01101000011000010110001101101011011010000111001001101111011011010111010001100011011000010111011001100001

HIDIOUS: HID Injection Over Usb Suite

Last Updated: 07/12/12

Description

HIDIOUS (HID Injection Over Usb Suite) is an Arduino library for Keystroke injection. The hardware is able to act as a keyboard and send keystrokes to the computer. This library makes it much easier to use keystroke injection as an attack vector. HIDIOUS builds upon the research of IronGeek's and his PHUKD Library http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle.

HIDIOUS provides functions to run user defined Commands, Scripts, or Binaries against Windows, Linux, and OSX. Configuration of the payloads is offloaded to a Micro SD card. Due to the limited resources on many Arduino compatible board, some payloads are to large to fit in memory. Reading in payloads from an external medium (like an Micro SD card), allows for larger payloads which can be modified easily.

Commands A single line command is run in the terminal of the host OS. This single line can contain multiple commands using '\&' in Windows and ';' in Linux/OSX.

Scripts HIDIOUS will let you run scripts from many native scripting languages like batch, bash, python, and perl. It also uses a customized language called HIDIScript. This scripting language interpenetrates non-ASCII keys from a plain text script file.

Binary Binaries are converted to HEX and typed in to host, then converted back into binary format. After the binary is copied to the intended host, it is executed, then deleted.

Consult the README file for the library for information on using specific functions.

Example: A simple coding example for running script.bat on a Windows box. It reads from the "/glitch/mod03/script.bat" file on the SD card. The content of the file are copied over to the host computer and saved in the directory "%TEMP%" (which is the temporary directory in Windows) with the file name "temp.bat". The script is then saved, run, and deleted. No prefix (like "powershell " or "python ") is needed to run the Batch script, so the string is left blank.

char * filename = "temp.bat";
char * filepath = "%TEMP%";
char * file_sd_path = "/glitch/mod03/script.bat";
char * prefix = "";

runScriptWin(filename, filepath, file_sd_path, prefix);


HIDIScript


The script is interpreted at runtime. There are three types of tags: Modifier Keys, Regular Keys, and Commands.

Modifier Keys can be used together with a single Regular Key.
Regular Keys represent a single keystroke. Each Regular Key must be followed by a new line.
Commands can be used to interact with the microcontroler through the script.


Example: (Open notepad and type Hello World)

[KEY_RIGHT_GUI][KEY_R]
[WAIT_1]
notepad
[KEY_ENTER]
[WAIT_2]
Hello World
[KEY_ENTER]


The following tables contain the syntax for the HIDIScript language.


Regular Keys Codes

KEY_AKEY_BKEY_CKEY_D
KEY_EKEY_FKEY_GKEY_H
KEY_IKEY_JKEY_KKEY_L
KEY_MKEY_NKEY_OKEY_P
KEY_QKEY_RKEY_SKEY_T
KEY_UKEY_VKEY_WKEY_X
KEY_YKEY_ZKEY_1KEY_2
KEY_3KEY_4KEY_5KEY_6
KEY_7KEY_8KEY_9KEY_0
KEY_ENTERKEY_ESCKEY_BACKSPACEKEY_TAB
KEY_SPACEKEY_MINUSKEY_EQUALKEY_LEFT_BRACE
KEY_RIGHT_BRACEKEY_BACKSLASHKEY_NUMBERKEY_SEMICOLON
KEY_QUOTEKEY_TILDEKEY_COMMAKEY_PERIOD
KEY_SLASHKEY_CAPS_LOCKKEY_F1KEY_F2
KEY_F3KEY_F4KEY_F5KEY_F6
KEY_F7KEY_F8KEY_F9KEY_F10
KEY_F11KEY_F12KEY_PRINTSCREENKEY_SCROLL_LOCK
KEY_PAUSEKEY_INSERTKEY_HOMEKEY_PAGE_UP
KEY_DELETEKEY_ENDKEY_PAGE_DOWNKEY_RIGHT
KEY_LEFTKEY_DOWNKEY_UPKEY_NUM_LOCK
KEYPAD_SLASHKEYPAD_ASTERIXKEYPAD_MINUSKEYPAD_PLUS
KEYPAD_ENTERKEYPAD_1KEYPAD_2KEYPAD_3
KEYPAD_4KEYPAD_5KEYPAD_6KEYPAD_7
KEYPAD_8KEYPAD_9KEYPAD_0KEYPAD_PERIOD


Modifier Keys

KEY_CTRLKEY_SHIFTKEY_ALTKEY_GUI
KEY_LEFT_CTRLKEY_LEFT_SHIFTKEY_LEFT_ALTKEY_LEFT_GUI
KEY_RIGHT_CTRLKEY_RIGHT_SHIFTKEY_RIGHT_ALTKEY_RIGHT_GUI


Commands

WAIT_#Delay '#' number of milliseconds.


Download

Download at the SourceForge http://sourceforge.net/projects/hidious/

Version

0.1: Initial release.
0.2: Fixed issue with copying over binaries.

Presentations

"HIDIOUS Methods of Keystroke Injection", HOPE 2012 (link)