Arduino Rubber Ducky

Lets make a “Rubber duck” style device? this hack will use an arduino and one laptop, only! Meet the Arduino Rubber Ducky

The arduino is an open-sourced project, available commercially in preassembled type, or as homemade kits. a number of them are extremely small and have a built-in USB connection that makes sketch transfer easier.

Some of you will be thinking, how will Arduino be used to hack something?

Well, since Arduino supports keyboard emulation we are able to build sketch that contains keyboard instruction to typecommand and executes it a bit like the popular USB Rubber ducky (http://usbrubberducky.com/).

In this article, i will be able to show you ways to turn an Arduino pro micro into a USB Rubber ducky, employing asimple Arduino script.

You can execute virtually anything using keyboard emulation and autorun, even with antivirus installed and updated. From just writing simple commands to coding an executable from scratch.

All of it’ll be done automatically, beginning right after Arduino is installed on the target pc. This usually takes about three – five seconds.

Preparation

Tools you’ll need:

  • Arduino Pro Micro ATMega32U4 5V/16MHz (or any Arduino with ATMega32U4 chip)
  • USB Micro Adapter Cable (you don’t need this one if the Arduino you use comes with builtin USB A male connector)

Software you’ll need:

  • https://www.arduino.cc/en/Main/Software

Sketch:

  • https://github.com/cdmsoftware/ArduinoDuckyScript/tree/master/AddAdmin_Payload

How does it work?

A sketch file is just a regular script file with .ino extension. It contains 2 main procedures: setup() and loop(). Below is the basic structure for doing keyboard emulation:

#include <HID.h>

#include <Keyboard.h>

void setup() {

// put your setup code here, to run once:

}

void loop() {

// put your main code here, to run repeatedly:

}

setup() procedure will only be executed once when Arduino is powered on and initialized, while the loop() procedure will be executed repeatedly, over and over again until Arduino is powered off.

When giving instructions to type something, always add delay() command to let the computer process the instructions. You also need to add delay() command when pressing a key combination. For example, here are the commands to press the Windows Key.

Keyboard.press(KEY_LEFT_GUI);

delay(1000);  // the processor need time to register key press

Keyboard.press(‘x’);

Keyboard.releaseAll();

delay(500);  // approximate time needed to process our intruction

For complete list of modifier key, see this link https://www.arduino.cc/en/Reference/KeyboardModifiers

Prevention?

To prevent this kind of attack, you can hold down the Alt key while plugging in a suspicious device.

3 comments

Leave a Reply

Your email address will not be published. Required fields are marked *