How to make Stealth USB CapsLocker


Just in time for April Fool's Day! I built a device that has the potential to drive a computer user insane.



This device plugs into a USB port and implements a USB HID keyboard. Instead of doing anything useful, it waits between 30 seconds and 8 minutes and sends the scancode for the Caps Lock key. This will toggle the Caps Lock status on or off. Since the operating system controls the LED on the keyboard, the Caps Lock light also toggles. This makes it appear the user has accidentally pressed the Caps Lock key...until it happens 20 or 30 times and they get suspicious. Then they might see the Caps Lock light turn on by itself. Next is a sequence of reboots, bashing the keyboard on the desk, clicking through the Control Panel, possibly even replacing the keyboard. Unless they notice the tiny little device sitting in one of the USB ports on the back of their computer, nothing will help.
Disclaimer: This device provides keyboard input to a computing device outside of user control. It is intended for experimentation and demonstration purposes only. It should never be used in a situation that can result in loss of data, property, or finances. It should never be used in a situation that could cause harm to a person via operation or failure. Usage of this device is beyond my control and I am not responsible for any damages resulting.

The CapsLocker was built on an Atmel AVR ATTiny45, and heavily based on the EasyLogger application from ObDev. Very little code modification was necessary to get the random Caps Lock activation working.
This is a single-sided PCB with a couple of jumper wires for simplicity. If I had decided to use the test clips from the beginning, the jumper wires would be unnecessary.



Here are some additional photos showing the installed device and heatshrink over the part that extends from the USB port.






Some have commented on the apparently dirtiness/hairyness of my computer. It really doesn't look that bad until you get up close and use a camera flash. That particular computer has been sitting in the same place on the floor for a year or two, so dust does accumulate. It's probably time to find the vacuum cleaner attachment kit.
Adapter used for programming the device over ISP:


ISP programming adapter


Updates:
Since using test clips directly to the ATTiny45 leads was working fine, I modifed the PCB design so that no jumper wires are required. The size remains the same. Here's the new design:



And here's the schematic:




The PCB and schematic were created in Cadsoft Eagle. Here is a zip file containing the Eagle project file, schematic, PCB, and a tiled PCB:
CapsLocker.zip
I've created a tiled set of PCBs. This is handy when using the toner transfer method of etching, or when creating more than one device. Here is a PDF of tiled arrangement, already mirrored so that it is ready to print for toner transfer:
capslockerpcb_tiled.pdf

Parts List:

Construction:
Print the mirrored PCB on glossy photo paper and trim to the size needed. Iron onto freshly-scoured copper clad until firmly attached. Soak at least 30 minutes in water, then carefully peel off the paper. Fibers will still be attached, rub these off with fingers or a soft toothbrush.
Place board in etching solution until all exposed copper is gone. Use solvent such as acetone to scrub off the toner. Use PCB shear or diamond cutoff wheel to cut board to edge of dotted line around PCB.
Solder parts onto PCB. It may also help to tin the USB pads, to prevent connection problems due to oxidation. We're not going to be using gold plate, so solder will have to do.
Commenter "Stev" says:
I just started putting mine together and wanted to add to your section on etching & soldering. If you coat the PCB with a clear Acrylic spray paint after removing the toner it will act as a sealant to protect the copper from oxidation. You'll still need to tin the USB connection pins, but the other traces will be protected. It will also act as a flux to prevent solder crossover to adjacent pins.
Trim piece of plastic to size of PCB and super glue to the bottom side. Important: make sure the plastic shim is wide enough to prevent the PCB from sliding sideways in a USB port...test it. The required thickness of the plastic will also depend on your PCB thickness. The total thickness at the USB connector should be just under 2.0mm or 0.079 inches; trim or sand the plastic to match. Too thick may break the computer's USB connector, too thin may not allow a good connection.
Using reference from AVR ISP connector pinouts and the pin names on the schematic, find a way to connect an ISP header to the PCB temporarily. My solution involved a USB jack and two fine-tipped test clips. Other possible solutions may involve a jig with spring pins, kynar wire temporarily soldered to the right locations, or a clip that fits over the SOIC8 on the PCB. All of the above eventually must connect to an AVR ISP header, and this must be connected to a PC through an AVR ISP adapter. These are inexpensive and available from several sources:USBTinyISPAVRISPAVR Dragon, and many more Google can tell you about.
Download capslocker.hex and use AVR Studio or a standalone programming tool to write into the ATTiny45 Flash. Oh, you'll also need to select the fuse for PLL/1k clock source.
If you want to see and/or modify the source code, here it is:CapsLockerPCB&Code.zip
The ZIP file above contains the PCB, schematic, and C source code. It is based on the latest version of the EasyLogger code. I've imported everything into an AVR Studio project, but it can be compiled with standard GCC tools that have ATTiny45 support. I have trimmed out the portions of code that were not necessary in this application, and added the modifications required to press the Caps Lock key at random intervals (psuedorandom, the same pattern will occur on every powerup). As the code will make evident, the Objective Development software USB library makes it extremely simple to create a USB device.
0 Comments
Disqus
Fb Comments
Comments :

0 comments:

Post a Comment