USB Rubber Ducky with Arduino
Hi everyone in this article , am going to talk about making a hardware hacking device for just 4 $ (300 RS). So lets get started.
The USB Rubber Ducky, made popular by Hak5, is an amazing little tool. This innocent looking “USB Drive” actually emulates a computer keyboard and is capable of typing at incredible speeds. Plugging this device in an unlocked target computer allows you to extract passwords or install back doors in a matter of seconds.
So the Hardware device that we will be using is an Arduino board, (USBAtiny85) which works effectively for these kind of attacks. For programming this board we need a software, which can be downloaded here.
What is an Arduino ?
Arduino is an open-source hardware and software company, project, and user community that designs and manufactures single-board microcontrollers and microcontroller kits for building digital devices.
DigiSpark(Hardware) + Arduino(Software) = Attiny 85 Development Board
Getting done with the Software
After installing the Arduino Integrated Development Environment (IDE), you’ll need to add an additional Board Manager. To do this, open the IDE software, click File > Preferences, and paste the following URL next to Additional Boards Manager URLs:
You can now install the Board Manager for our ATtiny via Tools > Board “Arduino Uno” > Boards Manager…. In the textbox at the top, type digispark and install the Digistump AVR Boards board manager.
Driver Installation for DigiSpark (optional)
- Download the drivers from the link
- Unzip the downloaded zip
- Run Install Drivers.exe
Now, you can select the Digispark by selecting it from the “Boards” drop-down menu. Select the first option, Digispark (Default — 16 MHz), as the board we are working with.
Once complete, we should be able to write to the Digispark board. It works a little different than a regular Arduino, and I’ll go over that in the next step.
Uploading Code to the Atiny85 Board
First, we’re going to select a default example from the board packages we just downloaded. Go to the “File” drop-down menu, choose “Examples,” then “DigiSparkKeyboard,” and open the “Keyboard” example.
Open this example and take a look at the code. As you can see, it’s very simple. The DigiKeyboard allows us to write commands very easily. In the default code, we’ll be telling the Digispark to type “Hello Digispark!” over and over, with a five-second delay each time.
Testing the Example
Now asper this example code when the atiny board is pluged in any computer it will print “Hello Digispark!” 5 times. So to test that open Notepad in your computer and now just plugin the Attiny board into the computer. It will work perfectly.
Making it as a Malicious USB
So when you confirm that the USB is working properly, lets now change its mode to Malicious. So there are many payloads available in the Internet for different attacks which can be carried out by following the steps said above.
Some of the Githup repo for such payloads are,
Attiny85/payloads at master · MTK911/Attiny85
RubberDucky like payloads for DigiSpark Attiny85. Contribute to MTK911/Attiny85 development by creating an account on…
GitHub - CedArctic/DigiSpark-Scripts: USB Rubber Ducky type scripts written for the DigiSpark.
This is a set of hand-written DigiSpark sketches for the Arduino IDE that utilize the DigiKeyboard.h library making the…
You can make alot of funny and serious attacks with this small hacking device. Hope you guys enjoyed it and learnt something new. For qurries and doubts, do comment it and i will respond for-sure.
Live Demo On my Computer
Hackers Love Hardware Attacks
Computers recognize it as a regular keyboard and automatically accept its pre-programmed keystroke payloads at over 1000 words per minute. And also you can injecting keystrokes wirelessly with tool called Uberducky. USB Rubber Ducky is quite popular on hackers communities. It also shown in a hacking scene in Mr. Robot.
Rubber Ducky Payloads can be anything; It changes as per our goals and intentions! We can Create Wireless Network Association, Download and execute payloads, reverse shells, etc. For pen testing engagements we can even use Meterpreter, Empire etc.