Introduction: Pentesting BBU Dropbox
This is a small computer battery backup unit turned into a pentesting dropbox. It is meant to be setup behind a computer or any small networking equipment and go unnoticed, while the pentester has remote access into the network through it. The goal was to make the device as functional as possible, while maintaining the stock look of the original BBU.
The main components are the shell and a few pieces of an old BBU, small 5V five-port network switch, and a Raspberry Pi or any small computer that will fit. Most of the parts are modular and can be swapped out fairly easily. Everything was built with simple tools (no 3D printer needed!), as I was trying to make this as easy to replicate and build upon as possible.
Pay close attention to the pictures. A few may be a little out of order or shown twice. I added a few things as I went, and had to disassemble and reassemble a lot. Focusing on making projects easily repairable really helps!
Step 1: Gather Parts & Tools:
Here's a list of the parts and tools that I used.
- Battery backup unit - Can be any size. Obviously the bigger it is, the more stuff you can fit in the case!
- Brain - I used a Raspberry Pi 2 B that I had laying around.
- Network switch - Mine had five ports and was only 100Mb/s, but the ports on a BBU are rarely gigabit anyway.
- Power adapter for the Pi - I used a very slim 5V 2A wall wart with USB output.
- Power adapter for the switch - My switch took 5V 800mA, so I used a second slim 5V 2A wall wart.
- Green or red LED
- Momentary push button - One that's only engaged while being pressed.
- 270ish ohm resistor
- 10k-100k ohm resistor
- Wire - Multiple lengths, gauges, and colors
- Connectors or test leads - (Optional) To attach the LED and switch to the GPIO on the Pi.
- 2 Ethernet cables - Need to be fairly short and flexible.
- 2 Ethernet jacks - (Optional) I used a couple of solder-on jacks from another BBU, to keep the stock look.
- USB A to micro USB cable - To power the Pi.
- USB A to barrel cable - To power the switch. This can be made.
- M3 screws & nuts - (Optional) To make things removable.
- Raspberry Pi vesa mounting bracket
- Phillips screwdriver
- Security screwdriver bits - If your BBU has security screws
- Drill with drill bits
- Wire strippers
- Wire cutters
- End snips
- Razor knife
- Soldering iron & solder
- Hot glue gun & hot glue
- Dremel or saw
- Hand Files - Optional, but nice to have.
- Super glue
- Heat gun or torch
- Heat shrink tubing or electrical tape
Step 2: Disassembley:
This part is pretty straightforward.
- Remove all of the screws on the battery backup unit and set them aside.
- Remove all unnecessary components, like the old circuit board and batteries.
- Save the usable parts, like the various lengths of wire, power cord, LEDs, RJ45 jacks, switches, and the enclosure with outlets intact.
- Remove the plastic housing on the network switch to save space.
- Also, remove the plastic on the power adapters.
Step 3: Mains Power Wiring:
Next, we're going to start extending wires and mapping out where we want things to go. I like to add plenty of wire ahead of time and trim to fit as I go.
• Extend the wires coming from the power cord and solder the white and green to the proper sides on one set of bus bars of the outlets. The black needs to be soldered on, too, but we'll come back to it.
• Add jumper wires between the two sets of outlet bars (all three bars). Most BBUs come with a surge only side and a battery + surge side. We will be joining both sides to create a simple power strip.
• Solder separate wires to the hot and neutral rails to attach the Raspberry Pi and network switch adapters later. This can be two hot and two neutral wires or just one of each to daisy chain the adapters.
• Now for that black wire of the power cord. I saved the large breaker button when tearing down the BBU. If you still have it or maybe a 10A or 15A fuse, solder one terminal to the black wire on the power cord and the other terminal to an extension wire. That extension wire gets soldered to the hot bus bar on the outlet you soldered the neutral (white) and ground (green) wires to.
Step 4: Low Voltage Wiring:
Now we're going to wire up the power adapters for the switch and Pi. I used two separate identical adapters, because 2A is just enough for the Pi's recommended input current and the second one would have some current to spare with the 800mA the switch would pull.
• First solder the hot and neutral wires you added to the bus bars in the last step to the adapters' mains in (side where the big metal blades were connected).
• Now cover the connections in hot glue to keep them from wiggling around or shorting on something else later.
• Find a good spot in your enclosure to glue or screw them to, and, if yours is like mine, make sure to leave room to plug in your USB cable.
• Repeat the steps for the second adapter. You can also daisy chain them in parallel, if you only soldered one set of wires onto the bus bars.
Step 5: Cables:
Here are the loose cables I made for plugging in power and network. This step can be done later.
• Cut one of the ethernet cables in half and set it aside. These will be for our jacks on the outside of the BBU.
• For the second ethernet cable, I cut it to just the right length to go from the switch to the location of the Pi and crimped a new male end on. If your cable is already short, or you've got room for the slack, you can skip this.
• Cut and splice the power cable for the switch to the length needed.
• Cut and splice the USB cable for the Pi to the length needed, or use a really short one.
Step 6: Wiring the Network Jacks
These are the network (RJ45) jacks that will replace the old phone (RJ11) jacks. I pulled them out of another BBU's surge protection circuit. You can use punch down jacks, but the stranded wire from the patch cables make a better connection when soldered.
- Remove the RJ45 jacks from the old circuit protection, if needed. If your BBU came with RJ45, just remove all other components (diodes, capacitors, fuses, etc.) from the board.
- Solder the colored wires of the cut patch cables in the proper order on the back of the connectors.
- Test all connections.
- Glue the two connectors together to make mounting to the enclosure easier.
Step 7: LED Wiring
Next we'll wire up the LED. You'll need the 470 ohm (yellow, violet, brown) or similar resistor, the LED, two lengths of wire, and (optionally) a connector that will plug into the Pi's GPIO.
- Solder the red wire to the positive lead on the LED & heat shrink it.
- Solder the black wire to the negative lead of the LED & heat shrink.
- Cut the black wire in half & strip both ends.
- Solder one lead of the resistor to the black wire on the LED.
- Solder the other lead of the resistor to the piece of black wire you cut off.
- Heat shrink over the resistor.
- Crimp or solder the connector to the two wires.
Step 8: Push Button Wiring
This is the button used to send basic commands to the Pi. I have it setup to shutdown and reboot the Pi depending on how long the button is pressed (code is in a later step). Notice, from the pictures the resistor was kind of an after-thought and is optional if you are able to use the internal pullups on the Pi. I decided to use bash scripts to talk to the GPIO, so programming the pullups wasn't really an option.
You will need the momentary push button, three pieces of wire, one to two connectors that fit the Pi's GPIO (optional), and the 10 - 100 ohm resistor (also optional).
- Solder wires to the button's two terminals.
- Solder a second wire to one of the terminals & cut it in half.
- Solder one lead of the resistor to the cut wire on the button.
- Solder the other lead of the resistor to the loose wire that was cut off.
- Heat shrink everything neatly.
- Crimp or solder the connectors to the wires.
Step 9: Mounting the Button & LED
- Mount the LED where the "Wiring Fault" LED was and cover it in plenty of hot glue.
- Mount the push button with lots of hot glue where the "Reset" breaker button was.
Step 10: Mounting the Network Jacks
- File out the space where the RJ11 jacks were to make room for the larger RJ45 jacks.
- Mount the jacks with hot glue & cover all of the solder points with glue.
Step 11: Installing the Switch & Breaker
Now we'll be installing the network switch and circuit breaker.
- Find a good place to mount the switch & mark out the holes for the screws.
- Predrill the holes for the screws.
- Install the power cable for the switch.
- Mount the switch and plug in the power cable.
- I also hot glued the Pi's power supply on top of the switch, but this can be at the bottom with the other one.
- Glue down the circuit breaker in an open spot.
Step 12: Installing the Raspberry Pi
- Cut the Raspberry Pi mounting bracket to fit snuggly above the switch.
- Screw the Pi to the bracket with four screws & nuts.
- Add some sticky foam to the underside of the bracket (optional).
- Mark out where the holes in the mount line up inside the BBU enclosure.
- Hot glue the long stand offs that came with the bracket to the enclosure where you marked.
- Screw the bracket to the enclosure.
Step 13: Plugging Everything In
This is the wiring part. Just follow the schematic.
- Plug in the Pi's USB cable for power.
- Plug the short patch cable into the Pi & the other end into the switch.
- Plug the patch cables coming from the RJ45 jacks into the switch.
- Plug the red wire from the LED into pin 32 (GPIO 12).
Plug the black wire from the LED into pin 30 (ground).
- Plug the wire with the resistor from the button into pin 1 (3.3V).
- Plug the wire attached to the same lead on the button as the resistor into pin 36 (GPIO 16).
- Plug the last wire from the button into pin 34 (ground).
- Plug in the USB WiFi adapter.
Step 14: Fitting the Enclosure
The final hardware portion of the build is to trim and fit the rest of the enclosure. Basically just use some end snips and a file or a Dremel tool to cut away at any plastic that gets in the way of buttoning up the enclosure.
Step 15: Software
Here we are setting up the Pi's OS and some of the code I used for the button and LED. You will need to be somewhat comfortable editing files in Linux.
- Install Kali Linux to the Raspberry Pi's SD card. Go HERE (Kali Linux's Website) to get the instructions for whatever board you are using.
- Download my scripts to the Pi, change the extension from ".txt" to ".sh", & make them executable.
- Add a crontab entry to start the scripts at boot. In /etc/crontab file, add:
# Flash LED after successful boot
@reboot root sleep 10s && bash /opt/scripts/flashled.sh &> /dev/null
# Enable power button
@reboot root sleep 10s && bash /opt/scripts/powerbutton.sh &> /dev/null
- Change the directory & name of the scripts to match where you put them & what you named them.
- Optionally, run sudo systemctl disable lightdm.service to boot Kali without a gui & save some resources.
Step 16: Go Pentesting!
That's everything you need to get a Raspberry Pi running inside an old BBU!
I eventually want to add a relay and button to turn on and off power to the outlets on top. A couple of lithium batteries and a piezo buzzer would be kool, too.
Feel free to check out updates on my Hackaday.io page! https://hackaday.io/b1tbang3r
I also had this project featured on Hackaday's main website! https://hackaday.com/2018/05/01/battery-backup-conceals-a-pentesting-pi/
Participated in the