Github: https://github.com/chaneyk0/Arduino-BadUSBs

This was for a project in my cybersecurity bootcamp geared towards hardware vulnerabilities.

Computers will often innately trust what they detect as input devices. While this isn’t the most common data breach method by a long-shot, I believe it’s still worth learning about! This project uses an Attiny85 chip on a USB development board. When the board is plugged into the USB-port, it will begin sending keystrokes to the target machine as if it were an actual keyboard. We’ll see shortly what kind of mischief can happen when given that kind of control, and why it’s important to keep your computers in physically secure areas.

Plus it looks like some 80’s hacker nonsense while the key-inputs are happening and I love that so much.

In total I made 3 BadUSBs:
-A WiFi password grabber, which sends all cached WiFi passwords (in cleartext!) to a webhook for remote retrieval.
-A Picture stealer, which enters the %USERPROFILE%\Pictures folder and begins sending all files in that folder to the same webhook.
-A Thank You, which opens up Notepad and types out Thank You in ASCII characters as a little flourish for the end of my presentation.

I started with code I found here and tweaked it, then learned new things I could program with it similarly.