It’s a story as old as time: some hacker sees nice pen-testing , hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. hardware tool An example of this is Rubber Ducky, an excellent Hak5 hacking tool that thanks to the work of several developers we can emulate using a small and . An advantage of cheap hardware from generic off the shelf parts is that it is disposable and almost impossible to trace. cheap Digispark The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and automatically accept its pre-programmed keystroke payloads at over 1000 words per minute. Seconds of physical access are all it takes to deploy some of the most advanced pen-test attacks or IT automation tasks. But Rubber Ducky can also help practical jokes execution, for example with a script that quickly changes the wallpaper of a co-worker workstation. But at $45 plus shipping is not exactly a cheap tool, fortunately we can DIY a clone for only $3 with a and some free software. The Digispark is an Attiny85 based microcontroller development board similar to the Arduino Uno, only cheaper and smaller. Rubber Ducky Digispark development board Digispark boards Step 1: Setup Digispark Development Environment Before starting to work with our board, we must have installed the Arduino IDE. After this, we must download the compatibility package of this board, a fairly simple operation. _THE ARDUINO SOFTWARE IS PROVIDED TO YOU "AS IS" AND WE MAKE NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER WITH RESPECT TO…_www.arduino.cc Arduino - Software After installation Open Arduino IDE application, go to -> In the input field named “Additional Boards Manager URLs” enter the following URL. File Preferences http://digistump.com/package_digistump_index.json Open Arduino IDE — Preferences -> -> From the drop down menu select “Contributed”, Select the package and install it. Tools Board Boards Manager Digistump AVR Boards Now we need to install Digispark Bootloader Driver. You only need the driver to program it with arduino. Once you program it, it’ll work like a rubber ducky (a generic USB keyboard) on any device you plug it into without any driver. https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/Digistump.Drivers.zip Usually there will be some issues with the driver installation process. So please make sure to install the drivers properly. Finally, go to -> , and select and set it as default. Tools Board Digispark (Default — 16.5mhz) Step 2: Turning Digispark into a Rubber Ducky Clone Rubber Ducky uses a simple scripting language to create payloads. For Digispark, things are not that simple. We need to program our own payloads using and Arduino IDE. There are in the internet. But thanks to the work of MaMe82 ( ) you can translate Rubber Ducky Scripts to Digispark with duck2spark project. Digikeyboard.h some scripts available for Digispark ATTiny85 Marcus Mengs _Converter for raw RubberDucky payloads to Digispark Arduino IDE Sketch source. - mame82/duck2spark_github.com mame82/duck2spark A great feature of Duck2spark is that available solutions and tutorials emulating a RuberDucky-like on a DigiSpark suffer from poor keyboard layout support for non-US languages. This is solved by “outsourcing” the problem to DuckEncoder which supports multiple keyboard layouts. Using Duck2spark is really easy. Let’s see an example of the duck2spark documentation, a classic hello world: Generate a DuckyScript test.duck you want to use as output: echo "STRING Hello World" > test.duck Compile the script using DuckEncoder with your keyboard layout (de in example) or use my python port: java -jar encoder.jar -i test.duck -o raw.bin -l de Use duck2spark.py to convert into Arduino Sketch (options for single run, 2 seconds startup delay): duck2spark.py -i raw.bin -l 1 -f 2000 -o sketch.ino After setting up the Arduino IDE load the example "DigisparkKeyboard" and replace the Sketch source by the one saved to sketch.ino Click Sketch -> Upload or click Upload button on the top left. Open a notepad or any software. Plug in the Digispark USB again and magically “Hello World” will be typed. Rubber Ducky Payloads can be anything; It changes as per our goals and intentions! We can Create Wireless Network Association, Download and execute payloads, reverse shells, etc. For pen testing engagements we can even use Meterpreter, Empire, Unicorn, or any other powershell payloads. _Contribute to hak5darren/USB-Rubber-Ducky development by creating an account on GitHub._github.com hak5darren/USB-Rubber-Ducky Troubleshooting If you are able to program your Digispark and the code runs, but the sketches do not run after the Digispark is unplugged and plugged in again: You will need to update the bootloader. The bootloader has a built in updating mechanism. To flash the bootloader use the guide and the Digispark will work and run the sketches after unplugging and plugging back in. here Keep in mind that Digispark is OSHW (Open Source HardWare), there are no original Digispark or clone Digispark, they are all the same! The only difference is that some manufacturers flash old versions of the bootloader. Tips Digispark use do not end here, as an Arduino compatible development system it can be used for any Arduino based attack with minimal modifications. Even to use it for HID attacks is not essential to run Duck2Spark, if you want to work USB HID at low level Digispark has a built-in keyboard library called Digikeyboard. A final tip for your Rubber Ducky clone: use some to provide electrical insulation, mechanical protection, sealing, and some stealth to your new Digispark-Ducky. A device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your ninja outfit and . heat shrink tubing make a break for it
