The ATtiny85 is an arduino compatible microcontroler with an included USB port.
The publisher Heise estimates the hazard potential as high.
In short, that's our chip.
http://digistump.com/package_digistump_index.json
The IDE downloads the source code.
* Select menu: "Werkzeuge-Board:*-Digispark (default - 16mhz) * You see the error on upload: micronucleus: ''library/micronucleus_lib.c:63: micronucleus_connect: Assertion `res >= 4' failed'' * permission problem on USB: start it as root
__________ | o| P5 : D5,A0 _____| o| P4 : D4,A2,PWM4,USB- | o| P3 : D3,A3,USB+ |USB o| P2 : D2,A1,SCK,SCL |_____ o| P1 : D1,PWM1,MISO | o| P0 : D0,PWM0,AREF,MOSI,SDA |_o__o__o__| 5V GND VIN D:Digital IO,A:Analog I AREF: Analog Reference PWM: Puls width modulation, Analog O USB-,USB+: USB Port SDA,SCL: I2C MOSI,MISO,SCK: SPI
void setup() { pinMode(0, OUTPUT); pinMode(1, OUTPUT); } void loop() { digitalWrite(0, HIGH); digitalWrite(1, HIGH); delay(1000); digitalWrite(0, LOW); digitalWrite(1, LOW); delay(1000); }
echo Hello World!
followed by ENTERecho Hello World!
prints Hello World!
The BadUSB stick executes echo
by inserting into USB port. The problem is an execution of malicious code by inserting a simple USB stick.
#include "DigiKeyboard.h" void setup() { pinMode(0, OUTPUT); pinMode(1, OUTPUT); } void loop() { digitalWrite(1, HIGH); DigiKeyboard.delay(5000); DigiKeyboard.sendKeyStroke(0); digitalWrite(0, HIGH); DigiKeyboard.sendKeyStroke(KEY_Z,MOD_GUI_LEFT); DigiKeyboard.delay(1000); DigiKeyboard.sendKeyStroke(KEY_ENTER); DigiKeyboard.delay(1000); DigiKeyboard.println("echo Hello World!"); digitalWrite(0, LOW); digitalWrite(1, LOW); DigiKeyboard.delay(10000); }
cat /dev/ttyACM0
#include <DigiCDC.h> void setup() { SerialUSB.begin(); pinMode(0,INPUT); digitalWrite(0, HIGH); } void loop() { SerialUSB.print(digitalRead(0),DEC); SerialUSB.delay(1000); }
The order is important:
Background: AFAIK the ATtiny85 check for a new sketch while booting. If no new sketch loeaded, ATtiny85 use the flashed sketch.
The first flash was ok, the second flash was problematic. After the first flash I get an error: * micronucleus * res >= 4 *
Adding the following udev rule and save it as /etc/udev/rules.d/49-micronucleus.rules
.
# UDEV Rules for Micronucleus boards including the Digispark. # This file must be placed at: # # /etc/udev/rules.d/49-micronucleus.rules (preferred location) # or # /lib/udev/rules.d/49-micronucleus.rules (req'd on some broken systems) # # After this file is copied, physically unplug and reconnect the board. # SUBSYSTEMS=="usb", ATTRS{idVendor}=="16d0", ATTRS{idProduct}=="0753", MODE:="0666" KERNEL=="ttyACM*", ATTRS{idVendor}=="16d0", ATTRS{idProduct}=="0753", MODE:="0666", ENV{ID_MM_DEVICE_IGNORE}="1" # # If you share your linux system with other users, or just don't like the # idea of write permission for everybody, you can replace MODE:="0666" with # OWNER:="yourusername" to create the device owned by you, or with # GROUP:="somegroupname" and mange access using standard unix groups.
Run command udevadm control –reload-rules
.