Diabolic Drive is a penetration testing USB key with 64GB storage, ESP8266 and ATmega32U4 microcontrollers

Diabolic Drive may look like a 64GB USB flash drive and show as such when you insert it into your computer, but it’s actually a wireless keystroke injection tool with a Microchip ATmega32U4 8-bit AVR microcontroller and an Espressif Systems ESP8266 WiFi SoC.

Egypt-based UNIT 72784 says their cyber security tool enables Red Teaming – the practice of rigorously identifying an attack path to breach a device’s security – as it behaves like a flash drive while being able to deploy keyboard strokes wirelessly through the ESP8266 WiFi MCU.

Diabolic Drive

Diabolic Drive specifications:

  • MCUs
    • Microchip ATmega32U4 microcontroller @ 16 MHz (5V) acting as a Serial Bridge
    • Espressif Systems ESP8266EX microcontroller @ 160 MHZ (3.3V) with WiFi 4 support
    • ATmega32U4 and ESP8266 are connected via Serial and I2C protocols thanks to an LDO regulator.
  • Storage
    • 64 GB flash storage up to 20MB/s read, 10MB/s write
    • 4MB W25Q32 SPI flash memory o
  • Antenna – High gain 4.1 dBi ceramic chip 2.4 GHz wireless antenna
  • USB – 1x USB 3.0 Type-A port for power and data like a standard flash drive

64GB USB flash drive penetration testing

Both the Microchip ATmega32U4 and Espressif Systems ESP8266 are very popular microcontrollers that you can program with supported firmware (e.g. Arduino), but for cyber security testing, the developers suggest (Arduino) firmware such as WiFiDuck wireless keystroke injection attack platform or ESPloitV2 WiFi keystroke injection tool designed for an Atmega 32u4/ESP8266 paired via serial. Other firmware suggestions can be found on GitHub along with further technical details and documentation about the Diabolic Drive.

The Diabolic Drive is an especially bad boy since it can be hard to detect for an unsuspecting user because it’s compatible with many commercial USB flash drive enclosures, and while it exposes mass storage, HID device, and virtual COM port, it does so simultaneously, so that an operating system like Windows will only trigger an audio notification once like a normal flash drive.

Pen testing Kingston 64GB USB enclosureUNIT 72784 has just launched the Diabolic Drive on Crowd Supply with a $10,000 funding target.  There’s a single reward with the Diabolic Drive going for $111 with free shipping to the US, and $12 to the rest of the world. That feels quite expensive for the hardware involved, but it should be expected for this type of niche hardware, and other similar devices are in this price range too as shown in the table below. Delivery is scheduled to start at the very end of 2023.

Diabolic Drive vs Rubber Ducky
Diabolic Drive vs Rubber Ducky vs O.MG CABLE Basic vs USBNinja

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

Radxa Orion O6 Armv9 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
11 Comments
oldest
newest
Boardcon CM3588 Rockchip RK3588 System-on-Module designed for AI and IoT applications