February 2012

Lights Out Exploit

After attending Adrian Crenshaw's talk at DefCon18 (slides, video) on using the Teensy as an exploit tool, I was inspired to give it a try.  I took a Teensy and added an RGB LED, photo sensor, DIP switches, and a keyboard connector to experiment.  I had fun trying it in various ways.  Ultimately, I used the DIP switches to set which platform it targeted for the exploit (Windows, Mac, or Linux) as well as what the trigger would be.  The RGB LED would indicate which mode it was in.  I was using it through the USB bus on the target machine.  But most fun was using it during computer security talks where I was projecting from the target machine -- then I'd ask someone to turn off the lights -- and the photo sensor would trigger it to get shell access on the machine, possibly setting up a reverse shell.  If one only knew what was in those epoxy-sealed controller chips on our keyboards and other devices...;-)