BadUSB and Hardware Keylogger cable based on RP2040 microcontroller.
Idea, development and implementation: Joel Serna (@JoelSernaMoreno).
PCB design: Ignacio Díaz Álvarez (@Nacon_96) and Forensic Security (@ForensicSec).
Manufacturer and distributor: AprilBrother (@aprbrother).
The developers and collaborators of this project do not earn money with this. You can invite me for a coffee to further develop Low-Cost hacking devices. If you don't invite me for a coffee, nothing happens, I will continue developing devices.
For sale with April Brother (shipping from China):
For sale with KSEC Worldwide (shipping from United Kingdom):
Summary:
Evil Crow Cable Pro is a basic device for professionals and cybersecurity enthusiasts.
We are not responsible for the incorrect use of Evil Crow Cable Pro.
We recommend using this device for testing, learning and fun :D
Evil Crow Cable Pro is a BadUSB and Hardware Keylogger device based on RP2040 microcontroller.
NOTE:
Download and Install Arduino IDE 1.8.19 (Legacy IDE 1.8.X): https://www.arduino.cc/en/main/software
Download Evil Crow Cable Pro repository: git clone https://github.com/joelsernamoreno/EvilCrowCable-Pro.git
Open Arduino IDE.
Go to File - Preferences. Locate the field "Additional Board Manager URLs:" Add "https://github.com/earlephilhower/arduino-pico/releases/download/global/package_rp2040_index.json" without quotes. Click "Ok".
Select Tools - Board - Boards Manager. Search for "rp2040". Install "Raspberry Pi Pico/RP2040 version 3.3.0 by Earle F. Philhower". Click "Close".
Go to EvilCrowCable-Pro/libraries directory and unzip all libraries in Arduino libraries directory.
Open firmware.ino in Arduino IDE.
Select Tools:
Flash firmware.
Evil Crow Cable Pro is configured with English layout (EN_US), but is compatible with other keyboard layouts:
Available layouts:
Edit USBCrowKeyboard.cpp in your Arduino library directory (USBCrowKeyboard/USBCrowKeyboard.cpp). Modify #define US_KEYBOARD to new layout (example: #define ES_KEYBOARD). Flash firmware again.
NOTE: Not all layouts tested. If you find any wrong key you can change it and send PR to Evil Crow Cable Pro repository.
In firmware.ino you can find a file to include the payload (payload.h). Modify this with your new payload.
NOTE: Check EvilCrowCable-Pro/payloads for some examples :)
This firmware allows a combination of Hardware Keylogger and BadUSB.
NOTE: The flash memory is very small. Do not store very large logs or you will brick Evil Crow Cable Pro.
You can configure the Keylogger and BadUSB from the config.h file:
Evil Crow Cable Pro is configured with a default VID/PID/Manufacturer/Product. You can change the USB configuration. Set CHANGE_USB_CONFIG true to change Vendor ID, Product ID, Manufacturer and Product. (example: Apple keyboard):
If you enable CHANGE_USB_CONFIG to true, Evil Crow Cable Pro turns into an Apple keyboard.
Configure #define KEYLOGGER_VIEWLOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 10 seconds.
Configure #define KEYLOGGER_DELETELOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 5 seconds.
Set #define EXFIL true in config.h to enable data exfiltration. Use exfilWin(command), exfilNix(command) or exfiMac(command) in payload.h. For example:
Configure #define EXFIL_VIEWLOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 10 seconds.
Example:
delay(2000); exfilNix("whoami"); delay(3000); exfilNix("cat /etc/passwd");
Configure #define EXFIL_DELETELOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 5 seconds.
Keystroke Reflection is a new side-channel exfiltration technique developed by Hak5.
Evil Crow Cable Pro features a USB HID OUT endpoint which may accept control codes for the purposes of toggling the lock key LED indicators.
By taking advantage of this architecture, the Evil Crow Cable Pro may glean sensitive data by means of Keystroke Reflection, using the lock keys as an exfiltration pathway.
The Keystroke Reflection attack consists of two phases. In the first phase the data of interest, or "loot", is gathered from the target and encoded as lock keystrokes for reflection.
In the second phase, the Evil Crow Cable Pro enters Exfil Mode where it will act as a control code listener on the HID OUT endpoint. Then, the target reflects the encoded lock keystrokes.
Configure Keystroke Reflection in Evil Crow Cable Pro:
Configure #define REFLECTION_VIEWLOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 10 seconds.
Configure #define REFLECTION_DELETELOG true in config.h. Flash the firmware in Evil Crow Cable Pro, open serial monitor and wait 5 seconds.
Evil Crow Cable Pro can function as a USB Host Mouse.
Format FS OK:
You can use an adapter:
Evil Crow Cable Pro - Install and Use:
Here the Video: Demo Video
Evil Crow Cable Pro - Bypass interface whitelist:
Here the Video: Demo Video 2