BC
Experiments

BT Anykey

Prototype of phone-to-computer text transfer over Bluetooth serial

Bluetooth Serial Passwords Teensy32 Prototype
BT Anykey

Background

I use 1Password password manager to store complex passwords for sites. It's a great service and I recommend it to anyone. LastPass is also good.

My default password is like 24 characters long. It's a bit excessive, but why not? I don't actually have to remember them. However, sometimes I'm traveling or using another computer that doesn't have my 1Password. This is quite painful, tedious, and error-prone. Not to mention I use the Dvorak keyboard layout and have to touch type. Looking at the QWERTY key labels totally messes me up.

Since most password entry fields obscure the text you enter, I almost always mess up my password under these conditions. Mess up enough times and you could be locked out. This is definitely an edge case scenario for probably 99.9999999% of most humans who use computers.

Project Goal

The goal was to build a USB device that looked like a keyboard (a Human Input Device/HID). Pairing this with a Bluetooth module, I could copy my password to a BTLE serial app and shoot it over to this USB device. The Teensy32 would read from the BTLE serial buffer and relay the password over USB as direct keyboard entry. To the computer it would look like I was typing in my password on a keyboard, but really it would just be simulated.

I thought this might make a cool product if I developed it further. However, it's like really woefully insecure. I had fun building it but wasn't really willing to use it in the wild.

Things I Learned

Turns out, as I did more research after I made this project, this approach (of USB hi-jacking keyboard and mouse input over Bluetooth) is a pretty effective way for an attacker to manipulate a computer. It's known as "keystroke injection". Fun!

Having a device that's listening for incoming BTLE serial connections and relaying them as keyboard keystrokes is, like, a really dumb idea. The type of protection you'd have to layer on this project was beyond the amount of effort I was willing to expend.

On the bright side, I did learn a lot. AND got to use my Saleae Logic Analyzer. That thing is awesome!

Some Links About Rubber Ducky Attacks

Assembly

These are the parts I used. anykey parts

I put short leads on the lines I wanted to wire to the Teensy. anykey parts w leads

I stacked/smushed the boards together into this mass. I used small AWG solid-core wire so it kinda stays like this on its own. anykey assembled ortho anykey assembled side

To do some debugging on the Bluetooth serial AT commands, I used the Saleae logic probe. anykey logic probed

← Back to BT Anykey