For a long time I’ve wanted to take a look at the hardware side of things in the hacking industry. Throughout the years I’ve tinkered with conference badges, but never had an understanding of the amount of time required to develop such devices. With virtually no guidance I decided to jump right into a project.
The project I’ve chosen is to build a KeyKerikiv2.
The primary reasons I’ve chosen this project is because on recent engagements I’ve relied on mouse jacking to gain an intial foothold and the project seemed more low level than starting with an arduino. I learn best by being thrown into the scrum and I found the lack of how-to’s a huge challenge for myself.
Looking at the remote-exploit site there is more than enough required for someone with experience to build this. The schematic, board layout and presentation slides are provided which I reviewed.
After some googling on how to open the schematic and board files I stumbled across JLCPCB and their Easy EDA tool. This web application allowed me to open the schematic and board files. Looking at these files I was overwhelmed and barely had an idea of what I was looking at.
So, without modifications I decided to just submit the boards to JLCPCB for printing. No idea if this will even work, but with the low cost of getting these printed it seemed worth a shot. I ordered a total of 10 boards.
Conveniently, JLCPCB also allows you to create a Bill of Materials or BOM. This file contains all of the components required to build the project.
This is where the fun began as just ordering the correct components turned out to be more difficult then I expected. There are so many different form-factors, manufacturers and part numbers that just submitting the BOM from the project produced a ton of “No match found” results. After hours of research I ended up placing multiple orders through LCSC (JLCPCB’s component side) and also through Digi-Key since all the parts were not available through one site.
There were two parts that I could not find on either site and relied heavily on the images from the presentation to distiguish what these parts were. The two parts were the 2.4Ghz radios and without these the project would be useless. I was able to find the nRF24L01+ module at sparkfun.com with ease.
The MD7125-F02 module was next to impossible to locate. Taking a chance I submitted a query for the devices to a foreign site. The module they appeared to carry wasn’t an exact match because it does not contain an RP-SMA connector, but it did appear to have the pads available to where I could add one.
I have yet to receive a response, but I am hopeful. Without this module I don’t think I can complete the project so if I do not hear a response back I will attempt to find it other places.
As expected, the PCBs will be shipping from China and should arrive in the next few days. While I am awaiting the PCBs and components I plan to further research surface mount soldering techniques, reviewing tools and ordering other things I may require for successful building of the project.
More to come!
If you enjoyed this post please consider subscribing to the feed!