Jump to content

[Firmware] Naked Duck Now Dressed to Kill (Ducky Suits Up)


no42
 Share

Recommended Posts

The Naked Duck has been upgraded to version 2 firmware.

This means:

  • VID & PID Controlled through vidpid.bin (on sdcard root).

Upgrades:

  • Multi-payloads now trigger on Keypress (added interrupt B) )
  • No longer have to press the GPIO button

Meaning the Ducky can put on his Black Dinner Suit like a real spy (or the USB case in reality); Probably means he needs a new codename.

Warning: the use of CAPS_LOCK/NUM_LOCK/SCROLL_LOCK in Ducky scripts may cause scripts to collide!

And if you didn't spot it:

  • Inject.bin = default payload on boot
  • Inject2.bin = Num_Lock
  • Inject3.bin = Caps_Lock
  • Inject4.bin = Scroll_Lock <- New Trigger Key

Usually procedure, provide feedback here. My laptop doesn't haves scroll_lock so its untested - the other keys work fine.

Download in usual place: http://code.google.com/p/ducky-decode/downloads/list

~~Snake

PS. Kind breaks rule 6 of Duck Club, for those unfamiliar with Duck Club see post http://forums.hak5.org/index.php?/topic/28323-happy-ducky-xmasnew-year/

Edited by midnitesnake
Link to comment
Share on other sites

  • 3 weeks later...

Nice job on that one, all 4 payload worked indeed!

Oops, look like I broke rule 6 too... nevertheless, pwned the IT admin by asking "can you check what’s wrong with my mouse?" Needless to say he bought a ducky and implemented soap load of GPO, pun intended!

DSCF0475.jpg

Link to comment
Share on other sites

  • 5 weeks later...

Nice job on that one, all 4 payload worked indeed!

Oops, look like I broke rule 6 too... nevertheless, pwned the IT admin by asking "can you check what’s wrong with my mouse?" Needless to say he bought a ducky and implemented soap load of GPO, pun intended!

https://madhak.com/wp-content/uploads/2011/05/DSCF0475.jpg

Please oh please tell me how to get such usb drive cases to pretent it is an mouse! I love this great idea and just got my usb rubber ducky so yeah..

Link to comment
Share on other sites

I've got a question about this firmware.

Because it depends on whether the modifier keys are pressed or not (CAPS LOCK, NUM LOCK), does the modifier count against the strings being inputted. For example, with the caps lock LED lit, EVERYTHING i TYPE WILL COME OUT LIKE THIS even though I'm typing like this. Does the duck work on ASCII codes or keymaps to "type"?

Similarly, on my laptop, if I type with NUM LOCK turned on, 5t c60es 64t 36625ng 352e th5s, when I'm typing like this. Because of this, I never turn num lock on, on my laptop. On my desktop however, num lock is never turned off.

Link to comment
Share on other sites

Only triggers when LEDs are on, so either double tap the key. Or have the relevant key press as the first line in the specific payload injectX.bin.

I can put protection in to prevent payloads interfering - cant remember if I did this. In this firmware?

The more feedback we receive the better.

Thanks

Snake

Link to comment
Share on other sites

Does that mean you can chain-load scripts together?

Your main script:

DELAY 10000

REM // Run inject1
NUM-LOCK
DELAY 50
NUM-LOCK

DELAY 10000

REM // Run inject2
CAPS-LOCK
DELAY 50
CAPS-LOCK

DELAY 10000

REM // Run inject3
SCROLL-LOCK
DELAY 50
SCROLL-LOCK
Link to comment
Share on other sites

It is possible to chain them..... but looking at the recent source, I put in an extra true/false statement to stop them chaining. Not sure if I released this (as Im always tinkering)? Anyhow, I'll look more into this tomorrow (if I have time).

If you want chaining I can bring it back, but why would you want it? as everything can fit in a big script anyway?

It was only invented to ease off swapping sdcards, or recompiling inject.bins.

But yes, it is handy to have the relevant trigger key as the first line, when using the m_duck_X.hex firmware to stop the *LOCK keys interfering with the payload.

Note: using the LED lights was thought of a method to extract data from the host, without the mass storage partition. However, its faster to disguise data in HID reports. It is possible, its been done with a Teensy, but the author is selling the code not releasing under open-source. We can do this with the ducky - Im hoping someone can pick up the challenge. (Preferably a grad-student who has time, and needs an end-of-year project for their degree).

Link to comment
Share on other sites

Well, I'm an undergrad student who is looking for a final year project for my degree. :p I have no real background in firmware though, or C.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...