WiFi keylogger with Micro SD slot, based on the Atmega32U4 microcontroller and the ESP32-PICO module
Idea, development and implementation: Joel Serna (@JoelSernaMoreno) & Ernesto Sánchez (@ernesto_xload)
Collaborators: Ignacio Díaz (@Nacon_96) / Forensic&Security (@ForensicSec)
PCB design, manufacturer and distributor: April Brother (@aprbrother)
The developers and collaborators of this project do not earn money with this. You can invite me for a coffee to further develop Low-Cost hacking devices. If you don't invite me for a coffee, nothing happens, I will continue developing devices.
For Sale at:
Summary:
Disclaimer
Introduction
Installation
First steps with Evil Crow Keylogger
Use the Micro SD Slot
Keystroke Injection
Unbrick Evil Crow Keylogger with Hall Sensor
Evil Crow Keylogger is a physical keylogger device for professionals and cybersecurity enthusiasts.
AprilBrother and the collaborators of this project are not responsible for the incorrect use of Evil Crow Keylogger.
We recommend using this device for testing, learning and fun :D
Evil Crow Keylogger is a physical keylogger with the following hardware:
NOTE:
EvilCrow-Keylogger
before shippingLayouts:
NOTE: Please do not ask me to implement new functions in this code. You can develop code for Evil Crow Keylogger and send me PR with your new code.
0.- Add your user to the dialout group: sudo usermod -a -G dialout USER
1.- Install esptool: sudo apt install esptool
2.- Install pyserial: sudo pip install pyserial
Now you can flash Atmega32u4 and ESP32-PICO in different ways:
Evil Crow Keylogger supports several layouts, the en_us layout is by default.
Set up a new layout:
0.- Open Keyboard/src/Keyboard.cpp with a text editor
1.- Change #define kbd_en_us to another layout. Example: #define kbd_es_es
You can use:
kbd_be_be
kbd_cz_cz
kbd_da_dk
kbd_de_de
kbd_en_us
kbd_es_es
kbd_fi_fi
kbd_fr_fr
kbd_it_it
kbd_pt_pt
kbd_tr_tr
2.- Save and close Keyboard.cpp
git clone https://github.com/volca/keylogger-pio.git
git clone https://github.com/joelsernamoreno/EvilCrow-Keylogger.git
cd keylogger-pio
flash.bat
or ./flash.sh
to program 32u4 and esp32-picoNote: Please re-plug Evil Crow Keylogger if you run the steps again. Because the script can't reset ESP32-PICO to program mode.
Buy ESP Flasher: https://www.aliexpress.com/item/32556128986.html
git clone -b prod https://github.com/volca/keylogger-pio.git keylogger-pio
0.- Download and Install the Arduino IDE: https://www.arduino.cc/en/main/software
1.- Open Arduino IDE.
2.- Go to File - Preferences. Locate the field "Additional Board Manager URLs:" Add "https://dl.espressif.com/dl/package_esp32_index.json" without quotes. Click "Ok"
3.- Select Tools - Board - Boards Manager. Search for "esp32". Install "esp32 by Espressif system version 1.0.3". Click "Close".
4.- Download/extract EvilCrow-Keylogger repository.
5.- Copy the Keyboard and USB Host Shield libraries included in this repository to your Arduino library directory.
NOTE: The Keyboard library included in this repository has been modified, EvilCrow Keylogger needs this library to work.
To upload the ESP32 code into the keylogger, you can do this in different ways: You can use an Arduino, an FTDI or an ESP Flasher from April Brother. On this way I will use an Arduino to upload the ESP32 code.
Here you can see all the pins corresponding to ESP32:
1.- Open Arduino IDE.
2.- Open the ATMEGA32U4.ino sketch.
3.- Select Tools - Board – "Arduino Lilypad USB".
4.- Upload the code to the board.
Done!
0.- Connect a keyboard to the Evil Crow Keylogger USB host port.
1.- Connect Evil Crow Keylogger to your laptop.
2.- Open a notepad and type Hello World with the keyboard connected to the keylogger
3.- Visualize the wifi networks around you and connect to the Keylogger (default SSID: Keylogger).
4.- Enter the password for the wifi network (default password: 123456789).
5.- Open a browser and access the web panel (default IP: 192.168.4.1).
6.- Click on the View Log option
Evil Crow Keylogger also stores the log on the Micro SD card.
File: log.txt
Keystroke injection attacks can me executed by navigating to the Live Payload tab. There you can write and run keystroke injection payloads written in simple script.
The parameters allowed to create payloads are the following:
print: Example print Hello World
println: Example println Hello World
press: Example press 131 (This is the GUI key)
release: Example release
rawpress: Example rawpress 176 (This is the RETURN key)
delay: Example delay 3000
To press more keys and modifiers you can use the following link: https://www.arduino.cc/reference/es/language/functions/usb/keyboard/keyboardmodifiers/
Payload example:
First, you’ll need to set the serial port to the bootloader. But that port is only visible when the board is in bootloader mode, so pull the reset line low twice quickly to invoke the bootloader reset feature. You can quickly press the reset button** twice. While the Evil Crow Keylogger is in the bootloader mode, change the ‘Tools > Serial Port’ menu to the bootloader COM port. Quick! You’ve only got eight seconds.
The reset button is a HALL sensor, that means you need to place a magnet close that side of the PCB, in order to simulate the "button pressure".
1.- Open Arduino IDE and open ATMEGA32U4.ino sketch
2.- Connect Evil Crow Keylogger via USB port.
3.- Press Upload sketch
4.- Start the unbrick phase with a magnet by placing it close that side of the PCB where the hall sensor is located (do it two times). Close-away-close-away