Skip to main content

INJECTING CODE INTO MOUSE FIRMWARE SHOULD BE YOUR NEXT HACK

Here’s a DEF CON talk that uses tools you likely have and it should be your next hacking adventure. In their Saturday morning talk [Mark Williams] and [Rob Stanely] walked through the process of adding their own custom code to a gaming mouse. The process is a crash course in altering a stock firmware binary while still retaining the original functionality.

The jumping off point for their work is the esports industry. The scope of esporting events has blown up in recent years. The International 2016 tournament drew 17,000 attendees with 5 million watching online. The prize pool of $20 million ($19 million of that crowdfunded through in-game purchases) is a big incentive to gain a competitive edge to win. Contestants are allowed to bring their own peripherals which begs the questions: can you alter a stock gaming mouse to do interesting things?

The steelseries Sensei mouse was selected for the hack because it has an overpowered mircocontroller: the STM32F103CB. With 128 KB of flash the researchers guessed there would be enough extra room for them to add code. STM32 chips are programmed over ST-Link, which is available very inexpensively through the ST Discovery boards. They chose the STM32F4DISCOVERY which runs around  $20.

Perhaps the biggest leap in this project is that the firmware wasn’t read-protected. Once the data, clock, and ground pads on the underside of the board were connected to the Discovery board the firmware was easy to dump and the real fun began.

They first looked through the binary for a large block of zero values signifying unused space in flash. The injected firmware is designed to enumerate as a USB keyboard, open Notepad, then type out, save, and execute a PowerShell script before throwing back to the stock firmware (ensuring the mouse would still function as a mouse). Basically, this builds a USB Rubber Ducky into stock mouse firmware.

There are a few useful skills that make taking on this project a worthwhile learning experience. To compile your custom code correctly you need to choose the correct offset address for where it will end up once pasted into the firmware binary. The vector table of the original code must be rewritten to jump to the injected code first, and it will need to jump back to the mouse execution once it has run. The program flow on the left shows this. Both of these jumps require the program counter and registers to be saved and restored. The ARM stack is subtractive and the address will need to be updated to work with the added code.

The talk ended with a live demo that worked like a charm. You can check out the code in the MDHomeBrew repo. In this case the PowerShell script adds keyboard shortcuts for DOOM cheats. But like we said before, the experience of getting under the hood with the firmware binary is where the value will be for most people. With this success under your belt you can take on more difficult challenges like [Sprite_TM’s] gaming keyboard hack where the firmware couldn’t easily be dumped and an update binary was quite obsfucated.

Comments

Popular posts from this blog

Bitcoin Laundering” Study: Where Do Criminals Turn to Mask Illicit Cryptoassets?

A recent study ( PDF ) from the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance and blockchain analytics company Elliptic explored the “bitcoin laundering” ecosystem. In the study, Elliptic’s forensic analysis of the Bitcoin blockchain and other publicly available data were used to track the flows of illicit funds from 2013 to 2016. “This study aimed to identify where individuals turn in order to cash out or transmit bitcoins (BTC) acquired from illicit entities and to discover typologies for criminals ‘laundering’ bitcoins,” the report says. The study describes bitcoin laundering as a special type of money laundering that exists within the Bitcoin network where a user moves some bitcoins to a new address in a manner that obscures the original source of funds. The conversion of bitcoins into fiat currency on exchanges that lack adequate anti-money laundering (AML) and know-your-customer (KYC) policies can also fall under the category ...

Soaring Bitcoin Price Leads $159 Billion Crypto Market Recovery

Bitcoin  Well, somebody bought the dip. Just as critics were rushing to proclaim that the bitcoin bubble had burst, the markets staged a $159 billion recovery. The rally was headlined by the bitcoin price, which rebounded from its sub-$10,000 fling and is currently flirting with $12,000. Several other top-tier coins, meanwhile, returned single day increases in excess of 40 percent. Source: CoinMarketCap Altogether, the  cryptocurrency market cap  clawed its way back to $574 billion, representing a 38 percent recovery from Wednesday’s intraday low of $415 billion. Bitcoin Price Eyes $12,000 Wednesday served as a trial-by-fire for recent bitcoin investors, some of whom had purchased the flagship cryptocurrency for $19,000 at the height of the rally in mid-December. Bitcoin Price Chart The correction forced the  bitcoin price  below $10,000 for the first time since early December, but Thursday’s rally enabled bitcoin to regain a bit...

How to Boost Your Credit—or Build it Up From Nothing

Now that you know  how credit works , you probably want to know how to make it work  better . While nothing is better for your credit than paying your bills in full and on time, there are ways to give it a boost. Like it or not,  credit matters . It’s also complicated. In our “Everything You Need to Know About Credit” series, we’re breaking down the basics. When a lender or landlord looks at your credit, they’re not just looking for a three digit number, they want to know how you actually handle credit. That’s why your credit report is more important than your score. That said, your score matters, too, and the good news is, there are shortcuts for boosting it in a relatively short amount of time. And if you don’t have credit at all — let’s say you’re a teenager about to start college — your biggest focus should be on building up a credit history. That way you can apply for student loans, apartments, and make sure you  aren’t gouged on bills . Here are some options...