Wireless Security Tools SySS Radio Hack Box – Find vulnerabilities in wireless input devices

SySS Radio Hack Box is a wireless keyboard for PoC tool that can help researchers use a wireless keyboard (using AES encryption of keyboard) keystrokes injection vulnerability to attack. Next, we will show you the use of this tool, the test target for the Cherry B.Unlimited AES wireless keyboard.

Note: This article describes the wireless security tool SySS Radio Hack Box – looking for wireless input device security vulnerabilities, designed to serve the community for security researchers to learn to use, do not use for other illegal purposes, offenders at your own risk.

Experimental tools

1. Raspberry pie R asp berry Pi

2. Raspberry wireless intrusion toolbox (by the LCD display, LED lights and some buttons)

3. nRF24LU1 (nrf firmware produced by Bastille Threat Research Team) + USB Wireless Adapter (CrazyRadio PA USB Card)

4. Python 2

5. PyUSB

Automatically start

In order to run our wireless hack box automatically after the raspberry start is complete, we can use the init.d script provided in the GitHub library, or use the following startup command:

@reboot python2 /home/pi/radiohackbox/radiohackbox.py &

Usage

The Radio Hack Box currently has four simple push buttons for

  • start/stop recording
  • start playback (replay attack)
  • start attack (keystroke injection attack)
  • start scanning

Note: Pressing the SCAN button immediately after pressing the RECORD button, we can shut down directly and do not destroy the entire file system.

 

Raspberry + Wireless Intrusion Toolbox

Our handmade toolbox consists of an LCD panel, LED lights, buttons, resistors, and wires, and we solder them on an experimental circuit board. The three images presented below are the front, back, and global graphs of the board:

Demo Video

A demo video illustrating replay and keystroke injection attacks against an AES encrypted wireless keyboard using the SySS Radio Hack Box a.k.a. Cherry Picker

Disclaimer

The purpose of this tool is to allow manufacturers and communities to be aware of the security threats faced by these wireless input devices. This tool is for testing and education purposes only and should not be used for illegal purposes.

Source

https://github.com/SySS-Research/radio-hackbox