You can still get the payload out with clever use of a linux SoM running in gadget mode, that provides the proper VEN and ID, then just vacuums up the payload. The dongle wont know it from an actual switch, and will shoot the payload at it.
As for low cost alternatives:
The A5-V11 hardware ("3g / 4g router 150m" devices available from china, BOTH the "with battery" and "without battery") is a now KNOWN working platform for auto-injection of arbitrary FG payloads. The "with battery" version is self powering, and can also function as a portable USB power bank. (possibly making it useful on roadtrips for a little extra play time.)
Any number of other battery backed mini-routers could also be adapted, that target just happens to be very inexpensive and small. Retr0id's compact C-based fusee injector opens a lot of doors.
I am going to try again with the zsun pretty soon.
What we would need to see is if the payload itself further communicates with the dongle to get a unique ID that is used for activation of the tx os. We could then reverse the payload to further interrogate the dongle in the SoM gadgetmode rig to get that kind of information out, then reimplement the communication in a revised injector.
Last edited by Wierd_w,
