Press "Enter" to skip to content

USB-Backdoor using Raspberry Pi Zero W and P4wnP1

In this post I want to show how I assembled a little hacking gadget using a Raspberry Pi Zero W and the software of P4wnP1. This project is based on the two projects from P4wnP1 and Novaspirit. Please notice that this is for educational use only! Do not use it in the wild!

What you need:

  • Raspberry Pi Zero W
  • Micro-SD card
  • Latest version of Raspbian (Lite version is sufficient)
  • P4wnP1 Software
  • Some wires
  • USB male head
  • Case for Raspberry Pi Zero W
  • Soldering equipment

Step 1: Downloading and Installing Raspbian

The first step is to download and install the latest Raspbian (lite) and flash it onto the SD-card. If you do not know how to do this, you can find a very detailed description here.

Step 2: Connect the Raspberry Pi to the Internet

In order to download the P4wnP1 software, the Pi needs to be connected to the Internet. The easiest and most convenient way to achieve this is to use the Internet connection from your laptop. To do this, you need to do some steps before you insert the SD-card into the Pi. First of all, you need to enable SSH. In order to achieve this, simply create an empty file called ssh in the boot folder of the freshly flashed SD-card.

sd-card/boot/$ touch ssh

As a next step, we need to make it possible to get the Internet over the USB interface of the Pi. To do so, you need to append something to config.txt

sd-card/boot/$ echo "dtoverlay=dwc2" >> config.txt

and then enter the following into the file cmdline.txt right after rootwait

modules-load=dwc2,g_ether

Now you should be able to access your Raspberry Pi by connecting the Pi over the DATA-USB-port to your computer and then using ssh to connect to raspberrypi.local. In order to grant the Pi access to the Internet, you might need to enable the Internet sharing on your computer.

Step 3: Download and install P4wnP1

The software I used is from a guy called mame82 and has been made available on GitHub. In order to install, run the following:

sudo apt-get -y install git
cd /home/pi
git clone --recursive https://github.com/mame82/P4wnP1
cd P4wnP1
./install.sh

If everything worked fine, you should now be able to plug the Pi into a Windows machine and after a short while you should find a WiFi access point with the SSID P4wnP1. You can connect to it with the default password MaMe82-P4wnP1. Once connected, you can ssh into your Pi over pi@172.16.0.1. For more details how to use P4wnP1, I refer to the GitHub page where everything is described very well.

Step 4: Hardware modifications

The software stuff is now done. In order to have a gadget that looks like a USB-stick, we need to do some hardware modifications. The following steps are based on the ones provided by Novaspirit. We need to connect the USB male header to the Raspberry Pi Zero.

 

 

In the left image above, we can see the 4 connectors of a USB male head. Pin 1 is the power (+5V), D+ and D- are the data ports and pin 4 is GND. Now we just need to solder them onto the corresponding ports on the Pi (see the image above). Make sure that the connections do not touch the neighboring connection to avoid shorts. Also to avoid shorts, I used a piece of isolation tape to separate the Pi and the wires.

Step 5: Clean things up

We are almost done. To clean things up and to make it look more like a USB stick, I 3D printed a case for the Pi Zero. The files for that I have from Thingiverse. Below you can see the final result. I am not really satisfied with the case, so I will probably replace it in the future, but in total, this was a very cool project and I am curious to try it out (on my own computer). If you have any questions, please leave a comment below.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *