A friend of mine told me that he was going to do a presentation about the famous Rubber Ducky.
For those of you who don’t know, rubber ducky is a USB dongle that emulates a keyboard disguised of flash drive.
Obviously, this is the perfect solution for a social engineering experiment, but at 44USD it is a bit pricey given that there are a few other devices that can perform in a similar way for less than 1/4 of the price.
Today I’m going to talk about one of those alternatives: The Arduino Beetle.
The arduino beetle is a tiny solution based on the ATMEGA32U4 the same micro controller that you can find in the Arduino Leonardo. It does support USB without any external components which makes it a very good option to build these minified dongles.
For this reason, creating arduino sketches that emulate a keyboard is quite trivial. In fact, it is so easy that it makes this tool look a bit worthless. Nevertheless, I’ve decided to create a small tool that would allow you to convert and use the existing Rubber Ducky Payloads with this little device.
How to Use it?
- Pick a payload you like and save it to a file. For instance this one: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload—osx-youtube-blaster
- Call rubberduino-convert and pass the payload file as the first argument. Pipe the output to a new file.
- Open your favourite arduino IDE and paste the contents of the file previously created.
- Upload the sketch to your arduino leonardo/beetle
- Enjoy 🙂
Issues
This is a very alpha version the code is not polished at all. Even though it does work pretty well there are a few issues:
- Symbol handling – Special symbols will depend on the keyboard layout that you’re using. Currently it is working with portuguese layouts but it needs to be adjusted in case you have a different one. The way I did it was to run a test sketch that would show you the output of each char mapped between 1 and 100. I then picked them and created a dictionary called symbol_ids inside the python module to map the char. ( e.g. {“/”: 39, “ç”: 11, “&”:24 } and so on ).
- The sketches are loooooong –
Because of the issue mentioned above, I have to rely on keyboard.write to send a char at the time. This can make the sketches look big and makes it uncomfortable to troubleshoot but it was the easiest way for me to do it. Feel free to improve it.This was improved by 15% ( the size of the compiled sketch ). - Delay handling – The payloads can be produced either by using a default DELAY command that will stay between actions or by explicitly adding them to the code. Currently I always add a DELAY command between the actions which means that I might be introducing more delays than I should ( e.g. the payload you provided already has them ).
Feel free to check out the code here: https://github.com/zatarra/rubberduino
You can get the Beetle for less than $6 on Aliexpress ( thanks deine0ma! )
PS: You can follow an interesting discussion on reddit