A script to run on an Arduino (using atmega32u4 chip) which reads ducky-like scripts from a microSD card.
A project based on the work of Seytonic's Duckduino-microSD. Videos of his project can be found here and here. I wanted to tackle this project myself as both a learning experience and a utility tool for my craft.
- Write .ino file to Arduino
- Create and load scripts onto microSD card
- Select script via DIP switch configuration
- Plug Arduino into PC to execute script
- Press and hold tactile button when plugging Arduino into PC to not execute script
| Script name | Script capabilities |
|---|---|
| Arduino-RubberDucky-Part1 | Single payload script |
| Arduino-RubberDucky-Part2 | MicroSD payload script |
| Arduino-RubberDucky-Part3 | In progress... Bluetooth Remote Interactivity |
| Payload script | Description |
|---|---|
| SingleScript | A simple paylod which runs cmd.exe and echos "Hello world" |
| DIPSwitch | 64 payloads based on a 6-way DIP switch's binary output. The first script "000000" is the same as the SingleScript. In addition is a txt file with all 64 filenames listed that can be used to index/record your script usage |
- 1x Arduino Leonardo Pro Micro
TZT Pro Micro ATmega32U4 5V 16MHz Original Chip Replace ATmega328 For Arduino Pro Mini With 2 Row Pin Header For Leonardo UNO R3
- 1x MicroSD card reader module
Micro SD Storage Expansion Board Micro SD TF Card Memory Shield Module SPI For Arduino Formatted as FAT32
- 1x Tactile switch
- 1x Resistor
Unknown, taken from Arduino Uno Starter kit.
- 1x DIP Switch
6 way DIP switch, standard pcb IC mounting. Can use various sizes based on Arduino pinout.
- 1x Bluetooth Module
Generic Board
Data below based on breadboard layout.
| Build Part | Module Pin | - | Module Pin | - | Module Pin |
|---|---|---|---|---|---|
| Part 1 | Arduino VCC | -> | microSD VCC | ||
| Part 1 | Arduino GND | -> | microSD GND | ||
| Part 1 | Arduino D14 | -> | microSD MISO | ||
| Part 1 | Arduino D16 | -> | microSD MOSI | ||
| Part 1 | Arduino D15 | -> | microSD SCK | ||
| Part 1 | Arduino D4 | -> | microSD CS | ||
| Part 1 | Arduino VCC | -> | TactileButton-1 | ||
| Part 1 | Arduino GND | -> | Resistor | -> | TactileButton-2-1 |
| Part 1 | Arduino D10 | -> | TactileButton-2-2 | ||
| Part 2 | Arduino D3 | -> | DIPSwitch-1 | -> | Arduino GND |
| Part 2 | Arduino D5 | -> | DIPSwitch-2 | -> | Arduino GND |
| Part 2 | Arduino D6 | -> | DIPSwitch-3 | -> | Arduino GND |
| Part 2 | Arduino D7 | -> | DIPSwitch-4 | -> | Arduino GND |
| Part 2 | Arduino D8 | -> | DIPSwitch-5 | -> | Arduino GND |
| Part 2 | Arduino D9 | -> | DIPSwitch-6 | -> | Arduino GND |
| Part 3 | Arduino VCC | -> | BTModule-VCC | ||
| Part 3 | Arduino GND | -> | BTModule-GND | ||
| Part 3 | Arduino D0 (TX0) | -> | BTModule-TX | ||
| Part 3 | Arduino D1 (RX1) | -> | BTModule-RX |
- Wiring MicroSD reader to Arduino board
- Wiring tactile button to board.
- Wiring DIP switch to board.
- Wiring BTModule to board. (Work in progress)
- Plug into PC and write .ino file to Arduino. (Work in progress)
- Insert MicroSD into PC and copy in DIPSwitch profile scripts. (Work in progress)
- I originally had a lot of trouble getting this working which ended up being a result of my pin contacts failing to carry signals. If you're using pins, ensure they're soldered.
- Long ducky-like script strings may crash Arduino due to RAM consumption. String lines over 300 characters should be split into separate lines. This will not affect how the script runs but will help reduce RAM consumption.
STRING abcdefghijklmnopqrstu STRING vwxyzmnopqrstuvwxyz
- Hyphens must not be used for simultaneous key presses due to current scripting.
"CTRL ALT DELETE" instead of "CTRL-ALT-DELETE"
- Features not implemented: DEFAULT_DELAY, REPLAY. This project uses Arduino's inbuilt keyboard.h library, any keys not implemented in that will not work with this. eg: PRINTSCREEN.
- Confirm resistor used in hardware for documentation.
- Find a better/efficient wiring method for the tactile button. I'm not too knowledgable on wiring.
- Install bluetooth module for remote interactivity.
- Implement more keys that aren't used in keyboard.h library.
- 3D print a small form factor housing.
- Expand example payloads based on official Hak5 rubberducky payloads - Github
- Emulate official Hak5 rubberducky attackmodes - documentation