Rubber Dolphy; FipplerZero BadUSB with exfiltration capabilities on device via Mass Storage already tested on a Mac OS Ventura 13.7.8 with an Intel processor.
Screencast demo on the repo: https://github.com/carvilsi/rubber-dolphy?tab=readme-ov-file#macos
DuckyScript for it: https://github.com/carvilsi/rubber-dolphy/blob/main/ducky_scripts_examples/exfiltration_macos_poc.txt
Still wondering how will work on a new Mac OS ARM processor. Please if someone could test it I will appreciate :)
Rubber Dolphy
A PoC about BadUSB for FlipperZero with exfiltration capabilities on device via mass storage
The idea is to have a way to copy some data into FlipperZero when using it as BadUsb device, to perform data exfiltration.
Right now the project it's in a early code stage (it's just a hack), not more than a PoC and kind of "only works on my computers", I tested it on a Arch Linux and on a Windows 11 computer. Testing this on a Mac OS still on the TODO list.
Please looking for testers.
More info: https://github.com/carvilsi/rubber-dolphy
Just released Rubber Dolphy PoC.
The idea is to have a way to copy some data into FlipperZero when using it as BadUsb device, to perform data exfiltration.
https://github.com/carvilsi/rubber-dolphy
#flipperZero #badusb #dataexfiltration #duckyscript #cutreLabs
A proposed Linux kernel driver, hid-omg-detect, scores USB HID devices via timing, latency, and fingerprinting to flag suspicious behavior without blocking input. 🔍
It targets BadUSB-style attacks and defers blocking to USBGuard, emphasizing transparency but relying on user-side control and enforcement. 🔐
🔗 https://itsfoss.com/news/linux-driver-proposal-malicious-hid-devices/
#TechNews #Linux #Kernel #USB #Cybersecurity #BadUSB #OpenSource #FOSS #Security #Privacy #Transparency #Software #Freedom #Developers #Tech #Driver
Added new release v1.2.0 to flipper0-badUSB-linux-tester; Test your Flipper Zero BadUSB DuckyScripts without uploading payload into device
Now with more nice and consistent cli arguments.
🤔 pondering about add a new feature to compose DukyScripts based on other template scripts.
Something like:
```
REM This is an example of external script
EDS <open_terminal.txt>
STRING echo "The world is all that is the case"
```
and on open_terminal.txt content:
```
REM try to find and open a terminal
STRINGLN sh -c "xdg-terminal-exec||kgx||ptyxis||gnome-terminal||mate-terminal||xfce4-terminal||tilix||konsole||xterm||wezterm-gui"
DELAY 500
```
So it will create a new duckyScript based on small templates script, then test it locally and later upload it the duckyScript to flipperZero for definitive testing.
What do you think?
Added more commands from FlipperZero DuckyScript to flipperZero badUSB tester for Linux.
ESC | ID | ALT | F2
By now I think that this is quite enough to cover my testing expectations.
Just published: flipper0badusb_test
Test on Linux your Flipper Zero BadUSB Scripts without loading the payload onto the Flipper device.
After experimenting for a while and writing some BadUSB Ducky scripts on Flipper Zero, I felt a bit overwhelmed by the workflow every time I wanted to test a change in the script. I've been searching and testing some other solutions but I found lot of issues related with Linux graphical environment permissions and I decided to write something simple to test and write my FlipperZero's DuckyScripts.
char (#4|2
knoppix
Kevin Karhan
Who Let The Dogs Out 🐾
benzogaga33 