USB Rubber Ducky with Arduino

Hi everyone in this article , am going to talk about making a hardware hacking device for just 4 $ (300 RS). So lets get started.

The USB Rubber Ducky, made popular by Hak5, is an amazing little tool. This innocent looking “USB Drive” actually emulates a computer keyboard and is capable of typing at incredible speeds. Plugging this device in an unlocked target computer allows you to extract passwords or install back doors in a matter of seconds.

So the Hardware device that we will be using is an Arduino board, (USBAtiny85) which works effectively for these kind of attacks. For programming this board we need a software, which can be downloaded here.

What is an Arduino ?

Arduino is an open-source hardware and software company, project, and user community that designs and manufactures single-board microcontrollers and microcontroller kits for building digital devices.

DigiSpark(Hardware) + Arduino(Software) = Attiny 85 Development Board

Getting done with the Software

After installing the Arduino Integrated Development Environment (IDE), you’ll need to add an additional Board Manager. To do this, open the IDE software, click File > Preferences, and paste the following URL next to Additional Boards Manager URLs: http://digistump.com/package_digistump_index.json

You can now install the Board Manager for our ATtiny via Tools > Board “Arduino Uno” > Boards Manager…. In the textbox at the top, type digispark and install the Digistump AVR Boards board manager.

Driver Installation for DigiSpark (optional)

  • Download the drivers from the link
  • Unzip the downloaded zip
  • Run Install Drivers.exe

Now, you can select the Digispark by selecting it from the “Boards” drop-down menu. Select the first option, Digispark (Default — 16 MHz), as the board we are working with.

Once complete, we should be able to write to the Digispark board. It works a little different than a regular Arduino, and I’ll go over that in the next step.

Uploading Code to the Atiny85 Board

First, we’re going to select a default example from the board packages we just downloaded. Go to the “File” drop-down menu, choose “Examples,” then “DigiSparkKeyboard,” and open the “Keyboard” example.

Open this example and take a look at the code. As you can see, it’s very simple. The DigiKeyboard allows us to write commands very easily. In the default code, we’ll be telling the Digispark to type “Hello Digispark!” over and over, with a five-second delay each time.

Testing the Example

Now asper this example code when the atiny board is pluged in any computer it will print “Hello Digispark!” 5 times. So to test that open Notepad in your computer and now just plugin the Attiny board into the computer. It will work perfectly.

Making it as a Malicious USB

So when you confirm that the USB is working properly, lets now change its mode to Malicious. So there are many payloads available in the Internet for different attacks which can be carried out by following the steps said above.

Some of the Githup repo for such payloads are,

You can make alot of funny and serious attacks with this small hacking device. Hope you guys enjoyed it and learnt something new. For qurries and doubts, do comment it and i will respond for-sure.

Live Demo On my Computer

Hackers Love Hardware Attacks

Computers recognize it as a regular keyboard and automatically accept its pre-programmed keystroke payloads at over 1000 words per minute. And also you can injecting keystrokes wirelessly with tool called Uberducky. USB Rubber Ducky is quite popular on hackers communities. It also shown in a hacking scene in Mr. Robot.

Rubber Ducky Payloads can be anything; It changes as per our goals and intentions! We can Create Wireless Network Association, Download and execute payloads, reverse shells, etc. For pen testing engagements we can even use Meterpreter, Empire etc.

Hope you enjoyed this write-up and gained something good. Visit my profile Gnana Aravind for my past write-ups. For doubts and guidance ping me in Instagram.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store