cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kempy
Newcomer III

DIY Rubber Ducky or HID Input stick

I built a prototype device so I could make very long password entry easier, the device just used bluetooth to a mobile app, but the magic took place in a leonardo chip that spoke HID over usb. This allowed me to replay a sequence of keys to unlock a workstation.

I never went into the rubber ducky use case, but effectively any key sequence you would have to invoke to infect a system can also be replayed.

 

The article is here REF:http://www.blogsploit.co.uk/2018/01/project-bluepass-easy-password-entry.html

 

4 Replies
solhuebner
Newcomer II

It seems like a fun project. Thanks for sharing 🙂

Nobody
Newcomer II

Nice project. Thanks for sharing. Did something similar but was a RFID implmenetation instead of BT.

https://gmgolem.wordpress.com/2014/06/11/rfid-password-keeper-adapts-to-usage-scenarios-to-emit-pass...

Cheers,
Dennis
Kempy
Newcomer III

I like it, I have an RFID version 😊 however I chose to keep the secrets on the smartphone.
Nobody
Newcomer II

With you, keeping secrets on phone is neat. Just that personally i do find it more convenient to swipe card to login just as natural to opening the office locked doors 😉

 

Also agree with you smartphones give better versatility. While attempting to add TOTP feature, the dilemma between giving up the name card holder form factor to add RTC chip and coin cell battery holder, or some unholy powershell script was a hard choice. I ended up succumbed to the easier scripting solution to feed the MCU with a timestamp via serial. With a smartphone talking bluetooth, TOTP should be a piece of cake.