A Practical Supply Chain Hack

Blinking RGBs for fun & profit.

Talk given at BSides Cape Town - 2 December 2023 on hacking a keyboard and embedding a key logger.

Youtube Video


As usual things didn’t go according to plan or the original abstract. I still managed to hack a keyboard and add a keylogger to it though.

This talk is more of a “Shaggy Dog” story of how I hacked the keyboard and all the little dead-ends I went down.

Slides are available here

Code + Full write-up to follow, once I’ve caught up on sleep.

Original Abstract

A Practical Supply Chain Hack: Blinking RGBs for fun & profit.

Do you trust your computer hardware? How much damage could someone do if they just switched out the firmware on a cheap hardware purchase?

Come join me as we do just that, buy a cheap device, reverse engineer it, replace the firmware, plug it into a computer, blink lights and cause chaos.

This talk is all an excuse to hack and reverse engineer a USB peripheral. Buy a device from Takealot, reverse engineer it and add a few new “features” and then hand it over to an unsuspecting victim.

The talk will have something for everyone, a little hardware hacking, some reverse engineering and even some fun for those who don’t quiet get all the technical stuff.

Plenty of details on how the hardware works, what makes USB work and how you can use all this knowledge to build your own version of a Rubber Ducky or OMG style cable.

Key take-away: Don’t trust the hardware, don’t trust the firmware, don’t trust me not to break it and have fun!

See also

DigitalOcean Referral Badge