8888888b. 8888888b. d8b 888 "Y88b 888 Y88b Y8P 888 888 888 888 888 888 8888b. 888d888 888d888 .d88b. 88888b. 888 d88P 8888b. 888 88888b. .d88b. 888 888 888 888 "88b 888P" 888P" d8P Y8b 888 "88b 8888888P" "88b 888 888 "88b d8P Y8b 888 888 888 888 .d888888 888 888 88888888 888 888 888 T88b .d888888 888 888 888 88888888 888 888 888 .d88P 888 888 888 888 Y8b. 888 888 888 T88b 888 888 888 888 888 Y8b. Y88b 888 8888888P" "Y888888 888 888 "Y8888 888 888 888 T88b "Y888888 888 888 888 "Y8888 "Y88888 888 Y8b d88P "Y88P" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HID or Human Interface Devices are devices that allow the user to interace with a system such as a PC. Common example of HID devices are Keyboards and Mice but there are other input devices such as webcams or even the Microsoft Kinect. These devices are ussaly required for the user to interact and use there machine which is why HID attacks are almost impossiable to prevent as the computer DOES NOT know the difference between a user typing at 5 characters per second and a malicious device typing at 1000 characters per second.
So now the Ardunio. an Ardunio is a open source microcontroller platform that has near infinite possibilities such as making LEDs blink,A small logic controller, A webserver or even a HID controller which is what we are going to be using.
There are embedded devices similar to the Ardunio that are delicated to HID attacks such as the USB RUBBER DUCKY. This device uses a Teensy microcontroller which is similar to the Ardunio but the main difference is cost with the USB Rubber ducky price at nearly £40!! it can be very expensive if you want more than one or if you lose one compare the £40 to just £2 or £3 for an Ardunio.
Setup
There are a view things you need to get started:
An Ardunio with a 32u4 or 16u4 Chip
Ardunio IDE Free Download at Ardunio.cc
A Micro USB cable or USB to Micro USB Adapter
Dckuino.js Which cn be Downlod on GitHub Or used online HERE
To make this quick and simple with are going to use a convertor that converts Ducky Script (A very simple programming lanuage for the USB Rubber Ducky) to C code that the Ardunio can understand and execute. This will allow use to program the Ardunio to act like a Keyboard below is some example code in Ducky Script that will wait 1 second after the device is plugged in and then type Hello World.
Ducky Script
DELAY 1000
STRING Hello World
Functions
Here are some basic commands and their functions
STRING - Something to Type
ENTER - Send the enter key or return key
DELAY - Wait x amount of miliseconds
GUI - Press the Windows Key or system equivalent
GUI + R - Press the Windows Key + R system equivalent
TAB - Send Tab Key
Converting To Ardunio Code
Ok so now we have our Ducky Script we can just copy and paste that into Dckunio.js click compile and copy the output code into the Ardunio IDE, make sure the correct port is selected and click upload and as soon as it uploads it will run your code and now you have your own HID Attack tool or USB Rubber Ducky for £2-£3. Now whenever you plug your Ardunio into a PC or other system it will beginning running your code.
Conclusion
There is so much more that you can do with the Ardunio if you know how to write in C or Ardunio code you can even make your Ardunio move the mouse and click on things as well as act like a keybord and type. There are some limitations such as memory but by adding a Micro SD card reader you can solve this issue.