Friday 20 November 2015

"Wireless" USB cable, via RF / 3G


I'm looking into the feasibility of a project to develop a USB-over-RF device for physical penetration testing engagements. The idea is that our tester could connect a device to a USB port on a machine within the test environment, then leave the building and plug in arbitrary USB devices remotely.


Diagram of project


The requirements are as follows:



  • USB 1.1 support at minimum, but USB2.0 support would be greatly beneficial even if speed is heavily degraded.

  • Ability to plug in arbitrary devices is mandatory. Keyboard, mouse and USB storage are our primary goals.

  • Cannot load any form of special software or driver onto the target machine. Client transceiver has to work "out of the box" on a system we've got no access to.

  • Host transceiver would preferably be nothing more than a box full of electronics that we plug a USB hub into.

  • Enough speed and integrity to run a USB VGA adapter would be amazing, but we're realistic about this being potentially impossible.


  • Can be powered from a socket if necessary, but running from host power would be better.

  • Needs a strong enough signal to go through at least one external wall.


I have a few ideas in my head about what kinds of technologies could be used, e.g. Arduino Mega + USB host shield + XBee for the host transceiver, and a similar setup (with USB client rather than host) for the client transceiver. We also considered TCP/IP over 3G as a potential transmission medium, though I fear it may be too latent / slow.


Do you think this could be achieved with the kind of technology I've mentioned? What issues am I likely to run into with sending USB over a latent connection like this? Is there an easier solution that I've missed?



To clarify, consider our task equivalent to sneaking into a building and installing a device into a computer, similar to the scene at the start of Sneakers. The restriction is due to the fact that the machine will likely be locked or shut down, so we cannot expect to have any interaction with the system beyond plugging in a USB device. We'll often have less than 30 seconds alone with the machine, too. This rules out installing drivers / software, bluetooth pairing, etc.




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

arduino - Can I use TI's cc2541 BLE as micro controller to perform operations/ processing instead of ATmega328P AU to save cost?

I am using arduino pro mini (which contains Atmega328p AU ) along with cc2541(HM-10) to process and transfer data over BLE to smartphone. I...