Skip to content
Wireless "Rubber ducky" controlled by smartphone.
C++ C
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources
source Update 1.3 Jul 28, 2019
tools/btSerial Added switch to Wifi version Feb 8, 2019
LICENSE Update LICENSE Apr 13, 2017
README.md README.md Mar 30, 2019
UPDATES.md Update 1.3 Jul 28, 2019

README.md

title-image

What is it?

It's a device that can be connected to a PC and pretend to be keyboard and mouse. The user can trigger specific actions using smartphone through wifi or bluetooth.

What can you do with it?

Plug it in to your friend's PC and by pressing a button on your smartphone:

  • 📡 access a website
  • 📺 play a youtube video
  • 🔠 type pre-defined text of your choice
  • 📂 download and execute file
  • :shipit: exfiltrate files to Dropbox and Gmail
  • 💠 move mouse cursor
  • 🦆 run ducky script
  • and much more

Notable features

  • Automatic OS detection, allowing it to work on Windows, Linux, and macOS.
    os logos image
  • Built-in presets with funny/weird videos and images.
  • Preview feature, it allows to see what youtube video, wallpaper or website will be launched on the target PC.
    Preview-feature-gif
  • Option to use alt+numpad combinations on Windows (to type correct characters regardless of system language)
  • Language switching to match the language setting on target machine without the need to reprogram the device. Supported settings are:
Belgian Brazilian Canadian Switzerland Czech German
Dannish Spannish Finnish French UK Croatian
Italian Norwegian Portuguese Slovenian El Salvador US

You can see how reliable are some of these settings here

  • "Live text execution" checkbox

Video

Review and presentation video thanks to:
image

Is it going to work on any PC and work instantly?

It was tested and working well with Windows 10 ✔️, Windows 8 ✔️, Lubuntu 18.10 ✔️, Ubuntu 18.04 ✔️, straight after pluggin-in. On macOS 10.12⚡️ it prompted the user to setup the keyboard, after that it worked well, see macOS setup for details. It is problematic on Windows 7⚡️ (driver installation popup takes long time and sometimes requires replugging device, after that it usually works).

Implementation details

The smartphone application was made using "MIT App Inventor 2" and is open source. Initially it was made with Arduino Pro Micro and HC-06 bluetooth module. Currently it can also be made and used with Esp8266 wi-fi module instead of HC-06 using the same hardware setup spacehuhn used in wifi_ducky, see the guide for more details. It can be also made with JDY-10 and JDY-08 (BLE) modules (more details below).

Resources

Future

According to MIT App Inventor Team it will be possible to run application made using App Inventor on iOS soon (first quarter of 2019) which means that the supremeDuck application will not be limited to Android only. The progress of their work can be checked at: http://doesappinventorrunonios.com/

Credits / thanks to / kudos

⭐️ HAK5 and ⭐️ mame82 - encoding for different languages used in this project is in 99% based on their work. This project was created thanks to the long chain of people building on top of other people's ideas. If HAK5 did not popularize HID attacks with Rubber Ducky then most of projects like this would not exist. Thanks to ⭐️ authors of ducky scripts posted on HAK5Darren's page with payloads this project is richer in features. Thanks to ⭐️ Darren Kitchen for Dropbox Exfiltration and similar videos that all contributed in one way or another to this project.
⭐️ Seytonic - in a series of youtube tutorials presented how to use cheap Arduino Pro Micro as "Rubber ducky". It's worth to mention that ⭐️ Samy Kamkar also presented this kind of functionality with Teensy in 2014.
⭐️ Dejan from howtomechatronics.com - thanks for the tutorials about using Arduino with bluetooth module and App inventor.
⭐️ Mr Jesse Vincent who created FingerprintUSBHost which allows to recognize operating system of the target machine. Noteworthy is that ⭐️ gloglas used it in WifiDuckV2 (giving me idea to use it too) which is rewrite of ⭐️ spacehuhns's wifi_ducky.
⭐️ JackkTutorials - thanks for presenting this project in a video.
⭐️ Taifun - thanks for great App Inventor resources and extensions, this project is using few of them.
⭐️ Mr Martyn Currey for excellent BLE tutorial and resources.

Similar projects

Offensive MG Cables (O.MG) - the smallest of all publicly available wireless HID devices (based on espusb), resembles NSA tools with its' compactness.
wifi_ducky - very similar project to this but using browser instead of application.
Modified wifi_ducky versions - 4 different implementations.
ESPloitV2 - similar to wifi_ducky but has built-in exfiltration/phishing methods (browser based).
WiDucky - similar to wifi_ducky but has various ways of controlling it (Python, Windows program, Android app).
WHID - cheap board that can be used with various projects (e.g. wifi_ducky, ESPloitV2, supremeDuck).
WHID_elite - SMS based HID with neat exfiltration method, mousejacking and other features.
Bluetooth Rubber Duck - Digispark + HC-06 + application wireless HID.
The Darkwing Duck - Pro Micro + HC-06 + App inventor application wireless HID.
badusb.pw - I can't understand much but there are some relevant designs (of a board like WHID).

You can’t perform that action at this time.