Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices
The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES.
Requirements
Automatic startup
For automatically starting the Radio Hack Box process on the Raspberry Pi after a reboot, either use the provided init.d script or the following crontab entry:
Usage
The Radio Hack Box currently has four simple push buttons for
Demo Video
A demo video illustrating replay and keystroke injection attacks against an AES encrypted wireless keyboard using the SySS Radio Hack Box a.k.a. Cherry Picker is available on YouTube:
Pi Radio Hack Box Shield
The hand-crafted Pi shield simply consists of an LCD, some LEDs, some buttons, resistors, and wires soldered to a perfboard.
- Raspberry Pi
- Raspberry Pi Radio Hack Box shield (a LCD, some LEDs, and some buttons)
- nRF24LU1+ USB radio dongle with flashed nrf-research-firmware by the Bastille Threat Research Team, e. g.
- Bitcraze CrazyRadio PA USB dongle
- Logitech Unifying dongle (model C-U0007, Nordic Semiconductor based)
- Python2
- PyUSB
Automatic startup
For automatically starting the Radio Hack Box process on the Raspberry Pi after a reboot, either use the provided init.d script or the following crontab entry:
@reboot python2 /home/pi/radiohackbox/radiohackbox.py &Usage
The Radio Hack Box currently has four simple push buttons for
- start/stop recording
- start playback (replay attack)
- start attack (keystroke injection attack)
- start scanning
Demo Video
A demo video illustrating replay and keystroke injection attacks against an AES encrypted wireless keyboard using the SySS Radio Hack Box a.k.a. Cherry Picker is available on YouTube:
Pi Radio Hack Box Shield
The hand-crafted Pi shield simply consists of an LCD, some LEDs, some buttons, resistors, and wires soldered to a perfboard.
Post a Comment