USB Armory MkII Tutorial 1

4 minute read

Published:

How to use USB Armory MkII (Part 1 Boot the device)

Since I didn’t find very strightforward tutorial on USB Armory MK2, I deceided to write my own. Many of the steps and ideas can be applied to other embedded devices.

How to start?

In order to use the USB armory it is possible to either load a Debian linux disk image, or load a program uses Tamago framework on bare metal ARM System-on-Chip (SoC). the latter option allows you to run your program without the support of OS. The eaisest way one should start with is a pre-compiled Debian linux. Debian for usbarmory . You can of course build your the Debian image from the scratch, but I havent done that yet build from scratch.

Flash the OS to micro-sd card

usbarmory-mark-two-usd-debian_bookworm-base_image-20240702.raw.xz Once you finish download, unzip it and use Etcher to load the image on a micro-sd card. Etcher is an open-source and free app on Windows OS used for writing image files onto storage media. Loading image under Linux takes a few more steps.

On Linux (verify target from terminal using dmesg):

sudo dd if=<path to raw file> of=/dev/sdX bs=1M conv=fsync

IMPORTANT: <path to raw file> must be replaced with the uncompressed raw file (e.g. not the .xz file) matching your USB armory model and boot media.

IMPORTANT: /dev/sdX, /dev/diskN must be replaced with your microSD device (not eventual microSD partitions), ensure that you are specifying the correct one. Errors in target specification will result in disk corruption.

NOTE: Remember to uncompress the downloaded image file before imaging.

after flashing the OS, plug in the sd card to usbarmory.

Plug in

Now we have an image of Debian linux in the sd card. Before connect usb armory to PC, lets set up debug accessory that comes with the usb armory package. NOTE: the connection between the debug accessory and the target is supported only with the same orientation for both top layers (side with components(uart header) for the accessory, side with LEDs for the USB armory). Also, remember to cap the jumper header at the location of uart on the debug accessory PCB. Open up the terminal, use either screen or picocom to monitor the stdout from the usb armory

sudo  screen  /dev/ttyUSB0  115200
sudo  picocom  -b  115200  -eb  /dev/ttyUSB2  --imap  lfcrlf

This is the output of lsusb command on the host machine.

$  lsusb
Bus  001  Device  045:  ID  0525:a4a2  Netchip  Technology,  Inc.  Linux-USB  Ethernet/RNDIS  Gadget

now connect debug accessory to the mk2 and connect both of them to your pc. you should be able to see the output about booting process, and in the end, login prompt asking for the id and password. the default id and password is usbarmory. This concludes the first part of the tutorial. IN the next part, we will talk about how to ssh and also enable the network forwarding from the USB armory to the host machine.