"If you want to try it, be aware that it requires Intel Pentium 166MHz or above."
Made me laugh. Fun article, also really love the genre of "bored smart person goes too deep on something that the end result is obvious by common sense but proving it requires surprising amount of ingenuity and scrappiness"
show comments
MartijnBraam
I came across the tweet about this "Evil" dongle and instantly recognized it as the exact same thing I worked on before... It's not evil, it's just annoying.
In my case I disabled the SPI flash module to have it not appear as a CD drive, the author of this post actually found some documentation about the SPI being optional. Funnily enough this post now also gives you all the tooling to make an actual evil RJ45 dongle by reflashing one :D
show comments
bentcorner
I actually really appreciate USB devices that masquerade as a storage device to provide their own drivers. I suppose in this day and age the "right" thing to do is to upload a bunch of stuff to microsoft servers so that it downloads whatever is needed upon getting plugged in, but I've observed enough stuff needing manually installed drivers to know that this isn't as apparently easy as it may appear to be. (For example, I very often need to download vendor-specific ADB drivers)
Anyways, I think it's clever for peripherals to help you bootstrap, and having the drivers baked into the device makes things a little easier instead of trying to find a canonical download source.
show comments
bisrig
I'm not sure what the current state of the art is, but for the longest time it was pretty common for USB peripheral ICs to have small flash devices attached to them in order to be able to store VID/PID and other USB config information, so that the device is enumerated correctly when it's plugged in and can be associated with the correct driver etc. And depending on when the device was designed, 512kB might have been the smallest size that was readily available via supply chain. It would not have been strange to use a device like that to store 10s of bytes!
The ISO thing is a little bit weird, but to be honest it's a creative way to try to evade corporate IT security policies restricting mass storage USB devices. I think optical drives use a different device class that probably evades most restrictions, so if you enumerate as a complex device that's a combo optical drive/network adapter, you might be able to install your own driver even on computers where "USB drives" have been locked out!
show comments
JKCalhoun
"It is already possible for an assassin to send someone an e-mail with an innocent-looking attachment. When the receiver downloads the attachment, the electrical current and molecular structure of the central processing unit is altered, causing it to blast apart like a large hand grenade.”
I feel like that might have been what took out a neighbor down the street.
Sorry, I got distracted by the newspaper clipping in the article and had to laugh.
baq
RJ45 nazi here: these should be called 8P8C
I’ll show myself out
show comments
ChrisArchitect
Related:
Cheap rj45 ethernet to USB adapter contains malware
Embedded storage was actually very common some decades ago, remember seeing it in a lot of devices, mostly 3G USB Modems, there was even a AT command to enable/disable it.
Seems that the origin of the "chinese hack" theory can be just resumed to: younger people not being used to this kind of old stuff.
dlcarrier
A harmful connection to the Ethernet port would be extremely difficult. A harmful connection to a USB port is extremely easy. Call it what it is: an "Evil" USB dongle that happens to also have an Ethernet socket.
Fokamul
Brought to you by Epcyber CEO.
All their trainings are OSINT on China. Of course this company is full of clickers, using just automated tools.
niklasbuschmann
@lcamtuf: It's Igor Pavlov, not Ivan Pavlov
walrus01
On the general topic of USB to 1000BASE-T (and now 2.5 GBaseT) dongles, for people who care about performance, it's good to know about the distinction between those that are USB devices and those that are PCI-Express devices.
Basically, what do you get if you hotplug it into a laptop running a current linux kernel and do "sudo lsusb -v" vs "sudo lspci -v"?
The ones that are native PCIE devices offer much better performance, up to 2.5 GBASET line rate, and will communicate with the host over the implementation of thunderbolt over USB.
The ones that are USB only might work okay, but there's a reason they're cheap.
Of course a cheaper laptop also won't have any implementation of thunderbolt on it, so that's something to consider as well.
show comments
Reason077
All USB-to-Ethernet adapters are pretty evil in my experience. Always terrible performance, often slower than WiFi.
show comments
poisonborz
TLDR: it is not "evil"
throeurir
So many wtf here. If anything this proves it is backdoored network card
1) downloading Windows exe files from Chinese forums
2) the USB storage provided by network card can still contain malware,
3) or can be accidentally booted from
4) it has universal USB controller, so can become any HID device: keyboard, mouse...
"If you want to try it, be aware that it requires Intel Pentium 166MHz or above."
Made me laugh. Fun article, also really love the genre of "bored smart person goes too deep on something that the end result is obvious by common sense but proving it requires surprising amount of ingenuity and scrappiness"
I came across the tweet about this "Evil" dongle and instantly recognized it as the exact same thing I worked on before... It's not evil, it's just annoying.
https://blog.brixit.nl/making-a-usb-ethernet-adapter-work-sr...
In my case I disabled the SPI flash module to have it not appear as a CD drive, the author of this post actually found some documentation about the SPI being optional. Funnily enough this post now also gives you all the tooling to make an actual evil RJ45 dongle by reflashing one :D
I actually really appreciate USB devices that masquerade as a storage device to provide their own drivers. I suppose in this day and age the "right" thing to do is to upload a bunch of stuff to microsoft servers so that it downloads whatever is needed upon getting plugged in, but I've observed enough stuff needing manually installed drivers to know that this isn't as apparently easy as it may appear to be. (For example, I very often need to download vendor-specific ADB drivers)
Anyways, I think it's clever for peripherals to help you bootstrap, and having the drivers baked into the device makes things a little easier instead of trying to find a canonical download source.
I'm not sure what the current state of the art is, but for the longest time it was pretty common for USB peripheral ICs to have small flash devices attached to them in order to be able to store VID/PID and other USB config information, so that the device is enumerated correctly when it's plugged in and can be associated with the correct driver etc. And depending on when the device was designed, 512kB might have been the smallest size that was readily available via supply chain. It would not have been strange to use a device like that to store 10s of bytes!
The ISO thing is a little bit weird, but to be honest it's a creative way to try to evade corporate IT security policies restricting mass storage USB devices. I think optical drives use a different device class that probably evades most restrictions, so if you enumerate as a complex device that's a combo optical drive/network adapter, you might be able to install your own driver even on computers where "USB drives" have been locked out!
"It is already possible for an assassin to send someone an e-mail with an innocent-looking attachment. When the receiver downloads the attachment, the electrical current and molecular structure of the central processing unit is altered, causing it to blast apart like a large hand grenade.”
I feel like that might have been what took out a neighbor down the street.
Sorry, I got distracted by the newspaper clipping in the article and had to laugh.
RJ45 nazi here: these should be called 8P8C
I’ll show myself out
Related:
Cheap rj45 ethernet to USB adapter contains malware
https://news.ycombinator.com/item?id=42679498
Are there "evil" USB ethernet dongles? Of course there are...(just not this one)
https://hak5.org/products/lan-turtle
Embedded storage was actually very common some decades ago, remember seeing it in a lot of devices, mostly 3G USB Modems, there was even a AT command to enable/disable it.
Seems that the origin of the "chinese hack" theory can be just resumed to: younger people not being used to this kind of old stuff.
A harmful connection to the Ethernet port would be extremely difficult. A harmful connection to a USB port is extremely easy. Call it what it is: an "Evil" USB dongle that happens to also have an Ethernet socket.
Brought to you by Epcyber CEO. All their trainings are OSINT on China. Of course this company is full of clickers, using just automated tools.
@lcamtuf: It's Igor Pavlov, not Ivan Pavlov
On the general topic of USB to 1000BASE-T (and now 2.5 GBaseT) dongles, for people who care about performance, it's good to know about the distinction between those that are USB devices and those that are PCI-Express devices.
Basically, what do you get if you hotplug it into a laptop running a current linux kernel and do "sudo lsusb -v" vs "sudo lspci -v"?
The ones that are native PCIE devices offer much better performance, up to 2.5 GBASET line rate, and will communicate with the host over the implementation of thunderbolt over USB.
The ones that are USB only might work okay, but there's a reason they're cheap.
Of course a cheaper laptop also won't have any implementation of thunderbolt on it, so that's something to consider as well.
All USB-to-Ethernet adapters are pretty evil in my experience. Always terrible performance, often slower than WiFi.
TLDR: it is not "evil"
So many wtf here. If anything this proves it is backdoored network card
1) downloading Windows exe files from Chinese forums
2) the USB storage provided by network card can still contain malware,
3) or can be accidentally booted from
4) it has universal USB controller, so can become any HID device: keyboard, mouse...