knight Posted January 8, 2013 Share Posted January 8, 2013 Board, I was wondering if there was any way I could get a custom firmware made... I would suspect this kind of project would be fairly easy, since everything I'm looking for has already been done, at least I think. I just need a few of the features of one firmare added into another. Midnitesnake and or Nick have wrote firmware that adds Mass Storage functionality, LED usage functionality, numlock state change, etc. Here's what I am wanting.... When the ducky is initially inserted it only registers as a mass storage device, no payload, no keyboard presses, etc. I'd prefer it if the device registered as a keyboard FIRST, then as a mass storage device second. Then, the ducky monitors for the num lock on the keyboard to be pressed, when it's pressed then it initiates it's payload. I'd prefer it to look at the scroll lock, but I'm not sure if it can sense that, since I haven't seen that functionality in any other firmwares. I also never want the LED to turn on at all unless there's a problem, though this isn't much of a problem, since my intentions are to leave the case on the ducky all the time. As for the technical aspect, I'm fine with formatting multiple partitions on the sd card if that's needed, or just leaving the inject.bin on the root of the SD card, which would be visible from the mass storage driver. I don't have any problem with the ducky associating a keyboard initially, before the first numlock or scroll lock use. What would be perfect would be for the ducky to not need a inject.bin and instead it would read a ascii file, say, %drive%/info.txt or whatever, and use that as a ducky script, though if I have to use a encoded inject.bin that's fine too. I'd be willing to pay to get a firmware like this. Knight. Quote Link to comment Share on other sites More sharing options...
no42 Posted January 8, 2013 Share Posted January 8, 2013 Both HID and USB actually load and enable at the same time, its your initial ducky DELAY X, that makes the keyboard appear 2nd. You have a race-condition! The stack is laid out as composite device - so both get loaded at the same time, not sure if the USB mounting can be delayed. Quote Link to comment Share on other sites More sharing options...
knight Posted January 8, 2013 Author Share Posted January 8, 2013 (edited) That's no problem. I was just hoping to get the keyboard to laod first, just to increase compatibility, but it probably won't be a issue anyway! So do you think it's doable? Mostly the part about watching the numlock and playing the inject2.bin only when the numlock is pressed, without having to press the ducky's button, I'd like to keep the case on. Much thanks! Knight. Edited January 8, 2013 by knight Quote Link to comment Share on other sites More sharing options...
PineDominator Posted January 9, 2013 Share Posted January 9, 2013 (edited) Both HID and USB actually load and enable at the same time, its your initial ducky DELAY X, that makes the keyboard appear 2nd.You have a race-condition! The stack is laid out as composite device - so both get loaded at the same time, not sure if the USB mounting can be delayed. One thing that would be cool with the latest firmwares would be when you set caps lock run inject. Bin numlock run inject2.bin.Because when I run on a fresh computer it takes like 15 seconds to install both hid and drive making timing a payload hard. I've been plunging in then removing the duck just after the computer finishes installing then plunging back in to run the payload. Something even cooler would be to have some new commands in the script ie IF NUMLOCK { Command ect } Or WAIT CAPS/NUMLOCK { Command ect } This would be awesome. Kinda like choose your own adventure;-) Edited January 9, 2013 by petertfm Quote Link to comment Share on other sites More sharing options...
knight Posted January 9, 2013 Author Share Posted January 9, 2013 One thing that would be cool with the latest firmwares would be when you set caps lock run inject. Bin numlock run inject2.bin.Because when I run on a fresh computer it takes like 15 seconds to install both hid and drive making timing a payload hard. I've been plunging in then removing the duck just after the computer finishes installing then plunging back in to run the payload. Something even cooler would be to have some new commands in the script ie IF NUMLOCK { Command ect } Or WAIT CAPS/NUMLOCK { Command ect } This would be awesome. Kinda like choose your own adventure;-) I totally agree, but I wasn't sure if that could be done from a technical standpoint. I'm fairly sure the ducky can detect when caps/numlock is on, since the m_duck.hex firmware is capable of changing the color of the led based on caps/numlock being pressed on. Knight. Quote Link to comment Share on other sites More sharing options...
no42 Posted January 10, 2013 Share Posted January 10, 2013 One thing that would be cool with the latest firmwares would be when you set caps lock run inject. Bin numlock run inject2.bin.Because when I run on a fresh computer it takes like 15 seconds to install both hid and drive making timing a payload hard. I've been plunging in then removing the duck just after the computer finishes installing then plunging back in to run the payload. This would be awesome. Kinda like choose your own adventure;-) I'm rather limited on memory, I have to load the inject.bin into memory, before starting the USB stack (as the AVR cant read from the sdcard, when functioning as Mass Storage). I've tried manipulating SRAM and the Heap - to no effect! I'm either missing some info, or the Ducky is eating up the AVR's SRAM. I'm limited to 4KB since each keypress is encoded as 2-bytes that's really 2048 keystrokes. So implementing this function for one key (eg caps) should be relatively straight forward, for two keys (caps and num lock) - its really going to reduce memory again. Quote Link to comment Share on other sites More sharing options...
knight Posted January 11, 2013 Author Share Posted January 11, 2013 I'm rather limited on memory, I have to load the inject.bin into memory, before starting the USB stack (as the AVR cant read from the sdcard, when functioning as Mass Storage). I've tried manipulating SRAM and the Heap - to no effect!I'm either missing some info, or the Ducky is eating up the AVR's SRAM. I'm limited to 4KB since each keypress is encoded as 2-bytes that's really 2048 keystrokes. So implementing this function for one key (eg caps) should be relatively straight forward, for two keys (caps and num lock) - its really going to reduce memory again. This isn't a issue for my application. 4K is probably about 100 times more memory then I'll need for my purposes! And any future uses also. I also don't need multiple buttons, just a simple numlock, or capslock. Preferably Scroll lock, since that's really not ever used anymore. Also, after the "trigger key" (numlock, caps lock, etc) is pressed, I'd like to be able to change the state back, without it triggering the payload again. Because when the ducky senses the trigger key, it'll change states (on to off, or off to on) and I'd like either the firmware to reset back to the original, or the inject.bin script to be able to change it, but prevent a infinite loop... not sure if that can even be done, just one pitfall I've tried to look out for! :) If we cna make the scroll lock work, that would be IDEAL. Since it's really not even used anymore. You're amazing, Midnitesnake! I'd be more then glad to paypal ya some funds, or greendot or something! Thanks! Knight. Quote Link to comment Share on other sites More sharing options...
no42 Posted January 11, 2013 Share Posted January 11, 2013 (edited) Ok. Here we go: Mass storage and HID load at the same time HID wont fire until users lights one of the following LEDs: CAPS/NUM/SCROLL Lock. - Still Only 1x payload inject.bin Hopefully, have safeties to prevent script, reloading mid-injection if special key is involved in Ducky script. http://code.google.com/p/ducky-decode/downloads/detail?name=c_duck_v2_S001.hex&can=2&q= After injection, Duck should return to default state. Post feedback here. Edited January 11, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
PineDominator Posted January 12, 2013 Share Posted January 12, 2013 (edited) Ok. Here we go:Mass storage and HID load at the same time HID wont fire until users lights one of the following LEDs: CAPS/NUM/SCROLL Lock. - Still Only 1x payload inject.bin Hopefully, have safeties to prevent script, reloading mid-injection if special key is involved in Ducky script. http://code.google.com/p/ducky-decode/downloads/detail?name=c_duck_v2_S001.hex&can=2&q=]http://code.google.com/p/ducky-decode/downloads/detail?name=c_duck_v2_S001.hex&can=2&q=[/url] After injection, Duck should return to default state. Post feedback here. you are the man. I'm trying this when I get time later Edited January 12, 2013 by petertfm Quote Link to comment Share on other sites More sharing options...
knight Posted February 3, 2013 Author Share Posted February 3, 2013 (edited) First, let me appologize for such a huge delay in response, I've been out of town for an extended period of time, and I took my laptop, but it turns out the cellular data in Jamaica is incredibly expensive! ($1.99/MB!) Ok. Here we go: Mass storage and HID load at the same time HID wont fire until users lights one of the following LEDs: CAPS/NUM/SCROLL Lock. - Still Only 1x payload inject.bin Hopefully, have safeties to prevent script, reloading mid-injection if special key is involved in Ducky script. http://code.google.com/p/ducky-decode/downloads/detail?name=c_duck_v2_S001.hex&can=2&q= After injection, Duck should return to default state. Post feedback here. This is amazing... it's almost exactly what I was wanting, though there is one little issue, and I'm thinking it was probably a miscommunication rather then a bug. I'd prefer it if the "payload key" was ONLY the scroll lock. I said other keys above simply because I wasn't sure if the scroll lock could be used this way. I'm sure this is a small, slight modification which should be easy, but it would make things perfect. I want to be able to leave the rubber ducky always plugged in, and only execute the inject.bin when the scroll lock is pressed, so because of this, I want to be able to use my caps lock, num lock, etc without causing the payload to be ran. Edit: Also, I'd prefer the LED's to remain off at all times. Unless you are able to make the LED's respond to data usage on the mass storage device. Much thanks, this is amazing! Knight. Edited February 3, 2013 by knight Quote Link to comment Share on other sites More sharing options...
no42 Posted February 3, 2013 Share Posted February 3, 2013 Easy mod. With the LEDs Im assuming you mean the Ducky's - these are easy to disable, they're currently enabled to help debug problems. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.