Using WAIT_FOR_SCROLL_CHANGE to check if the device is ready

[Arno]

Assuming that no one is touching the keyboard, I have an idea to use WAIT_FOR_SCROLL_CHANGE to use the keyboard instead of a default delay to see if the ducky is ready.

In the Keystroke Reflection Attack example the scroll lock key is used to indicate the end of the exfiltration. However I don't entirely understand its working. Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed?

More important. My script would be something like:

GUI r
DELAY 100
REM Windows Powershell infinite loop to keep changing scroll lock (probably doesn't work, I dont have windows)
STRING powershell "for ($i=1; $i -le 10; $i++) {[System.Windows.Forms.SendKeys]::SendWait('%{SCROLLLOCK}');}"
WAIT_FOR_SCROLL_CHANGE
STRING CTRL c
REM Below this line will be the real code to be excuted

It's just a though. My new Rubber ducky is on it's way so I can only go by the documentation. Does anyone have feedback about the use of this? Apart from the fact that you'd see the light flash on they keyboard 🙂

[lightduty]

I don't have the technical expertise to answer your question but thanks for the powershell command. 

[dark_pyrro]

On 8/15/2022 at 8:47 AM, Arno said:

Does it assume that the windows command is still running when the WAIT_FOR_SCROLL_CHANGE line at the end of the example is processed?

My interpretation is that it gets triggered as soon as the scroll lock changes. So as soon as some iteration in that for loop has changed the scroll lock state, the Ducky script would continue. Any scroll lock change after the one that triggered the WAIT_FOR_SCROLL_CHANGE is something that the Ducky wouldn't listen to (unless it's used again further down the payload code).