Version 1.3 Changelog Features - CPU Control - By default the 'ondemand' governor is used to reduce unnecessary resource usage - New CUCUMBER extension was added to control the CPU further - CUCUMBER ENABLE - Disables all but one CPU core and set governor to 'ondemand' - CUCUMBER DISABLE - Enables all cores and sets governor to 'ondemand' (default) - CUCUMBER PLAID - Enables all cores and sets governor to 'performance' - ATTACKMODE received aditional arguments - SN_XX - Sets the SerialNumber to XX - MAN_XX - Sets the Manufacturer to XX - RNDIS_SPEED_XX - Sets the reported RNDIS speed to XX (where 0 < XX <= 4294967) in kilobytes - Examples: -RNDIS_SPEED_2000000 sets RNDIS speed to 2Gbps -RNDIS_SPEED_10000 sets RNDIS speed to 10Mbps (to prevent Windows from recognizing the Bash Bunny as the default gateway) - OFF - Disables the USB interface until ATTACKMODE is executed again - Arming mode can now be extended via an arming payload (/payloads/arming/payload.txt) - For advanced developers. See wiki for more details on this - The 'expect' utility was added Fixes - Arguments to DUCKY_LANG are now case-insensitive - Example: US, us, Us now all refer to us.json - +423 entropy points Version 1.2 Changelog Features - ATTACKMODE now accepts a new RO_STORAGE argument - Example: "ATTACKMODE RO_STORAGE" will now present the Bash Bunny's storage partition as read only - QUACK now accepts a new KEYCODE argument - Example: "QUACK KEYCODE 00,00,56" will write the '-' character from the numpad row - A new udisk helper was added - A 'udisk' script is now available - "udisk mount" - "udisk unmount" - "udisk reformat" - The reformat_udisk command has been merged into the new udisk command - User configuration file - A config.txt is now found on the root of the Bash Bunny's storage partition - This config.txt is sourced before payloads are executed, allowing global configurations - By default the DUCKY_LANG command is run to set the keyboard to 'us' - NOTE: settings in config.txt will be overwritten if a payload decides to do so - NOTE: config.txt will currently not survive factory resets or firmware upgrades. This will change in the future Fixes - RNDIS_ETHERNET can now be used with other attackmodes - Payloads now do not get killed after 90 seconds - Removed redundant steps in udisk script - +123 entropy points New user experiences - Bunny Script Extensions have been moved to udisk/payloads/extensions from udisk/payloads/library/extensions - Payloads should not be setting user specific variables (such as DUCKY_LANG) anymore, as these should be set by each individual user inside the config.txt file Version 1.1 Changelog Features - LED - LED now accepts either color and pattern, or status - Color: In addition to R (Red), G (Green) and B (Blue), Y (Yellow), C (Cyan) and M (Magenta) are now accepted instead of their respective additive color codes. This replaces LED color mixtures, for example LED R G. - Pattern: In addition to time in ms to blink symmetrically, pattern parameters for SOLID, SLOW, FAST, VERYFAST, SUCCESS, SINGLE, DOUBLE, TRIPLE, QUAD, QUIN, and OFF are now supported. - LED states standardize common payload practices, such as SETUP, FAIL, ATTACK, CLEANUP and FINISH. These states standardize the LED behavior from payload to payload. - See the LED documentation from readme.txt for more detail. - Extensions - Extensions from the /payloads/library/extensions folder are sourced automatically for each payload.txt. and provide new Bunny Script capabilities. - Extensions replaces bunny_helpers.sh. - RUN - accepts OS and Command to execute for HID injection on various operating systems - RUN WIN "powershell -WindowStyle Hidden \"tree c:\\ > tree.txt\"" - RUN OSX https://www.example.com - RUN UNITY ping -c2 172.16.64.1 - RUN WIN notepad.exe replaces QUACK GUI r; QUACK DELAY 500; QUACK notepad.exe; QUACK ENTER - GET - exports system variables - Accepts TARGET_IP - exports $TARGET_IP for targets IP address - Accepts TARGET_HOSTNAME - exports $TARGET_HOSTNAME for targets hostname - Accepts HOST_IP - exports $HOST_IP for IP address of Bash Bunny - Accepts SWITCH_POSITION - exports $SWITCH_POSITION for current switch position - REQUIRETOOL - Exits payload with LED FAIL state if the specified tool is not found in /tools - DUCKY_LANG - Accepts two letter country code to set the HID injection language for subsequent ducky script / QUACK commands - Tools - Tools now install automatically on boot into arming mode from a dedicated /tools folder on the root of the mass storage partition. - All .deb files are installed with dpkg. All other files and folders are copied to /tools - This replaces the tools-installer payload and renames /pentest to /tools - Languages - The HID language database is now updated on boot into arming mode when language json files are located in the dedicated /languages folder on the root of the mass storage partition. - Languages can be set from payload.txt files using DUCKY_LANG, e.g. DUCKY_LANG us - New commands - In addition to Bunny Script commands added via extensions, two additional commands have been added to the base firmware: - factory_reset_bunny - reformat_udisk Fixes - Correctly updating udisk on factory reset. - Default time now set based on a combination of NTP and last modified file. - QUACK SET_LANGUAGE us replaced with DUCKY_LANG=us. - Bash Bunny framework now started as a systemd service. - File system more robust with automatically synchronization on mount as well as on payload completion and udisk unmount. - Updated udisk to now include /docs /tools /languages /loot and /payloads. - +222 entropy points New user experiences - Firmware flashing and factory reset now show a distinctive new LED "police" pattern, alternating quickly between red and blue. - Documentation has been moved to /docs on the root of the mass storage partition. - On boot into arming, the LED will indicate the SETUP status while installing /tools and /languages. - On execution of a payload's install.sh script, the LED will indicate the SETUP status.