Hackster is hosting Hackster Holidays, Ep. 7: Livestream & Giveaway Drawing. Watch previous episodes or stream live on Friday!Stream Hackster Holidays, Ep. 7 on Friday!

CiferTech's "EvilDuck" Is a Microchip ATmega32U4-Powered BadUSB for Security Testing, Automation

Inspired by experiments with a Digispark, this stick-format Rubber Ducky-alike is designed to deliver microSD payloads over USB.

Gareth Halfacree
10 months agoSecurity / HW101

Pseudonymous maker "CiferTech" has turned a Microchip ATmega32U4 microcontroller into a gumstick-format "BadUSB" security tool dubbed the EvilDuck — and has written the project up, warts and all.

"It all started with a tiny board called Digispark, powered by something called [the Microchip] ATtiny85," CiferTech explains. "This little board has a cool trick up its sleeve: it can act like a keyboard or mouse when programmed right. I've seen similar devices like Rubber Ducky and WiFi Duck out there, so I thought, 'Why not make my own?' Well, things didn't go exactly as planned, but that's part of the adventure!"

The "EvilDuck" is a simple "BadUSB" tool, for automation or security testing — with a couple of lessons learned in its construction. (📹: CiferTech)

The resulting EvilDuck device is a custom PCB, rather than a Digispark, built around the more powerful ATmega32U4 microcontroller chip. At one end, opposite a silkscreen duck logo which has a status LED for an eye, is a male USB Type-A connector — allowing the device to connect directly to a USB Type-A port and deliver its payload of pre-programmed USB Human Interface Device (HID) instructions.

For storing the scripts, there's a microSD slot — though getting it up and running proved a challenge. "One big mistake was forgetting to connect VBUS to the main power source – a rookie mistake," CiferTech writes. "And let's not forget, I realized later that all this power should have been at five volts, not 3.3 volts for the ATmega32U4. [I] plan to tackle it in the next version of EvilDuck."

The full project write-up is available on CiferTech's Hackster page; design files had not been released at the time of writing.

Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.
Latest articles
Sponsored articles
Related articles
Latest articles
Read more
Related articles