Jump to content

Create a script for random letters


Recommended Posts

It depends on whether you want to make the ducky inject random characters, or make a batch script which the ducky runs generate a random string...

The Ducky reads from a static inject.bin file, which contains binary bytes which the ducky injects as keystrokes. As the firmware is at the moment it cannot inject variable data, because the file is static, unchanging. Conceivably it might be possible to make the ducky do things based on the data in the file, for example, what if we made a special byte which when read by the ducky would kick off a function which would preform the random keystroke injection? It would be really neat to essentially make a higher level scripting language or different compiler which would take additional functionality into account. I don't know that much about the C/firmware, what I wrote, I basically tweaked from midnight snake's code, I am not that good at modding it. Another thought I had was the ducky seems to have a limit on the size of scripts, and every delay(1000) basically inserts a no operation byte into the ducky code file 1000 times, which makes these no-operation sections really long. So what I was thinking was wouldn't it be cool to have a byte, like the no-op byte used on the ducky, but always to use two bytes to express this in the file. The second operand could be the number of times you actually want the no-op to execute. This would mean instead of [no-op, no-op, no-op, no-op, no-op, no-op, no-op... n] you would have [no-op, 100]. This cuts down the number of bytes from n to 2. Bytes have a limited size though, so repeated values might be necessary. Another alternative to this would be reading from a different format like unicode(multiple bytes represent a character) or something else, where bytes are represented as multiple byte values. This would give us higher number values to play with, (bytes normally 0-255, so with another format would have higher nums to support this operand idea, unicode is 4 bytes, so would probably be 0 to 1020 operations) but I don't know if the current library supports it. Another thing that bugs me is the fact that the ducky can only read a limited number of file bytes into memory. Shouldn't it be able to parse the file one byte at a time until it reaches the end? Whatever format is used one has to not break the functionality for other cultures, even if it means you have to roll your own format.

If we could associate more values with other 'functions/code' on the ducky we could make the ducky do more however this relys on a lot of assumptions, and I don't have a large abundance of time to chase down these assumptions and become a better microcontroller programmer. Some of the things I have said in this post could in fact be completely wrong. Just take everything with a grain of salt as I don't have much time to vet what I am writing here. (entry level web developer here...)

What I would see this random operation being useful for would perhaps be generating a random filename/variable name in batch scripts/programs.

Now what I know you can do is you can tote around a batch script which you call like a method and returns a random string for use in your other drop programs. This batch script could be injected via the ducky, or it could be on the micro-sd with the correct firmware reflashed. You could even use some sort of powershell script/vb script etc.

Edited by overwraith
Link to comment
Share on other sites

Cracking with the ducky is generally not a good idea. It can only hold so much keys, is only relegated to about 4 character pin cracking on phones/tablets. Everything else quickly becomes rediculous. The ducky is also generally slower than a computer cracking program. Yeah, generating randoms is usually simple in coding languages. As far as cracking goes though, generating a random would create collisions, and be much too inefficient for cracking a password. Usually a hacker grabs a password hash somehow, and uses a cracking program to guess the hash, usually by guessing all possible combinations of characters, or by reading from a list of passwords, etc. You encypher the password, and it spits out a hash, when they match you have found the password. Either that, or if it is an online web service you could do an online crack, in which case the cracking program detects when it has reached a userprofile page instead of running a comparison on a hash. Online cracks are usually tracable though, and pretty noisy to anybbody who reads their web server logs.

The brute force algorithims I've seen work a little bit like the odometer in your car, steadily scrolling up, and then they reach zero again and iterate the next row. I found a java program a while back that showed me an algorithim implemtation.

I think somebody did generate a script a while back for like 4-6 chars or something on the ducky forums a while back using bash or something. Might wanna run a search for a phone crack.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...