no42 Posted January 10, 2013 Share Posted January 10, 2013 (edited) The Naked Duck has been upgraded to version 2 firmware. This means: VID & PID Controlled through vidpid.bin (on sdcard root).Upgrades: Multi-payloads now trigger on Keypress (added interrupt B) ) No longer have to press the GPIO button Meaning the Ducky can put on his Black Dinner Suit like a real spy (or the USB case in reality); Probably means he needs a new codename. Warning: the use of CAPS_LOCK/NUM_LOCK/SCROLL_LOCK in Ducky scripts may cause scripts to collide! And if you didn't spot it: Inject.bin = default payload on boot Inject2.bin = Num_Lock Inject3.bin = Caps_Lock Inject4.bin = Scroll_Lock <- New Trigger Key Usually procedure, provide feedback here. My laptop doesn't haves scroll_lock so its untested - the other keys work fine. Download in usual place: http://code.google.com/p/ducky-decode/downloads/list ~~Snake PS. Kind breaks rule 6 of Duck Club, for those unfamiliar with Duck Club see post http://forums.hak5.org/index.php?/topic/28323-happy-ducky-xmasnew-year/ Edited January 10, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
madhak Posted January 28, 2013 Share Posted January 28, 2013 Nice job on that one, all 4 payload worked indeed! Oops, look like I broke rule 6 too... nevertheless, pwned the IT admin by asking "can you check what’s wrong with my mouse?" Needless to say he bought a ducky and implemented soap load of GPO, pun intended! Quote Link to comment Share on other sites More sharing options...
h4x0r666 Posted February 27, 2013 Share Posted February 27, 2013 Nice job on that one, all 4 payload worked indeed! Oops, look like I broke rule 6 too... nevertheless, pwned the IT admin by asking "can you check what’s wrong with my mouse?" Needless to say he bought a ducky and implemented soap load of GPO, pun intended! https://madhak.com/wp-content/uploads/2011/05/DSCF0475.jpg Please oh please tell me how to get such usb drive cases to pretent it is an mouse! I love this great idea and just got my usb rubber ducky so yeah.. Quote Link to comment Share on other sites More sharing options...
ApacheTech Consultancy Posted February 27, 2013 Share Posted February 27, 2013 I've got a question about this firmware. Because it depends on whether the modifier keys are pressed or not (CAPS LOCK, NUM LOCK), does the modifier count against the strings being inputted. For example, with the caps lock LED lit, EVERYTHING i TYPE WILL COME OUT LIKE THIS even though I'm typing like this. Does the duck work on ASCII codes or keymaps to "type"? Similarly, on my laptop, if I type with NUM LOCK turned on, 5t c60es 64t 36625ng 352e th5s, when I'm typing like this. Because of this, I never turn num lock on, on my laptop. On my desktop however, num lock is never turned off. Quote Link to comment Share on other sites More sharing options...
no42 Posted February 28, 2013 Author Share Posted February 28, 2013 Only triggers when LEDs are on, so either double tap the key. Or have the relevant key press as the first line in the specific payload injectX.bin. I can put protection in to prevent payloads interfering - cant remember if I did this. In this firmware? The more feedback we receive the better. Thanks Snake Quote Link to comment Share on other sites More sharing options...
ApacheTech Consultancy Posted February 28, 2013 Share Posted February 28, 2013 Does that mean you can chain-load scripts together? Your main script: DELAY 10000 REM // Run inject1 NUM-LOCK DELAY 50 NUM-LOCK DELAY 10000 REM // Run inject2 CAPS-LOCK DELAY 50 CAPS-LOCK DELAY 10000 REM // Run inject3 SCROLL-LOCK DELAY 50 SCROLL-LOCK Quote Link to comment Share on other sites More sharing options...
no42 Posted February 28, 2013 Author Share Posted February 28, 2013 It is possible to chain them..... but looking at the recent source, I put in an extra true/false statement to stop them chaining. Not sure if I released this (as Im always tinkering)? Anyhow, I'll look more into this tomorrow (if I have time). If you want chaining I can bring it back, but why would you want it? as everything can fit in a big script anyway? It was only invented to ease off swapping sdcards, or recompiling inject.bins. But yes, it is handy to have the relevant trigger key as the first line, when using the m_duck_X.hex firmware to stop the *LOCK keys interfering with the payload. Note: using the LED lights was thought of a method to extract data from the host, without the mass storage partition. However, its faster to disguise data in HID reports. It is possible, its been done with a Teensy, but the author is selling the code not releasing under open-source. We can do this with the ducky - Im hoping someone can pick up the challenge. (Preferably a grad-student who has time, and needs an end-of-year project for their degree). Quote Link to comment Share on other sites More sharing options...
ApacheTech Consultancy Posted March 1, 2013 Share Posted March 1, 2013 Well, I'm an undergrad student who is looking for a final year project for my degree. :p I have no real background in firmware though, or C. Quote Link to comment Share on other sites More sharing options...
no42 Posted March 1, 2013 Author Share Posted March 1, 2013 Well, I'm an undergrad student who is looking for a final year project for my degree. :P I have no real background in firmware though, or C. Its just C code, means just getting used to the code. Doing these war-games (http://www.overthewire.org/wargames/) was good practice for learning C. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.