peripherals. But for our purpose this is more than enough.

If you need to make bigger projects, you can easily solder the Tiny onto, lets say, a wemos d1 mini with it's serial pins (thus making it wireless, too).

What makes the Tiny special is that it has a built-in USB plug and can fully emulate a mouse or usb keyboard (or every other usb device). It simulates a HID interface device, so our host will notice it as your standart keyboard and stops asking questions.

With that knowledge, you can start to figure the immense power of this little fellow.

Installation and set up

The Tiny needs a special Programmer which we will include into the Arduino IDE. Unfortunately I only managed to use it with the Arduino IDE, for other IDEs like Atmel7 you have to google for yourself. The programmer stops the chip from instantly going into keyboard mode, so we can write to it (and it doesn't randomly start writing into it's own code file, lol).
You have to start the Micronucleus programmer and wait until it tells you to "Plug in Device now", then it works.

Do yourself a favour and follow the instructions in this pdf, it makes life a lot simpler.
Unfortunately, this one is in german language, so try guessing what it tells by looking at the pictures (easy way) or start learning german (hard way). It is way less complicated as it sounds (both ways).

The tiny will have a cooldown of around 5 seconds, then it starts working. You can disable this security feature so it will go off instantly, but experiance showed it is hard to program it then and even hard for the host to register a new HID device in time (and 5 seconds is not that much time).

The Micronucleus is available via github if not already added to the standart repositories.

Programming the Tiny

So, let's write a code and test the Tiny now. A library is available that can help us enter the correct keycode for each keyboard-press, if you don't want to use it you have to fiddle out the keycodes yourself, which should be manageable but unneccesary.

In my case, I had to open the implementation of the library and rewrite the keycodes to match german "Umlaute", ugly symbols like ß or ö that americans neither really get nor pronounce correctly.
Luckily, there is a german keyboard layout library available now (not mine tho).

Let's keep it simple for now and just open up a shell, then start google chrome via command line, and surf to a webpage, let's use kek.com. Hopefully, kek.com will still work after I wrote down this tutorial. Everybody who understands this example code can literally do everything with this stick.

Here is the code:


#include "DigiKeyboard.h" //git-library goes here  
   
 void setup() {  
  pinMode(0, OUTPUT);  
  DigiKeyboard.update();  
 }  
   
 void loop() {  
    
  DigiKeyboard.update();  
  //windows + r for command-window
  DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);  //keycombination
  digitalWrite(0, 1);  
  delay(100);  
   
  DigiKeyboard.update();  
  DigiKeyboard.println("cmd");  
  digitalWrite(0, 1);  
  delay(1000);  
   
  DigiKeyboard.update();  
  DigiKeyboard.println("\"C:/Program Files (x86)/Google/Chrome/Application/chrome.exe\" www.kek.com --profile-directory=\"Default");  
  digitalWrite(0, 1);  
    
  delay(20000);  //ez
     
 }

That wasn't too hard, was it? Note the keycombination of windows and r key. 
The update command is optional, but it will flush out serial data and free our pipe so commands won't get stuck or lost. Also, depending on the device you are using it for, it might be helpfull to cast a delay between keystrokes (which I didn't because my pc is fast enough).

As you can see, you can do magic with the Tiny, for example write a script that presses "w" and "s" respectively, every few seconds, and you have a simple idle-bot that prevents you from being kicked out a MMORPG server (without freaking autodesk, god I hate this software).

You can also use a wlan IC to build a wireless keyboard or mouse, or even a remote hack.

Test our script

This is by far the most funny part, as you can see stuff happen and blow the minds of your friends.
Consider printing a case with a 3d-printer or build the Tiny into a case of an old usb-stick.

Here is what mine did:


That's pretty impressive, isn't it? And it is almost as fast as me, flaming people in an online-shooter, kek. Have fun with this, my friends.

The more we know, the more we doubt.
- numb.3rs

Comments

Post a Comment