Jump to content

[Firmware] Twin & Detour Duck Projects Merge (Alpha)


Recommended Posts

Produced due to demand: a merge of the multi-duck (former Naked Duck, now know as Detour Duck), and the Twin-Duck firmwares.

Duck will initially mount as Mass Storage Device.

  • Numlock - triggers payload 1 (inject.bin)
  • Capslock - triggers payload 2 (inject2.bin)

Due to memory restrictions, as both payloads are loaded into Ducky memory - you are limited to 2048-Bytes of instructions!

Also only one payload can be triggered, so you have a choice payload A or payload B. NOT BOTH!!!




Edited by midnitesnake
Link to comment
Share on other sites

How comes, that it has to be so low?

Anyway thanks for merging it!

So 2 KB per payload ?

And.. so you put it in, and it will automaticly start the first inject.bin like the default firmware(i have) does.. and then when you want the other one you press capslock? or will it only start after you pressed something(any inject.bin)?

How many lines could a payload contain of 2 KB o.0?

Link to comment
Share on other sites

How many lines depends on the length of the line. You have 2048 bytes. Each character is a byte. Also, DELAY takes up bytespace as well. Also, remember that 2049 bytes won't work, if the file says 2KB, make sure it is exactly 2KB. 2047 bytes will read as 1KB.

If, when you put the duck into the PC, NUM_LOCK is enabled, inject.bin will fire.

If, when you put the duck into the PC, CAPS_LOCK is enabled, inject2.bin will fire.

Take the Duck out and replace it if you want the other script to trigger.

Link to comment
Share on other sites

I currently only have 4096 Bytes to work with (TwinDuck), for two payloads 4096/2 = 2048 Bytes

you actually only have 2046, just to prevent one payload overflowing into the other(I have hardest \0 (null byte)s) at positions 2047 & 2048!

Memory space is tight!!!

Link to comment
Share on other sites

Am I right in thinking then that a single line:

DELAY 2046

would fill the memory bank?

That would be approximately 18 Bytes. Leaving you with 2028 Bytes to play with.

Delays are coded in byte form, therefore two bytes hold a maximum of 255 msecs (or micro-secs i forget),

Link to comment
Share on other sites

Ahh yeah, I forgot it breaks it down into 255ms chunks. "DELAY 260865" would max it out. When you start adding commands in though, it ramps up the byte-count a lot.

Link to comment
Share on other sites

2048Bytes should be enough to call an executable. As it triggers on keypress and not time, you don't need the initial long delay.

Its enough to use wmic/for loop to call an exe on the sdcard for windows, and enough to have a payload execute on the sdcard in either OSX/Ubuntu.

Its ok for a PoC, but need to know more about the architecture and inner chip workings to possibly increase the memory space (if it is possible???).

Link to comment
Share on other sites

  • 5 months later...

No as REM instructions are ignored, the calculation is not related directly to the file size (due to blank lines and REM lines), each keystroke is typically represented as two bytes (incase shift/alt/ctrl is used as a modifier) so both "shift-a" and "a" are represented by 2-bytes. In Twin Duck you can have approximately 4096 bytes or 2048 key presses, as there are two optional payloads in this alpha build this memory is now halfed ; 2048 bytes = 1024 key presses for each payload to fit in memory

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...