19 hours ago, snerd said:
here's what I had in mind:
* penetrate the target's wifi network
* enumerate the devices connected to the network. this would reveal the SD card but also any computers and (ideally) the OS and build IDs of said computer(s). The attacker needs this in order to craft a payload.
* enumerate the contents of the file system on the SD card and with some googles discover what it's likely being used for.
* whip up a basic reverse shell embedded in something like a self-extracting archive. the nice thing about reverse shells is that 99% of folks out there run with AV only and AV doesn't monitor network traffic in the way something like Glasswire or LittleSnitch will. Moreover, a basic shell-code reverse shell script tends not to get picked up by even up-to-date-AV. If need be I could use something like Shellter to embed a reverse shell inside an executable and get some AV evasion - but for social engineering reasons I suspect a self-extracting archive might be a better way to go. Either way - the goal is to create a file that looks to the target that it's something they placed there, forgot about, and is interesting enough to pique their curiosity to investigate on their win/mac/linux machine.
* place the file onto the target sd wifi card
* use netcat to listen on a given port (along with a firewall rule that prevents access to that port from anywhere BUT the target IP address to prevent bots and such from mucking up the attack machine)
* if the filename is sufficiently enticing, the target will see the file and (assuming the x16 can't handle self-extracting archives) will get curious, move the malicious payload back to their internet connected workstation, and extract the contents to see what's there
* voila - reverse shell with at least user-level privilege.
My reaction to seeing an enticingly named file on the filesystem for the CX16 SD card would be "shoot, I wonder whether someone has put a honey trap in my WiFi SD card, need to increase my network security" and delete it from the CX16 side.
Now, if you smuggled an enticingly titled .PRG on a 28 year old 5.25" disk from back when I was using my C64 regularly, the odds of my copying of my copying and trying to open it in VICE if I would ever be able to read that disk again would be much higher, but then again if you are in a position to find where I have 28 year old disks stored and have the time to set up a 1541 drive and write data into them, you would skip the 28 year old disk and put the malware straight onto my laptop.
Yes, the micro-SD + WiFi access point on the SD board is originally for things like cheap 3D printers that print from a file on an SD card, to give them wireless access without requiring any modification to the printer.
Unlike micro-SD cards, the original SD cards were intended to be swapped on a regular basis, similar to game cartridges in a portable game console, but since that is not as common as it was when SD cards were focused on cameras and such, it is reasonable to be a bit cautious about whether modern SD connectors are as well designed for repeated insertion/removal as the original designs were.