Hidden HID v2 Puts a "Rubber Ducky" Keystroke Injector Inside Any USB Type-A Port
Second-generation revision is harder to spot and easier to trigger, thanks to a light-based arm/disarm system.
Mononymous self-described "rookie engineer" Emma has released a tool designed to inject keystrokes into any USB-compatible device as surreptitiously as possible β by hiding itself entirely inside a USB port, no parts exposed: the Hidden HID v2.
"Hidden HID v2 is a tiny single-PCB 'rubber ducky' which fits entirely inside a USB port and can inject keystrokes," Emma explains. "Once inserted, it is almost invisible to the untrained eye. The circuit comprises an [STMicroelectronics] STM32 microcontroller, a 5-3.3V LDO [Low Drop-Out regulator] and four IR [Infrared] phototransistors, which hold the PCB in place and allow it to be remotely armed/disarmed after insertion. All components fit on the bottom side of the PCB, directly below the USB contacts."
As the name implies Hidden HID v2 is the successor to Hidden HID, an earlier project to deliver the same keystroke-injection capabilities β but now revised to offer an even more compact layout and wireless triggering through the phototransistors. In this second revision, the board no longer needs to be programmed via Serial Wire Debug (SWD) β and can. instead, be updated using a USB bootloader on the STMicro STM32 on its heart.
"The concept of Hidden HID was born after I noticed how much space was available inside the USB connector and wondered if it would be possible to hide a 'rubber ducky' completely inside it," Emma recalls, referring to the colloquial name for a USB keystroke injector. "With the increasing miniaturization of components, it was quite easy to design a basic USB-enabled microcontroller circuit that fits inside the 2.5mm available. The device is kept in place using the phototransistors, which at 1.8mm tall are large enough to act as spacer elements. Added to the 0.4mm PCB, the resulting total thickness is 2.2mm, which fits snugly but comfortably inside the USB port."
Once inserted, the gadget is almost invisible β though any attempt to insert a USB device into a port with a Hidden HID inside it will naturally fail. The phototransistors provide a way to trigger the device remotely, albeit within line-of-site, and it can be removed by hooking something around them and pulling. "I use a plastic tweezer that I broke in half," Emma writes.
The project is documented on Hackaday.io, with source code and design files available on GitHub under an unspecified license.