The stuff I’ve seen around the LOGITacker has had the unit attached to either a computer or mobile device. I wanted to see if I could find a “low cost” setup that could be left behind at an engagement or hidden and accessed remotely. Something that wouldn’t break the bank if it was lost or destroyed.

Equipment

• Raspberry Pi Zero w - $10

  • https://www.raspberrypi.org/products/raspberry-pi-zero-w/ (Amazon: https://amzn.to/2Sndmr6 )

• MakerDiary nRF52840 MDK USB - $12.99

  • https://store.makerdiary.com/collections/frontpage/products/nrf52840-mdk-usb-dongle (Amazon: https://amzn.to/2XP761f )

• Anker PowerCore 10000 - $25.99 (You can use any powersource, this was small and nearby)

  • https://amzn.to/2SlhgAw

• USB OTG adapter - $6.68

  • https://amzn.to/2SnMjeZ

• Micro SD Card - $10 (Just saying $10 since that’ll get you a decent quality/capacity for this project. I’m using a 32gb that I had)

Total Cost: $65.66

Setup

I’m using the standard Raspbian install for the Pi Zero W (https://www.raspberrypi.org/downloads/raspbian/).

I went with “Raspbian Buster with Desktop”. For this setup I put the Pi in AP mode so I’m able to interact with it via it’s WIFI AP. I followed this documentation (https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md) . One item to note, hostapd refused to start for me. Upon reading the logs, I found that it was getting hung up on the line “ignore_broadcast_ssid=0” in the hostapd.conf file. After removing that line and saving, I was able to get the Pi running properly.

If setup following the guide, you should be able to connect to the AP with the SSID/Key that you set. Then start up your SSH client of your choice and SSH to 192.168.4.1. Once connected, you need to install screen (sudo apt-get update) & (sudo apt-get install screen).

I setup my nRF52840 according to the guide I have here (https://www.jameshickok.com/blog/logitacker-e79n7)

Once everything is up and running, SSH into your Pi and type: screen /dev/ttyACM0

The fun begins!

You should now have remote access to your LOGITacker!

*Update at bottom*

I wanted to see if I could use the LOGITacker to compromise a machine remotely.  This is just a quick and dirty attempt.  I'm using a Logitech MX Master and nano receiver as the device being attacked on the victim machine.  Even though the only device attached is a mouse, we are still able to inject keystrokes.

Rundown of what is happening:

1. Launch Virus & Threat Protection

2. Disable Real-Time Protection

3. Open Command Prompt

4. Use certutil.exe to download malicious payload and execute

I'm sure there are better ways to accomplish the same end goal but this was my quick attempt at "hey, can this work?"

The script the LOGITacker is executing is as follows:

Once we run the script, we have a shell from our attacker machine! Here is a video of it in action:

UPDATE:

There was some question about further detail in working with LOGITacker. Here is more information:

Once a target is detected, you can enter inject mode. Type “inject target <MAC>” and press return.

From there, you should be able to start writing your scripts!

Here is a quick rundown of the main commands:

script press <key> - press the corresponding <key>: GUI, ALT, LEFT, UP

script delay 500 - wait 500ms before next command

script string “cmd.exe” - type cmd.exe

script show - show the current commands

script undo - undo the last command

script store “scriptName” - save script to device as “scriptName”

script load “scriptName” - load script

inject execute - run current script

All credit goes to mame82 (https://twitter.com/mame82)

• I'm using the MakerDiary nRF52840 MDK USB Dongle:

  • https://store.makerdiary.com/collections/frontpage/products/nrf52840-mdk-usb-dongle

• The repo with the firmware is located here:

  • https://github.com/mame82/LOGITacker

• To install the firmware onto the nRF52840, you need the Nordic Semiconductor nRF Connect for Desktop:

  • https://www.nordicsemi.com/?sc_itemid=%7BB935528E-8BFA-42D9-8BB5-83E2A5E1FF5C%7D

Once downloaded and installed, install the "Programmer" under Add/remove apps.

After the Programmer is installed, hold down the button on the dongle and insert into the USB port.  The dongle should enter flashing mode with a solid green and slowly flashing red light. If the device doesn't appear in the drop down, close and restart the Programmer app.

Once selected, add the logitacker_mdk_dongle.hex and select Write.

The device will not show up properly in the programmer after it is flashed but you should see the new firmware version in the selection pane.

Use the following settings for putty:

https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.sdk5.v15.0.0/lib_cli.html#lib_cli_terminal_settings

Once connected, you should be able to connect and see your device.

So there you have it! You are now on your way to see what your Logitech devices are doing. Remember to be responsible and don’t do anything illegal.