Last active
February 11, 2021 22:00
-
-
Save skelsec/ffc72983e88c06a1fab2c0d3c6b0d297 to your computer and use it in GitHub Desktop.
usbcomposite
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # this file was created using data from multiple different sources including: | |
| # https://github.com/ckuethe/usbarmory/wiki/USB-Gadgets | |
| # https://github.com/RoganDawes/P4wnP1_aloa | |
| # https://github.com/RoganDawes/P4wnP1 | |
| # https://git.gir.st/sendHID.git | |
| # https://git.gir.st/hardpass.git/blob/HEAD:/init_usb.sh | |
| # http://www.isticktoit.net/?p=1383 | |
| # | |
| wdir="/opt/usbattack/" | |
| massstoragefile=$wdir/USB_STORAGE/image.bin | |
| echo "creating composite mass-storage, serial, ethernet, hid..." | |
| modprobe libcomposite | |
| cd /sys/kernel/config/usb_gadget/ | |
| mkdir usbattack | |
| cd usbattack | |
| # HKLM\SYSTEM\CurrentControlSet\Control\usbflags\[USB_VID+USB_PID+bcdRelease\osvc | |
| echo 0x1d6b > idVendor # Linux Foundation | |
| echo 0x1347 > idProduct # Multifunction Composite Gadget | |
| echo 0x0100 > bcdDevice # v1.0.0 | |
| echo 0x0200 > bcdUSB # USB2 | |
| echo 0xef > bDeviceClass | |
| echo 0x01 > bDeviceProtocol | |
| echo 0x02 > bDeviceSubClass | |
| echo 0x40 > bMaxPacketSize0 | |
| mkdir -p strings/0x409 | |
| echo "deadbeef1337" > strings/0x409/serialnumber | |
| echo "MaMe82" > strings/0x409/manufacturer | |
| echo "P4wnP1 by MaMe82" > strings/0x409/product | |
| #### ln -s ???? configs/c.1 | |
| mkdir -p functions/rndis.usb0/os_desc/interface.rndis | |
| mkdir -p functions/hid.mouse | |
| mkdir -p functions/hid.keyboard | |
| mkdir -p functions/acm.usb0 #dont forget: sudo systemctl enable [email protected] | |
| echo "42:63:65:56:34:12" > functions/rndis.usb0/dev_addr | |
| echo "42:63:65:12:34:56" > functions/rndis.usb0/host_addr | |
| ### Windows specific networking setup | |
| mkdir -p os_desc | |
| echo 1 > os_desc/use | |
| echo 0xbc > os_desc/b_vendor_code | |
| echo "MSFT100" > os_desc/qw_sign | |
| echo "RNDIS" > functions/rndis.usb0/os_desc/interface.rndis/compatible_id | |
| echo "5162001" > functions/rndis.usb0/os_desc/interface.rndis/sub_compatible_id | |
| ### end | |
| echo 1 > functions/hid.keyboard/protocol | |
| echo 1 > functions/hid.keyboard/subclass | |
| echo 8 > functions/hid.keyboard/report_length | |
| echo -ne \\x05\\x01\\x09\\x06\\xa1\\x01\\x05\\x07\\x19\\xe0\\x29\\xe7\\x15\\x00\\x25\\x01\\x75\\x01\\x95\\x08\\x81\\x02\\x95\\x01\\x75\\x08\\x81\\x03\\x95\\x05\\x75\\x01\\x05\\x08\\x19\\x01\\x29\\x05\\x91\\x02\\x95\\x01\\x75\\x03\\x91\\x03\\x95\\x06\\x75\\x08\\x15\\x00\\x25\\x65\\x05\\x07\\x19\\x00\\x29\\x65\\x81\\x00\\xc0 > functions/hid.keyboard/report_desc | |
| echo 2 > functions/hid.mouse/protocol | |
| echo 1 > functions/hid.mouse/subclass | |
| echo 6 > functions/hid.mouse/report_length | |
| echo -ne \\x05\\x01\\x09\\x02\\xa1\\x01\\x09\\x01\\xa1\\x00\\x85\\x01\\x05\\x09\\x19\\x01\\x29\\x03\\x15\\x00\\x25\\x01\\x95\\x03\\x75\\x01\\x81\\x02\\x95\\x01\\x75\\x05\\x81\\x03\\x05\\x01\\x09\\x30\\x09\\x31\\x15\\x81\\x25\\x7f\\x75\\x08\\x95\\x02\\x81\\x06\\x95\\x02\\x75\\x08\\x81\\x01\\xc0\\xc0\\x05\\x01\\x09\\x02\\xa1\\x01\\x09\\x01\\xa1\\x00\\x85\\x02\\x05\\x09\\x19\\x01\\x29\\x03\\x15\\x00\\x25\\x01\\x95\\x03\\x75\\x01\\x81\\x02\\x95\\x01\\x75\\x05\\x81\\x01\\x05\\x01\\x09\\x30\\x09\\x31\\x15\\x00\\x26\\xff\\x7f\\x95\\x02\\x75\\x10\\x81\\x02\\xc0\\xc0 > functions/hid.mouse/report_desc | |
| #if test -f $massstoragefile; then | |
| # mkdir -p functions/mass_storage.usb0 | |
| # echo "found mass storage image file, mounting usb mass storage gadget" | |
| # echo 1 > functions/mass_storage.usb0/stall # allow bulk EPs | |
| # echo 0 > functions/mass_storage.usb0/lun.0/cdrom # don't emulate CD-ROm | |
| # echo 0 > functions/mass_storage.usb0/lun.0/ro # write acces | |
| # # enable Force Unit Access (FUA) to make Windows write synchronously | |
| # # this is slow, but unplugging the stick without unmounting works | |
| # echo 0 > functions/mass_storage.usb0/lun.0/nofua | |
| # echo $massstoragefile > functions/mass_storage.usb0/lun.0/file | |
| #else | |
| # echo "mass storage image not found, skipping..." | |
| #fi | |
| mkdir -p configs/c.1/strings/0x409 | |
| echo "Config 1: Composite" > configs/c.1/strings/0x409/configuration | |
| echo 250 > configs/c.1/MaxPower | |
| echo 0x80 > configs/c.1/bmAttributes | |
| ln -s functions/rndis.usb0 configs/c.1/ | |
| ln -s functions/hid.mouse configs/c.1/ | |
| ln -s functions/hid.keyboard configs/c.1/ | |
| ln -s functions/acm.usb0 configs/c.1/ | |
| #if test -f $massstoragefile; then | |
| # ln -s functions/mass_storage.usb0 configs/c.1/ | |
| #fi | |
| ln -s configs/c.1/ os_desc | |
| # this lists available UDC drivers | |
| ls /sys/class/udc > UDC | |
| echo "done. " |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment