This is an open source keystroke injection device, similar to a well known USB rubber ducky
made by hak5. It looks and feels like an ordinary USB flash drive but acts as a keyboard that
types in a preprogrammed payload. This can be very useful for automating sysadmin tasks or
in penetration testing applications.
The device here is intended to be a much improved verison of USB rubber ducky, namely:
-
Made from inexpensive off-the-shelf parts, with not only open source firmware,
but hardware design files as well. This allows the user to do substantial
modifications to the design, as well as provides an option to build these yourself. -
Has a built-in interpreter (compatible with existing ducky script) which takes text files directly,
so you never have to install any encoder software and keep converting payload.txt to inject.bin. -
Can act as both keyboard and USB disk, allowing for better payloads; the memory chip is integrated,
so there is no need to keep sticking SD card in/out of various devices while developing payloads. -
Has an OS detection mechanism, which allows you to store multiple payloads simultaneously and
have the device automatically pick the correct payload to run. -
Extended set of commands for extra functionality, such as: without doing any firmware update
the user can set which VID / PID values to use, configure how the device should show up
(keyboard only / flash disk only / keyboard+disk), change keyboard layout, and many other things.
CHECK THE WIKI FOR HOW-TO-USE INFORMATION
project is designed using KiCad 5.0.2
check KiCad pcb file for PCB manufacturing info
check KiCad sch file + BOM.txt for component info
dimensions: 59x18x9mm
weight: 8g
programmer device used in this project is ST-Link V2
you can use single pin male-female jumpers or a 1x5pin jumper cable
make sure to plug the programming cable into the header the right way
based on full-speed (12Mbit/s) USB2.0 peripheral,
uses on-board 32MiB flash memory chip for data storage;
measured speeds for MSD access : read ~262.7 KiB/s, write ~66.8KiB/s.
While not very fast, it is enough for most badusb applications.
The pushbutton on the device is referred to as MSD-only button. Normally the payload is run
whenever you plug the device into a PC. But if you press and hold this button while inserting
the device, it prevents any keystrokes from being typed in.
When opening up the case, be careful no to break the plastic studs near
the USB connector and at the opposite (from USB) end of enclosure.
firmware (written in C) was developed on debian 9.7 system, using gcc-arm-none-eabi toolchain
(compiler, linker, binutils) and it does use gcc specific extentions.
was successfully compiled and tested with arm-none-eabi-gcc version 7.3.1
flashing software used = openocd
IDE used = emacs text editor + Makefile
depends on libgcc.a, which together with the linker script, startup code
and openocd configuration files is included in this repository.
files usb_rodata.h, hid_rodata.h, msd_rodata.h are not really
headers, but integral parts of usb.c, main.c, msd.c respectively.
they are not intended to be included in any other files.
to build the firmware cd into the /firmware/ directory, then type:
make
this will produce several output files, among which is firmware.bin
this is a file that contains the firmware to flash. To do it,
connect ST-LINKv2 programmer to the board, then to computer and type:
make upload
for your convenience, a pre-built binary firmware image is available in /extra/ directory.
/firmware/ --------------- contains makefile, linker script, source files; this is a build directory
/firmware/cmsis/ ------- necessary header files from CMSIS compliant STM32F0xx standard peripherals library
/firmware/stdlib/ ---------- standard statically linked libraries (libgcc.a)
/firmware/openocd/ ------- standard configuration files for openocd
/firmware/fatfs/ ----------- chan fatfs module for working with FAT filesystem, along with diskio.c + diskio.h
(custom low level driver for communication with W25Q256FVFG flash memory chip over SPI)
/firmware/usb/ ------------ custom USB stack, implementation of MSD and HID class devices
/firmware/main/main.c ------- file that contains main application
/firmware/main/support.c ------- file that contains interrupt vector table, IRQ handlers and startup code
/hardware/PocketAdmin.symbols/ -- project specific symbol library
/hardware/PocketAdmin.pretty/ --- project specific footprint library
/hardware/PocketAdmin.panel/ --- files for panelised version of PCB
/hardware/gerbers/ ----------- gerber+excellon fabrication output files
/extra/examplePayloads/ ----------- contains some example PocketAdmin payloads
/extra/pictures/ ------------------ contains device photos
/extra/mechanicalDrawings/ -------- contains info for various mechanical parts
/extra/fingerdb/ ------------------ contains OS fingerprint database
/extra/kblayout/ ------------------ contains alternative keyboard layout files
/extra/wikiPages/ ------------------ contains github wiki pages
/extra/schematic_rev1_2.pdf ----------- pdf version of schematic
/extra/firmware_rrnnnnnnnnnn ----------- precompiled firmware image for PocketAdmin (rr stands for board revision,
nnnnnnnnnn stands for firmware version. That is, firmware_120000000002 means board revision 1.2, firmware version 2)
if you have a problem / question / feature request, here are your options for contacting me:
send me an email to [email protected]
create a new github issue, or use of the existing one called general discussion
go to hackaday project page
go to my EEVblog forum post
also, you can check out my youtube channel
openbazaar shop link (online whenever my PC is running):
ob://QmeCrxkz8J1pvBx4nVE7EgZNkLfMftmKtz3dc5oo4bPgqr/store
or, you can preview the store here, if you do not have openbazaar app installed yet
tindie shop link: https://www.tindie.com/products/17300/