Questions about DuckyScript and its usage!

[AndreeU17]

So i was wondering, why do we DELAY so much? I've seen numerous of payloads with a bundle of DELAY ranging between 500 x 10^-3 seconds to up to 1000 x 10 ^-3 seconds.

Whats the purpose of the DELAY, i mean why would we DELAY at all? Dont we need to preform a quick attack, so why give it a chance for it to take longer to do things? I was wondering, if perhaps i can have a HUGE start Delay to give the USB time to be installed into the computer without the need to press the button! If i say, 10 second Delay up to 15 second, that will give me enough time for my USB driver to install and then have the payload execute in mere milliseconds! So why delay?

Also if im doing Mac and Linux, how would i implement the 3 OS together? or am i suppose to only target one OS? I want todo small text images for learning purposes, i want to be able to show my teachers and friends cool pictures when i insert the usb, pictures created in a txt file using a bunch of chars.

So is that possible, since there isnt any If Statements like a typical programming language (Can i do duckyscript all in java rather than the scripting language)?

[no42]

The ducky is fast, real fast, so fast that as it types the computer may miss some characters. The speed of the USB stack depends on the computers processor, OS, and age of the machine. This is why you may have to tweak the DELAY value. For accuracy, its a hack to get around the discrepancies between OS and machine models.

[Oli]

All good points and don't get me started on a rant :)

I view duckyscript as a bare bones proof of concept that never was officially supported - one initial code drop and a few community enhancements.

If you send too much keystroke data to a computer it cannot handle it all - so you need delays. Computers run at different speeds - so say something like launching an application might take 3 seconds on one machine and 10 on another. As there is no way to get feedback as to "is the application launched yet" you need to add longish delays that will work in most cases.

I can't be bothered to enumerate all the annoyance and "hacky" things about duckyscript, so to sum things up in one word: Peensy

Multiple payloads, feedback from the target machine, GPIO to add whatever inputs/outputs you need, a method to wait for drivers to install, a real programming language.

I personally use Python templating (that promotes readability and code reuse) to generate generate the payloads rather than coding everything in C and then compiling.

[Grimsoul]

So i was wondering, why do we DELAY so much? I've seen numerous of payloads with a bundle of DELAY ranging between 500 x 10^-3 seconds to up to 1000 x 10 ^-3 seconds.

Whats the purpose of the DELAY, i mean why would we DELAY at all? Dont we need to preform a quick attack, so why give it a chance for it to take longer to do things? I was wondering, if perhaps i can have a HUGE start Delay to give the USB time to be installed into the computer without the need to press the button! If i say, 10 second Delay up to 15 second, that will give me enough time for my USB driver to install and then have the payload execute in mere milliseconds! So why delay?

Also if im doing Mac and Linux, how would i implement the 3 OS together? or am i suppose to only target one OS? I want todo small text images for learning purposes, i want to be able to show my teachers and friends cool pictures when i insert the usb, pictures created in a txt file using a bunch of chars.

So is that possible, since there isnt any If Statements like a typical programming language (Can i do duckyscript all in java rather than the scripting language)?

It's also worth mentioning that the payload (key presses) wont start until the driver is installed. So you dont need a delay while you wait for the driver to install. You seem to misunderstand what the ducky is. It's a keyboard. That's it. It has no way of checking conditions. No logic (if and or). No feedback.

You need to be crafty, which is it's charm.

[Oli]

It's also worth mentioning that the payload (key presses) wont start until the driver is installed. So you dont need a delay while you wait for the driver to install. You seem to misunderstand what the ducky is. It's a keyboard. That's it. It has no way of checking conditions. No logic (if and or). No feedback.

You need to be crafty, which is it's charm.

You do need a delay for drivers. The ducky doesn't know if drivers are installed and good to go - it just blindly fires off the keystrokes as programmed.