USB Armory: Open Source USB Stick Computer
Details
An open source USB stick computer for security applications.
As Featured In
Inverse Path USB armory: Secure computer on a stick
“Crowdfunding a USB-stick-sized, GNU/Linux-ready computer”
“USB Armory puts penetration testing and Tor routing in a thumbdrive”
“This particular processor supports a few advanced security features such as secure boot and ARM TrustZone.”
“USB Armory is the Swiss army knife of security devices”
An open source USB stick computer for security applications.
The USB Armory is full-blown computer (800MHz ARM® processor, 512MB RAM) in a tiny form factor (65mm x 19mm x 6mm USB stick) designed from the ground up with information security applications in mind. Not only does the USB Armory have native support for many Linux distributions, it also has a completely open hardware design and a breakout prototyping header, making it a great platform on which to build other hardware.
Features and Specifications
Hardware
- Freescale i.MX53 ARM® Cortex™-A8 800MHz
- 512MB DDR3 RAM
- USB host powered (<500mA)
- Dimensions: 65mm x 19mm x 6mm
- user-controllable LED
- 7-pin breakout header [pinout of GPIOs, UART, and power]
- microSD card slot [compatibility chart]
- 100% open source hardware [source files and wiki]
Software
The USB Armory hardware is supported by standard software environments and requires very little customization effort. In fact, vanilla Linux kernels and standard distributions run seamlessly on the tiny USB Armory board:
- boots off of microSD card [or via USB serial downloader]
- native support for Android, Debian, Ubuntu, FreeBSD [it’s easy to create boot images]
- USB device emulation [CDC Ethernet, mass storage, HID, etc.]
Connectivity
- High Speed USB 2.0 On-The-Go (OTG) with full device emulation
- full TCP/IP connection to/from USB Armory via USB CDC Ethernet emulation
- flash drive functionality via USB mass storage device emulation
- serial communication over USB or physical UART
Security
The ability to emulate arbitrary USB devices in combination with the i.MX53 SoC speed and fully customizable operating environment makes the USB Armory an ideal platform for all kinds of personal security applications. Not only is the USB Armory an excellent tool for testing the security of other devices, but it also has great security features itself:
- ARM® TrustZone®
- secure boot + storage + RAM
- user-fused keys for running only trusted firmware
- optional secure mode detection LED indicator
- minimal design limits scope of supply chain attacks
- great auditability due to open hardware and software
The support for ARM® TrustZone®, in contrast to conventional trusted platform modules (TPMs), allows developers to engineer custom TPMs by enforcing domain separation between the “secure” and “normal” worlds that propagates throughout all SoC components, as opposed to limited only to the CPU core.
Applications
$ ssh alice@10.0.0.1
Welcome to your USB armory :)
$ ▌
The following example security application ideas illustrate the flexibility of the USB Armory concept:
- mass storage device with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct
- OpenSSH client and agent for untrusted hosts (e.g Internet kiosks)
- router for end-to-end VPN tunnelling
- Tor bridge [see this, for example]
- password manager with integrated web server
- electronic wallet [the Electrum Bitcoin wallet works out of the box on the USB Armory. It has been tested with X11 forwarding from Linux as well as Windows hosts.]
- authentication token
- portable penetration testing platform
- low level USB security testing
USB Host Adapter
As mentioned in the first campaign update, there is also a simple USB host adapter that, along with compiling the right Linux kernel modules, allows the USB Armory to independently use a keyboard, USB display, USB mass storage devices, USB WiFi dongle and more, just like a standard computer, without the need for a separate USB host, such as a laptop or desktop.
Connecting a powered USB hub to the adapter ensures that all the connected USB devices have enough power to perform their tasks. Additionally, a micro-USB cable we can power the USB Armory itself. Alternatively, a passive USB hub can be used and a micro-USB charger (such as ones used for most mobile phones) can provide power.
Enclosure
To keep your USB Armory protected and preserved, we’ve developed a custom enclosure in cooperation with Teko, an Italian company that specializes in high-quality enclosure solutions.
The official USB Armory enclosure is a four-piece design customized to accommodate and protect the USB Armory.
The enclosure is easily assembled by snapping together three separate body parts, one of which acts as a sliding cover for the microSD card. A small removable cap protects the 5-pin breakout header.
Note: A cap for the USB plug was included in earlier enclosures but later removed due to width tolerance issues.
Specifications:
- Body: 61 x 24 x 9 mm
- Plug cap: 12 x 23 x 7mm
- Material: NEVIESTER EG83 (PETG)
- Color: transparent
Community
The USB Armory is an open source hardware and software project created by Inverse Path, an Italian information technology consulting group specializing in securing critical embedded systems in the avionic, automotive, and industrial control sectors. The Inverse Path team, with the help of the open source community, will develop applications that explore the potential of the USB Armory. Please participate!
Ask a Question
Have a question not answered in the description above or in the Updates?
Ask Inverse Path a Question or Browse Crowd Supply Questions & Answers
