DIY Rubber Ducky is as Cheap as its Namesake

The “Rubber Ducky” by Hak5 is a very powerful tool that lets the user perform rapid keystroke injection attacks, which is basically a fancy way of saying the device can type fast. Capable of entering text at over 1000 WPM, Mavis Beacon’s got nothing on this $45 gadget. Within just a few seconds of plugging it in, a properly programmed script can do all sorts of damage. Just think of all the havoc that can be caused by an attacker typing in commands on the local machine, and now image they are also the Flash.

But unless you’re a professional pentester, $45 might be a bit more than you’re looking to spend. Luckily for the budget conscious hackers out there, [Tomas C] has posted a guide on using open source software to create a DIY version of Hak5’s tool for $3 a pop. At that cost, you don’t even have to bother recovering the things when you deploy them; just hold on tight to your balaclava and make a run for it.

The hardware side of this hack is the Attiny85-based Digispark, clones of which can be had for as low as $1.50 USD depending on how long your willing to wait on the shipping from China. Even the official ones are only $8, though as of the time of this writing are not currently available. Encapsulating the thing in black shrink tubing prevents it from shorting out, and as an added bonus, gives it that legit hacker look. Of course, it wouldn’t be much of a hack if you could just buy one of these little guys and install the Rubber Ducky firmware on it.

In an effort to make it easier to use, the official Rubber Ducky runs scripts written in a BASIC-like scripting language. [Tomas C] used a tool called duck2spark by [Marcus Mengs], which lets you take a Rubber Ducky script (which have been released by Hak5 as open source) and compile it into a binary for flashing to the Digispark.

Not quite as convenient as just copying the script to the original Ducky’s microSD card, but what do you want for less than 1/10th the original’s price? Like we’ve seen in previous DIY builds inspired by Hak5 products, the trade-off is often cost for ease of use.

[Thanks to Javier for the tip.]

26 thoughts on “DIY Rubber Ducky is as Cheap as its Namesake

  1. Those Attiny sticks with software USB aren’t very reliable. They’re often not detected by the PC, or lose characters.
    I prefer ATMega32U4 based sticks. They’re more expensive (but not much), available also in the housing of an unsuspicious USB flash stick, and very reliable, because the chip has native USB.

    If you want to know how to use such a chip as a simple password safe, look here:

    https://gitlab.com/kerlkloss/Arduino_USB-Password-Typer

        1. I did that once, using an LPC11U24 – My boss was NOT happy. His mails stated that he was having PC troubles. Went on for 5 days, he didn’t notice the PCB with red LEDs sticking out of his desktop. Somehow the random script got random,and CAPSlocked every few hundred milliseconds. Bad programming I guess :D

  2. They’re fun, I have one, but the keyboard programmed into it is based on a US keyboard layout, so if you want a emulate a keyboard in a non-US country (for example to use symbols like [ ] ” / \ …) you’ll have to change the keyboard settings on your computer or change the key array in the code, which is not easy since there’s a lot of trial and error.

    1. Previously available solutions and tutorials emulating a RuberDucky on a DigiSpark suffer from poor keyboard layout support for non-US languages. This is solved on duck2spark by “outsourcing” the problem to DuckEncoder which supports multiple keyboard layouts.

  3. I bought two pieces and it appeared to be a good idea because one of the wont work for most of the time.
    The second thing is that I was not able to upload the arduino sketch in windows environment, it worked only on mac os (uploaded script is executing properly on windows).
    Anyways looking at my pranked co-worker was worth paying 1$ (i plunged it into usb port on the back of his monitor :) )

    1. Cons about this and the hak5 attiny85 versions: The usb data traces D+,D- are too short (where it says cjmcu on the pcb). http://anykey.shop gives an alternative to the rubberducky, (half the price of a ducky, a bit more expensive than above links but less dodgy as a bare pcb with too short usb traces) it has a sturdy metal case to carry and make it look like any other usb stick. It’s used for keeping your master unlock password for 1-pass, your mac login or anything you want (bitcoin wallet for instance). Ofcourse you can still abuse/hack with it if you type a short shell/wget execute script…

  4. Anyone have familiarity with anything like these that will work on a Mac in single user mode? In the little experimenting I’ve done, I’ve found nothing that’ll work. Single user mode is pretty picky about what keyboard it’ll accept, even those made by Apple itself depending on the vintage of the computer and the keyboard it’s mated to.

  5. I don’t get the “basic like scripting language” of it. Use micropython for God’s sake if not a full blown SOC that can run an actual python interpreter. Sure it might not be “elegant” but nothing beats access to regex and list comprehensions.
    And if you want elegance do something like streaming pre-computed tables using dma.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.