Make Your Own Super Inexpensive USB Rubber Ducky on a Digispark

A USB Rubber Ducky is a hacking tool designed to resemble a regular USB flash drive, but it functions very differently. Instead of storing data like a typical USB drive, it acts like a keyboard when plugged into any unlocked device. When plugged into a computer, it rapidly injects pre-programmed keystrokes, mimicking user input to execute commands or run scripts, usually without raising suspicion.

The key feature of a USB Rubber Ducky is its ability to deliver payloads quickly and stealthily. Since it emulates a keyboard, the operating system generally doesn’t block or flag it, making it a popular tool in penetration testing and cybersecurity demonstrations.

If you’re not concerned with some of the advanced features of the USB Rubber Ducky, like customizable firmware or its discreet thumb drive appearance, the Digispark is an excellent option for getting started with writing your own payloads. Whether you’re familiar with Arduino or Ducky Scripts, it’s straightforward to create payloads that can execute various actions on a target computer when plugged into an available USB port.

What is Digispark Attiny 85?

The Digispark is an ATtiny 85-based microcontroller development board, programmable in Arduino. One drawback is that unlike a regular Arduino, it has to emulate a lot of things that are usually taken care of with a dedicated hardware chip with software instead. This stresses the board to the limit but allows us to do some pretty incredible things with a tiny package. One result of that stress is that we have to program it differently, resulting in a five-second delay when we first plug it in.

The delay allows the bootloader to load new code onto the Digispark, but can also mess with the timing of the Ducky Script. Another drawback is how suspicious the Digispark looks. There is almost zero chance that someone would ever plug the Digispark into their computer without being reassured many times it was fine to do so. The device looks very sketchy compared to the sleek mimicry of a USB flash stick that the Rubber Ducky pulls off.

For making USB Rubber Ducky, you just need this stuff:

To follow along, you’ll only need a Digispark board, which can be bought online for $2 to $4 each on Amazon or Walmart.

• 1. Digispark Attiny 85
• 2. Arduino IDE
• 3. A glass of coffee with music.

Connecting to the Digispark can be a little different depending on which operating system you’re using. For more details and troubleshooting, you can check out the Digispark Wiki documentation.

Setup the Environment

Before we can write code for the Digispark board, we’ll need to set up Arduino IDE to work with the board. To do so, download and install the latest Arduino software at https://www.arduino.cc/en/software. And In this tutorial, I will skip for installation of the Aduino IDE.

After the installation, run Arduino IDE and go to File menu, and select Preferences. Copy the following URL and paste it into the Additional Boards Manager URLs field.

http://digistump.com/package_digistump_index.json

If you need more space, you can click the button next to this field to open a window where you can add additional URLs.

Once it is added, we can select the board and write programs for it. Navigate to the Tools menu, open the Boards submenu, and select Board Manager. Search for “digispark” to locate the Digistump AVR Boards package. Click Install, and the board and example libraries will be added to your Arduino installation.