Darren Kitchen Posted December 4, 2012 Share Posted December 4, 2012 A lot has happened since we first introduced the USB Rubber Ducky hardware a little over a year ago. We excelled in some areas, fell flat in others, and over time with the help of the community come close to where the project should be. First, a little background. The USB Rubber Ducky concept is quite simple - violate the inherent trust the computer has in the human. If you can gain physical access to a machine, even for just a few seconds, you should be able to inject a payload at extreme speed using just keystrokes. This is done with relative ease given the fact that all computers, since the beginning, have trusted keyboards as they represent human input. The USB HID class allows us to mimic a keyboard while injecting preprogrammed keystrokes. The project started as a proof of concept using a development board called the USB Teensy. This small Arduinio clone could perform a HID attack, as demonstrated on early episodes of Hak5. Darren shared his USB Rubber Ducky prototype off to IronGeek at Shmoocon 2010 and a month later the cat was out of the bag. IronGeek recreated the attack using the Teensy and demo'ed it, crediting Hak5, at OuterZone in March. That month the USB Rubber Ducky prototype was demoed on Hak5 and a development team was kickstarted by sending 100 boards to developers around the world. Based on feedback from these developers we came to a few conclusions. In order for the USB Rubber Ducky to be a success we needed to make it simple. Rather than program and flash a device using C code, we developed a scripting language which could be written in standard text files. A cross-platform program would convert the text file into a binary to be moved onto the root of a micro SD card. With the micro SD card inserted into the USB Rubber Ducky the HID attack was ready for deployment. To further the enhance the USB Rubber Ducky as a covert HID attack tool it was fitted with a generic USB flash drive case. The custom hardware USB Rubber Ducky was born. The first generation USB Rubber Ducky wasn't without some serious issues to overcome. The small batch PCB assembly was at such a high cost that the initial retail release was $80 - three times that of an adequately equipped teensy. The latch holding the microSD card could inadvertently spring open in use. The firmware was only able to attack Windows targets, and the ducky script encoder only supported US keyboards. The later was a huge oversight by the US-centric development team. To make matters worse, licensing issues encumbered the timely open sourcing of the firmware. What had started as a modest hardware project turned out to be a nightmare. Developers were unhappy with the lack of source code, the high price and the compatibility problems. The ducky team tried several firmware fixes only to fall flat and waste time. Eventually the licensing restrictions were overcome and the source code was produced on github. Since then the promise of community development has shown its power. One developer in particular, Midnight Snake, took on two of the most challenging issues -- cross platform compatibility and international language support. During this time Hak5 worked on several hardware revisions of the USB Rubber Ducky, replacing the faulty microSD card latch with a slot and finding ways to lower the costs of production. So far there have been four hardware revisions. The first (black) debuted at $80 while between the second (red), third (white) and currently fourth (green) the hardware has finally come down to half the cost as it was at launch. Furthermore several enhancements have been made to the way payloads are generated. At first a wiki and forum were setup to share payloads. Several have been shining examples of the USB Rubber Ducky's power - like the four line wget & execute from PowerShell by Mubix, or the Windows 7 backdoor and 15 second reverse shell. To simplify payload writing process several of the most popular payloads have been adapted to the online generator at usbrubberducky.com. Simply fill in the blanks, click generate and receive a bin file ready for use on the USB Rubber Ducky. Android hacking has also debuted. Following the introduction of Kos' (kos.io) P2P-ADB attack, and the subsequent Micro-to-Micro OTG or "Kos Cable" we made him, we're excited to publish a few useful Android payloads. The first enables developer mode and USB debugging, perfect for use with Kos' P2P-ADB attacks, while another simply adds an open WiFi access point to the device so Android can more easily be friends with the WiFi Pineapple. A tremendous amount of progress has been made over the last year and it's thanks in most part to the USB Rubber Ducky community who has continued to support the platform. With a lot of the bugs worked out, costs reduced and process made even more simple we're very excited to see what's in store for the next generation of the USB Rubber Ducky. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.