mailing list archives
Re: Programmable USB device that can send keystrokes?
From: Wesley McGrew <wesley () mcgrewsecurity com>
Date: Mon, 7 Apr 2008 11:04:22 -0500
I'm pretty sure that this isn't what he's asking for. To the best of
my understanding, he's looking for something that appears to the host
as being a USB keyboard, only instrumented to send pre-recorded
keystrokes. I don't see why this wouldn't be possible (you could
probably knock together a not-small prototype with a microcontroller
and the guts of a USB keyboard), but I'm not aware of any products
than can be purchased right now.
On Apr 6, 2008, at 11:34 PM, Matt Bragano wrote:
I assume you want to take advantage of the auto-execute property on
many Windows machines. Unfortunately, many Windows machines are
configured to automatically execute a given program when a disc or
USB stick is inserted even though it isn't the most secure
behavior. However, the goal you are describing really isn't
possible. Any program that is executed on a given machine must be
loaded into memory one way or another. Apart from writing some low
level assembly, you're likely going to have to employ some other
system libraries to initiate a mouse movement event in whatever code
you write. (Of course, even the assembly code will be 'loaded' on
the computer, but possibly more discreetly.) Despite this, auto-
execute can still be quite useful as a security test. Write some
"malicious" code, toss the USB stick in the machine and see what
Ali, Saqib wrote:
For some security testing, I am looking for a USB device that can
pre-programmed key strokes when plugged-into the USB port. Any
I want something that doesn't require a software/script to be loaded
on the computer.
Something along the lines of WiebeTech's MouseJiggler <
http://www.wiebetech.com/products/MouseJiggler.php >, where it
justsends the mouse commands without loading any software.
Or maybe a programmable keyboard that can send keystroke as soon as
is connected, without requiring any software/script to be loaded.
Obviously this device would require a built-in processor and some
Wesley McGrew, MS, GCIH
wesley () mcgrewsecurity com