Jump to content

[BugReport] Payload does not autorun


Recommended Posts

Hello, there!

Just recived my new Rubber Duck (it took about 1 month to travel me) and have some trouble with it.

First I had problems with sd-card. It was formatted with fat16 and duck didn't see it. Formatting with fat32 solved the problem.

Next what I have now - the payload does not start automaticly. It loads only when I press button on the duck. Why can that be?

Another question - is there any possibility to partition sd card in two parts, so that one partition will be visible in the target OS? What I want is to save some files from target OS on the partition on the sd card with the payload which runs from another partition. I think you got idea, sorry for bad english....

At the end, thank you for great device!!!

Link to comment
Share on other sites

stock firmware: the HID payload should execute relatively straight away

community firmware: you need an initial delay eg DELAY 5000 (may need to be tweaked)
composite firmware: not possible, as the drive initally mounts as mass storage, you need to push the button to trigger hid mode.

Short answer no, the card can be partitioned but your limited to 1x access control (either ducky reads both partitions, or OS reads both)

Look into c_duck_v2.hex (Twin Duck/composite) firmware that can use hid injection, to load a pre-defined script/binary on the sdcard partition.

Edited by midnitesnake
Link to comment
Share on other sites


I resolve the problem with payload autostart using this firmware - https://github.com/downloads/hak5darren/USB-Rubber-Ducky/Duck%20Firmware.hex

Partitioning - it's a pity. So in this case, is there any possibility withing payload create fake USB-flash drive letter which will be accessible to the user? What I want - user plugs in rubber duck -> fake usb-flash appears (for example drive e:) -> user writes some files to it (I don't need these files, the main idea is to remove suspissions) -> user ejects duck -> fake drive dissapears....

Link to comment
Share on other sites

Hypothetically, on the lower levels, it would seem you would need to implement some kind of auto-delete system that runs through the EEPROM. I would fear that it would be dangerous because how do you propose writing anything new to the duckey? If you implement hidden folders that auto.ini, then I think that would be better. Make a folder for the victim; but make everything else stay hidden...

But hell... I am hung over from too much Balvene 21 year old Scotch from Christmas; so I may just be incoherently explaining things... :D ... inebriated = this guy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...