The ESP32 family of chips never ceases to impress; with just a few lines of code, you can turn an ESP32-S3 board into a WiFi dongle, connecting a host computer to WiFi via USB. Or you can run a script to infiltrate a target computer. Additionally, you can turn it into a memory stick with a WiFi interface.
We are currently working on a new device that will soon be available in our shop. This ESP32-S3 board features a male USB Type-C connector and is designed to fit into a USB dongle enclosure. Here is a complete list of features:
- Male USB Type-C connector
- ESP32-S3-Mini-1 module
- 128MB NAND Flash chip, addressable via SDIO/MMC or SD card interface, in 1-bit or 4-bit mode
- Capacitive touch button to trigger actions by touching the enclosure
- WS2812B status LED to signal state (the enclosure is semi-transparent)
In the following paragraphs, I’m going to show you some applications we have flashed onto it.
Bad USB Device AKA Rubber Ducky
This short video shows the ESP32-S3 Pendrive running SuperWifiDuck. The ESP32-S3 starts a WiFi access point together with a web server. The attacker can then configure a script which will be executed when the stick is inserted into the target computer. In our example the script starts the terminal application on a Mac and executes the command line tool “say” to say “Hello world”
WiFi Disk
In this example we are running the USB MSC Wireless Disk example from the espressif/esp-iot-solution repository. It is basically a memory stick with a web interface and you can access files either from the host computer (Windows, Mac, Linux etc) or by connecting to the ESP32-S3 via WiFi and your web browser. There are some problems though
WiFi Dongle
With this application you can turn the ESP32-S3 Pendrive into a WiFi networking device. Just configure the WiFi credentials and plug in the dongle. The firmware does the rest. The performance is not great but it works to watch a Youtube video
Outlook
I hope you are as excited about this ‘Swiss Army Knife’ of USB devices as I am. I actually have some more ideas for applications: a password manager and a memory stick that automatically backs up all files to Dropbox or an FTP server. The first prototype had two issues that need improving. A pull-down resistor connected to the USB-C plug prevented the device from working, and the USB-C plug did not securely attach to the PCB. I replaced it in the second revision with a sturdier type. Once the second revision has been assembled and tested, we can move on to producing the first batch and offer it in the shop.