I made a BadUSB 🙃
2 min read
The USB Nova is an Open-Source BadUSB project. It looks like a cute colorful USB drive, but it's a sort of programmable keyboard, much like the USB Rubber Ducky, WiFi Duck, and other BadUSBs.
Besides looking cool, it also makes scripting a lot easier!
You safely select between setup and attack mode with a little switch on the side.
It supports USB mass storage right out of the box.
So when in setup mode, you can drag and drop scripts onto its drive.
No SD card or WiFi connection is required!
This also allows you to change settings like the keyboard layouts, USB VID & PID, and other things effortlessly.
I also added a couple of new scripting functions and Mouse support.
So obviously, this is one of many products like this. I also made the WiFi Duck and worked on the MalDuino firmware.
But I was unhappy with how boring most BadUSBs are. I get it. They should look like a regular USB drive, so people who find them plug them in. But most people don't want to drop their hacking toy somewhere. At least my community is full of young people interested in hacking who want to learn how these things work, try it out for themselves, or build their version of it. So there is no point in trying to sell them expensive gear made for companies and professional pentesters.
So I hope this little USB Nova lowers the entry bar a bit further, makes tinkering with HID injection attacks easier, and encourages a healthy hacker mindset.
If you don't need features like USB mass storage, you can also build your own BadUSB! Check out my tutorial on how to make one with a $3 Digispark: blog.spacehuhn.com/badusb-digispark
duckify.huhn.me is an online script converter I made for turning BadUSB script into Arduino sketches while also taking care of the keyboard layout at the same time!
If this sparked your interest in BadUSBs and you want to know more, I got you covered! 👉 Visit learnbadusb.com for my new online course about BadUSBs!
It teaches you everything you have to know about BadUSBs - including how to build one yourself! It's beginner-friendly and a great way to get started with ethical hacking.