USB Rubber Ducky DFU Reset

In the event that the USB Rubber Ducky is locked in DFU mode, as shown by 03eb:2ff6 Atmel Corp. at32uc3b0/1 DFU bootloader (in Device Manager, lsusb, or similar), it can be reset via local tools, or via this webusb applet.  Once the DFU state is reset, the USB Rubber Ducky will operate normally again.

About this fix

This will fix will not alter the USB Rubber Ducky firmware or files contained on the MicroSD card in any way. The fix may be performed with or without a MicroSD card attached to the USB Rubber Ducky.

Fixing locally

This can be fixed locally on Linux and macOS by installing the dfu-programmer utility.

Under Kali, Ubuntu, Debian, or other Debian-based distributions, install the package dfu-programmer. Other distributions may have other methods for installing the dfu-programmer tools.

sudo apt install dfu-programmer

Then run the DFU reset command:

sudo dfu-programmer at32uc3b1512 reset

Under macOS, install the package dfu-programmer via the brew tool.  If you do not have brew installed, continue to the online fix below.

brew install dfu-programmer

Then run the DFU reset command:

dfu-programmer at32uc3b1512 reset

Fixing online

The online fix leverages the WebUSB API to issue the DFU reset command directly to your USB Rubber Ducky.

  1. Click the Connect to Ducky button.
  2. Attach the USB Rubber Ducky to the computer.
  3. Select the AT32UC3B DFU device.
  4. Click Connect.
  5. Remove the USB Rubber Ducky.

A WebUSB compatible web browser such as Edge 97+, Chrome 100+, or Opera 82+.

Supported platforms:
Web-based DFU reset has been tested on macOS and Android devices. Windows-based browsers may not be able to access the USB device directly due to operating system restrictions, and Linux-based browsers may lack permissions to access the device directly, and should use the native dfu-programmer tool.

Upon successful DFU reset, the USB Rubber Ducky will show a red solid LED when connected to a computer without a MicroSD card inserted. Follow the standard procedures for arming payloads afterwards.

About this issue

Some Linux distributions, including recent editions of Ubuntu, contain a fwupd service which set a boot flag on the USB Rubber Ducky to always enter the DFU bootloader. This is triggered if the USB Rubber Ducky is connected to the host in manual DFU mode. The DFU bootloader may only be accessed by either holding the device's button while attaching the device to the target, or pressing the button very quickly after attachment.

Linux systems without the fwupd service, Windows and macOS hosts do not exhibit this behavior.

This issue may be mitigated by ensuring that the USB Rubber Ducky button is not held on inert, or pressed very shortly after attachment when interfacing with a Linux target running the fwupd service. If the button mod has been performed, consider reducing the number of spacer stickers to decrease 'clickiness'.