JackIt – Exploit Code for Mousejack
Do you like JackIt but don’t want to carry around a laptop? Check this out.
This is a partial implementation of Bastille’s MouseJack exploit. See mousejack.com for more details. Full credit goes to Bastille’s team for discovering this issue and writing the libraries to work with the CrazyRadio PA dongle. Also, thanks to Samy Kamkar for KeySweeper, to Thorsten Schroeder and Max Moser for their work on KeyKeriki and to Travis Goodspeed. We stand on the shoulders of giants.
We have successfully tested with the following hardware:
- Microsoft Wireless Keyboard 800 (including keystroke logging)
- Microsoft Wireless Mouse 1000
- Microsoft All-In-One Media Keyboard
- Microsoft Sculpt Ergonomic Mouse
- Logitech Wireless Touch Keyboard K400r
- Logitech Marathon M705 Mouse
- Logitech Wave M510 Mouse
- Logitech Wireless Gaming Mouse G700s
- Logitech K750 Wireless Keyboard
- Logitech K320 Wireless Keyboard
- Dell KM636 Wireless Mouse and Keyboard
- AmazonBasics MG-0975 Wireless Mouse
Known to not work with:
- Logitech M185 and M187 mice (red unifying dongle C-U0010)
- All older 27MHz devices, such as:
- Microsoft Wireless Optical Mouse 2.0
- Microsoft Wireless Notebook Optical Mouse 3000
- Dell KM632 (on the roadmap)
- HP wireless devices (on the roadmap)
- Lenovo wireless devices (on the roadmap)
Tested on Windows 7/8.1/10 and macOS 10.11/10.12. Not tested against Linux. Let us know if it works or doesn’t work on your device.
Note: JackIt may not work if you have applied the Logitech firmware update or KB3152550.
We work in the security industry and often it is necessary to demonstrate risk in order to create action. Unfortunately, these kinds of issues don’t show up on Nessus scans, so we wrote an exploit. Please use this code responsibly.
To use these scripts, you will need a CrazyRadio PA adapter from Seed Studio. You will also need to flash the firmware of the adapter using Bastille’s MouseJack research tools. Please follow their instructions for updating the firmware before continuing.
After installing the firmware, you can install JackIt via:
Once your CrazyRadio PA is ready, you can launch JackIt via:
Let the script run and detect the nearby devices, then press Ctrl-C to start your attack. The workflow is similar to Wifite. By default, it will only monitor for devices. If you would like to inject, specify a Duckyscript payload file using –script. The payload should be in plain text, not compiled using the Duckyscript encoder.
If you have no idea what Duckyscript is, see the Hak5 USB Rubber Ducky Wiki.
For practical usage instructions and gotchas, check on the Wiki page.