Hi all, please understand this wiki is in it's infancy, more is being added continuously, though if there's any information which is lacking please let me know on twitter @seytonic or email me firstname.lastname@example.org and I'll be sure to add it in.
MalDuino aims to offer the best BadUSB experience. In terms of software, MalDuino is programmed via the arduino IDE using open source libraries. Scripts written in DuckyScript can easily be converted into code the MalDuino can understand. Not only does this make it newb friendly, but also makes it possible for experienced arduino tinkerers to program it just like they would an Arduino. MalDuino comes in two flavours, Elite and Lite.
The Lite stores a script on it's 32KB of onboard memory (more than enough space for most scripts). You can write scripts using a text editor and convert them to malduino-friendly code using our script converter. Then you can upload a script using the Arduino IDE, for more in depth instructions see our guide. Then simply unplug the MalDuino Lite, toggle it into ready mode using the switch on the back and you're good to go!
The Elite is the more fully-featured device. Instead of storing scripts on it's onboard memory, scripts are stored on a microsd card, so instead of reprogramming the device for each new script, you can simply drop your scripts on a microsd card and you're set. Then a set of dip switches can be used to select between 16 different scripts stored on the microsd card.
Well, see this list of example scripts. There's the potential to initiate a reverse shell, download and execute a file, gain a backdoor, change someone's desktop wallpaper, the list really goes on and on. If there's some script you've got an idea for, it's really easy to implement, see below.
Scripts are easily written, the syntax is loosely based on ducky script. Here's a very simple script, commented.
DELAY 3000 **Sets a delay of 3 seconds upon plugging in malduino** GUI r **Holds the Windows key and 'r' at the same time, bringing up a run prompt** DELAY 200 **Delays the script for 200 milliseconds (waiting for that run prompt to pop up)** STRING https://www.youtube.com/watch?v=UAzNXbutRHw **Types in a youtube video url** ENTER **Hits Enter** DELAY 2000 **Delays the script for 2 seconds (waiting for the video to pop up)** STRING f **Presses 'f', making the video fullscreen**
The simple script above merely opens up a youtube video link and makes it fullscreen, the syntax is pretty straight forward and can be learnt in 5 minutes. To learn more about the syntax click here.