Presentations
Templates
Features
Teams
Pricing
Log in
Sign up

Log in
Sign up

Troboard

Team M30W

Outline

Introduction
Attack Method
Demo

Attacker model

Windows OS
victim will plug our raspberry pi
non-super privileged

Goal

remote control
desktop sharing
leak keyboard log

Motivation

hack classmate's computer
USB is easy to get
Poisontap is interesting?
127's childhood dream

Fake USB

USB classes

Faking classes -> Faking device

Stage - 1

ssh pi -> keyboard signal -> victim

Victim

Attacker

Generate Payload

Relay Payload

Pi

Problems

Attacker need to be close by
Attack does not persist after pi is disconnected
Victim may notice he's hacked!

Remote Desktop!

-> Inject Trojan

Stage - 2

insert pi -> keyboard signal -> wget trojan

Victim

wget

Victim

Server

Client

Connect

Control

Then... We can

Windows + R -> open powershell
problem: 中文輸入法 (Shift not works)
Solution: Ctrl+Space

Simulate What?

However

if network is down

:(

USB Hub

Not only a keyboard,

but also a USB storage!

Use cmd to move our file from USB storage to victim

easy be detected

Hide it ?

But...

Everyone loves it

However...

OS want to protect system file!

Well...

Creating system files is easy : )

attrib +s +h file_name

What if the victim reboot?

Put our program under /user/.../startup

-> execute as routine startup

Stage - 3

insert pi -> & act as USB & Keyboard ->
Move trojan from USB

Victim

copy

Victim

Server

Client

Connect

Control

RCE again

Demo

Problem of
Hidden Remote Desktop

RCE

Victim

Our Server

Connect

Our server's ip will be exposed to victim!

Large Traffic Detection

Victim

?

Screen

Slow Network Detected

RCE ->

Leak Information

Stage - Extra

Leak Infromation?

Eavesdrop your keyboard & window!

IP Exposure?

Upload to trusted server, like youtube stream

tlk.io!

Victim

tlk.io

send key

Meow

peep key

Trusted Chatting Server!

Demo

Conclusion

Don't plug unknown USB :)

Don't plug untrusted IoT :)

Q&A

Troboard Team M30W

Troboard

By Arvin Liu

Source: Sunny Xiao

Troboard

Spoofing keyboard by Raspberry Pi & Inject Trojan that can remote desktop control

6 years ago
1,543

Arvin Liu

More from Arvin Liu

Dynamic Programming

Arvin Liu

1003
Cross Modal

Arvin Liu

1034
Training Course - Knowledge Distillation

Arvin Liu

1322
Paper review: Revisiting Knowledge Distillation: An Inheritance and Exploration Framework (CVPR'21)

Arvin Liu

1028

Tour

Presentations Trending decks Templates Features Pricing Slides for Teams Slides for Developers

Help

Forum Knowledge Base Developers Docs Leave Feedback Report an Issue

Company

News Changelog About Slides Security Partners

Resources

Make slides with AI Embed Google Maps Embed Google Forms Embed YouTube Convert PDF to Slides Convert PPT to Slides Convert Markdown to Slides

Terms • Privacy • © 2025 Slides, Inc.

BESbswyBESbswyBESbswyBESbswy