[Question] Waiting for Drivers to Load

[Arkanian]

Is there a way to determine when the HID drivers are loaded? I have seen on some of my PCs that try to grab the drivers from WSUS that it takes 2 mins before the OS installs the drivers. I don't want to wait 120 seconds if I can avoid on it on other PCs.

[Arkanian]

Just to be clear I did search these forums. I saw one person give C code to detect if NUMLOCK is on but I am not sure where this code would go since the payload is not C. Just need clear direction on what to do here.

Edited February 12, 2013 by Arkanian

[no42]

Depends on the HID Injection (m_duck.hex) or composite (c_duck.hex) the c_duck wants to mount the mass_storage parition, whereas you could wait (m_duck.hex) then use a keyboard trigger (CAPS/NUM/SCROLL Lock).

Alternativley, if your using the HID injection modules version 2 fimrware (m_duck.hex or duck.hex) you can edit vidpid.bin to spoof the identifier of the current keyboard - thus bypassing the need to wait for drivers to install as their already loaded. This additionally works for the USB and Composite devices (USB.hex and c_duck.hex) where you can spoof the VID and PID of an already allowed/authorised device; this not only bypasses device control software but the installation of drivers.

Check out ducky-decode website. Its in my signature.

Edited February 12, 2013 by midnitesnake

[Arkanian]

I love the idea of the twin duck so I installed c_duck_v2_S001. I am about to try this on a few PCs but it sounds like this might do the trick?

[Arkanian]

Just tested and it looks like c_duck_v2_S001 does exactly what I want it to do! Sweet!!

[Arkanian]

Well it looks like this only works properly with the startup after drivers load on Windows 7. Windows XP doesn't seem to work right. So looks like for now I will just put a sleep of 30. Takes 20-30 seconds for XP to load the drivers.

[Arkanian]

Well this is odd. I put in a sleep of 30 seconds and the drivers were well loaded after it was suspose to execute but nothing ever happened. If I take it back out and put it in it works or if I turn off\on the numlock key it works. Not sure what is going on. Again this is only on a PC that it has never been plugged into.

Edited February 12, 2013 by Arkanian

[no42]

C_duck_v2_s001 only triggers on keyboard lock keys, there is no auto trigger.

C_duck_v2_s002 only triggers on the ducky's gpio button, again no auto trigger

[Arkanian]

There might not be an autotrigger but C_duck_v2_s001 appears to execute the inject.bin after the drivers are loaded. I slept on it and test Windows XP again and this time it worked. Drivers took around 30 seconds to load for the first time and around 15 seconds later (have a delay of 15000) my script ran. Maybe the new firmware is just better than the default when it comes to driver load times and execution of inject.bin?