1$ USB Rubber Ducky alternative

Introduction

In my opinion items from the hakshop are way overpriced, at the time of writing the price of a rubber ducky is 44.99$

ITT: I’m going to show you how to make your own keystroke injection tool for about one dollar.

For this project we’ll be using a Digispark usb development board you can find them really cheap on aliexpress, I bough two of them for 1.06$ each

Setting up the dev enviroment

  1. Download the arduino IDE (https://www.arduino.cc/en/Main/Software)
  2. Install or Unzip the Arduino IDE
  3. Run the IDE and go to File->Preferences
  4. In the “Additional Boards Manager URLs” textbox add the URL “http://digistump.com/package_digistump_index.json” and click OK

how to add additional boards

  1. Go to the Tools->Board->Boards Manager and then from the type drop down select “Contributed”
  2. Select the “Digistump AVR Boards” package and click the “Install” button. Now wait while it finishes downloading

how to install additional boards

  1. If your using windows you’ll have to install the Digispark Driver (https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/DigistumpDrivers.zip)
  2. Now go to Tools->Boards and select the “Digispark (Default - 16.5mhz)“
  3. Select “USBtinyISP” in Tools->Programmer

configure to use digispark

Testing example code

You can find lots of examples for the Digispark just go to File->Examples

The example we are interested in is DigisparkKeyboard->Keyboard

  1. Open the example code File->Examples->DigisparkKeyboard->Keyboard
  2. Press the “Upload” button at the top (don’t plug in your Digispark yet)
  3. Wait for the message “Plug in device now… (will timeout in 60 seconds)” and then plug in your Digispark
  4. The code will be executed when it’s finished flashing

Here’s a video of me flashing it:

Final notes

The usb rubber ducky is a great tool to have, but if you don’t want to spend 45$ on a keystroke injection tool, I think this is as cheap as you can get.

Why is the ducky superior to this?

  • The ducky has a mSD slot (you can swap payloads easily)
  • The ducky has a 32-bit 60Mhz CPU while the Digispark has a 8-bit 1Mhz micro controller (the duck is faster)
  • It has an enclosure so you can disguise it as a USB drive (the ducky is inconspicuous)
  • You store payloads on the sd card so you get more memory (the digispark only has about 6k of flash memory after the bootloader)

Why this is superior to the ducky?

  • Instead of crying lots of mSD cards for different payloads you can carry multiple digisparks (sd cards are cheap but not as cheap as a digispark)
  • They are dirt cheap
  • You can customize it by adding status LEDs and DIP switches and other shit
  • You can actually run your code on it! (the rubber ducky is only a keyboard, but a digispark is a whole micro processor that can run your code)

What now?

Now go, order a digispark and get to work!

I would like to see your creations and hear your success stories.

Here are two examples of what you can do:

Using this to break into an android tablet.

Using this to spawn a meterpreter reverse tcp shell