Introducing A.R.M.A

If you have been following me over the past couple of years you will know that i have been testing various devices that can be used as network implants.

Some of them came with their pros and their cons but ultimately couldn’t find exactly what i was looking for. The requirements i had came from the limitations i saw when actively testing the devices in the field. At the end of the day, you get one shot to plug a rogue device in a network and cannot risk that with preconfigured scripts and hardware failing on you.

My requirements where somewhat simple:

1) Screen


2) BlueTooth


3) 2 wireless modules


4) Standalone


5) GSM

So i started working on the idea on creating something of my own from scratch or enhancing an existing board. After talking to a couple of companies developing boards, the idea of creating one from scratch went out of the window pretty fast because of cost involved and the technical difficulties.

Rather than recreating the wheel and after testing so many devices i ended up with the best board for this purpose was the Odroid C2.

Some key characteristics of the Odroid C2 are:

1) Amlogic S905 Quad Core Cortex™-A53 1.5GHz 64bit ARMv8 processor


2) 2GByte DDR3 32bit RAM


3) MicroSD Card and eMMC module for storage and OS respectively


4) 4 USB ports


5) 10/100/1000Mbps Ethernet


6) Realtek RTL8211F

Having such a good base to begin with made things much easier. Below are some of the 3d designs of what the complete board would look like.

1

2

And the actual boards before assembly…

Dabe7537 8a98 4e23 b4f7 b181a2067434

And after assembly and fitting into the 3d printed case.

E2aa06db bbfe 4e74 a559 d86a8c6b5458

Ecf4ef8b 00a0 48ed 8f73 11b8206fe682

What you see in the pictures above is the incomplete case as the complete one has the top cover plus a slider to hide the screen when needed to be more stealthy and also some aesthetic touches such as leds and buttons.

The A.R.M.A board is loaded with:

1) Ralink RT3070 WiFi Module


Capabilities:


– b/g/n


– 2.4GHz


– 150Mbit/s

2) BlueTooth CSR8510
Capabilities:


– Bluetooth Low Energy


– Dual-mode Bluetooth


– 9.75dBm transmitter


– -91bBm receiver sensitivity


3) 2 USB Ports


4) 8000mah power bank


5) External antenna connector for the Ralink module

For the GSM module, i decided not to embed it yet for various reasons and let the user select which GSM dongle to use if necessary.

So far i tested with success the following tools:

WarBerryPi by @Sec_GroundZero


Bleah by @evilsocket


Kismet


Wifite


CrackMapExec by @byt3bl33d3r

Word of advice to anyone that is looking to take this trip and create their own board:

1) It gets (very) expensive


2) Find a good partner to help you especially if you don’t understand electronics


3) Be ready to fail multiple times


4) White smoke and electronics means bad!


5) It’s a long process (15 months in my case)

The WarBerryPi updated version will be demo’ed at BlackHat 2018 Arsenal . All of the demos will be done on the A.R.M.A board but the code is generic so it will work on any device (RaspBerryPi etc) so you will not be dependent to use the A.R.M.A. I will be bringing 4 boards with me which 3 of them will be the version without the embedded power bank in case TSA wants to be funny and don’t let them through airport security.

Till later…