25

One of my recent posts has lead me to find that you can reprogram a usb drive to appear as a keyboard to a computer. I would like to know how to do this I am currently on a power google trying to find the answer I need (I know you can buy usb drives out there already but I want to make one!)

If i find any solutions I will answer this my self but maybe someone here can hasten the speed?

so to reiterate: How do I reprogram a USB drive to appear as a keyboard?

original question that this is based off:

How can USB sticks be dangerous?

Community
  • 1
TheHidden
  • 4,265
  • 3
  • 21
  • 40
  • 1
    Searching for `bad usb` might help. You need to find a USB drive that has reprogrammable firmware. – Neil Smithline Oct 16 '15 at 18:49
  • 3
    Not a trivial effort for the Security Research Labs folks that created the Bad USB Black Hat demo. Morphing the firmware took 2 months for experts. Their details here https://srlabs.de/blog/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf – zedman9991 Oct 16 '15 at 19:30
  • The other answers are definitely on the right track. "Reprogramming" a USB drive to appear as a keyboard is not going to be practical. Fortunately there are plenty of products that have this functionality already. I have one more to add to the list here: [USB Rubber Ducky](http://usbrubberducky.com/). – Scott Johnson Oct 17 '15 at 16:40
  • I get that but apprently i can flash it... i am fine with flashing one I would just prefer to load the bad usb my self – TheHidden Oct 17 '15 at 21:53

4 Answers4

11

Although that is possible, it's kinda hard to do that by yourself and it's for more advanced users. It requires lots of knowledge on low level programming and hardware.

It seems that what you want to accomplish here is the reprogramming of a USB flash drive's firmware to act as an HID (Human Interface Device). This is called a bad USB.

I found a tutorial called How to Make Your Own Bad USB. The tutorial introduces you in more detail to what it is a bad USB and explains how to create one in Windows.
But the exploit described in this tutorial doesn't work on all USB flash drives. It has some specific requirements.

From the tutorial intro:

Most common USB flash drives are exploitable due to the "Bad USB vulnerability". This allows us hackers to reprogram the microcontroller of them to act as a “Human Interface Device” (HID) / keyboard and perform custom keystrokes on our target machine. This scenario is often called “HID Payload Attack”, since you have to hand over your script to the Bad USB for the execution ( more on that later ). Even though almost every USB flash drive is exploitable, only a way to reprogram “Phison” microcontrollers has been released yet.

I haven't tried the tutorial, so I can't tell you if it will work, but nothing as trying it by yourself :)

CtrlAltF2
  • 103
  • 5
pedromendessk
  • 918
  • 1
  • 6
  • 19
  • 1
    It's not the flash drives that are exploitable; it's the people you give them to hoping they won't think twice before plugging them into their computer. There's nothing wrong with the flash drive; you're *supposed* to be able to reprogram your own device if you want. – flarn2006 Apr 10 '17 at 23:30
1

I don't think you can "reprogram" a normal key to emulate a keyboard.

However, if you want to program a USB device to emulate a keyboard and typing sequence keys, you can look for the USB keys TEENSY. https://www.pjrc.com/teensy/

You will be able to choose or program your own payload and doing what you want to do with that.

Sorcha
  • 595
  • 2
  • 5
  • 1
    Teensy is a cool idea, but you can flash custom firmware to the flash drive's controller chip (to make it act like a keyboard) with the correct software. See https://github.com/adamcaudill/Psychson, as well as the link in @RageAgainstTheMachine's answer. – KnightOfNi Oct 17 '15 at 17:20
  • 4
    You can reprogram any key with the right tools. And for something more easy : [USB Rubber Ducky](https://hakshop.com/products/usb-rubber-ducky-deluxe). – Private Dec 04 '16 at 17:35
  • Rubber Duck is the way to go – niilzon Apr 21 '17 at 11:13
  • This is incorrect. You _can_ reprogram a normal USB flash drive. At least, most of them can be reprogrammed. This is usually done by writing to a very high special address which maps to the firmware instead of the storage flash. The specific address to write to varies by manufacturer, and some don't even do it that way. – forest Nov 11 '18 at 01:41
1

Since an answer on "how to make your own bad usb" has already been provided, I'll give you an easy method of doing something similar.

You can get a Bash Bunny or Rubber Ducky and program them to act like a keyboard, among many other things.

Disclaimer: I'm not working for Hak5. I do have my eyes on their products but haven't bought 1 yet. Their products are quiet popular among pentesters though.

ChocolateOverflow
  • 3,452
  • 4
  • 17
  • 34
-1

At the time this question was asked, this may have been difficult. Today, it’s considered the latest greatest innovation in “security” - a programmable 2FA Security Key. A YubiKey is, by default/definition, a keystroke injector. You can use it for 2FA. Or, anything else.

https://www.yubico.com/products/manufacturing/programming-options/

Geoff Nixon
  • 99
  • 2
  • 1
    This doesn't answer the question. A keyboard can be configured to be a keyboard, too. The fact that there is a keyboard with a single key that can be programmed to output pre-configured text does not help to answer the question. – schroeder Jun 17 '20 at 20:20
  • 1
    Also note that the Yubikey only holds strings up to 64 chars. – schroeder Jun 17 '20 at 20:25