Rubber Dolphy

A PoC about BadUSB for FlipperZero with exfiltration capabilities on device via mass storage

The idea is to have a way to copy some data into FlipperZero when using it as BadUsb device, to perform data exfiltration.

Right now the project it's in a early code stage (it's just a hack), not more than a PoC and kind of "only works on my computers", I tested it on a Arch Linux and on a Windows 11 computer. Testing this on a Mac OS still on the TODO list.

Please looking for testers.

More info: https://github.com/carvilsi/rubber-dolphy

#flipperZero #testing #badusb

Just released Rubber Dolphy PoC.

The idea is to have a way to copy some data into FlipperZero when using it as BadUsb device, to perform data exfiltration.

https://github.com/carvilsi/rubber-dolphy

#flipperZero #badusb #dataexfiltration #duckyscript #cutreLabs

A proposed Linux kernel driver, hid-omg-detect, scores USB HID devices via timing, latency, and fingerprinting to flag suspicious behavior without blocking input. 🔍
It targets BadUSB-style attacks and defers blocking to USBGuard, emphasizing transparency but relying on user-side control and enforcement. 🔐

🔗 https://itsfoss.com/news/linux-driver-proposal-malicious-hid-devices/

#TechNews #Linux #Kernel #USB #Cybersecurity #BadUSB #OpenSource #FOSS #Security #Privacy #Transparency #Software #Freedom #Developers #Tech #Driver

Interessant und zu begrüßen:

Ein neuer Linux-Kernel-Treiber soll vor bösartigen USB Geräten schützen, indem er das "Verhalten" prüft. Werden zu schnell Tastatureingaben gemacht, ist es eher kein Mensch, der diese tätigt.

Finde ich einen super Vorschlag, aber wichtig ist, dass das auch nicht vor diesen Spannungs-USB-Sticks schützt, die das Mainboard grillen.

Wichtig: nur USB-Geräte anschließen, denen ihr vertraut. Ein gefundener USB-Stick gehört nicht dazu!

https://feed.itsfoss.com/link/24361/17314291/linux-driver-proposal-malicious-hid-devices

#Linux #badusb

#usbguard #linux #badUSB

https://wiki.archlinux.org/title/USBGuard

https://web.archive.org/web/20260321192348/https://pulsesecurity.co.nz/advisories/usbguard-bypass

Added new release v1.2.0 to flipper0-badUSB-linux-tester; Test your Flipper Zero BadUSB DuckyScripts without uploading payload into device

Now with more nice and consistent cli arguments.

🤔 pondering about add a new feature to compose DukyScripts based on other template scripts.

Something like:

```
REM This is an example of external script
EDS <open_terminal.txt>

STRING echo "The world is all that is the case"
```

and on open_terminal.txt content:
```
REM try to find and open a terminal
STRINGLN sh -c "xdg-terminal-exec||kgx||ptyxis||gnome-terminal||mate-terminal||xfce4-terminal||tilix||konsole||xterm||wezterm-gui"

DELAY 500
```

So it will create a new duckyScript based on small templates script, then test it locally and later upload it the duckyScript to flipperZero for definitive testing.

What do you think?

https://github.com/carvilsi/flipper0-badUSB-linux-tester

#badusB #flipperZero #duckyScript

Added more commands from FlipperZero DuckyScript to flipperZero badUSB tester for Linux.

ESC | ID | ALT | F2

By now I think that this is quite enough to cover my testing expectations.

https://github.com/carvilsi/flipper0-badUSB-linux-tester

#flipperZero #badUSB

Just published: flipper0badusb_test

Test on Linux your Flipper Zero BadUSB Scripts without loading the payload onto the Flipper device.

After experimenting for a while and writing some BadUSB Ducky scripts on Flipper Zero, I felt a bit overwhelmed by the workflow every time I wanted to test a change in the script. I've been searching and testing some other solutions but I found lot of issues related with Linux graphical environment permissions and I decided to write something simple to test and write my FlipperZero's DuckyScripts.

https://github.com/carvilsi/flipper0-badUSB-linux-tester

#flipperZero #flipper #badusb #testing