USBAirborne is an offensive tool for near-source penetration testing and is a sub-project of the ANT Project .

Quick start

USBAirborne uses the Autorun mechanism to implement the attack.

After plugging it into the computer, it appears as a normal USB flash drive.

However, when the victim double-clicks the USB flash drive, selects "Open" from the right-click menu, or selects "Open in new window" from the right-click menu, the malicious code will be executed.

The specific code needs to be configured in Autorun.inf in the root directory of the USB disk:

• Autorun.inf in the attachment is an example configuration file. It will hijack the three opening methods mentioned above and open a video file.
• The USBAirborne_Autorun_V2.1.hex in the attachment is the firmware file and needs to be flashed using WCHISPTool. See: https://www.wch.cn/download/WCHISPTool_Setup_exe.html

1. Flash the firmware

Note:

If you are using the off-the-shelf USB Airborne, this step is already done beforehand.

Plug it directly into the computer and there will be a sample attack effect.

To achieve other effects, you only need to modify Autorun.inf, please see Section 3.

For the installation and configuration of WCHISPTool, please refer to the official documentation and will not be described in detail here.

After the installation is complete, load USBAirborne_Autorun_V2.1.hex.

Turn the second position of the USBAirborne DIP switch to ON to enter the burning mode. as the picture shows:

Connect to the computer and use WCHISPTool to burn.

After burning is completed, turn the burning switch back to OFF. Burning is completed.

2. Configure Autorun

The operations performed by USBAirborne are determined by Autorun.inf in the root directory of the USB flash drive.

Autorun.inf in the attachment is an example configuration file. It needs to be copied to the root directory of the USB flash drive.

But note that USB Airborne defaults to CD-ROM mode, which is read-only and cannot write files.

The first switch needs to be flipped to ON. Enter the normal U disk mode and you can read and write files.

The first time you plug the USB Airborne into your computer, it needs to be formatted. The parameters must be as follows:

Since USBAirborne is a storage device simulated through SPI Flash, slow speed when plugging into the computer and formatting is normal, please be patient.

After formatting is completed, copy Autorun.inf to the root directory of the USB flash drive.

Turn the CD-ROM mode switch to OFF to complete the configuration process. Plug it into your computer to see the effect of the attack.

3. More attack effects

The attack effect of the example is to call CMD to open the web page.

If you want to modify the attack payload. First, you need to turn the first digit of the DIP switch to ON, re-insert it into the computer, and turn off the USBAirborne CD-ROM before it can be read and written.

Next, other attack effects can be achieved by modifying Autorun.inf in the USBAirborne root directory.

For example: to run a Trojan horse program, you can place the Trojan horse in the root directory of the U disk, and then call the program in Autorun.inf.

There are many tutorials on the Internet for writing Autorun.inf. You can refer to this article:

https://edisonshih.pixnet.net/blog/post/27755651

If you need to modify the firmware of USBAirborne itself to achieve other attack effects, such as BadUSB,

The source code for the firmware can be found here:

https://github.com/Push3AX/USBAirborne

PS. The BadUSB attack has been implemented in the current firmware. Take a look at the main function and you should be able to see how to change it :)