Oli
-
Posts
237 -
Joined
-
Last visited
-
Days Won
4
Posts posted by Oli
-
-
Yes - kind of - but probably more hassle that it is worth and likely to be many 'gotchas'.
You could try some kind of customized firmware, type the exe out character by character, or something like that.
Probably easier to just use a second usb and script running / copying the program from there.
-
Start with a Teensy would be my advice as they are designed for modding :)
The duck doesn't have any GPIO available from what I can see so any mods that you can do are going to be fairly trivial.
Depending on what you want to do, then an Arduino Leonardo might be a perfect choice and is readily available.
-
Also, there are likely to be many edge cases - boxes to check, room numbers to enter, email addresses etc so the problem isn't as simple as it first might seem.
In the EU you often have to enter a ton of information at the portal and each one is potentially slightly different.
Using something like mitmproxy on a laptop to record something that can be replayed on the Pineapple might be a more fruitful / generic approach.
-
Well post the command that isn't working as expected, your OS and other pertinent information and I'll try and help :)
Are you on Windows? Are you familiar with PowerShell?
I think the root cause is that the duck / site are aimed more at "script kiddies" and assume the user doesn't want to know / understand what is going on and how the functionality works.
A better approach is to devise a script that works for you and then port it into a duck script rather that using a site to auto-magically generate a script... The unreadable / hard to maintain scripts are the reason that I don't use the duck anymore (along with accidentally breaking my duck when drunk! :) )
-
I still don't understand the need to add LEDs or LCD screens to a Pineapple. DIP switches are one thing because they actually add functionality to the device but no one needs more LEDs. If you are doing it for the GPIO pins and trying to build a robot, I guess thats cool, but why use a Pineapple instead of an Arduino or Raspberry Pi?
You are preaching to the choir :) Arduino is great, but what we need is a compelling use case - something awesome that can be done with it using the Pineapple.
I think there are some compelling stuff you could potentially do - displaying harvested passwords, displaying connection attempts, tactile switches to launch specific attacks, multi-color LEDs that display the stage or success of attacks, etc etc. I guess making a pineapple "headless" and not needing a PC/phone for standard use.
Do I think the HDK as it stands is great for that? Do I think the software component of the HDK will be good enough? Not really to be honest and I have left the Pineapple eco-system as there is a lot I don't like about it, although I hope that somebody does do something cool with it. A year ago I would have bought a dozen and tried some stuff out, but nowadays I'd rather build something bespoke and not so compromised as the current offering.
The price point of $12 does seem pretty good though.
-
Well at what point is it failing? The ducky isn't doing anything magic - it is just a keyboard typing faster than a human can.
I suggest you work out how to do the report by hand and find out what needs to be executed on the keyboard. Unless you provide a fail case or more information nobody can really help you...
-
So I bought the SDK board and installed it. Even a 3.3V Bluetooth module. Guess I could write an Arduino program to monitor the pins and tell me what they're doing. I noticed at the New Year's bbq, Darren had one hooked up.
How about giving us a minimal pin mapping. Even if it's presently empty. I'd be nominally satisfied to learn that none of those pins are talking. If that's accurate information, I can dig it. Means I have to wait.
Not sure what you are actually meaning here... The pineapple pins are as I originally expected / reverse engineered. The new HDK headers / pins are just normal arduino pins as labelled on the silkscreen. The HDK enables the Pineapple to communicate with the Arduino board over SPI and in fact wastes an opportunity to utilize many of the GPIO pins.
Was thinking of Picking up a board, but just curious as of the practical use of it?
I'm unsure of what its uses are? Does it standardly act as a means of expanding the RAM / CPU? Or is it a strict purpose board to just have easier access to modification? Easier way of adding say example: an lcd screen, led lights, more dip switches, etc?
Arduino is pretty cool but a compelling use case is still needed. You can easily add displays etc but you still need lots of "glue" code on the pineapple do to anything meaningful.
Arduino does nothing in terms of RAM/CPU, however you can offload some tasks (for example display logic, neopixel timing etc) to stop the Pineapple getting too bogged down.
You can in fact add leds, dips etc without even needing Arduino.
-
Perhaps look at the actual script and just do the actions manually to see what is going on?
-
I wouldn't bother just yet as the github is never updated... For code contributions to work properly, a meaningful infrastructure needs to be in place.
https://github.com/WiFiPineapple/MK5_Interface
Excluding the infusions, the code might as well be closed source.
-
Just to be pedantic with respect to the GPL, actual source and not diffs should have been provided (or an offer to provide them made)...
http://www.gnu.org/licenses/gpl-faq.html#DistributingSourceIsInconvenient
-
5v would maybe work ok, although you might not get a full 5v on the usb ports.
Give it a try, if you have issues swap it for 12v although this will dissipate more heat.
-
If you can do it with a keyboard then you can do it with a duck. It is not a magic exe execution device.
In your case you would have to know the password etc etc.
-
I think you have any pretty much missed the point of the BadUSB here.
3 above is rubbish, teensy blows the duck out of the water on every level bar the form factor / connector.
For traditional duck functionality I would go for teensy as a first choice and a duck if you are a newb.
-
Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime..
-
Just google for OpenWRT lease time and that should provide some relevant information.
-
No point. It is pretty low capacity and not as convenient as an SD card that you can pop out and use in a PC with an adapter.
It is essentially EEPROM without the low number of write cycles. So you *could* use it in a peensy device (not a ducky as that has no suitable I/O), but exactly why you would want to when it has low storage capacity and disk access isn't a bottleneck I don't know.
There could be some corner cases where you would want to use it, such as when the built in microcontroller EEPROM is too small and you want to store a payload or something without adding an SD card - but typically in that case I'd use an external EEPROM as they are cheap as chips
-
Good stuff. Must have been some cold joints with the soldering / continuity problems.
-
How are you testing? The dipstatus infusion? I'd be tempted to be using something like that to debug what is going on.
I've given up on my pineapple and have some spare switches laying around so I might crack out my soldering iron and see if I can get it to work. I can't think of anything that could be causing issues. You are just using a standard toggle with no additional circuitry right?
-
In this pic:
https://www.dropbox.com/s/w5d36trcnzweq1y/20141118_094452.jpg?dl=0
The DIP is on and therefore the wire is redundant.
-
That should work....
The DIP switches are normally open. So, make sure that all switches are up (i.e. in the off position) for operation with the external switches - one picture has a switch down, along with the wire attached.
What I'd do is check the soldering is all good. With a multimeter and all switches up/off ensure no continuity between the corresponding IC socket pins. Next put all switches on/down and check that you do have continuity between corresponding socket pins,
Also remember that some pins have crazy non-user user customizable uses, so make sure that if you are connecting your switches that they are definitely open (i.e. not on) for normal use,
-
Should be an easy swap out.
Desolder DIP switch and add wires to a SPST switch (or correctly wire up a another kind of switch).
I guess you may have wired up a switch wrong or it may be the wrong way around - i.e. what you think is ON for the switch is actually OFF.
Do you have some pictures so I can take a look?
-
Nice little hardware hack! Yep, could definitely do with a bit of soldering practice (and much less solder) - I recommend the eevblog videos. Also could do with less insulation being stripped from the wires to reduce possibility of shorts/etc.
-
It's also worth mentioning that the payload (key presses) wont start until the driver is installed. So you dont need a delay while you wait for the driver to install. You seem to misunderstand what the ducky is. It's a keyboard. That's it. It has no way of checking conditions. No logic (if and or). No feedback.
You need to be crafty, which is it's charm.
You do need a delay for drivers. The ducky doesn't know if drivers are installed and good to go - it just blindly fires off the keystrokes as programmed.
-
Awhile ago there was talk of an HDK, it was supposedly going to be release around defcon, there hasn't been any talk of it since then, has it dropped off that map? Or did I miss something?
This thread contains pretty much everything since then. Still no sign of a final hardware product in the hakshop or any software support.
Ducky Polling / Input Rate
in Classic USB Rubber Ducky
Posted
Somewhere in the order of 500 maximum, 62.5 worst case depending on O/S.
Take a look at the bottom of this page:
https://www.pjrc.com/teensy/td_keyboard.html
Not an exact comparison as the implementations are slightly different, but I guess it is going to be in the same ballpark.
It would be interesting to see some benchmarking though if anyone can be bothered.