The WDpi, a $10 Pentesting Multi-tool

Introduction: The WDpi, a $10 Pentesting Multi-tool

About: Hello, I am a 14 year old electronics enthusiast. I use Bash and Arduino IDE regulary and also have a little experience in HTML, Javascript, and Python.

Gadgets, doodads, gimmicks, and gizmos. Everybody loves them.

But unfortunately, the ones with all the bells and whistles are the most expensive too. I wanted to get some hak5 toys like the packet squirrel, rubber ducky, and bash bunny, but they were so pricey I decided to make my own.

After a few weeks of making a new installation script, reinstalling the OS 13 times, and only about three days with working wifi (arrrggghh) I got the first version of the World Domination peripheral interface working. The setup is headless and if you use a Raspberry Pi 0 or 0W with a USB dongle you can go completely cordless.

This first version of the WDpi is pretty much an open-source bash bunny based on the Raspberry Pi that can run ducky scripts. Because the USB port on Raspberry Pi's can function either as a master or slave USB device, the Raspberry Pi can emulate many different devices including a keyboard/mouse, printer, mass storage, USB to Ethernet adapter, and much more.

I am working on more uses that will be posted to this 'ible and GitHub when they are finished. For example, a wifi deauther, wifi pineapple, network sniffer, packet injector, constant ssh tunnel, pacman and Minecraft server, etc.

These instructions assume you have a terminal that is running some type/version of shell.

this is a spacer

Supplies

A Raspberry Pi 0, 0W, A, A+, or 4. The other models do not have OTG support so you cannot use them for this project.

A micro-sd card to load Raspberry Pi OS onto, this should be a minimum of 2GB according to raspberry pi documentation.

A cable that will connect the pi to the computer, make sure it is a data cable, not a power-only cord. This will be a Micro USB or USB C to USB A connector. If you are confused you can read up on different USB types here.

You can even skip that last cord with a Pi 0/0W USB dongle. This one is solderless and has a cool blue backlight but if you have some soldering experience and want a little more streamlined design this one might be better.

I am unaffiliated with these links and have not tested them.

Step 1: Be-Headless

So the first thing to do is get an OS installed on the Pi. Since there are many tutorials about this I will point you towards one here. You might want to get the Raspbian Lite image as you will most likely not use all the GUI tools that come with the larger versions of Rasbian. Once you flash the image to the micro-sd card DO NOT PUT IT IN THE PI. Unplug it from the computer and then plug it back in again.

Open a terminal and move to the volume of the sd card called "boot". Append "dtoverlay=dwc2" to the end of config.txt with echo "dtoverlay=dwc2" >> config.txt. Next, open the file called cmdline.txt with sudo nano cmdline.txt and add modules-load=dwc2,g_ether directly after "rootwait". The Raspberry Pi will not boot if the spacing is incorrect so make sure there is only a single space before and after "modules-load=dwc2,g_ether" when you type it in.

To enable SSH run the command touch ssh. Optionally, you can set up wifi on the first boot. I like doing this in case something goes wrong with the configuration for the emulated USB-Ethernet adapter. To do this, make a file called wpa_supplicant.conf and paste the code below into it. Make sure to change "SSID" to the name of your wifi network and "PASSWORD" to the name of your network's password. After you save the file and close it you can eject the sd card and put it in the Raspberry Pi.

country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="SSID"
    psk="PASSWORD"
}

Step 2: Installation

So now you need to boot it up. If you have a Pi 4, A, or A+ you can go ahead and plug it into your computer with a USB data cable. But if you have a Pi 0 or 0W instead of plugging the cord into the normal Micro USB power port, you need to plug it into the Micro USB port that is closer to the middle of the Pi. Wait about two minutes for the Pi to completely boot then run lsusb and if everything loaded correctly you should see something like this ID 0525:a4a2 PLX Technology, Inc. RNDIS/Ethernet Gadget

Now you can head over to the network settings on your computer and you should see a new network interface. On macOS there should be a new interface called RNDIS/Ethernet Gadget, I checked on ubuntu and it did not have a name but just showed up as a new USB to ethernet adapter, if this shows up it means you can now connect to your Pi over USB! To ssh over USB run ssh pi@raspberrypi.local or if you want to connect over wifi if you set it up already, ssh pi@ipaddress. After it stops printing unintelligible gibberish it will ask you to put in yes, no, or fingerprint. Type yes in and then press enter. Then it will ask you for a password so type in raspberry and then hit enter again. You are now connected to the Raspberry Pi over USB.

This part is pretty easy because I spent so much time making the setup script automated so all you have to do is copy and paste these commands into your terminal and then run them.

$ cd ~/Desktop/
$ git clone https://github.com/backslashx1b/WDpi
$ cd WDpi
$ chmod +x setup.sh
$ sudo ./setup.sh
$ sudo reboot

After you run the last command which will restart the Pi, wait until the Pi boots up again and then run lsusb on the computer the WDpi is connected to. If it shows you something like this ID 05ac:0291 Apple Inc. WDpi Serial: 00100100 then you are good to go on to the next step which is going to be fun ;)

Step 3: PLAYTIME!!!

Now after all that hard work you get to use it. Connect to the raspberry pi with ssh pi@wdpi.local with the password backslashx1b. Once you log in, go to the WDpi folder by running cd ~/Desktop/WDpi/. Here you should see a file called run.sh. Right now if a ducky script called payload.dd is in the /boot/ directory at startup the WDpi will automatically execute it. However, if you would like to manually execute a ducky script then copy it to the ~/Desktop/payloads/ folder and execute it by running

sudo ~/Desktop/WDpi/run.sh ~/Desktop/WDpi/payload.dd

Some helpful tools you might want to install (because its Linux!)

aircrack-ng

fruity-wifi

mdk4

wifite

fluxion

Step 4: The End

Thank you for reading this instructable! If you would like to help develop this project or have some good ideas to implement, email me at hortonmatthias@icloud.com or post a comment below.

If you liked this 'Ible please drop a vote for me in the Pi Day Speed Challenge!

The source code for this project is available on GitHub at https://github.com/backslashx1b/WDpi

Credits:

Thanks to nodcah for his instructable on HTML tags in the instructable editor.

Thanks to TOBI (?) for his tutorial on composite USB gadgets on the Raspberry Pi.

Thanks to ossiosac for the DuckBerry Pi code that helped me enable ducky script on the WDpi.

Pi Day Speed Challenge

Participated in the
Pi Day Speed Challenge

Be the First to Share

    Recommendations

    • Home Cooked Speed Challenge

      Home Cooked Speed Challenge
    • Sewing Challenge

      Sewing Challenge
    • Halloween Contest

      Halloween Contest

    Comments