How to make your Digispark run BadUSB Scripts using Duckify!
What is a Bad USB
A Bad USB is a USB device that acts as a USB keyboard to run a keystroke injection attack, which can be used to open a terminal and run commands on the target computer.
Because these attacks are scripted, they can happen incredibly fast. It's crazy how a BadUSB with the right script can take over an unlocked computer in just 3 seconds!
We've covered this in more detail in a previous blog post How Bad USBs work
What is the Digispark
The Digispark is a very simplistic development board based on the ATTiny85. It's popular due to the Arduino compatibility, built-in USB-A plug (so no dangling cables!), the affordable price, and the fact that it can act as a keyboard.
Buy a Digispark (affiliate link): https://amzn.to/3v69bU0
How to run Bad USB Scripts on your Digispark
Ok now, how do we turn the Digispark into a BadUSB?
I made an online converter that makes this process incredibly easy!
- Visit duckify.huhn.me
- Enter your Bad USB script on the left (it's Ducky Script compatible)
- Select your keyboard layout and hit convert
- Now you have an Arduino sketch that you can download and flash onto your digispark
Check out https://duckify.huhn.me/docs/digispark/getting-started for a more in-depth tutorial on the Digispark and a reference to the scripting language
Once you have Arduino setup, it's really straightforward.
It teaches you everything you have to know about BadUSBs - including how to build one yourself! It's beginner-friendly and a great way to get started with ethical hacking.