Go to Qiita Advent Calendar 2024 Top
LoginSignup
7
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

ZOZOAdvent Calendar 2023Day 14zozotech
@pokurin123(pokurin 123)

HackyPiで遊んでみるの巻_2

Last updated at Posted at 2023-12-14

前回はHackyPiのセットアップと動作確認までをやった、
今回は、その後も色々遊んでみたコード集。
(アップロード制限がかかってるので結果は各々の目で確かめて欲しい)

この記事で紹介する方法は、教育目的や研究目的でのみ使用してください。不正な目的で使用する場合、著作権法や不正アクセス禁止法などの法律に違反する可能性があります

ネット上からファイルをダウンロードしてみる

Wikipediaのオオウナギの記事からオオウナギの画像を取ってきて開く。
(悪意のあるファイルも取れちゃうので危険)

取ってくるくん
import time
import os
import usb_hid
import board
import terminalio
from adafruit_hid.keyboard import Keyboard, Keycode
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS

try:    
    keyboard = Keyboard(usb_hid.devices)
    keyboard_layout = KeyboardLayoutUS(keyboard) 
    time.sleep(1)
    keyboard.send(Keycode.COMMAND, Keycode.SPACE)
    time.sleep(0.3)
    keyboard_layout.write('terminal')
    time.sleep(1)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('curl -O "https://upload.wikimedia.org/wikipedia/commons/1/1c/An_Anguilla_marmorata_at_National_Tsing_Hua_University.jpg" && open An_Anguilla_marmorata_at_National_Tsing_Hua_University.jpg')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
except Exception as ex:
    keyboard.release_all()
    raise ex

time.sleep(1)

演説をさせてみる

そういえばTELNETで有名な例の電子公告も、URLを指定するとそこからテキストファイルを取ってきて演説するシステムでしたね。

演説くん
import time
import os
import usb_hid
import board
import terminalio
from adafruit_hid.keyboard import Keyboard, Keycode
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS

try:    
    keyboard = Keyboard(usb_hid.devices)
    keyboard_layout = KeyboardLayoutUS(keyboard) 
    time.sleep(1)
    keyboard.send(Keycode.COMMAND, Keycode.SPACE)
    time.sleep(0.3)
    keyboard_layout.write('terminal')
    time.sleep(1)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('osascript -e "set volume output volume (output volume of (get volume settings) + 999)"')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('curl -s http://www.test.jp/1.html | say')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
except KeyboardInterrupt:
    keyboard.release_all()
    pass

ついでに

GOOD USB
import time
import os
import usb_hid
import board
import terminalio
from adafruit_hid.keyboard import Keyboard, Keycode
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS

try:    
    keyboard = Keyboard(usb_hid.devices)
    keyboard_layout = KeyboardLayoutUS(keyboard) 
    time.sleep(1)
    keyboard.send(Keycode.COMMAND, Keycode.SPACE)
    time.sleep(0.3)
    keyboard_layout.write('terminal')
    time.sleep(1)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('osascript -e "set volume output volume (output volume of (get volume settings) + 999)"')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('echo "ぼく悪いUSBじゃないよ" | say')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
except KeyboardInterrupt:
    keyboard.release_all()
    pass

特定のファイルを移動させる

ウナギを罠に入れてみる

import time
import os
import usb_hid
import board
import terminalio
from adafruit_hid.keyboard import Keyboard, Keycode
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS

try:    
    keyboard = Keyboard(usb_hid.devices)
    keyboard_layout = KeyboardLayoutUS(keyboard) 
    time.sleep(1)
    keyboard.send(Keycode.COMMAND, Keycode.SPACE)
    time.sleep(0.3)
    keyboard_layout.write('terminal')
    time.sleep(1)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('cd')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('find . -name "*unagi*" -exec mv {} ~/not_unagi_trap \;')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
except KeyboardInterrupt:
    keyboard.release_all()
    pass

パケットキャプチャしてみる

昔どこかのカンファレンスで、平文で暗号を流してるからキャプチャして解いてみてねってイベントがあったのを思い出した

import time
import os
import usb_hid
import board
import terminalio
from adafruit_hid.keyboard import Keyboard, Keycode
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS

try:    
    keyboard = Keyboard(usb_hid.devices)
    keyboard_layout = KeyboardLayoutUS(keyboard) 
    time.sleep(1)
    keyboard.send(Keycode.COMMAND, Keycode.SPACE)
    time.sleep(0.3)
    keyboard_layout.write('terminal')
    time.sleep(1)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
    time.sleep(0.3)
    keyboard_layout.write('tcpdump -ni wlan0 -w tcpdump.txt')
    time.sleep(0.3)
    keyboard.send(Keycode.ENTER)
except KeyboardInterrupt:
    keyboard.release_all()
    pass

終わりに

基本的にコマンドライン上で出来る事は何でも出来る、正統派学習用BADUSB。
それに加えてマウスカーソルの操作も出来るため、一般的な普段使い用のPCなら権限周りは余裕で飛び越えちゃうなあという印象。
ここでは記載しないが、色々なものを圧縮してairdropでゴニョゴニョしてみたり出来てしまう。
学習用にBADUSB自作はよく聞く話だけど、HackyPiももう少し有名だったらflipper zeroみたいに輸入不可になっていたかもしれない。(今は日本も解禁されたが)

7
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
7
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?