VID / HID Confusion

[coolducker]

Hi fellow ducky lovers.

I have a question which is probably pretty simple but i cant seem to figure it. I have a particular scenario which im trying to exploit which requires the dual duck firmware to effectively do two things:

- execute some powershell scripts to copy a few binaries to the users temp directory

- copy some files back off the users machine to the SD card, remove any remnants from the host

However, the organisation Im testing uses device locking and only one particular USB mass storage device is permitted with write access, all others RO. Therefore, I created a vidpid.bin with the HEX values needed to impersonate the device. So the device i want to emulate is the following:

0951 Kingston Technology, 160d DataTraveler Vault Privacy

No matter what i do, the device is recognised as the ducky no matter what. I have tried the c_duck_v2.1 and duck_v2.1 firmwares, as well as USB_v2.1 - all with the vidpid in the root of the SD card, but to no avail. What am i missing here? In what configuration can the VID/HID be amended to emulate another device?

Any pointers very much appreciated.

[no42]

Device control software is more advanced these days compared to the original stance 2 years ago.

1) You need the same device class, e.g. if the device is mass storage, you can't use the composite firmware, you have to use a mass-storage firmware

2) You need to change the serial number and other device strings in the source and recompile - no easy way to do this rather than build your own firmware.

3) Device control is (or future) performing stack fingerprinting; this may mean further changes would be necesary in the firmware.