Oli

Duck devices are typically just seen as keyboards... You aren't trying to save files to a keyboard right? You will need a secondary usb device. Please post relevant payload section for more meaningful help :)

Build one would me my advice, lots of info around.

I'd use a teensy for this kind of thing as it is trivial to do.

Looks pretty good. Although not too wise as we could probably mess it up and/or bring your site down :)

Just get an Arduino Leonardo (or clone) / Teensy as these can do the same thing and are more readily available.

Not really a ducky related problem so I doubt you will get much help here... The ducky is essentially just a keyboard and executes commands, not a magical escalation tool. The magic is in the payload and your question is too vague to provide much meaningful help.

That shouldn't really happen though... Sounds like a fire / electrocution hazard and potentially cheap Chinese electronics. If you can be bothered, please crack open the PSU / battery case and post some photos of the PCB so we can try and see the quality and what failed.

I'd use a 'peensy' for this kind of thing until the duck firmware is given the attention it needs: https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/

My advice would be not to run code that you don't understand from a proprietary site! :) Debug by using your own script that does what you require and the port that to the duck. If you do want to debug: The duck is just a "dumb" keyboard that executes keystrokes. You have the generated script, so run it line by line manually and then work out what instruction causes it to fail.

Make sure you are running the latest drivers: https://www.silabs.com/products/mcu/Pages/USBtoUARTBridgeVCPDrivers.aspx

I'm sure it has just been overlooked - I've personally had no problems. In fact, I had great service when my launch day Pineapple was missing an SD card. Just try again or call the number?

Maybe try a really simple payload that you know should work? I'm not 100% convinced that the script you are using isn't dodgy. The "my first payload" thing should be ok. You are using the right firmware / actually encoding your script with the java app to get the bin file right?

The approach will be roughly analogous so it should be pretty trivial to port.

Go for it. The duck firmware is starting to get more and more dated - we need such things as "waitForDrivers" methods and better approaches for delays.

Probably need an initial delay and other delays as appropriate,

I have no experience with the device in question. I'd guess you will be able to do some of the deployment, but probably some manual steps and some stuff that needs touch. An arduino/teensy would be a better place to start as you can then have multiple "payloads" that can be executed along with anything manual to speed up the deployment process.

Could be many potential reasons.... Have you tried manually typing that stuff (i.e. with keyboard and not a duck) to see if it actually works as expected?

Not too easily. You could maybe hack the source? Oh wait, source not updated for 8 months https://github.com/WiFiPineapple/MK5_Interface Maybe sweet talk somebody to set up port forwarded access to a real pineapple?

If you can do all the above manually with a just a physical keyboard attached the answer is yes, otherwise no :) The ducky is essentially just a keyboard that can type faster and more reliably than you can, not a magic hacker / deployment tool.

It is not a bug in the sense of “not working as designed” but more a UX problem in as much as it is “not designed as it should work”

This is the kind of thing: https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/

I prefer a low tech approach of just swapping out SD cards or using a "duck-like" arduino device that can have configurable (via dip switch) payloads or have more logic built into the code.

I use a Peensy based approach using a Teensy: https://www.offensive-security.com/offsec/advanced-teensy-penetration-testing-payloads/ I don't have a duck anymore so no point in me customizing the firmware or augmenting its sub-optimal ducky scripting language :)

Just use a Teensy or, worst case an Arduino Leonardo or Adafruit Trinket or any Arduino compatible microcontroller with a, say, Atmel ATMEGA 32U4 chip. You should be able to find something locally in India - Arduino, PJRC and Adafruit have a ton of resellers.

There is a way, but ducky doesn't support it out of the box - I suppose it could with modified firmware but not really with the effort. You can use keyboard lights to set and then check the results of any "questions" that you ask via the script. The script turns off all caps/num/scroll lock lights and then sets them to appropriate values - the duck can then read back those values. This method can be used for (very slowly!) exfiltrating data too.