What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.
What can I do ? Everything you could do with a keyboard plugged into a computer, for example : using [WHID Toolkit](https://github.com/swisskyrepo/WHID_Toolkit) you can spawn a reverse-shell :D
Where to buy a WHID Injector ? I got mine from [Aliexpress](https://www.aliexpress.com/item/Cactus-Micro-compatible-board-plus-WIFI-chip-esp8266-for-atmega32u4/32318391529.html), it's also available on ebay around 15+ $ ;)
First you need to connect the web server hosted on "http://192.168.1.1", only reachable over the `Exploit Wifi`. Use the following default credentials to connect to the AP.
{% highlight bash%}
SSID "Exploit"
Password "DotAgency"
{% endhighlight %}
When you want to update/upgrade some components you will have to login with these credentials.
The default administration
{% highlight bash%}
username "admin"
password "hacktheplanet"
{% endhighlight %}
## Build your own firmware (do not trust the fishy chinese firmware from internet :P)
### Setup Arduino IDE
One who buys an electronic usb stick online might want to change the firmware in order to get rid of a backdoor, or just to upgrade it.
1. Download and Install the Arduino IDE from http://www.arduino.cc
2. Go to File - Preferences. Locate the field "Additional Board Manager URLs:"
3. Add http://arduino.esp8266.com/stable/package_esp8266com_index.json or https://github.com/esp8266/Arduino/releases/download/2.3.0/package_esp8266com_index.json if an error occured.
Click Sketch - Include Library - Add .ZIP Library and select bbx10_speedup.zip from your Downloads folder.
{% endhighlight %}
### Customized keyboard mapping
If you are french you might want a french keyboard with AZERTY mapping, unfortunately this isn't the default behavior of the WHiD Injector. Now we will modify the file `Keyboard.cpp` to replace the english charset with a french one.
- Select Tools - Flash Size - "4M (3M SPIFFS)". (You need this, otherwise the IDE will throw an error about size)
- Select Sketch - "Export Compiled Binary".
The firmware is now available in your `/tmp/arduino_build_XXXXXX/*.bin`. The `upgrade firmware` function in the panel at 192.168.1.1 will upload the `file.bin` and reboot the WHiD Injector.
### Holy sh*t, I bricked my device
Chill my friend, this device is hard to brick. If you have messed really hard you can push the reset button.
- Open Arduino IDE and open ESP Programmer sketch
- Insert WHID
- Press Upload sketch and start the unbrick phase in the same time
> Start the unbrick phase with a magnet by placing it close that side of the PCB where the hall sensor is located (do it two times). Close-away-close-away
### Play time
Here is a simple payload which will spawn a terminal in a remote computer, you can either run it inside the livepayload tab of the AP, or you can use the [Whid Toolkit](https://github.com/swisskyrepo/WHID_Toolkit)