The Cyber Wallet

Oct 23, 2023 in #development #infosec

One of the projects that I've started and gotten to a usable state recently was "The Cyber Wallet".

This is a USB Rubber Ducky type device that performs USB / Mouse injection attacks against a host computer. I own an older USB rubber Ducky, but do I ever carry it? or can I be bothered to deal with compiling the payloads? If you guessed no to both of these then you would be correct.

So to make sure I always had this with me, I took something I always carry with me, my card holder / wallet, and added some cyber-ness to it. Using a Raspberry Pi Pico, an SSD1306 128x32 OLED screen, and some cheap tactile buttons, you can select a payload (or as I call it a card....) from a list.

The scripting language is very similar to the hak5 product but with some changes to allow any radical ideas I had to come alive, such as using the buttons as part of a payload.

An example card would be:

REM Hello World
MOD4 d
MOD4 r
RTYPE notepad.exe
RTYPE It looks like this is working, good bye!

This would be targeting a windows host and would minimise all windows, run notepad, type some text, then close without saving.

You can also include other cards as well which allows for some modularisation. I need to spend some time updating the documentation over at the Github Repo as that's always the last thing to get updates.