Hi everyone,
I'm trying my ducky on a Macbook Pro, and my initial intention was to use it with the composite firmware (to execute the payload while im "looking for a pdf in my pendrive" basically), but i've found some issues along the way.
If i set the VID/PID to the internal keyboard ones (using a non-composite firmware), it works as expected.
If i put the VID/PID of another keyboard, the OS asks me to press a few keys in the new keyboad to confirm it's "allowed" to work.
If i use the composite firmware (using one of the composite VID/PID) it detects the storage device correctly, and the keyboard correctly, but it shows me the same window requesting me to do a few specific keypresess to confirm the new keyboard is secure.
One way to solve this would be to add to my ducky script the initial keypresses required by the OSX keyboard validation screen.
But also while thinking about it, i came across another idea.
Would it be possible to change the VID/PID while the ducky is connected (maybe forcing a disconect/reset so that the host detects the device again, but this time with another VID/PID set)?
One possible use case would be to connect the ducky, it first acts as trusted host keyboard (ie. the internal macbook pro keyboard in my case), executes the payload, and afterwards, triggered by something (the ducky's button? or maybe the end of the script execution?), it swaps the vidpid.bin (ie. with another one that has the vid/pid of a storage device) and forces a reset on the usb device.
Do you think doing something like that would be possible?