dcbz Posted April 14, 2013 Share Posted April 14, 2013 Hey All, For a project i'm working on I need to send pretty much every control character at once. I just assumed the rubber ducky could do this when i bought it, since it's a pretty straight forward construct, however now that i actually start to play with it i can't get this to work. Is it possible with the default firmware to send a string of control characters like: Control + Alt + Windows Key + Shift + x Any help would be much appreciated. Thanks Quote Link to comment Share on other sites More sharing options...
no42 Posted April 14, 2013 Share Posted April 14, 2013 (edited) It might be possible it depends on whats going on at a HID level? The Ducky only supports two-byte instructions in its current state-machine, control characters (e.g control-alt) get OR'ed together, which then allows key-combos like ctrl-alt-del. I havnt got much time to play around these days (until my life get less hectic) but if you can run a usb sniffer (bus dog / usblyzer), and on a usb keyboard enter that combo (after something obvious like pressing a 5 times) I can look at the sequence and possibly try to add that extra command into the encoder. Otherwise this is something for the next encoder. If you only want that sequence, you could either hard-code it into the firmware, or another possibility is I could hardcode that sequence into firmware within next 2x weeks. It should be straight forward from following Atmels Keyboard HID example. PS. I've come across that sequence before...but cant remember that products name... Edited April 14, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
dcbz Posted April 14, 2013 Author Share Posted April 14, 2013 Ah thanks for the reply. I grabbed a copy of the firmware source and was looking to hardcode it now. I was wondering if the bytecode generated by encode.jar contained the literal key code value, because then i could just encode it manually. But from what you described it sounds like those bytes arn't the key codes themselves. I will read the firmware source and see if i have time to tackle it that way. My project is due in 8 days and requires a lot of work after i get this part working ;) Thanks again. I'll let you know which route i go. Quote Link to comment Share on other sites More sharing options...
no42 Posted April 15, 2013 Share Posted April 15, 2013 Added an untested (but compiles with no errors), an example of a Hard-Coded Keyboard HID Injection Firmware in the SVN source folder called Ducky_HID_Hardcoded.zip. This might help you understand the workings a bit better? This uses Atmel's example of playing Keyboard HID keys, in place of Applebaums state-machine. Quote Link to comment Share on other sites More sharing options...
dcbz Posted April 15, 2013 Author Share Posted April 15, 2013 (edited) Hey, Thanks for the help with this. The firmware source you uploaded seems to send ui_sequence as soon as you insert the device, right? I actually have some weird requirements, but i need to set some stuff up, then send the keystroke once i'm done. I need the ducky to function as normal, i was going to recompile an encoder with a new instruction, like WEIRDKEYSTROKE and have that send the char code. Guess i'll try get that working now. Thanks! Edited April 15, 2013 by dcbz Quote Link to comment Share on other sites More sharing options...
no42 Posted April 15, 2013 Share Posted April 15, 2013 Look at the original code and the gpio if statement, you can program the ducky to only send the instruction on the push of this button, you can enter your other instructions hardcoded per the example. sorry,but I'm away from keyboard until the weekend. So can't give any great help until then. Thought the key combo was a deep freeze thing, think it's different? Quote Link to comment Share on other sites More sharing options...
dcbz Posted April 15, 2013 Author Share Posted April 15, 2013 Thanks again for your help, i see what you mean. The hardcoded string is great thanks, that's exactly what i need i guess. Pushing the button won't work though, since i need to do something timing related, i will need to somehow signal to the device to send the keystroke. I guess i can change the statemachine in the original code. injectToken comes straight from the file right, so if i do something like if((injectToken && 0xff) == 0x90) { do_hardcoded_signal; } i could then add an instruction and recompile encoder.jar to emit it. That should work yeah? Thanks again for your help. If i get this working i'll send it to you off list ;) Quote Link to comment Share on other sites More sharing options...
dcbz Posted April 16, 2013 Author Share Posted April 16, 2013 (edited) Hrm this didn't seem to work. In process_frame() i added: if((injectToken&0xff) == 0x90 ) { sequence_running = true; } Above it, i have the loop processing the sequence, at the start of STATE_INJECTING. I added a instruction to the encoder.jar which looks like this: } else if (instruction[0].equals("TRIGGEREXPLOIT")) { file.add((byte)0x90); } else if (instruction[0].equals("STRING")) { Then i make a file like this: -[dcbz@squee:~/code/ducky]$ cat > testTRIGGEREXPLOIT-[dcbz@squee:~/code/ducky]$ java -jar encoder.jar -i test-[dcbz@squee:~/code/ducky]$ xxd inject.bin0000000: 90 . However when i run this, i do not see the keystrokes i used. Not sure why it's not working at this stage, will debug tommorow ;( EDIT: Scratch this, it seems to be working. Thanks for all your help! Edited April 16, 2013 by dcbz Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.