Skip to content

Terzer-bit/AntiRD

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AntiRD

Rubber Ducky / BadUSB Prevention System

AutoHotkey PowerShell NSIS

A real-time endpoint security utility that aggregates automatic hardware event monitoring, immediate keystroke interception, secure input isolation, and randomized multi-digit authorization into a single, high-priority background service.


Table of Contents

  1. Project Overview
  2. What is BadUSB and Rubber Ducky
  3. Getting Started
  4. Contact

Project Overview

AntiRD is a lightweight endpoint protection utility for Windows designed to mitigate keystroke injection and BadUSB attacks. Built with PowerShell and a highly optimized AutoHotkey v1.1.37.2 runtime, input hooks are executed with elevated process priority to achieve near-instantaneous blocking, neutralizing high-speed payloads before malicious commands can execute.


What is BadUSB and Rubber Ducky

BadUSB is a security vulnerability inherent to the USB standard. It allows the firmware of a USB microcontroller (found in flash drives, cables, or power adapters) to be reprogrammed to spoof other device classes. Most commonly, a compromised device masquerades as a Human Interface Device (HID)—such as a keyboard—allowing it to bypass standard endpoint security and execute unauthorized commands.

USB Rubber Ducky is a specialized keystroke injection tool disguised as a standard USB flash drive. Originally developed for penetration testing, the device emulates a high-speed keyboard to execute pre-configured scripts (payloads) immediately upon connection. It exploits the operating system's implicit trust in Human Interface Devices (HIDs) to compromise a system in a matter of seconds.


Getting Started

Deploy AntiRD immediately using the pre-compiled installer, or build it directly from the source files.

Run the project

Installation & Deployment

  1. Download the AntiRD_Setup.exe installer from the latest release.
  2. Execute the installer with Administrator privileges if needed.
  3. The setup wizard will automatically install the core binaries and configure the boot-time startup shortcut.
  4. Restart the system to apply the startup configurations and initialize the hardware monitor.

File Verification (SHA-256)

For security purposes, you can verify the integrity of the installer binary using the SHA-256 hash provided in the release notes.

To verify the hash in Windows PowerShell, run:

Get-FileHash .\AntiRD_Setup.exe -Algorithm SHA256

How to build the project

Required tools

  • AutoHotkey v1.1.37.2 (specifically the Ahk2Exe compiler tool)
  • NSIS v3.06 or later (Nullsoft Scriptable Install System)

Build and Deployment Workflow

  1. Source Preparation: Develop and refine the core security scripts: the PowerShell hardware monitor and the AutoHotkey (inputBlock) input-blocking utility.
  2. Binary Generation: Compile the AutoHotkey script into a standalone executable (inputBlock.exe) using the official Ahk2Exe compiler.
  3. Packaging Configuration: Structure the NSIS script to bundle the compiled binary and the PowerShell monitor. Ensure the installer is configured to allocate a shortcut to the PowerShell script inside the Windows Startup directory ($SMSTARTUP) for automated, boot-time protection.
  4. Installer Compilation: Build the final deployment package using the NSIS compiler to generate the standalone AntiRD_Setup.exe installer.

Assets

Icon based on works by Jeremiah and Iconshock:

License: Creative Commons Attribution 4.0 (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/


Contact

For any details contact the owner of the project on:

About

Prevent Rubber Ducky executions from suspicious USBs

Topics

Resources

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors