CiferTech's "EvilDuck" Is a Microchip ATmega32U4-Powered BadUSB for Security Testing, Automation

Pseudonymous maker "CiferTech" has turned a Microchip ATmega32U4 microcontroller into a gumstick-format "BadUSB" security tool dubbed the EvilDuck — and has written the project up, warts and all.

"It all started with a tiny board called Digispark, powered by something called [the Microchip] ATtiny85," CiferTech explains. "This little board has a cool trick up its sleeve: it can act like a keyboard or mouse when programmed right. I've seen similar devices like Rubber Ducky and WiFi Duck out there, so I thought, 'Why not make my own?' Well, things didn't go exactly as planned, but that's part of the adventure!"

The resulting EvilDuck device is a custom PCB, rather than a Digispark, built around the more powerful ATmega32U4 microcontroller chip. At one end, opposite a silkscreen duck logo which has a status LED for an eye, is a male USB Type-A connector — allowing the device to connect directly to a USB Type-A port and deliver its payload of pre-programmed USB Human Interface Device (HID) instructions.

For storing the scripts, there's a microSD slot — though getting it up and running proved a challenge. "One big mistake was forgetting to connect VBUS to the main power source – a rookie mistake," CiferTech writes. "And let's not forget, I realized later that all this power should have been at five volts, not 3.3 volts for the ATmega32U4. [I] plan to tackle it in the next version of EvilDuck."

The full project write-up is available on CiferTech's Hackster page; design files had not been released at the time of writing.