The FlyingDuckuino

a remote controlled USB Rubber Ducky for 5-10$

What if you want to use a rubber ducky to perform an USB HID attack and your victim does not leave his pc without logging off or at least locking it? You could use the flyingDuckuino to perform several attacks per remote controll from a more or less secure distance when you see your victim is working on the target device again.

• 1x Arduino micro *
• 1x 433 mhz receiver
• some copper or wire
• some antistatic foam
• some kind of housing [optional]
• soldering kit
• 1x 433 mhz rc remote controll

*Surely you could use a much cheaper Arduino compatible board, as the Pro Micro. I used this for this project as well, because it is a little bit smaller and much cheaper than the arduino, but i do own a real Arduino micro (and a couple of other boards). So please make sure to buy an official board as well, to support the Arduino team!

As the picture shows, you need to connect the VCC and GND to those of the Arduino Micro and connect one of the data pins of the 433 mhz receiver to one of the input pins of your arduino. I put some antistatic foam in the middle to connect both parts back to back. Doing the soldering is done pretty quickly (in my case pretty ugly as well, as I have bad soldering skills).

— thats it —

Well this is the part that totally depends on your preferences, needs or skills.

In my case, my skills were enough to kill and decapitate a rubber duck and use its head and some electrical tape as a housing. So it is a kind of hommage to the USB Rubber Ducky by Hak5*. In addition the duck head is glimmering red very nicely when plugged in.

* check out this awesome device!!!

figure out your remotes code

This is easy! Just downlad the RCSwitch library from sui77* (at this point: thanks for it!) and copy the folder into your …/Arduino/libraries/ – folder. Afterwards you can simply open the ReceiveDemo_Simple example through arduino software: file -> examples -> rc-switch -> ReceiveDemo_Simple and read out the values of your 433 mhz remote controll.

*just download it from github

the Arduino code

include "Keyboard.h"
#include 
int code1 = 1361;    //change to your remotes value
int code2 = 4433;    //change to your remotes value
void attack1(){                
  //place arduino code for one attack here
  delay(500);            
  Keyboard.print("Attack 1 launched.");
  delay(500);                 
  Keyboard.print("\nyou have been quacked\n");     
  delay(1000);
}
  
void attack2(){                
  //place arduino code for one attack here
  delay(500);
  Keyboard.print("Attack 2 launched.");
  delay(500);                 
  Keyboard.print("\nyou have been quacked\n"); 
  delay(1000);
}
//...and so on
RCSwitch mySwitch = RCSwitch();
void setup() {
  Keyboard.begin();
  digitalPinToInterrupt(3);
  mySwitch.enableReceive(0);  
  Serial.begin(9600);      //just for configuring the arduino
}
void loop() {
  
  if (mySwitch.available()) {
    
    int value = mySwitch.getReceivedValue();
    Serial.println(value);    //check your remotes value to change the code-variables
    
    if (value == code1) {     
      attack1();
      delay(3000);
    }
    
    if (value == code2) {     
      attack2();
      delay(3000);
    }
  }
  
  mySwitch.resetAvailable();
  
}

…you may just download it from github…

make it “quack like a duck”

Surely you do want to use ducky script to code your attacks. So feel free to use my ducky2arduino converter. Just name your file “input.txt” and run the script. Afterwards copy the relevant code from “input.ino” as a attack method into your flyingDuckuino Code

.…you may just download it from github…

If karma lefts me some time, I will write a better script to input a couple of ducky scripts and direclty make one flyingDuckuino script out of those.

well… You could do allmost everything you could do with multiple USB Rubber Ducky devices as well. Just keep it legal!

note:

433 mhz modules have a lousy range, which gets worse when tinkering the antenna of the receiver inside a housing. In addition those (cheap) modules are pretty unreliable! So maybe try to implent this project with bluetooth, rather than 433 mhz.