Inspiration

Samy Kamkar (samy.pl) is an amazing security researcher. He used a Teensy to prove how easy it is to hack anything. A Teensy device is quite expensive and not a common piece of hardware. So we decided to turn an ordinary Arduino Uno into a malicious pwnDuino to prove how easy it is to hack anyone.

What it does

The client-side Python script images your Arduino Uno into a malicious pwnDuino. From there, you will be able to plug that pwnDuino into any computer, automatically pwning it. It will download a malicious VBscript payload that enables us to conduct malicious activities on the compromised computer, as well as establish a persistent connection to the computer through the pwnDuino app, available on Android.

How we built it

We utilized Android Studio and Atom.io to built the entire framework. Code for the Arduino was written in Arduino IDE.

Challenges we ran into

Compiling the code was lways problematic, as the malicious pwnDuino malfunctioned a bit, especially when attacking our dummy Windows computer.

Accomplishments that we're proud of

We are able to build an entire framework (still WIP however) in 12 hours. We felt that this would be a great Poc for the hacker community.

What we learned

Hardware-software interactions are usually difficult to control, and writing code that translates from the computer to the hardware can often be problematic

What's next for pwnduino

Writing a legitimate VBscript payload that can cause mayhem on a suppose-target computer.

Built With

Share this project:
×

Updates