Home page logo

basics logo Security Basics mailing list archives

Re: Programmable USB device that can send keystrokes?
From: Wesley McGrew <wesley () mcgrewsecurity com>
Date: Mon, 7 Apr 2008 11:04:22 -0500

I'm pretty sure that this isn't what he's asking for. To the best of my understanding, he's looking for something that appears to the host as being a USB keyboard, only instrumented to send pre-recorded keystrokes. I don't see why this wouldn't be possible (you could probably knock together a not-small prototype with a microcontroller and the guts of a USB keyboard), but I'm not aware of any products than can be purchased right now.

On Apr 6, 2008, at 11:34 PM, Matt Bragano wrote:

I assume you want to take advantage of the auto-execute property on many Windows machines. Unfortunately, many Windows machines are configured to automatically execute a given program when a disc or USB stick is inserted even though it isn't the most secure behavior. However, the goal you are describing really isn't possible. Any program that is executed on a given machine must be loaded into memory one way or another. Apart from writing some low level assembly, you're likely going to have to employ some other system libraries to initiate a mouse movement event in whatever code you write. (Of course, even the assembly code will be 'loaded' on the computer, but possibly more discreetly.) Despite this, auto- execute can still be quite useful as a security test. Write some "malicious" code, toss the USB stick in the machine and see what happens.

Ali, Saqib wrote:
For some security testing, I am looking for a USB device that can send
pre-programmed key strokes when plugged-into the USB port. Any

I want something that doesn't require a software/script to be loaded
on the computer.

Something along the lines of WiebeTech's MouseJiggler <
http://www.wiebetech.com/products/MouseJiggler.php >, where it
justsends the mouse commands without loading any software.

Or maybe a programmable keyboard that can send keystroke as soon as it
is connected, without requiring any software/script to be loaded.
Obviously this device would require a built-in processor and some


Wesley McGrew, MS, GCIH
wesley () mcgrewsecurity com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]