Installing USB Rubber Ducky On 3rd Party Devices

Earlier I posted some instructions on setting up USB Switchblade. Even though it is a rather outdated piece of software as a few people have pointed out. I also talked about Hack5 releasing a new product called USB Rubber Ducky, the next generation of Switchblade. I will not be buying one because they are rather expensive for such a simple Arduino board and in my opinion it’s not very discreet. But if you wish to invest in one you can order one in the HakShop.

I did some work the other night and I found a tool called the LeoStick a arduino with USB-HID capability. I have have some more good news, seeing as LeoStick  can pretend to be a USB-HID device, it can do the exact same thing Rubber Ducky can do but much cheaper. I happen to have a Arduino-Leonardo laying around (same thing as LeoStick but bigger). So I spent an hour or two writing a quick shell script which can convert ducky script payloads into a sketch suitable for uploading to the LeoStick (or any arduino that has USB-HID capability). The end result is a small bash script which can be downloaded from here.

Usage is fairly simple – you run the script with two options – the first being the payload file, and the second being the arduino script output.

 ./compile_payload lock_prank.txt lock_prank.ino

Various payloads can be found linked from the USB-Rubber-Ducky wiki

Also note that to get this working you need to edit the arduino libraries so that the sendReport function is marked as public.

To to this edit the USBAPI.h file which can be found in ${ARDUINO_DIR}/hardware/arduino/cores/arduino directory.
This may be /usr/share/arduino/hardware/arduino/cores/arduino/USBAPI.h or similar
If you installed the LeoStick board stuff from their website then it will be under your sketches directory as hardware/LeoStick/cores/arduino/USBAPI.h

Open that file and find

    KeyMap* _keyMap;
    void sendReport(KeyReport* keys);
    void setKeyMap(KeyMap* keyMap);
    virtual size_t write(uint8_t);

Then change that to

KeyMap* _keyMap;
void setKeyMap(KeyMap* keyMap);
void sendReport(KeyReport* keys);
virtual size_t write(uint8_t);
About these ads

6 thoughts on “Installing USB Rubber Ducky On 3rd Party Devices

  1. Saibottomus

    Why don’t you use a Teensy? They cost like $16 and the software for USB rubber duckey is free and open source.

    1. ctrlaltnarwhal Post author

      LeoStick is smaller than teensy and in my opinion more usable as a device for penetration testing.

  2. Cathal Garvey

    I rewrote it in Python; it’s faster, and the diffs between outputs on sample payloads seem insignificant, so looks like it’d work equivalently. Unless you have any objections, I’d like to put this on Github:

    import sys
    import io
    infile = sys.argv[1]
    template = sys.argv[2]
    outbuffer = io.StringIO()

    with open(template) as InF:
    with open(infile) as InF:
    dscontents =
    for line in dscontents.splitlines():
    cmdline = line.strip().split(None, 1)
    if len(cmdline) > 1: command, options = cmdline[0], cmdline[1]
    else: command, options = cmdline[0], ”
    modifiers = ["0"]
    key1 = “0″
    key2 = “0″

    if command == “REM”:
    outbuffer.write(” // {0}\n”.format(options))
    elif command == “STRING”:
    options = options.replace(“\\”,”\\\\”).replace(‘”‘,’\\”‘)
    ifs = ‘ ‘
    outbuffer.write(‘ Keyboard.print(“{0}”);\n’.format(options))
    elif command == “DELAY”:
    delay = int(options) * 10
    outbuffer.write(” delay({0});\n”.format(delay))
    modappends = {
    keysubs = {
    “MENU”:”PROPS”, “APP”:”PROPS”,
    for token in line.strip().split():
    key = “”
    if token in modappends:
    elif token in keysubs:
    key = keysubs[token]
    key = token
    if key:
    key = key.upper()
    if key1 == “0″:
    key1 = “KEY_{0}”.format(key)
    key2 = “KEY_{0}”.format(key)
    modifiers = ”.join(modifiers)
    outbuffer.write(” sendKey({key1}, {key2}, {modifiers});\n”.format(key1=key1,key2=key2,modifiers=modifiers))


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s