This is a silly project that i have spent probably too much time on. First I thought, why not time-lapse my upcoming defcon trip. Then i thought, why not live stream it. So… I started with a Pi Zero and a Pi Camera v1. Wired some pins to the GPIO for power. Made a custom wire and hot glued it into the hat. Done!
I have been working on a number of Raspberry Pi projects in various stages of working. To distract from more difficult projects (not to mention nostalgia and fun) I have been building an Adafruit PiGrrl portable classic game emulator. At several points with this project or other without a lot of feedback from the device I’m working with, I’ve relied on milliamp readings from the Mico USB Cable/Voltage Display. This tiny bit of information is incredibly helpful in determining what my Pi is up too. Idle? Booting? Overwhelmed? In the land of the blind the one eye’d man is king. At the very least it reduced the total time waisted waiting on crashed or other broken attempts.
@SamyKamkar made an impressive and terrifying tool. This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor. On a locked machine no less! It depends much on the trust that our computers take for granted. Trusting a USB device is not up to no good. Trusting the local network not trying to confuse. We must reexamine this trust going forward. It didn’t take long to get it up and running, however once you do, you can spend hours tinkering. (i was working to combine it with @mubix‘s work here)
I am also delighted to have my first Raspberry Pi as a USB device rather then host. it is certainly exciting to create some new doodads using this dangerous toolkit.
I have since made a version without the cache attack. I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation. next step is to man in the middle ssl too. I’m turning it into a device that logs everything while connected, but doesn’t persist.