Menu
0
    0

    Your Cart is Empty

    Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

    PAYLOAD HUB
    Discover creative payloads from the Hak5 community with filtering by device and category.

    PAYLOAD STUDIO
    Unleash your hacking creativity with this full-featured web-based Payload development environment.

    PAYLOAD AWARDS
    Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

    ADVANCED DUCKYSCRIPT COURSE
    Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

    [PAYLOAD] SERIES
    Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

    Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

    Unleash your hacking creativity with the online payload editor: PayloadStudio

    Link to your collections, sales and even external links

    Add up to five columns

    USB Rubber Ducky DFU Reset

    In the event that the USB Rubber Ducky is locked in DFU mode, as shown by 03eb:2ff6 Atmel Corp. at32uc3b0/1 DFU bootloader (in Device Manager, lsusb, or similar), it can be reset via local tools, or via this webusb applet.  Once the DFU state is reset, the USB Rubber Ducky will operate normally again.

    About this fix

    This will fix will not alter the USB Rubber Ducky firmware or files contained on the MicroSD card in any way. The fix may be performed with or without a MicroSD card attached to the USB Rubber Ducky.

    Fixing locally

    This can be fixed locally on Linux and macOS by installing the dfu-programmer utility.

    Under Kali, Ubuntu, Debian, or other Debian-based distributions, install the package dfu-programmer. Other distributions may have other methods for installing the dfu-programmer tools.

    sudo apt install dfu-programmer

    Then run the DFU reset command:

    sudo dfu-programmer at32uc3b1512 reset

    Under macOS, install the package dfu-programmer via the brew tool.  If you do not have brew installed, continue to the online fix below.

    brew install dfu-programmer

    Then run the DFU reset command:

    dfu-programmer at32uc3b1512 reset

    Fixing online

    The online fix leverages the WebUSB API to issue the DFU reset command directly to your USB Rubber Ducky.

    1. Click the Connect to Ducky button.
    2. Attach the USB Rubber Ducky to the computer.
    3. Select the AT32UC3B DFU device.
    4. Click Connect.
    5. Remove the USB Rubber Ducky.

    Requirements:
    A WebUSB compatible web browser such as Edge 97+, Chrome 100+, or Opera 82+.

    Supported platforms:
    Web-based DFU reset has been tested on macOS and Android devices. Windows-based browsers may not be able to access the USB device directly due to operating system restrictions, and Linux-based browsers may lack permissions to access the device directly, and should use the native dfu-programmer tool.

    Upon successful DFU reset, the USB Rubber Ducky will show a red solid LED when connected to a computer without a MicroSD card inserted. Follow the standard procedures for arming payloads afterwards.

    About this issue

    Some Linux distributions, including recent editions of Ubuntu, contain a fwupd service which set a boot flag on the USB Rubber Ducky to always enter the DFU bootloader. This is triggered if the USB Rubber Ducky is connected to the host in manual DFU mode. The DFU bootloader may only be accessed by either holding the device's button while attaching the device to the target, or pressing the button very quickly after attachment.

    Linux systems without the fwupd service, Windows and macOS hosts do not exhibit this behavior.

    This issue may be mitigated by ensuring that the USB Rubber Ducky button is not held on inert, or pressed very shortly after attachment when interfacing with a Linux target running the fwupd service. If the button mod has been performed, consider reducing the number of spacer stickers to decrease 'clickiness'.


    x