Arduino Mousejack is a project, based on uC_mousejeck by insecuritythings, to get Mousejack attacks into a small embedded device, with the form factor of a key chain.
Building the device is straight-forward, and the code provides a tool to use Duckyscript to launch automated keystroke injection attacks against Microsoft and Logitech devices.
Components list:
- Arduino UNO or another Arduino-compatible board of your choice.
- NRF24L01+ module or another compatible device.
- A 10μF capacitor to help stabilize the voltage for the NRF24 module.
- Wires to connections.
The Fritzing diagram below shows the wiring layout used in the prototype design:
To build the software, download and install the PlatformIO IDE.
Before building the software, be sure to modify the attack.h
file using the attack_generator.py
script:
Arduino-mousejack $ cd tools
tools $ ./attack_generator.py ducky.txt
In the example above, the ducky.txt file contains our Duckyscript. The attack_generator.py
script will "compile" the ducky script into the attack.h
file, which is included in main.cpp
. This simplifies the code and makes it more compact.
Once you power the device on, the internal LED connected to pin 13 (called ledpin in the code), will blink two times for each pass over the entire channel range. When it sends an attack, the LED will glow solid.
If you monitor the serial port using the PlatformIO IDE, you will see the radio information details and a lot of debugging information being printed while scanning and during attack.
Warning: No interaction is required to initiate an attack.
More information about the tests performed, as well as the difficulties encountered, can be found in the testing directory.
As future work:
- to create a python program to interact with arduino, passing parameters to the runtime attack;
- to test the same project with Arduino NanoRF.