The USB Human Interface Device I/O Toolkit (HIDIOT) is a small, open source hardware and software, credit card sized device that fits snuggly in your wallet, allowing you to do devious and interesting things with the world of slow speed USB devices, mainly focused on (but not limited to) the USB HID class. The HIDIOT was specifically designed to introduce people who have never soldered before to a practical hardware hacking toolset.
In this talk, I introduce (for the first time) version 1.0 of the HIDIOT. This session is pretty much entirely demo driven, showing what this open source grab bag of hardware and software can do to create both malicious and useful USB HID devices.
This lab is ideal for people who want to learn how to build their own hardware hacking tools but are a bit too scared to jump in, and it was designed to be so easy to build, anyone can build one. Akos Rajmar made a short video of him soldering one of the prototypes together here: https://www.youtube.com/watch?v=SyjGp5E4PcM
The HIDIOT is programmed via the Arduino IDE and can emulate pretty much any slow speed USB device. I’ll provide an initial overview of how slow speed USB works, an overview of USB HID classes and the types of things you can simulate from keyboards and mice (like rubber ducky attacks) to various other devices, including those used in Point-Of-Sale and medical systems.
I’ll then demonstrate how to put one together, flash it with the bootloader, get the software installed and start with a simple set of demos including simple keyboard attacks, a screen-lock blocker and the obligatory meterpreter via powershell via HID demo.
I’ll then show some demos of various projects I’ve built using the HIDIOT, including:
* A Raspberry Pi shutdown key
* A hardware SSH private key
* A hardware Pseudo-Random Number Generator
If time permits, I’ll show how to mod the device to add buttons, potentiometers and interface with other hardware buses to add support for SD Cards, Bluetooth and other fun bits of hardware. Finally, I’ll talk about future applications for the HIDIOT and some documentation to get started with yours
Note: You’ll be able to pick up your HIDIOT at the HITB CommSec Exhibition Village
