Jump to content

Recommended Posts

Posted

Hi fellow ducky lovers.

I have a question which is probably pretty simple but i cant seem to figure it. I have a particular scenario which im trying to exploit which requires the dual duck firmware to effectively do two things:

- execute some powershell scripts to copy a few binaries to the users temp directory

- copy some files back off the users machine to the SD card, remove any remnants from the host

However, the organisation Im testing uses device locking and only one particular USB mass storage device is permitted with write access, all others RO. Therefore, I created a vidpid.bin with the HEX values needed to impersonate the device. So the device i want to emulate is the following:

0951 Kingston Technology, 160d DataTraveler Vault Privacy

No matter what i do, the device is recognised as the ducky no matter what. I have tried the c_duck_v2.1 and duck_v2.1 firmwares, as well as USB_v2.1 - all with the vidpid in the root of the SD card, but to no avail. What am i missing here? In what configuration can the VID/HID be amended to emulate another device?

Any pointers very much appreciated.

post-49721-0-06416700-1422547225_thumb.p

Posted

Device control software is more advanced these days compared to the original stance 2 years ago.

1) You need the same device class, e.g. if the device is mass storage, you can't use the composite firmware, you have to use a mass-storage firmware

2) You need to change the serial number and other device strings in the source and recompile - no easy way to do this rather than build your own firmware.

3) Device control is (or future) performing stack fingerprinting; this may mean further changes would be necesary in the firmware.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...