Joystik

Back then I mostly worked in VB. Infact, I have not coded anything in years like I used to unfortunately. The community was very giving and very eager to make advancements in knowledge to empower themselves. A few people custom coded obfuscators, oh jeez lets see if I can remember his name.... aha! JapaBRZ. He was among the first. Run a quick google search on him, hes got stuff published to a few websites. Most was on Leetcoders but the sites been rolled back. I might have his source somewhere actually. A lot of it has to do with adding "junk Code" which is really just fake code and fluff for distraction. Sometimes AV companies use app info such as actual size in bytes, author, version number, other build info like that. Change the build info, change the icon, add more strings that point to eachother, etc. All of that completely throws off AV companies, or rather just makes it seem like they are hunting down "A" but instead see "B" (the new build) so a message comes back to the user as "scan completed. nothing malicious here, move along." Of course, there are two kinds of detectability. Runtime and Scantime. Runtime crypters we called them... something that encrypts your build so that it can run in such a way that an active AV will not see it. Something that was only scantime crypted / obfuscated will get detected when it runs, unfortunately. This turned into a sort of business. People made and ripped off eachothers crypters and sold them. They were cheap and didnt know what they were doing, so the files got detected weekly or monthly, requiring them to re-code parts of the crypter. They got smart and used stubs so they only had to change part of the stub. It is all very collusive and mostly came down to newbs trying to mass spread their botnets. The only way around all that, like you mentioned, is to not share anything unfortunately. Unique code kept private for small use wont likely get picked up by an AV company. But hell, back in the day as a child when I made a simple SMS / MMS phone bomber in VB it got detected as a trojan. Explain that to me? lol I coded it so I know it was safe. Anyways, thats probably a bit too much info all over the place, but hopefully serves as a brain-dump to get some of you to ask questions and inspire you to research more. I don't really have a whole lot of time to make threads and post stuff, but hey I'm bored at work right now :)

I have a lot of research to do and several options to dig into. Thank you again for helping me out, I really do appreciate it. Ah yes, the AV companies haha. Good old days. Many programmers worked very hard to make their programs UD (undetected) by AV's. They even developed obfuscation methods and ways of messing with a source code to throw off an AV company from recognizing any malicious code. I guess you could say I'm pretty familiar with that :) I might just buy a ducky to mess around with it. Seems like it could be a bit of fun in the very least. Ya know, this forum reminds me of Leetcoders in its early days.

Hmm, Interesting. Thank you for your response! It's always great to have some code to look at and the page you linked me to is a nice reference. For whatever reason I got the idea from one of the hak5 videos with Darren that you could inject code. I know he mentioned that it is recognized as a keyboard but It never clicked until now. Installing an apk may be plausible, noting that I would have to flip the 'accept unknown source' setting. This may prove to be some fun to play around with! On another approach, I guess it might be easier to have it simply upload some of the current pictures on the device. Oh here's a thought, is the duck able to save data? For example, having it backup all pictures on the phone to the duck? I know it is recognized as a keyboard but it is running the payload from an SD card after all :) Now i'll be rummaging through that webpage you sent, thanks again! EDIT: The web page is in a load loop but hopefully it will surface soon. Anyways, I thought of something. They make commercial monitoring apps for android which I have tried in the past and do offer the ability to upload pictures as the device takes them. I could potentially use ducky to install said apk. Another thing to look into :) I am very excited

Hello there. I stumbled across the USB Rubber Ducky and I am very interested in it. However, I was disappointed in the limited number of payloads. Sure some of them are nifty but none that interested me enough to buy the device. Yes I know the purpose is to make your own and to contribute, but what I would like to do is a bit complicated, or so I would think anyways. I would gladly buy my very own ducky if someone could make this payload. I would even be willing to buy the finished payload depending on the price. Features: Secretly uploads all future pictures taken on the device uploads to either ftp or google drive, something of the sort Upload destination creates new folder for each new device added Option but would be nice if there was a hook on the camera. What I mean is that it saves and uploads any picture taken even if it is not in the default camera app, such as when you take a picture on snapchat. Compatibility: Works on Android / iPhone 4 / 4S / 5 Able to work on a locked device Able to work on a device that is not rooted or jailbroken I am a college student majoring in Information Systems of Management. This payload has several practical approaches for myself. Catching a cheating girlfriend, the obvious joker approach to how people always leave their phones everywhere at frat parties, and down to learning more about it. At heart I do like code but I more-so enjoy modifying existing scripts. I Know VB.net, some php, html, css, basic understanding of batch, etc. Please let me know if such a script (or similar) exists or if anyone would be interested in creating something like this. Thanks!