2

I know the "USB Rubber Ducky" pretends to be a keyboard toward the OS, but I still don't understand how he can launch a script...

Normal keyboard can't just initiate keypress by itself right? Or maybe a special kind of driver is required?

700 Software
  • 13,997
  • 3
  • 55
  • 82
Duke Nukem
  • 717
  • 3
  • 10
  • 21
  • Well, it can send keystrokes, so that is what it does, on windows lets send win+r c m d return e c h o space " H e l l o space W o r l d " return – ewanm89 Jun 20 '16 at 13:00
  • 1
    As for sending keystrokes itself, why not, modern keyboards have a microcontorller that sends the keycode when button is pressed, why not just have it send a predefined list programmed into it instead? – ewanm89 Jun 20 '16 at 13:03
  • @ewanm89 You said "modern keyboards". Can you give more details please? I personnaly think that all keyboard proceed like this. – Duke Nukem Jun 20 '16 at 13:17
  • Pretty much any keyboard you buy today will probably be a microcontroler. First keyboards were directly wired to CPU, no multiplexing, one line for every key (think early telnet terminals), then specialist integrated circuits were used for this PS2, 9-pin serial, USB, some cheaper keyboards may still use them (http://www.farnell.com/datasheets/79209.pdf). However higher end keyboards certainly use standard micro-controllers with just keyboard specific programming now it's pretty much just as cheap and allows the addition of various functions. – ewanm89 Jun 20 '16 at 13:25

1 Answers1

7

When you press a key on a normal keyboard, the keyboard sends a message to the computer over USB that a key is pressed. A BadUSB device can send that same message. Instead of waiting for a keypress, it sends a couple of these messages after it has been plugged in.

So a BadUSB device doesn't just immitate a keyboard, it immitates a keyboard that has certain keys pressed in a certain order. The attacker can program a microcontroller with USB port to behave as a keyboard and press some keys after some time.

Sjoerd
  • 30,589
  • 13
  • 80
  • 107
  • 1
    I think it is worth stating that there are other attack vectors available to USB devices. However, Keyboard Emulation is one of the easier options. – 700 Software Jun 20 '16 at 13:13
  • 2
    Good point. A USB device can for example pretend to be a networking device and change your DNS server, so that the attacker can intercept all your network traffic. – Sjoerd Jun 20 '16 at 13:16
  • 1
    What's more, emulate a USB hub, and then you can emulate multiple devices off it simultaneously. – ewanm89 Jun 20 '16 at 13:27
  • 1
    Do these attack vectors are commonly used ? – Duke Nukem Jun 20 '16 at 13:30