Android Hacking with the USB Rubber Ducky


Android Hacking with the USB Rubber Ducky

This time on the show, hacking Android with the USB Rubber Ducky. Darren revisits the original Human Interface Device Attack tool and shows off the 4th generation hardware. Plus improve your Ubuntu boxes performance with a few simple tips - Shannon reports.

Revisiting the USB Rubber Ducky and Lethal Android Payloads

A lot has happened since we first introduced the USB Rubber Ducky hardware a little over a year ago. We excelled in some areas, fell flat in others, and over time with the help of the community come close to where the project should be.

First, a little background. The USB Rubber Ducky concept is quite simple - violate the inherent trust the computer has in the human. If you can gain physical access to a machine, even for just a few seconds, you should be able to inject a payload at extreme speed using just keystrokes. This is done with relative ease given the fact that all computers, since the beginning, have trusted keyboards as they represent human input. The USB HID class allows us to mimic a keyboard while injecting preprogrammed keystrokes.

The project started as a proof of concept using a development board called the USB Teensy. This small Arduinio clone could perform a HID attack, as demonstrated on early episodes of Hak5. Darren shared his USB Rubber Ducky prototype off to IronGeek at Shmoocon 2010 and a month later the cat was out of the bag. IronGeek recreated the attack using the Teensy and demo'ed it, crediting Hak5, at OuterZone in March. That month the USB Rubber Ducky prototype was demoed on Hak5 and a development team was kickstarted by sending 100 boards to developers around the world.

Based on feedback from these developers we came to a few conclusions. In order for the USB Rubber Ducky to be a success we needed to make it simple. Rather than program and flash a device using C code, we developed a scripting language which could be written in standard text files. A cross-platform program would convert the text file into a binary to be moved onto the root of a micro SD card. With the micro SD card inserted into the USB Rubber Ducky the HID attack was ready for deployment. To further the enhance the USB Rubber Ducky as a covert HID attack tool it was fitted with a generic USB flash drive case. The custom hardware USB Rubber Ducky was born.

The first generation USB Rubber Ducky wasn't without some serious issues to overcome. The small batch PCB assembly was at such a high cost that the initial retail release was $80 - three times that of an adequately equipped teensy. The latch holding the microSD card could inadvertently spring open in use. The firmware was only able to attack Windows targets, and the ducky script encoder only supported US keyboards. The later was a huge oversight by the US-centric development team. To make matters worse, licensing issues encumbered the timely open sourcing of the firmware.

What had started as a modest hardware project turned out to be a nightmare. Developers were unhappy with the lack of source code, the high price and the compatibility problems. The ducky team tried several firmware fixes only to fall flat and waste time. Eventually the licensing restrictions were overcome and the source code was produced on github.

Since then the promise of community development has shown its power. One developer in particular, Midnight Snake, took on two of the most challenging issues -- cross platform compatibility and international language support. During this time Hak5 worked on several hardware revisions of the USB Rubber Ducky, replacing the faulty microSD card latch with a slot and finding ways to lower the costs of production.

So far there have been four hardware revisions. The first (black) debuted at $80 while between the second (red), third (white) and currently fourth (green) the hardware has finally come down to half the cost as it was at launch.

Furthermore several enhancements have been made to the way payloads are generated. At first a wiki and forum were setup to share payloads. Several have been shining examples of the USB Rubber Ducky's power - like the four line wget & execute from PowerShell by Mubix, or the Windows 7 backdoor and 15 second reverse shell.

To simplify payload writing process several of the most popular payloads have been adapted to the online generator at Simply fill in the blanks, click generate and receive a bin file ready for use on the USB Rubber Ducky.

Android hacking has also debuted. Following the introduction of Kos' ( P2P-ADB attack, and the subsequent Micro-to-Micro OTG or ""Kos Cable"" we made him, we're excited to publish a few useful Android payloads. The first enables developer mode and USB debugging, perfect for use with Kos' P2P-ADB attacks, while another simply adds an open WiFi access point to the device so Android can more easily be friends with the WiFi Pineapple.

A tremendous amount of progress has been made over the last year and it's thanks in most part to the USB Rubber Ducky community who has continued to support the platform. With a lot of the bugs worked out, costs reduced and process made even more simple we're very excited to see what's in store for the next generation of the USB Rubber Ducky."

How to Speed Up Ubuntu

The UpUbuntu blog has a bunch of useful info for Ubuntu users, and here are some handy features that you can use to speed up older versions of the OS or older computers.

1. The daemon Preload stores commonly used apps in the background in a cache so that they can be called quickly with faster load times. It monitors applications that users run, and by analyzing this data, it fetches those binaries and their dependencies into memory for faster startup times. To install: sudo apt-get install preload. Preloads default settings are good but if you want to update them we have the link to the UpUbuntu blog in the shownotes.

2. AutoClean your APT cache with this command: sudo apt-get autoclean. This will clean the cache of all the OLD files.

Why? Old package downloads store cache's in apt, and this cache will grow overtime. This will take up lots of space and slow down the computer. sudo apt-get clean will clean the cache entirely.

3. Disable some of the StartUp Applications via the Unity Dash or install Boot Up Manager (BUM) to disable services: sudo apt-get install bum.

4. Check your used Swappiness with: cat /proc/sys/vm/swappiness. This parameter controls the processes moving from physical memory to a swap disk. Because disks are slower than RAM, this can lead to a slower machine. The default value is 60, to change it, edit this file: sudo gedit /etc/sysctl.conf. Search for this line (if not present, just add it): vm.swappiness=10. Save your file and exit. Changes will take effect once you reboot your system. The higher your value (between 0-100), the more the system will swap. So if you chose 100, the kernel will always find inactive memory pages and swap them out.

5. Turn off hibernation with this command gedit: sudo gedit /etc/initramfs-tools/conf.d/resume. Comment this line: RESUME=UUID=**** by adding a #- #RESUME=UUID=***. Save and reboot.

6. Disable the Grub2 boot menu by editing: sudo gedit /etc/default/grub then searching for GRUB_TIMEOUT=0 (change it to zero). Hold down SHIFT while rebooting to show the Grub2 menu if need be. Since Grub loads it's configurations at startup, it can slow your machine's start time.

7. You can optimize a PC with low RAM by using ZRAM, which creates a compressed block device mimicking a swap disk but compressed and stored in memory to reduce disk thrashing. Run these commands: sudo add-apt-repository ppa:shnatsel/zram, then sudo apt-get update, then sudo apt-get install zramswap-enabler.

8. Remove visual effects using Compizconfig Settings Manager. sudo apt-get install compizconfig-settings-manager. Start it now and head to the Effects section, then disable all enabled effects.

9. Use system RAM for the /tmp read/write operations. Edit sudo gedit /etc/fstab. At the end of the file, add these two lines: # Move /tmp to RAM, tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0

10. Use a faster desktop environment like XFCE: sudo apt-get install xubuntu-desktop, Gnome, KDE: sudo apt-get install kubuntu-desktop, LXDE: sudo apt-get install lxde, Enlightenment: sudo apt-add-repository ppa:hannes-janetzek/enlightenment-svn, sudo apt-get update, sudo apt-get install e17, Pantheon: sudo add-apt-repository ppa:elementary-os/daily, sudo add-apt-repository ppa:nemequ/sqlheavy, sudo apt-get update, sudo apt-get install pantheon-shell, or Cinnamon: sudo add-apt-repository ppa:gwendal-lebihan-dev/cinnamon-stable, sudo apt-get update, sudo apt-get install cinnamon."

Download Tips to Speed Up Old Computers