Arduino USB Rubber Ducky

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

This Documentation covers the construction of an USB Rubber Ducky with an cheap Arduino microcontroller.

Disclaimer

This Project most not be used to exploit others, it is for personal testing purposes only.

This part of the two entry documentation covers ATmega32u4 or SAMD processor based microcontrollers because this microcontrollers have an specific HID Component that is able to emulate an keyboard. To built an USB Rubber Ducky with the Arduino UNO read this Documentation: Documentation is work in Progress.

Compatible micro controller

Right now there are two micro controller produced by Arduino which use the ATmega32u4 processor

  • Arduino Micro
  • Arduino Leonardo

But there also cheaper third party microcontroller with this processeor which are also capable for this project too.

Requirements

  • Micro Controller
  • Arduino IDE
  • USB Cable

Description

This project uses the Keyboard.h library by Arduino for their HID compatible microcontroller. This microcontroller also work with the Mouse.h library which is not necessary for the USB Rubber Ducky.

Errors due to Keyboard Layout differences

The Keyboard.h library is based on the US Keyboard layout so you need to edit _asciimap if the Keyboard.cpp file.

If you use the Standard Arduino IDE on Windows, the keyboard.ccp file will be located in Arduino_IDE_Location/libraries/ Keyboard/src/Keyboard.cpp

Replace the const uint8_t _asciimap[128] (line 87 - 218) with the following _asciimap to use the German layout :

const uint8_t _asciimap[128] =
{
	0x00,          // NUL
	0x00,          // SOH
	0x00,          // STX
	0x00,          // ETX
	0x00,          // EOT
	0x00,          // ENQ
	0x00,          // ACK  
	0x00,          // BEL
	0x2a,          // BS	Backspace
	0x2b,          // TAB	Tab
	0x28,          // LF	Enter
	0x00,          // VT 
	0x00,          // FF 
	0x00,          // CR 
	0x00,          // SO 
	0x00,          // SI 
	0x00,          // DEL
	0x00,          // DC1
	0x00,          // DC2
	0x00,          // DC3
	0x00,          // DC4
	0x00,          // NAK
	0x00,          // SYN
	0x00,          // ETB
	0x00,          // CAN
	0x00,          // EM 
	0x00,          // SUB
	0x00,          // ESC
	0x00,          // FS 
	0x00,          // GS 
	0x00,          // RS 
	0x00,          // US

	0x2c,          //  ' '
	0x1e|SHIFT,    // !
	0x1f|SHIFT,    // "
	0x31,          // #
	0x21|SHIFT,    // $
	0x22|SHIFT,    // %
	0x23|SHIFT,    // &
	0x31|SHIFT,    // '
	0x25|SHIFT,    // (
	0x26|SHIFT,    // )
	0x30|SHIFT,    // *
	0x30,          // +
	0x36,          // ,
	0x38,          // -
	0x37,          // .
	0x24|SHIFT,    // /
	0x27,          // 0
	0x1e,          // 1
	0x1f,          // 2
	0x20,          // 3
	0x21,          // 4
	0x22,          // 5
	0x23,          // 6
	0x24,          // 7
	0x25,          // 8
	0x26,          // 9
	0x37|SHIFT,    // :
	0x36|SHIFT,    // ;
	0x64,          // <
	0x27|SHIFT,    // =
	0x64|SHIFT,    // >
	0x2d|SHIFT,    // ?
	0x14,          // @
	0x04|SHIFT,    // A
	0x05|SHIFT,    // B
	0x06|SHIFT,    // C
	0x07|SHIFT,    // D
	0x08|SHIFT,    // E
	0x09|SHIFT,    // F
	0x0a|SHIFT,    // G
	0x0b|SHIFT,    // H
	0x0c|SHIFT,    // I
	0x0d|SHIFT,    // J
	0x0e|SHIFT,    // K
	0x0f|SHIFT,    // L
	0x10|SHIFT,    // M
	0x11|SHIFT,    // N
	0x12|SHIFT,    // O
	0x13|SHIFT,    // P
	0x14|SHIFT,    // Q
	0x15|SHIFT,    // R
	0x16|SHIFT,    // S
	0x17|SHIFT,    // T
	0x18|SHIFT,    // U
	0x19|SHIFT,    // V
	0x1a|SHIFT,    // W
	0x1b|SHIFT,    // X
	0x1d|SHIFT,    // Y
	0x1c|SHIFT,    // Z
	0x25,          // [
	0x2D,          // bslash
	0x26,          // ]
	0x35,          // ^
	0x38|SHIFT,    // _
	0x2e|SHIFT,    // `
	0x04,          // a
	0x05,          // b
	0x06,          // c
	0x07,          // d
	0x08,          // e
	0x09,          // f
	0x0a,          // g
	0x0b,          // h
	0x0c,          // i
	0x0d,          // j
	0x0e,          // k
	0x0f,          // l
	0x10,          // m
	0x11,          // n
	0x12,          // o
	0x13,          // p
	0x14,          // q
	0x15,          // r
	0x16,          // s
	0x17,          // t
	0x18,          // u
	0x19,          // v
	0x1a,          // w
	0x1b,          // x
	0x1d,          // y
	0x1c,          // z
	0x24,          // {
	0x64,          // |
	0x27,          // }
	0x30,          // ~
	0              // DEL
};


Used Keyboard.h functions

My source codes of the only used the following five functions to mimic an USB Rubber Ducky:

Keyboard.begin();
Keyboard.end();

'begin()' initializes the emulation keyboard and 'end()' stops it.

Keyboard.print("string");  

The print command sends an string to the machine.

Keyboard.press();

Simulate the press of special Buttons like ESC with KEY_ESC or usual characters with 'c' this function stays active until the Keyboard.releaseAll(); comamnd gets executed.

Keyboard.releaseAll();

Releases all pressed buttons.

This two functions are used for short cuts like STRG + C:

Keyboard.press(KEY_LEFT_CTRL );
       Keyboard.press("c");
       Keyboard.releaseAll();

USB Rubber Ducky

The normal USB Rubber Ducky has already an Entry that explains its usage and the Ducky Script programming language.

Used Hardware

  • Paradisetronic.com Pro Micro Module with ATmega32U4, Arduino Leonardo Board similar, 5V, 16MHz

Simple example program

The following program opens the command line on an Windows 10 based machine and issues the ipconfig which displays the IP addresses of your Interfaces.

#include <Keyboard.h> 

void setup() {
     Keyboard.begin(); --------------------| Starts the program
     delay(500);

     Keyboard.press(KEY_LEFT_CTRL ); ------|
     Keyboard.press(KEY_ESC);              | Opens Windows Start
     Keyboard.releaseAll(); ---------------| with Strg + ESC

     delay(500);

     Keyboard.print("cmd"); ---------------|
     delay(100);                           | Opens Console 
     Keyboard.press(KEY_RETURN);           |
     Keyboard.releaseAll();                |
     delay(500); --------------------------|
     Keyboard.print("ipconfig"); ----------- Issues Ifconfig command
     delay(100);
     Keyboard.press(KEY_RETURN);
     Keyboard.releaseAll();
 
     Keyboard.end(); ----------------------| Ends the program
}
 
void loop() {}

References