no42
-
Posts
925 -
Joined
-
Last visited
-
Days Won
17
Posts posted by no42
-
-
Hmm, odd that it works on Linux and OSX but not Win7. What happens if you push the Ducky's button (should replay the payload).
Im thinking it might be a timing issue?
What firmware are you using? Stock? Community?
-
Your Trace:
sleep 3; insmod usbserial vendor=0x12d1 product=0x1446
Your USB info:
Bus 001 Device 003: ID 12d1:1001 Huawei Technologies Co., Ltd. E169/E620/E800 HSDPA Modem[/CODE]
[color=#282828][font=helvetica, arial, sans-serif]your script product id 0x1446 != device product id 1001, this might be causing driver problems?[/font][/color]
Might be solved by editing the script to "product=0x1001"
-
To adapt Darren's simple script to generate android.txt on OSX, you need Mac Ports installed and you need to install gsed (gnu-sed), as gnu-sed is slightly different to OSX's default bsd-sed.
port install gsed[/CODE]
then:
[CODE]echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | gsed '0~5 s/$/\nWAIT/g' | gsed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | gsed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt[/CODE]Not sure whats going wrong with cygwin?
-
Couldn't you issue a reboot, but in the duck code tell it to wait for the imac to become alive again? (Not 100% familiar yet with the duck language B) soon to own one!)
The Duck is powered by the host over USB (Hence the need for a USB OTG cable on Android).
On reboot the Ducky would reset.
-
Ok is there any way for it to restart and the duck would still do its thing?
You could use the m_duck (Naked Duck) firmware.
First payload reboots the Mac, enable caps lock when the Mac boots, and push the button on the ducky to execute the 2nd payload; you would probably want some kind of large delay, depending on boot time.
-
Introducing the latest Composite Firmware - Codename : The Twin Duck
The Ducky primarily acts as a USB Mass Storage Device, and on a click of the button will start emulating a Keyboard.
Its multi-OS, multi-lingual and comes in three flavours:- c_duck_v2.hex - Supports DuckyScript as HID payload, triggered automatically and on GPIO (limited instructions)
- c_duck_v2_S001.hex - Triggered on CAPS/NUM/SCROLL LOCK
- c_duck_v2_S002.hex - Triggered on Ducky's GPIO only!
Depending on your circumstances, you may want to use either one of these available firmwares.
Downloads
http://code.google.c.../downloads/list
Please test and post feedback here.
Snake-
1
-
Its been hard. Nice to know there is continued interest in this project.
I would like to mention Dnucna's hard work at an alternative encoder, which made supporting other languages much easier than my hacky encoder code PoC's. But we still need people from other countries to play with Dnucna's Encoder to help generate other language files.
I mainly took interest in the platform, because of the unique form-factor (can look like a proper USB, without soldering/taping/connecting addons) and that it can be applied in other areas. Like bypassing device-control, where I personally have had a lot of fun :)
My Main Targets for next year:
- Improve Composite HID & Mass Storage Release (I have released demos, but they are limited)
- Provide more documentation and examples (In the works)
- Possibly attempt rotating VID & PID (if this can be done on avr???) in an attempt to circumvent Device Control without re-flashing the Ducky
Possible Alternative Firmwares (sub-projects):
- Have Mouse commands; though its reliability may be questionable due to various screen sizes may make it difficult to be constructive, rather than just a prank for the end user.
- Yubikey Support / Clone.
--Snake
- Improve Composite HID & Mass Storage Release (I have released demos, but they are limited)
-
Multi-payloads - codenamed "Naked Ducky"
http://code.google.com/p/ducky-decode/downloads/
Long awaited I know.
Its called m_duck.hex, can also be found in the svn repo.
Its not the best piece of firmware I was hoping for, and its rather limited in its application. But you can now trigger multiple payloads!
You need to create 3 files on the sdcard, and have a naked ducky (no case)
1. inject.bin - default; ducky will always run this on insertion into a computer
2. inject2.bin
3. inject3.bin
Now how do we trigger inject2/3.bin???
With the ducky still connected and naked (no case, sucks I know), enable NUMLOCK (inject2.bin) or enable CAPSLOCK (inject3.bin).
Then push the reset switch on the naked duck, to trigger the 2nd/3rd payload.
Not the best solution I know. But I havnt had a lot of time this last year on ducky development. And for those interested I still havnt solved the composite problem of having both HID and Mass Storage Support.
Been stuck on solving this problem where you can select different payloads based on keyboard lights, without resetting the Ducky - Fail on my part :(
Please, Test the new firmware, and report problems here.
Thanks
Snake
PS. I tried to put a copy of the the files needed to flash the ducky on the website above, if I've missed anything please let me know.
-
Looks like you havnt installed the python module: pyusb
Think the command you want is:
apt-get install python libusb-dev python-usb[/CODE]
-
pop,pop,ret
Keep on top of the stack
-
pop - lets keep this on top
-
Since people around the globe are struggling to find all the original Ducky Code.
I have chucked it all up on Google Code (with help from Dnucna).
http://code.google.com/p/ducky-decode/
Find all Firmware
Find Flashing Software
Find Dnucna's much improved Encoder v2.
Find old Encoder version 1
Find example of ducky-decode.pl (current only decodes US languages) - if you ever wanted to know what script the ducky was preinstalled with (anything nasty or simply a harmless message :) (depending where you obtained the Ducky))
Most importantly you can find updates.
--Snake
-
a u3 and autorun may be cheaper.
ducky is relatively slow, and the strange functions or ghost-typing is relatively noticeable.
-
Try looking at the Naked Duck (m_duck.hex) firmware, it supports the use of multiple payloads through the use of keyboard LEDS and the *LOCK keys (CAPS/SCROLL/NUM).
--snake -
Thanks for the reply, but how would I use it with Ducky script? I don't think you can invoke hex code value (if I'm looking at it right) directly from Ducky script, can you?
try building the script with the "windows" or "gui" statement, then use a hex editor on the output, look for "3e00" (gui) and try replacing with "3700", haven't got my ducky notes or equipment to hand - i cant remember the endian-ness so it might be replace xe300 with x7300.
Edit:Support provided in latest Encoder, 2.2+
-
I've made a guess here:
--Snake
-
old machine, or maybe a virtualized image - this is when I see the performance become slow.
Otherwise I prefer the powershell download and execute shell. but this depends on internet access.
-
Specifically:
1. keyboard set-up dialog - did the vendor ID thing get implemented?
2. I have a ducky I bought at defcon 20. After the keyboard setup, it will type but only after pressing the black button. It will not trigger on its own.
3. Has anyone figured out how to do command/Apple key-<keystroke> sequence? Doing stuff on the keyboard without mouse absolutely requires it. ( I hope someone figuredbthis out already.)CONFIRMED!
Its the same code as GUI!
So Windows-a / GUI-a, will genereate the correct key code for Command-a
Appears to be supported in all versions of the encoder. -
I think it's a bit silly to turn this into any old USB device considering USB thumb drives are dirt cheap. Paying $69.99 for this only to sue it as a thumb drive is a waste of about $50 if you ask me. It's got a lot of potential as it is. How are you "fed up" with this device?
But you can bypass device control software like lumensions sanctuary ;) to copy data from computers that filter usb devices
-
Are the payloads able to access the stored files?
If so this is a great news!
Not just yet - just turns it into a normal USB drive.
Im now working on composite device.
What you can do is hardcode the HID code (payload) into the firmware, then the payload can address the sdcard through Windows/OSX/Linux like any other mass storage drive.
This means you will have limited space for the HID code/Payloads.
-
pssstttt.....
its out! confirmed to work on all OS's: Windows, Unix, Linux, OSX, even Raspberry Pi.
Now people who are fed up and want another use for the ducky, can use it as a micro sdcard reader/writer over usb (usb drive).
-
Thought I'd update everyone on my progress...
I'm nowhere close on issuing different payloads dependent on key-presses. And I admit I've been slack on the keyboard mapping support - Sorry!
Instead I've been concentrating on Mass Storage Support
Got the Ducky this morning to act as a Mass Storage Device on Windows and Linux.
Will update the code, and release some source later today, after some more testing.
Please be patient, and await more news later today.
--Snake
-
This would make a great pineapple mark 5? lol
seriously it has a lot more power with cpu and ram, only it does not include on board Atheros based wifi:-(
I agree but think it would only take off if it was in the hak shop
yes - it works great with the alphas!
-
http://www.dangerousprototypes.com
http://www.seeedstudio.com/depot/usb-infrared-toy-v2-p-831.html?cPath=174
USB IR Toy v2
Should fit the bill ;)
[BugReport] Usb rubber ducky won't work on windows 7 with Norwegian keyboard
in Suggestions / Bug reports
Posted
Sorry, I meant firmware version. Have you tried the community version?
The hardware version is essentially the same (except v1 which was teensy)