What is it?
It's a device that can be connected to a PC and pretend to be keyboard and mouse, allowing the user to trigger specific actions using smartphone through wifi or bluetooth.
What can you do with it?
Plug it in to your friend's PC and by pressing a button on your smartphone:
π‘ access a websiteπΊ play a youtube videoπ type pre-defined text of your choiceπ download and execute file- :squirrel: exfiltrate files to Dropbox and Gmail
π move mouse cursorπ¦ run ducky script- and much more
Notable features
- Automatic OS detection, allowing it to work on Windows, Linux, and macOS.
- Built-in presets with funny/weird videos and images.
- Preview feature, it allows to see what youtube video, wallpaper or website will be launched on the target PC.
- Option to use alt+numpad combinations on Windows (to type correct characters regardless of system language)
- Language switching to match the language setting on target machine without the need to reprogram the device. Supported settings are:
Belgian | Brazilian | Canadian | Switzerland | Czech | German |
Danish | Spanish | Finnish | French | UK | Croatian |
Italian | Norwegian | Portuguese | Slovenian | El Salvador | US |
You can see how reliable are some of these settings here
- "Live text execution" checkbox
Video
Review and presentation video thanks to:
Edit: Unfortunately Jacks youtube channel got closed (because it had educational hacking videos).
Is it going to work on any PC and work instantly?
It was tested and working well with Windows 10
Implementation details
The smartphone application was made using "MIT App Inventor 2" and is open source. Initially it was made with Arduino Pro Micro and HC-06 bluetooth module. Currently it can also be made and used with Esp8266 wi-fi module instead of HC-06 using the same hardware setup spacehuhn used in wifi_ducky, see the guide for more details. It can be also made with JDY-10 and JDY-08 (BLE) modules (more details below).
Resources
- Application
- DIY guide - bluetooth version
- DIY guide - wifi version
- Documentation of Esp-12F (Wifi) based board
- Documentation of JDY-08 (BLE) based board
- Documentation of JDY-10 (BLE) based board
- Device types comparison (advantages and disadvantages of using Wifi/BLE/Bluetooth versions)
- OS specific functionality details
- List of updates
π° Devices for saleπ°
Future
According to MIT App Inventor Team it will be possible to run application made using App Inventor on iOS soon which means that the supremeDuck application will not be limited to Android only.
As of March 2021, it seems that MIT App Inventor application is available for iOS (as mentioned in this article), however there is no way to compile apps for iOS yet. As mentioned in this post, it will be possible when MIT finishes testng the iOS compiler.
Credits / thanks to / kudos
Similar projects
Offensive MG Cables (O.MG) - the smallest of all publicly available wireless HID devices (based on espusb), resembles NSA tools with its' compactness.
wifi_ducky - very similar project to this but using browser instead of application.
WiFiDuck - the improved successor of wifi_ducky
Modified wifi_ducky versions - 4 different implementations.
ESPloitV2 - similar to wifi_ducky but has built-in exfiltration/phishing methods (browser based).
WiDucky - similar to wifi_ducky but has various ways of controlling it (Python, Windows program, Android app).
WHID - cheap board that can be used with various projects (e.g. wifi_ducky, ESPloitV2, supremeDuck).
WHID_elite - SMS based HID with neat exfiltration method, mousejacking and other features.
Bluetooth Rubber Duck - Digispark + HC-06 + application wireless HID.
The Darkwing Duck - Pro Micro + HC-06 + App inventor application wireless HID.
badusb.pw - I can't understand much but there are some relevant designs (of a board like WHID).