Arkanian Posted February 12, 2013 Share Posted February 12, 2013 Is there a way to determine when the HID drivers are loaded? I have seen on some of my PCs that try to grab the drivers from WSUS that it takes 2 mins before the OS installs the drivers. I don't want to wait 120 seconds if I can avoid on it on other PCs. Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 12, 2013 Author Share Posted February 12, 2013 (edited) Just to be clear I did search these forums. I saw one person give C code to detect if NUMLOCK is on but I am not sure where this code would go since the payload is not C. Just need clear direction on what to do here. Edited February 12, 2013 by Arkanian Quote Link to comment Share on other sites More sharing options...
no42 Posted February 12, 2013 Share Posted February 12, 2013 (edited) Depends on the HID Injection (m_duck.hex) or composite (c_duck.hex) the c_duck wants to mount the mass_storage parition, whereas you could wait (m_duck.hex) then use a keyboard trigger (CAPS/NUM/SCROLL Lock). Alternativley, if your using the HID injection modules version 2 fimrware (m_duck.hex or duck.hex) you can edit vidpid.bin to spoof the identifier of the current keyboard - thus bypassing the need to wait for drivers to install as their already loaded. This additionally works for the USB and Composite devices (USB.hex and c_duck.hex) where you can spoof the VID and PID of an already allowed/authorised device; this not only bypasses device control software but the installation of drivers. Check out ducky-decode website. Its in my signature. Edited February 12, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 12, 2013 Author Share Posted February 12, 2013 I love the idea of the twin duck so I installed c_duck_v2_S001. I am about to try this on a few PCs but it sounds like this might do the trick? Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 12, 2013 Author Share Posted February 12, 2013 Just tested and it looks like c_duck_v2_S001 does exactly what I want it to do! Sweet!! Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 12, 2013 Author Share Posted February 12, 2013 Well it looks like this only works properly with the startup after drivers load on Windows 7. Windows XP doesn't seem to work right. So looks like for now I will just put a sleep of 30. Takes 20-30 seconds for XP to load the drivers. Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 12, 2013 Author Share Posted February 12, 2013 (edited) Well this is odd. I put in a sleep of 30 seconds and the drivers were well loaded after it was suspose to execute but nothing ever happened. If I take it back out and put it in it works or if I turn off\on the numlock key it works. Not sure what is going on. Again this is only on a PC that it has never been plugged into. Edited February 12, 2013 by Arkanian Quote Link to comment Share on other sites More sharing options...
no42 Posted February 13, 2013 Share Posted February 13, 2013 C_duck_v2_s001 only triggers on keyboard lock keys, there is no auto trigger. C_duck_v2_s002 only triggers on the ducky's gpio button, again no auto trigger Quote Link to comment Share on other sites More sharing options...
Arkanian Posted February 13, 2013 Author Share Posted February 13, 2013 There might not be an autotrigger but C_duck_v2_s001 appears to execute the inject.bin after the drivers are loaded. I slept on it and test Windows XP again and this time it worked. Drivers took around 30 seconds to load for the first time and around 15 seconds later (have a delay of 15000) my script ran. Maybe the new firmware is just better than the default when it comes to driver load times and execution of inject.bin? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.