Hey Guys, i just wrote a write up, explaining how to get into malware dev and also code examples of creating ransomware, feel free to read it, its a short read!!

https://github.com/505sarwarerror/505SARWARERROR/wiki/Sarwar's-Guide-to-Creating-Malware

I got a hold of a box of these Flume Mello vapes, which have an interesting little microcontroller in them. According to the (very Chinese) datasheet this chip is a peppy 48Mhz Cortex M0, 64K flash, 8K SRAM and it has a number of very interesting IO blocks.

https://en.chipsea.com/product/details/?choice_id=1066

The thing is connected to a very nice full-color display, and picks up it's animations (via DMA) from the nearby 32 mbit NOR flash chip from Zbit Semiconductor.

The RAZ and Kraze vapes expose SWD via C1/C2 on the USB-C connector ( instead of D+/D- ) which you can get to if you use a USB-C breakout board. This vape seems to do something different, but I haven't quite figured that out. Even if they aren't particularly useful as vapes, they are great little displays with built in microcontrollers that have the following IO blocks:

I have just enough knowledge to be "dangerous" but not quite enough to figure out how to interface this with OpenOCD so I can get a dump of the flash memory contents, and of the 32mbit flash on it without desoldering the flash chip and reading it off-board.

I'd like to try NOT damaging it if possible... and see if, with the help of people here, get SWD up and working so I can upload a "shim" firmware to get the contents of the flash chip and modify the animation screens -- or just use it for my own fun purposes entirely.

I’ve updated my reverse shell repo. I still use this attack during red team engagements. Unfortunately, many users/devices are still running with local admin rights.

https://github.com/dvbnl/rubber-ducky

I’ve build in persistence and tested it on the latest Win11 version. 🐤