Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Turning a Pico into a Human Interface Device (HID)
  • Cyber Attacks
  • Data Breach

Turning a Pico into a Human Interface Device (HID)

3 years ago Tyler Reguly
Turning a Pico into a Human Interface Device (HID)

I just walked out of room 716 at SecTor here in Toronto, where I shared details on my Raspberry Pi Pico project. I’m happy that I was finally able to share this and even happier to announce that the GitHub repo is now open to the public. I won’t walk you through the code, but you can reach out to me if you have questions.  

So, what is the repo? As I mentioned in the announcement for my SecTor session, I looked at turning a Pico (or any device running an RP2040) into a Human Interface Device (HID). I started out creating a Stream Deck and had such a great time building that and turning it into a tool to teach Python to teens, that I decided to dig deeper into the functionality of the Pico’s HID functionality. As a demo for SecTor 2021, I created a Pico that, when plugged into a computer, would emulate a keyboard and quickly issue commands. Over the past year, I’ve extended that and created example code.  

While BadUSB attacks are not new, I’m hoping that this makes them more accessible and opens the door for further education about how these attacks are performed and the damage they can do. With a little bit of creativity, these devices could be hidden in standard USB devices and distributed to employees as part of annual security awareness training. While they can service malicious individuals, there’s a lot of harmless fun that can be had demonstrating the dangers of these devices to non-technical individuals.  

Within the GitHub repo, you’ll find the keycode library (one already exists within CircuitPython, but I wasn’t happy with the approach it used), a template for the BadUSB attack, sample code, and plenty of example payloads. This tooling can be useful, not only for security awareness training, but also for administrators needing to deliver configuration to remote systems that are not networked. Anything you can do with a keyboard; you can do with a Pico using this code and that provides extensive flexibility and functionality.  

If you explore the repo or use the code, I’d love to hear how you are using it and what you think of the code. I’m sure there are plenty of improvements that could be made and I’m happy to hear your suggestions. Enjoy! 

The post ” Turning a Pico into a Human Interface Device (HID)” appeared first on TripWire

Source:TripWire – Tyler Reguly

Tags: TripWire

Continue Reading

Previous Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals
Next BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

More Stories

  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

4 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

19 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

24 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

1 day ago [email protected] (The Hacker News)

Recent Posts

  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
  • Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT