[WhiteHat] Auto Configuring Diagnostics Multikey

[ApacheTech Consultancy]

Now that the TwinDuck firmware is stable and we have the whole of any MicroSD card to fill up with payloads. I've been thinking of an idea for a White Hat usage for the duck. I'd like to brainstorm it here if possible.

The basic premise is that we have a bunch of diagnostics tools on the card and the duck injects a batch file/script to run these various tools sequentially. Once the firmwares evolve, I'm hoping that the TwinDuck and NakedDuck firmwares will merge and allow multiple injections. Your main injection will write and execute the batch file. The second will download, install and run something like HijackThis or other tool. The third will perform some other ancillary action and the forth will write and execute a clean up script.

You could also have an inject.bin that writes, compiles and executes it's own inject2-4.bin files, customised to the user's PC.

I also have a couple of generic questions:

• Is it possible to format a MicroSD card with something like YUMI to create a multiboot utility disk and put an inject.bin in the root directory and it still work in the Duck?
• Is it possible to connect a USB-PS2 adapter and have the duck running through PS2? I have an adapter here, but no PS2 ports in the house to test it on.:p

[no42]

I'm hoping that the TwinDuck and NakedDuck firmwares will merge

Its possible we're just limited on space and memory!

• Is it possible to format a MicroSD card with something like YUMI to create a multiboot utility disk and put an inject.bin in the root directory and it still work in the Duck?
• Is it possible to connect a USB-PS2 adapter and have the duck running through PS2? I have an adapter here, but no PS2 ports in the house to test it on.

• YUMI - haven't tried; in theory you can have anything on the sdcard, the payload just has to be inject[123].bin
• USB-PS2 - again havn't tried, but currently cant see why not.

Edited February 16, 2013 by midnitesnake

[ApacheTech Consultancy]

One thing I've noticed with the TwinDuck is that it can take up to five minutes for the Mass Storage Device to become accessible. My tests so far have ranged between 30 seconds and five minutes; but it's always been after the inject.bin has fired.

[no42]

In my tests mass storage has always loaded first (10-60secs); guess it depends on the system & I always use a moderate DELAY 3000 to begin with on inject.bin

Edited February 16, 2013 by midnitesnake

[ApacheTech Consultancy]

Does the TwinDuck work as a bootable device? So you could boot into Hirens for instance straight from the duck? And if so, could it launch it's payload as well, for instance, load into BIOS or launch into PXE Boot mode?

Edited February 16, 2013 by ApacheTech

[no42]

Never got around to trying - I guess it depends on the BIOS.

I know some BIOS's can be bit weird with HID devices.

[ApacheTech Consultancy]

I know some of the old AWARD BIOSs only support USB at boot if the "Enable Legacy Devices" option is turned on.

The reason I ask is when I was working as a college SysAdmin, to get the computers to boot into the Imaging server, you had to press F12 to enable PXE booting, then hold down CTRL+ALT until it launched into OpenSuse. It slowed the process down so much. If you could add the USB-RD as a network accessible drive, then mass reboot all the PCs to load from that drive, you could almost fully automate the entire process. After 30 seconds, it would launch inject2 which would enter the Multicast Imaging Server IP details and ready the machine for imaging. Once all the machines are ready, you just hit enter on the server.

Remove and replace the duck while it's all imaging and compile a new script to log into windows with the default admin credentials, set the computer name based on the MAC, Port or Serial number and change the locale (which is the only bit you need to configure yourself, completely removing en-US from Windows). You could multicast an entire campus from the server room with a single USB-RD. :)