No it’s not an open source version of Bert’s favorite bathtime toy (though seriously, let us know if you see one), the PocketAdmin by [Radik Bechmetov] is intended to be an alternative to the well-known “USB Rubber Ducky” penetration testing tool from Hak5. It might look like a standard USB flash drive, but underneath that black plastic enclosure is a whole lot of digital mischief waiting to spill out.
The general idea is that the PocketAdmin appears to the host computer as either a USB Human Interface Device (keyboard, mouse, etc) or a USB Mass Storage Device. In either event, the user has the ability to craft custom payloads which can exploit the operating system’s inherent trust in locally connected devices. The most common example is mimicking a USB keyboard that starts “typing” once connected to the computer.
You can even configure what vendor and product IDs the PocketAdmin advertises, allowing you to more accurately spoof various devices. [Radik] has included some other interesting features, such as the ability to launch different payloads depending on the detected operating system. That way it won’t waste time trying to bang out Windows commands when it’s connected to a Linux box.
The hardware is designed to be as easy and cheap to replicate as possible. The heavy lifting is done by a STM32F072C8T6 microcontroller, coupled with a W25Q256FVFG 32MiB flash chip to store the payloads. Beyond that, the BOM consists mainly of passives and a few obvious bits like the male USB connector. [Radik] has even provided a link to where you can buy the convincing looking USB “flash drive” enclosure.
We’ve seen low-cost DIY versions of the USB Rubber Ducky in the past, but PocketAdmin is interesting in that it seems like [Radik] is looking to break new ground with this project rather than just copy what’s already been done. This will definitely be one to watch as the 2019 Hackaday Prize heats up.
12 thoughts on “An Open Hardware Rubber Ducky”
*Ernie’s favorite bathtime toy.
–signed, a parent of toddlers. XD
The important details right here.
Exactly, Bert’s favourite bath time toy was Ernie.
Any idiot can build a bad HID for USB.
But whats the point?
Either automating mundane administration duties, OR p4wn fun to pentest systems.
Other inexpensinve alternatives, if you already have Raspberry Pi zero W to play with are:
DuckberryPi — (older) https://github.com/ossiozac/Raspberry-Pi-Zero-Rubber-Ducky-Duckberry-Pi
P4wnP1 — https://github.com/mame82/P4wnP1
newer P4wnP1 — https://github.com/mame82/P4wnP1_aloa
And there are probably others.
Kudos to the PocketAdmin project. Looks awesome, with it’s own PROs vs others.
Have A Nice Day.
Hopefully to drive away sourpuss commentators like yourself.
Does saying that make you feel better about yourself? Seems they put a fair bit of work into making a more refined version of something, and sharing it with others to push the state of the art forward. Which is why we check this site, no?
I think this one is a lot cooler than the basic builds. Multiple payloads reminds me of when U3 drives could autorun on public computers. It’s comp sec fun
If that’s what you like, the p4wnp1_aloa can do virtual cd drive from, usb.
I still need to try a different firmware on my ole original USB Rubber Ducky.
Was thinking twin duck. Not quite as fancy as PocketAdmin, but close.
Have A Nice Day.
I’m still waiting for the change to Linux or Windows that changes the default to ‘one keyboard only’. So if you connect a second keyboard or a device that claims to be one, it will be blocked either completly or a requester pops up where the user has to enter something using the already connected keyboard.
Bonus points for rerouting the input that the new device generates into a file for further analysis.
Would make this attack vector more difficult to use.
If Linux has the concept of layered drivers, it could be possible and not too difficult. Insert a driver in the chain that analyzes the usb requests for new devices, and compare the number of keyboards to a configured parameter ( like, in a file on /etc/keyboards ) .If this new one makes it go over the max number, then prompt the user.
Would not help much if the ill-intentioned person disconnects the “normal” keyboard from the computer, though. Or if this device can be configured as a passthrough device, disguised in to an usb extension cable, perhaps.
Then someone will make MITM keyboard that accepts any keyboard, clones it’s VID/PID and descriptor and does it’s stuff while computer sees only keyboard that was connected before.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)