• Teensy USB HID for Penetration Testers - Part 3 - Programming sketches in Arduino

    In previous post we saw very basic usage of Arduino Development Environment (ADE) and ran our Hello World using Teensy. Let's have a look at doing something more with Teensy and ADE.

    You know that there are two bare minimum functions called setup and loop in a sketch. But there are many more functions which are very useful while programming complex sketches. Have a look at the below sketch, which opens up notepad and types "Hello World" in it.
    Code:
       void setup()
    
        {
    
        delay(5000);
    
        Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI);
    
        Keyboard.set_key1(KEY_R);
    
        Keyboard.send_now();
    
        delay(500);
    
        Keyboard.set_modifier(0);
    
        Keyboard.set_key1(0);
    
        Keyboard.send_now();
    
        Keyboard.print("notepad");
    
        Keyboard.set_key1(KEY_ENTER);
    
        Keyboard.send_now();
    
        Keyboard.set_key1(0);
    
        Keyboard.send_now();
    
        delay(2000);
    
        Keyboard.print("Hello World");
    
        }
    
        void loop()
    
        {
    
        }
    In a minute we will have a step by step look how the sketch is executed by Teensy. But before that, just recall how you open a notepad using "Run" prompt in Windows. These are the steps:

    1. Press "Windows key + R"

    2. Release "Windows key + R"

    2. Type "notepad" when the run prompt opens up.

    3. Press Enter.

    4. Release Enter

    Easy one. Now, if you map these steps to the sketch above you will find that the sketch is doing nothing but "simulating" your keystrokes. Let's have a look at the sketch again with comments

    Code:
    void setup()
    
        {
    
          delay(5000); //Delay required for OS to connect the device properly
    
          Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI); //Tell Teensy to press Windows key
    
          Keyboard.set_key1(KEY_R); //Tell Teensy to press R
    
          Keyboard.send_now(); //Press "Windows key + R"
    
         
    
          delay(500); //Wait for half second
    
          Keyboard.set_modifier(0); //Tell Teensy to release Windows key
    
          Keyboard.set_key1(0); //Tell Teensy to release R
    
          Keyboard.send_now(); //Release "Windows key + R"
    
          //Teensy should open a run prompt now
    
          Keyboard.print("notepad"); //Type notepad in the run prompt
    
          Keyboard.set_key1(KEY_ENTER); //Tell Teensy to press Enter key
    
          Keyboard.send_now(); //Press Enter
    
          Keyboard.set_key1(0); //Tell Teensy to release Enter
    
          Keyboard.send_now(); //Release Enter
    
          delay(2000); //Wait for notepad to open
    
          Keyboard.print("Hello World"); //Type Hello World in notepad
    
        }
    
        void loop()
    
        {
    
        }
    So the sketch makes more sense now. We used a number of new functions. Let's have a look at them:

    delay() delays the execution of sketch by Teensy for given milliseconds. delay(5000) means delaying the execution for 5 seconds.

    Keyboard.set_modifier sets a modifier key. There are four modifier keys

    Name Function
    MODIFIERKEY_CTRL Control Key
    MODIFIERKEY_SHIFT Shift Key
    MODIFIERKEY_ALT Alt Key
    MODIFIERKEY_GUI Windows (PC) or Clover (Mac)

    Table Courtesy: Teensyduino: Using USB Keyboard with Teensy on the Arduino IDE

    Note that I said it "sets" the modifier key. To send the key you need Keyboard.send_now() which sends all the "set" keys. We used Keyboard.setkey1 for setting the "R" key and then sent them together using Keyboard.send_now().

    As per great documentation here at pjrc.com USB keyboard can have up-to 6 normal keys and 4 modifier keys. A complete table of codes for all normal keys could be found on the same page.

    So we pressed the "Windows keys + R" by setting and sending the keys. Now to release them we need to set them to 0 and send them again. That is what we have done in above sketch by using Keyboard.set_modifier(0), Keyboard.setkey1(0) and Keyboard.send_now().

    Rest of the sketch is easy to understand and needs no explanation.

    In the next post we will have a look at Kautilya. Please leave comments and feedback.

    Read Part I here- http://www.garage4hackers.com/conten...o-install.html
    Part-II-http://www.garage4hackers.com/conten...llo-world.html
    Part-IV-http://www.garage4hackers.com/conten...-kautilya.html
    This article was originally published in blog: Teensy USB HID for Penetration Testers - Part 3 - Programming sketches in Arduino started by SamratAshok
  • G4H Facebook

  • G4H Twitter