Jump to content

Change Serial Number and Device strings


PsuFan
 Share

Recommended Posts

I think it would be cool to make some kind of script that could take a firmware hex file, and change the firmware and device strings automatedly. If there were a way to do this we could probably put a whole bunch of these firmware files online. Would probably run into space limitations on whatever site we posted them though. Anyone know how to do this? Is it just as simple as looking for a string in the hex file and changing it? If so we could probably use some command line code to find and replace. Changing the strings and serial number in visual studio would generate way too many project files.

Link to comment
Share on other sites

I guess you would have to also convert the number to .hex file format, so we might need an algorithm for that. But yeah, so long as the format is the same and the length is the same it should work.

Until we can script this you will have to recompile yourself, and change the settings in the 'conf_usb.h' file. This file is imported in the main, so you will be able to use the right click, go to implementation command.

Apparently you can open these hex files in notepad, but you get a bunch of incomprehensible code. I found a website that has a Bin-Hex Encoder/Decoder.

http://bin-hex-converter.online-domain-tools.com/

If you leave the string the same, then it is the only match in the file.

Serial name: 123123123123 -> 313233313233313233313233

This next one is not so unique, I get two hits:

Manufacturer Name: Ducky -> 4475636b79

Don't even know if a find and replace will work yet.

...

Please Disregard all I just wrote, Apparently the file has to be checksumed during compilation. Compiling in Visual Studio/Amtel is the only way. At least we know now. I tried just swapping out the string and the Firmware flashing program failed.

Edited by overwraith
Link to comment
Share on other sites

Can someone point me in the right direction for where are these strings are located in the code?

Its commented out of config_usb.h

// #define USB_DEVICE_SERIAL_NAME "12...EF"

Edit: I need to change anything that would identify a duck.

Edited by PsuFan
Link to comment
Share on other sites

I was looking for some of these strings in the device manager on some of my home computers. Could not find the product name and device serial name, but did find manufacturer name. Some of my other keyboards use "(Standard Keyboard)" as the manufacturer name. It seems sufficiently vague for our purposes. Anyone else have some sufficiently vague data? Also, anyone else know how to find the serial name and manufacturer name?

Edited by overwraith
Link to comment
Share on other sites

Here is the code from the C program that is the duck's firmware.

//! USB Device string definitions (Optional)
#define  USB_DEVICE_MANUFACTURE_NAME      "Ducky"
#define  USB_DEVICE_PRODUCT_NAME          "HID Keyboard and MSC"
#define  USB_DEVICE_SERIAL_NAME           "123123123123" // Disk SN for MSC

As you can see no hex. I was only interested in modifying the .hex file that is compiled from this, because if one wanted to make a whole bunch of these covert firmware types, and randomly flash them to the duck, then it would take a really long time to make a substantial firmware repository using the compiler we are using. The stuff we need to modify to change the firmware though is just regular C strings. If everybody compiles their own firmware, then we probably don't have to do the scripting like what I was saying. There are also a few more variables I found in the config file, don't know if we need to change them too.

#define  USB_DEVICE_MAJOR_VERSION         1
#define  USB_DEVICE_MINOR_VERSION         0
Link to comment
Share on other sites

How long does it have to be? It's in hex? Are there any other identifiers that distinguish the duck? Thanks

For the Device Strings : Trying to remember, you are limited (i think) to 64 characters.

For Serial Numbers I have been using the recommended length of 12 digits, you might be allowed more???

But due to past buffer overflow and format string vulnerabilities in older Windows /Unix OS I think you are now further limited in length by the OS drivers/kernel modules.

Edited by midnitesnake
Link to comment
Share on other sites

Well I'm about to give up, seems like it helped a little bit, but something is still blocking me. Im losing random keystrokes. The first couple I would get 3 numbers, possibly only the zeros, and when it typed the last number it is ignored (0001, 0002). But then the enters start getting ignored as well...

Edit: forgot this wasnt the same post, I'm getting blocked by the Apple EFI.

It still doesn't seem possible that they can block the duck, at some point the computer must not be able to figure out the difference.

//! USB Device string definitions (Optional)

#define USB_DEVICE_MANUFACTURE_NAME "DELL"

#define USB_DEVICE_PRODUCT_NAME "HID Keyboard"

#define USB_DEVICE_SERIAL_NAME "123123123123"

Edited by PsuFan
Link to comment
Share on other sites

Might want to change the USB_DEVICE_SERIAL_NAME to something else, it is commented out in our publicly available code after all, the AV companies/Apple probably know to screen that one. Choose a random 12 character serial number. Also, you could try to mimic some of the settings that some other device on your system uses. The hardest part would be figuring out how to view the relevant information in the apple GUI.

Also, if stuff is getting ignored, you may need extra long delays in between keystrokes. If you needed this extra delay between every character, including STRING statements, then you could use the 'random delay' firmware's method of delaying, only with a preset value instead of a random one. Another option would be creating a specially crafted duckscript payload. Don't work out of the random delay firmware's folder though, I think it might be missing vid/pid setting code.

Link to comment
Share on other sites

So far I know the serial number is used to confirm valid/allowed devices by the following DLP/AV companies:

  • Lumension
  • McAfee
  • Sophos
  • Checkpoint

If anyone knows of any others, I would like to know.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...