no42

My firmware operates a lot faster, you need an initial delay of around 3000 for it to function on time; secret to the multi OS attack - otherwise your limited to Windows OS. Try the GPIO button, does it still replay the payload?

When I wrote the firmware the original duck had two leds red and green, depending on the firmware they mean different things... Red usually denotes errors. However, when it comes to Mass Storage (MS) it can mean 1 of 2 things error, or writing to MS. The green is suppose to mean working / reading, guess this is the blue? Ducky is probably fine, the half blue half red indicates to me c_duck firmware. Sounds like the ole green is now a blue LED. Everything sounds ok!

DELAY 1000 COMMAND SPACE DELAY 800 STRING Terminal DELAY 500 ENTER DELAY 500 STRING java -jar path/to/file ENTER

https://code.google.com/p/ducky-decode/ Homepage: DownloadsSince Google-code changed their policy on 'Downloads', new downloads cannot be added via google-code. Instead visit this Google Drive Folder for new downloads: http://drive.google.com/#folders/0B7uVAbdkMKcXNW1KdnBrQzZtV3c

I used a drawing-pin until I programmed the ducky-detour option. Replacement covers here: http://www.discmakers.com/duplicators/usb/swing.asp

1 - not that i know of 2 - ATMEL only have support for FAT 3 - The source is out there somewhere 4 - The original PoC getting the dealt ducky working on OSX.

1 - that limit should only be on the twin duck(+), as the payload is being loaded into memory. It should not effect the original duck firmware or ducky-detour Also, each character is stored as a byte in memory - it may be possible to rewrite the firmware to load the payload into memory in a compressed form - approximately doubling the space; requires firmware re-programming 2 - limitations of the FAT SD library from ATMEL ? not sure I haven't tried any SDcards bigger than 2GB at the moment.

whats your payload? think its too big - there is a ~2KB limit, as the payload needs to be read into memory.

haha; thought that was a typo in your post (not jut the command line)

My Duckies are all out in the field at the moment (I need to buy more), and I can't reach their operators due to timezones, and limited comms channels. In the meantime, you could try version 0.7.0 (latest version) from github https://github.com/dfu-programmer/dfu-programmer

should deliver automatically, you just need to carefully time the payload so that all necessary drivers are loaded first.

what is the version of dfu-programmer? I'll try to look into this problem, sometime soon, or I'll try to find someone who can on our behalf

The ducky is fast, real fast, so fast that as it types the computer may miss some characters. The speed of the USB stack depends on the computers processor, OS, and age of the machine. This is why you may have to tweak the DELAY value. For accuracy, its a hack to get around the discrepancies between OS and machine models.

Either your payload is to big, or it can't find inject.bin. Remember, It has a limited amount of memory in which to store the payload, its only enough for a few ducky script commands to execute to/from the mass storage partition.

check, it should be in this zip file: Duck Programming.zip

its normally packaged in the zip file? Duck Programming.zip

try breaking up the strings DELAY 500 STRING %duck%\mimikatz.exe > %duck%\%computername%-passwords.txt ENTER DELAY 100 STRING priviledge::debug ENTER with additional delays? eg STRING %duck% DELAY 50 STRING \mimikatz.exe DELAY 50 STRING > %duck%

You either need to flash the composite ducky firmware d_duck_vX.X.hex, where X is an integer. And label the sdcard as "DUCKY" Or insert a flash-drive labled "DUCKY"; Check out the links in my signature....

read up on wpa_supplicant

The Electric Imp (http://electricimp.com), for embedded projects: https://www.sparkfun.com/products/11395 its cheaper than Arduino WiFi Shield(https://www.sparkfun.com/products/11287 )

those advanced payloads are tricky try some of the ones from github: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

wow, Ive never seen that error before, regarding flip. Basically there is a problem with your Java CLASSPATH. I think this means you have Java Runtime installed, but you actually need Java Development Kit (JDK), can you verify what Java installations are installed? Link JDK: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html If this does not solve the problem, I'll try again...

ok, what do you want to achieve? I haven't got a lot of time, but Im hoping if I walk you through a payload, you will understand Ducky Script better, and I can leave you to develop some interesting payloads.

have you tried manually. start with something simple: DELAY 3000 GUI R DELAY 500 STRING NOTEPAD.EXE ENTER DELAY 500 STRING This is my first ducky script program ENTER

thanks, strange thing is it looks fine. what is the output from the encoder? can you post an example of the command and its output. thanks.