What is it?
It's a device that can be connected to a PC and pretend to be keyboard and mouse. The user can trigger specific actions using smartphone through wifi or bluetooth.
What can you do with it?
Plug it in to your friend's PC and by pressing a button on your smartphone:
📡access a website 📺play a youtube video 🔠type pre-defined text of your choice 📂download and execute file
- exfiltrate files to Dropbox and Gmail
💠move mouse cursor 🦆run ducky script
- and much more
- Automatic OS detection, allowing it to work on Windows, Linux, and macOS.
- Built-in presets with funny/weird videos and images.
- Preview feature, it allows to see what youtube video, wallpaper or website will be launched on the target PC.
- Option to use alt+numpad combinations on Windows (to type correct characters regardless of system language)
- Language switching to match the language setting on target machine without the need to reprogram the device. Supported settings are:
You can see how reliable are some of these settings here
- "Live text execution" checkbox
Review and presentation video thanks to:
Is it going to work on any PC and work instantly?
It was tested and working well with Windows 10
The smartphone application was made using "MIT App Inventor 2" and is open source. Initially it was made with Arduino Pro Micro and HC-06 bluetooth module. Currently it can also be made and used with Esp8266 wi-fi module instead of HC-06 using the same hardware setup spacehuhn used in wifi_ducky, see the guide for more details. It can be also made with JDY-10 and JDY-08 (BLE) modules (more details below).
- DIY guide - bluetooth version
- DIY guide - wifi version
- Documentation of Esp-12F (Wifi) based board
- Documentation of JDY-08 (BLE) based board
- Documentation of JDY-10 (BLE) based board
- Device types comparison (advantages and disadvantages of using Wifi/BLE/Bluetooth versions)
- OS specific functionality details
- List of updates
💰Devices for sale 💰
According to MIT App Inventor Team it will be possible to run application made using App Inventor on iOS soon (first quarter of 2019) which means that the supremeDuck application will not be limited to Android only. The progress of their work can be checked at: http://doesappinventorrunonios.com/
Credits / thanks to / kudos
Offensive MG Cables (O.MG) - the smallest of all publicly available wireless HID devices (based on espusb), resembles NSA tools with its' compactness.
wifi_ducky - very similar project to this but using browser instead of application.
Modified wifi_ducky versions - 4 different implementations.
ESPloitV2 - similar to wifi_ducky but has built-in exfiltration/phishing methods (browser based).
WiDucky - similar to wifi_ducky but has various ways of controlling it (Python, Windows program, Android app).
WHID - cheap board that can be used with various projects (e.g. wifi_ducky, ESPloitV2, supremeDuck).
WHID_elite - SMS based HID with neat exfiltration method, mousejacking and other features.
Bluetooth Rubber Duck - Digispark + HC-06 + application wireless HID.
The Darkwing Duck - Pro Micro + HC-06 + App inventor application wireless HID.
badusb.pw - I can't understand much but there are some relevant designs (of a board like WHID).