Jump to content

Twin Ducks two payloads process?


Recommended Posts

I understand how to script payloads and write them to the Ducky, but I'm a little confused as to how to get the two payloads working using Twin Ducks. I understand that one payload would be executed when Caps Lock is active and the Ducky is inserted, while the other would work when Num Lock is active before the Ducky is inserted, but I'm unsure as to how to get the Ducky to differentiate between the two payloads. I'm assuming there are two inject.bin files that are named differently, but I would love if someone could explain this process a little further for me, as I can't seem to find any Twin Ducks documentation anywhere. Thank you!

 

P.S. Already posted this in the Ducky GitHub, but it doesn't really look like the "Issues" tab gets much activity, so I thought I'd post here too. Just for anyone wondering why I didn't start there.

Link to comment
Share on other sites

On 6/29/2018 at 2:17 PM, aideux said:

I understand that one payload would be executed when Caps Lock is active and the Ducky is inserted, while the other would work when Num Lock is active before the Ducky is inserted

Im not sure thats the case, i think its payload one when cps/num/scroll lock are pressed and GPIO button for payload two? I think the term twin duck refers more to Storage and Payload. Maybe im wrong someone will correct me. but its worth searching the forums for more info - like the below

 

Link to comment
Share on other sites

3 hours ago, Just_a_User said:

Im not sure thats the case, i think its payload one when cps/num/scroll lock are pressed and GPIO button for payload two? I think the term twin duck refers more to Storage and Payload. Maybe im wrong someone will correct me. but its worth searching the forums for more info - like the below

 

What do I need to name the payloads, and is the setup any different, or is it like “inject.bin” and “inject2.bin”. Thanks :)

Link to comment
Share on other sites

1 hour ago, aideux said:

What do I need to name the payloads, and is the setup any different, or is it like “inject.bin” and “inject2.bin”. Thanks ?

its in here ?

https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Firmware/Source/Composite_Duck - Multi/src/main.c

Maybe its always GPIO button but payload1 if caps on and payload2 if not?

Edited by Just_a_User
Link to comment
Share on other sites

1 hour ago, Just_a_User said:

its in here ?

https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Firmware/Source/Composite_Duck - Multi/src/main.c

Maybe its always GPIO button but payload1 if caps on and payload2 if not?

Hm I see that. Looks like it is "inject.bin" and "inject2.bin". Also, num lock would affect payload 1 and caps would initiate payload 2? This block of code makes me think that: 

 

void ui_kbd_led(uint8_t value)
{
	if(!in_affect){
		//this is called when LEDs CAPS LCK, NUM LCK change
		if (value & HID_LED_NUM_LOCK) {
			// Here, turn on Num LED
			LED_On( LED1 );
			in_affect=true;
			//use injectarray
			state = state_START_INJECT;
		} else{
			// Here, turn off Num LED
			LED_Off( LED1 );
		}
		if (value & HID_LED_CAPS_LOCK) {
			// Here, turn on CAPS LED
			LED_On( LED0 );
			in_affect=true;
			//use injectarray2
			for (int c=0;c<(sizeof(inject_array2));c++){
				inject_array[c]=inject_array2[c];
			}
			state = state_START_INJECT;
		} else{
			// Here, turn off CAPS LED
			LED_Off( LED0 );
		}
	}
}

I haven't written in C in a while, though, so I'm not sure if injectarray = inject.bin / injectarray2 = inject2.bin. Can anyone confirm? 

 

Also, does the key (caps lock or num lock) need to be active for the payload to work, or does one put the ducky in first, and then press the corresponding button? I'm not with it right now, or I would test this, but I'd love to know from someone more knowledgeable.

Link to comment
Share on other sites

1 hour ago, aideux said:

Okay, do you know if the key (caps or num) needs to be pressed prior to ducky insertion, or if you insert the ducky and then press the key?

As it seems to be looking for the gpio button push im guessing it can be inserted, key pressed then gpio to run script.

// injection state machine
	switch(state) {

		case state_IDLE:
		// check switch
		in_affect=false;
		LED_Off(LED1);
		if( gpio_get_pin_value(GPIO_JOYSTICK_PUSH) == GPIO_JOYSTICK_PUSH_PRESSED ) {
			
			// debounce
			if( debounce == 0 ) {
state = state_START_INJECT;

Maybe wrong tho

Edited by Just_a_User
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...