Tarun’s BUG is a USB stick with a small display described as an “AI-powered Ethical Hacking Device”, supporting voice control, and offered with either a Raspberry Pi RP2040 dual-core MCU, Espressif Systems ESP32-S3 wireless SoC, or STM32F411 Cortex-M4F microcontroller.
The device also features a microSD card for storage, and WiFi and BLE connectivity for the ESP32-S3 version. The BUG is said to offer “cutting-edge HID injection capabilities” (e.g. keyboard/mouse emulation) with wireless control and ChatGPT integration. It is made for ethical hackers, cybersecurity trainers, tech educators, and DIY makers.
BUG specifications:
- Microcontroller (one or the other)
- Raspberry Pi RP2040 dual-core Cortex-M0+ microcontroller @ up to 133 MHz with 264KB SRAM
- Espressif ESP32-S3 dual-core LX7 microcontroller @ 240MHz with vector instructions, 512KB SRAM, WiFi 4 and Bluetooth 5.x connectivity
- STMicro STM32F411 Arm Cortex-M4F MCU @ 100MHz with 512KB Flash, 128KB SRAM
- Storage – MicroSD card slot inside the USB Type-A port
- Display – Small color display
- Audio – Unclear. It might be using the microphone on the host for voice control, since I don’t see any microphone on the board below.
- USB – Male USB Type-A port
- Misc – Button, RGB LED
- Power Supply – 5V via USB
- Dimensions – Similar to a small USB thumb drive
Update: The hardware specs and mechanical design for the ESP32-S3 model look exactly the same as LILYGO’s T-Dongle-S3 (see comments section).
The BUG can act like a keyboard, inserting keystrokes or other payloads when you insert it into the host, or commanding it through voice commands. Since it integrates with ChatGPT, you can just ask it to open YouTube in a web browser or create a hacking script. Other use cases include using it as a security key, replacing password inputs, a bitcoin miner similar to the Lucky Miner SOLO-LV02 (for education/research only), and a WiFi hotspot for remote control and payload injection through your phone or another device. You can also display images, QR codes, videos, and animations on the BUG’s built-in display.
The BUG is compatible with hosts running Windows, Linux, macOS, and Raspberry Pi OS, and payloads can be programmed in Python, MicroPython, C++, and more. We’re told the design will be fully open-source with the hardware design files, STL files, firmware, and libraries to be released after the crowdfunding campaign. There’s not much to show for right now, except there appears to be a working BUG prototype as demonstrated in the video below (you may consider turning the volume down).
Tarun launched the BUG on Kickstarter with a 288,187 JPY (about $2,004) funding goal that’s already been surpassed. The BUG is offered for $59, no matter whether you select the RP2040, ESP32-S3, or STM32 versions of the ethical hacking device. Shipping adds about $15, and deliveries are expected to start by September 2025.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress. We also use affiliate links in articles to earn commissions if you make a purchase after clicking on those links.
so it’s basically one of these dingle dongles: https://lilygo.cc/products/t-dongle-s3
Indeed. It looks to be the exact same hardware as https://www.cnx-software.com/2022/10/24/t-dongle-s3-usb-dongle-esp32-s3-color-display/
It’s not exactly the same, the chip-layout is different, and the Version on the lilygo-website has an additional 4-pin-port (STEMMA QT/Qwik) and an antenna-plug (which mine is missing?!), so the “Bug” is probably a custom/oem version from LILYGO, the USB-Port with the hidden sdcard-slot, casing and the button are way too similar to be a coincidence. And i’d take a bet that the software is based on https://github.com/i-am-shodan/USBArmyKnife
And all that for only 5x the price of the LILYGO T-Dongle S3 😉
the one pictured here is probably the RP2040 version (I don’t see any wifi on it). The 4-pin port on the Lilygo is actually a recent addition as the ones I bought years ago didn’t have it.