cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

DIY Rubber Ducky or HID Input stick

I built a prototype device so I could make very long password entry easier, the device just used bluetooth to a mobile app, but the magic took place in a leonardo chip that spoke HID over usb. This allowed me to replay a sequence of keys to unlock a workstation.

I never went into the rubber ducky use case, but effectively any key sequence you would have to invoke to infect a system can also be replayed.

 

The article is here REF:http://www.blogsploit.co.uk/2018/01/project-bluepass-easy-password-entry.html

 

Tags (3)
4 Replies
Newcomer II

Re: DIY Rubber Ducky or HID Input stick

It seems like a fun project. Thanks for sharing Smiley Happy

Highlighted
Reader I

Re: DIY Rubber Ducky or HID Input stick

Nice project. Thanks for sharing. Did something similar but was a RFID implmenetation instead of BT.

https://gmgolem.wordpress.com/2014/06/11/rfid-password-keeper-adapts-to-usage-scenarios-to-emit-pass...

Cheers,
Dennis
Newcomer III

Re: DIY Rubber Ducky or HID Input stick

I like it, I have an RFID version 😊 however I chose to keep the secrets on the smartphone.
Reader I

Re: DIY Rubber Ducky or HID Input stick

With you, keeping secrets on phone is neat. Just that personally i do find it more convenient to swipe card to login just as natural to opening the office locked doors Smiley Wink

 

Also agree with you smartphones give better versatility. While attempting to add TOTP feature, the dilemma between giving up the name card holder form factor to add RTC chip and coin cell battery holder, or some unholy powershell script was a hard choice. I ended up succumbed to the easier scripting solution to feed the MCU with a timestamp via serial. With a smartphone talking bluetooth, TOTP should be a piece of cake.