A few months ago I made a P4wnP1 A.L.O.A device which I used on a penetration test, which yielded positive results being able to obtain a reverse shell and exfiltrate data from the target machine using the rogue device. P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Raspberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements … or into “A Little Offensive Appliance”.
I have documented the process of creating this device and making a few minor updates to the installation on my GitHub repository below:
Some time after that, I have improved the project as the device in its original case with the USB addon board does not look “stealthy” in any way and may easily be recognized as a suspicious or unknown device by anyone who looks at it.
That’s when I had an idea… what if I hide it inside a mouse? So I went on a quest for finding the perfect mouse which had a low-budget cost for the project, and had a simple interior design with enough space for the Raspberry Pi Zero W to fit with some extra additions (connecting cables). And I found the perfect candidate a $3 mouse from the dollar store (if you are in Canada you can find those exact ones at Dollarama). Here is how it looks when opened:
Nothing fancy. Just a regular wireless mouse. In order for the Raspberry Pi to fit, first step would be to get rid of the mouse wheel and mouse wheel mechanism.
This is easily done by de-soldering a few pins in the back of the board, or simply by bending and pulling enough for it to break.
For the next step we will need a Micro-usb to USB ribbon cable (about 5cm long). You can find those pretty cheap on AliExpress. We will also need a USB extension cable (the most generic one you can find), and cut the plastic cap around the female end, as this will be precious space in order for the cable to fit inside the mouse. This will make the mouse looks like its cabled but will actually be powering up the Raspberry Pi when connected to the target machine. What will make the mouse buttons work and arrow move is the USB piece that comes with the wireless mouse. In a real engagement you would hide the wireless USB piece maybe in the back of the pc or laptop and put the cable in a way the mouse will look to be a non-wireless device.
Next step is cutting the mouse wheel. The whole wheel will not fit inside the mouse space with the Pi, so we need to cut just enough to look like there is a wheel there and then tape it to the inside top part of the mouse.
Putting all parts together the mouse will look like below:
Then just reattach the mouse lid with the wheel that was cut taped to it and the mouse is ready to go. Attach the USBs and you should soon see the P4wnP1 A.L.O.A rogue access point showing in the available Wi-Fi networks:
You can then use the mouse normally (except the mouse wheel which is just a dummy accessory), connect to the device via the RNDIS/USB-ETH interface created (via SSH) and/or connect to the P4wnP1 AP and dashboard remotely.
Disclaimer: The information posted here is to be used for Ethical Penetration Testing and Cybersecurity engagements, for educational purposes only.
👉 Join our Telegram channel for exclusive content and updates: Telegram Channel
📸 Follow us on Instagram for daily hacks, tutorials, and behind-the-scenes content: Instagram
🌐 Interested in hacking courses? Visit our website to explore in-depth, practical cybersecurity courses and resources: https://hackwarden.in
bro this is very extrema ❤️❤️ your posts blogs and videos are very informative and very deep keep sharing and i have also created this with my pi zero thank you bro
thank you bro for your support ❤️