USBvil
github.com / JarrettR
USBvil is a low-cost PIC dev board that fits into a common flashdrive case.
x
+
%
Digikey
Digikey
Mouser
Mouser
RS
RS
Newark
Newark
Farnell
Farnell

USBvil

Don't plug in unknown flashdrives!

What is this?

A demonstration of why flashdrives of unknown pedigree can be very dangerous.

See:http://jrainimo.com/build/?p=601

The original goal was to have a very inexpensive (<$5) dev board that can be left in projects without feeling guilty. But it quickly turned into a USB experimentation project.

It fits into a standard USB flashdrive case, because that's super convenient, and it has one 8-pin port broken out for whatever this gets used for.

The "Blink.X" project in the firmware folder does exactly what it says on the tin. It's the obvious starter firmware to be forked for other stuff.

Why is it dangerous?

The other two projects, HID and HID2 are slightly more complicated. HID identifies itself as a USB keyboard and immediately starts typing a-z, and 0-9 upon being plugged in. This is barely changed from the Microchip example code, and doesn't include their USB libraries.

HID2 uses the same libraries, and identifies itself as a HID keyboard as well. It types GUI-key->R, notepad.exe, hello world. On a Windows machine, this opens Notepad and types "hello world".

Innocuous, but it's pretty obvious that this can be used in pretty scary ways.

That's pretty much as far as I intend to take this, I've lost interest. There might be methods of detecting what kind of computer the drive gets plugged into and tailoring the attack, too.

How do I get started?

If you don't have the latest version of Microchip MPLAB X and the XC8 compiler, download them at the links. Everything is free.

To compile this, you'll need to go here and download Microchip Libraries for Applications. It also includes some other very cool USB stuff.

After installation, go to whereever you installed it, and copy the mla folder into Firmware in this repo.

At the very least, you should have USBvil\Firmware\mla\bsp and USBvil\Firmware\mla\framework and all of the files inside.

After that, open up MPLAB, open project, and navigate to the HID folder - This is the more vanilla version, and better for starting something new. Compile it once to test, and then start modifying! main.c and app_device_keyboard.c are where the fun happens.

Alternatively, I have included the hex and elf firmware images if you just want to flash the board.

How do I make one?

Just for kicks, I'm testing out Kitnic. Check it here.

The service should make the board/BOM ordering process a little bit easier, we'll see how it goes. That's just a landing page to this repo, so all of the data is here, too.

 
ReferencesQtyDescriptionManufacturerMPNDigikeyMouserRSNewarkFarnell
C11MLCC - SMD/SMT 0603 1.0uF 6.3voltsMurata ElectronicsGRM033R60J105MEA2D490-7229-1-ND81GRM033R60J105ME2D
C21MLCC - SMD/SMT 0603 0.1uF 6.3voltsMurata ElectronicsGRM033R60J104KE19D490-3167-1-ND81GRM033R60J104KE19
C3, C42MLCC - SMD/SMT 0603 22pF 50voltsMurata ElectronicsGRM0335C1H200GA01D490-6122-1-ND81GRM0335C1H200GA1D
C51MLCC - SMD/SMT 0603 0.22uF 6.3voltsMurata ElectronicsGRM033R60J224ME15D490-10407-1-ND81GRM033R60J224ME5D
P11USB Connectors USB A PLUG SMTMolex48037-2200WM3983CT-ND538480372200
F11PTC RESTTBLE 0.75A 6V CHIP 1206Bel Fuse0ZCJ0075FF2E507-1804-1-ND5300ZCJ0075FF2E
J11Female header, 8 position, unpopulated
J21Female header, 5 position, unpopulated
XT1112MHz Crystal 20pF Surface Mount 4-SMD, No Lead (DFN, LCC)CTS-Frequency Controls403C35E12M00000CTX1218CT-ND774403C35E12M00000
U11IC MCU 8BIT 16KB FLASH 20SSOPMicrochipPIC18F14K50-I/SSPIC18F14K50-I/SS-ND579PIC18F14K50I/SS
R11RES SMD 470 OHM 5% 1/10W 0603YageoRC0603JR-07470RL311-470GRCT-ND603RC0603JR07470RL
D11LED BLUE CLEAR 0603 SMDWurth Electronics150060BS75000732-4966-1-ND710150060BS75000