The teachers at [Jjshortcut’s] school were each given a Webkey by the administration as a promotional item of sorts, but most of the staff saw them as useless, so they pitched them. [Jjshortcut] got his hands on a few of them and decided to take one apart to see what made them tick.
He found that the device was pretty simple, consisting of a push button that triggers the device to open the Windows run prompt, enter a URL, and launch Internet Explorer. Since the microcontroller was locked away under a blob of epoxy, he started poking around the onboard EEPROM with his Bus Pirate to see if he could find anything interesting there. It turns out he was able to read the contents of the EEPROM, and since it was not write protected, he could replace the standard URL with that of his own web site.
While it’s safe to say that without a new microcontroller the Webkeys probably can’t be used for anything more exciting than launching a browser, [Jjshortcut] can always reprogram the lot and drop them in random locations to drive some fresh traffic to his web site!
[Thanks, Wouter]
Who is wouter?
My mistake. I must have misread the tip when it cam e in. I thought he had written this up, but he just passed it along to us.
Fixed.
it’s cool that these can be hacked for other purposes, but the underlying concept seems like a tremendous waste of resources.
Yeah sure.. Whenever I find a mysterious USB device with a push button, I plug it into my computer to see what woukd happen.
Nice hacking though!
I got something like this in the shape of a key from Hyundai. There were no buttons, you just plug it in and it pulls up the run box and launches its website. (I’ve read that it works on Macs as well.) Unfortunately, there’s no separate EEPROM, just a blob of epoxy like shown above and two tiny capacitors.
It seems like these would be really easy to re-purpose for nefarious uses. I wonder if the factory has a way to program them via the usb cable?
What a terrible idea…
“Here, take this dongle.”
“What does it do?”
“Oh, it will take you to my website.”
[hours later]
“WTF IT DELETED MY HARD DRIVE!!!”
Stay sharp, kids.
No kidding! Love how it is down and dirty single sided no ESD protection. Meant to be used and abused… and trashed. What a waste.
Someone like those scam “Windows support” callers from India that, try to talk you though rootkiting your own computer, will eventually try that.
Bulk mail “Computer Cleaner” keys to people, through a blind so that the post office can’t track it back afterward, and then wait for all the rooted PCs to phone home.
Whenever there is enough wind, i go rootkiting.
tried on of these out on a Linux machine and was supprised to see nothing when I pressed the button.
surely it is just a usb keyboard ?
turns out Linux has had kernel protection from these things for sometime, to see anything you must run a terminal outside of X11.
Very disapointed I could not use it as emergancy button.
you can use this to link to bots or less harmfully use web browser based external programs
like steam games!
you could make an annoyance device from these
imagine changing the code to randomly switch caps lock on and off, or have it start the installation of a trojan
Just point it to a GNAA URL
If you can rewrite the URL, doesn’t that mean you have access to RUN? If so, couldn’t you just use it to launch command prompt and copy a virus to the HDD? If all you can access is the URL, then it should still be possible to initiate a download from an FTP server. Dangerous.
I once repurposed one of these. It was a microsoft “Smart” button, that took you to some dead site.
What I used it for is turning on all the PCs in the showroom of the store I worked at. I plugged it into one of the till PCs, rewrote the hosts file to point to a webserver in the back, and wrote a cgi script on that webserver to send wakeonlan packets to all the showroom PCs. I also had it print out a blank page from the printer to warm it up.