====================================== duck2spark by MaMe82 (Marcus Mengs)

This project provides a python script capable of converting payloads generated by DuckEncoder_ to an Arduino Sketch source targeting DigiSpark. The script solves two problems:

• Available solutions and tutorials emulating a RuberDucky on a DigiSpark suffer from poor keyboard layout support for non-US languages. This is solved by "outsourcing" the problem to DuckEncoder_ which supports multiple keyboard layouts.
• Solutions using DigiKeyboard.print() and DigiKeyboard.println() suffer from string size restrictions, due to DigiSparks RAM limitations (less than 512 Bytes available). This is solved by storing the payload in FLASH memory

Additional features

• Support for DuckyScript "DELAY" and "REPEAT" command
• Option for initial delay, to cope with missing key presses, due to insufficient time for driver initialization on target.
• Option to repeat payload execution (counted loop, single run, endless run)
• Option to blink status LED when payload execution is finished (on by default, except endless loop)

.. _DuckEncoder: https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Encoder/encoder.jar

Project files

• duck2spark.py - Main script
• README.rst - this file
• example.sh - Example script building a payload by running DuckEncoder followed by duck2spark.py (encoder.jar has to be present)
• example.duck - RubberDucky script with test cases used by example.sh

Requirements

• Arduino IDE_ to compile and upload the generated Sketch to DigiSpark
• Arduino IDE has to be configured to program a DigiSpark, following this guide_
• One, two or many DigiSparks ;-)
• DuckEncoder to generate a raw payload from DuckyScript, if you want to stay away from Java use my python port of DuckEncoder <https://github.com/mame82/duckencoder.py>
• Python 2 installation

.. _Arduino IDE: https://www.arduino.cc/en/main/software .. _guide: https://digistump.com/wiki/digispark/tutorials/connecting .. _DuckEncoder: https://github.com/hak5darren/USB-Rubber-Ducky/blob/master/Encoder/encoder.jar

Usage

. Generate a DuckyScript test.duck you want to use as output::

echo "STRING Hello World" > test.duck

. Compile the script using DuckEncoder with your keyboard layout (de in example) or use my python port <https://github.com/mame82/duckencoder.py>_::

java -jar encoder.jar -i test.duck -o raw.bin -l de

. Use duck2spark.py to convert into Arduino Sketch (options for single run, 2 seconds startup delay)::

duck2spark.py -i raw.bin -l 1 -f 2000 -o sketch.ino

. After setting up the Arduino IDE load the example "DigisparkKeyboard" and replace the Sketch source by the one saved to sketch.ino .

To get help on duck2spark.py run duck2spark.py -h

Getting started with DuckyScript

Here's an introduction_ to DuckyScript

.. _introduction: http://usbrubberducky.com/?duckyscript#!duckyscript.md

Additional Hints on using DuckEncoder in conjunction with duck2spark

• DuckEncoder has an issue encoding "GUI" or "WINDOWS" key without an additional key. The common scenario on Windows is a key combination like "GUI r", but using "GUI" alone would produce the incorrect character e as output. The issue is adressed here <https://github.com/hak5darren/USB-Rubber-Ducky/issues/51>. As there hopefully will be a patch duck2spark doesn't handle this issue. In fact it isn't possible to distinguish between "GUI" key and "e" key in an already encoded script. A patched version of Encoder.java could be found here <https://github.com/mame82/USB-Rubber-Ducky/tree/GUI-Key-fix/Encoder/src>.

• Using long delays in a DuckyScript results in big payloads, as delays longer than 250 milliseconds are split up into multiple delays, with a maximum of 250 milliseconds each. Each of these delays consumes 2 bytes in the final payload. As the memory of digispark is far more limited, it is suggested to use duck2spark's delay options instead. Duck2spark relies on DigiKeyboard.delay() and is more friendly in terms of memory consumption.

• Using the "PREPEAT " instruction in DuckyScript results in repeating the whole key sequence of the former command and thus consumes times as much memory in the final payload. Again, as Digispark is short on memory, it is suggested to use duck2spark's loop option whenever possible. Printing out a 10 character string 500 times by using "REPEAT 500" results in a payload 10000 bytes in size, which is to large for Digispark. Encoding a DuckyScript with a single 10 character string consumes only 20 bytes and could be combined with duck2spark.py -l 500 to achieve a 500 times repetition without further memory consumption.