The PeekingDuck app allows you to inject your own keystrokes into a computer. It does this with the help of the Android Keyboard Gadget, which allows us to turn the phone into a keyboard. This application is meant to emulate and build upon the functionality of the USB Rubber Ducky. The app supports DuckyScript, the language used by the USB Rubber Ducky to interact with the keyboard.
The application features:
- Ability to load, edit, and create DuckyScripts
- Add script instances to the queue (meaning you can queue multiple instances of the same script!)
- A simple user interface (No need for terminal emulators!)
- Run scripts when the phone is connected to a PC (currently requires the application to be in the foreground when the phone is connected)
- Use the phone storage to copy or save files from the connected computer when using MTP mode.
Please note that this application requires root permissions to execute scripts, and a phone with a kernel that supports HID. This application was developed and tested on a Nexus 5 running Android 6.0.1 with Kali NetHunter software installed.
This application was developed as a group university project.
How to use
- Creating a new script
- Loading a new script
- Delete a script
- Add script to the Queue
- Run the Queue
- Run the Queue on connection
- Re-order the queue
- Delete a script from the queue
- Clear the Queue
- Transferring Files
Our example scripts can be found here.
Creating a new script
The app allows a script to be added by typing it out within the app. This can be done by open the navigation bar and selecting the option "Create New Script"
You then will be brought to a new screen with two text boxes. The first text box is for the name of the script, the second is for the script itself. For a full tutorial on the syntax and functions available in this scripting language, visit the DuckyScript wiki page.
Once you're done creating your script, it can be added to the app with the + icon at the top right of the screen (in the toolbar).
Loading a new script
The application supports loading a script from internal storage. This is done by opening the navigation menu and selecting "Load New Script"
The phones file explorer should then appear, prompting the user to select a file. Once a payload has been selected, it should be loaded into the new script screen, allowing the user to enter a name for the script and add it (via the + icon in the toolbar).
Delete a script
To delete a specific script, select the trash can icon within that item.
You will be prompted to confirm, click yes to delete.
Add script to the Queue
Once a script has been added to the app, it can be placed in the queue. Navigate to the scripts page and click a script. This will open up the script editor. This will allow you to edit the script before adding it to the queue. This is necessary as some scripts hold variables (such as IP / Port), which need to be entered before the script is ran. Once the script is ready to be added to the queue, it can be done so via the + icon at the top right of the screen.
Once this has been done, the queue can be viewed by open the navigation bar and selecting "Queue". Multiple instances of the script can be added to the queue.
Run the Queue
The queue can be ran once it has at least one item in it. This can be done by pressing the play icon at the top right of the queue screen within the toolbar.
Run the Queue on connection
The queue doesn't have to be run immediately, it can wait to be ran when there is a connection made to a PC. This can be done by simply pressing the play button while the phone is not connected to a computer. The app will detect it's not currently connected and prompt you to run when it is. Select yes on this prompt.
Re-order the queue
Queue items can be re-ordered by simply long pressing on a queue item and dragging it up or down. The item must be held for 1+ second, the phone will vibrate to confirm you've picked up the item.
Delete a script from the queue
Queue items can be deleted by pressing the - icon on the queue item.
Clear the Queue
While on the queue screen, press the trash can icon at the top right of the screen, in the toolbar. This will prompt you to confirm before clearing the queue.
To mount the phone as a storage device, navigate to Developer Settings (if you don't know how to do this, here is a quick tutorial).
Then find the "Select USB Configuration" option and choose MTP. Please note that in some versions of Android this feature is bugged and will only work on the first connection, and reset to charging only afterwards - even though the option will still say MTP is the default configuration. There is no permanent fix for this, meaning you will have to complete these steps every time you connect the device if you wish to use a script which can transfer files.
Since phones do not mount as conventional storage devices on Windows, there is an example script outlining how to do this here.