-
Notifications
You must be signed in to change notification settings - Fork 35
Payloads
The O.MG Devices have an enhanced version of DuckyScript. Most existing DuckyScript payloads will either work or require just a bit of modification. We have added extra features that are made possible by O.MG hardware, such as Self-Destruct or Geofencing. You can find a full list of supported keys and commands inside the Web UI under the [Help] menu or our Syntax Guide here. If you are looking for an explainer on what Keystroke Injection attacks are, and the basics of DuckyScript, Hak5 has a great rundown here.
By default, payloads use US keyboard layouts. If your target system is using a different layout, you can change the O.MG's layout with DUCKY_LANG at the top of the payload (Ex: DUCKY_LANG FR). We have 192 different layouts built-in with a complete list in the help menu. If you struggle to find the target's correct language, the Keymap Viewer may help you to find the correct keymap.
We have included some basic Example Payloads in the Web UI, which are meant to give you a general idea of how to structure your payloads and how certain commands can be used. The example payloads can be found under the [Help] menu. In addition to the examples we provided, there is also a public repository for O.MG payloads, made by the community, here: https://github.com/hak5/omg-payloads. In the Hak5 / O.MG Discord Community, we also have channels for members to discuss ideas and share tips and tricks for developing payloads.
Payloads can be executed directly from the Web UI, just click run! You can also save and load payloads to the multiple slots inside the O.MG Device's flash storage. Additionally, the boot slot is a special payload slot that is executed every time the O.MG Device is powered on (which happens each time it is plugged into a USB port). Payloads will always transmit to the device connected to the O.MG's active end.
USB Overclock allows your O.MG Elite devices to send keystrokes and HIDX packets ~8x faster than normal. Real-world observed speeds on modern USB Hosts have been 890 keys/sec for payloads & 52,000bps for HIDX.
To enable it, go to Settings -> USB, and then toggle on the USB Overclock button. When you click on the "Apply + Reboot" button, your O.MG Device will reboot to apply the new settings.
You can disable USB Overclocking by doing the inverse.
Note, USB Overclock will not work with all host devices. If a host device is unable to keep up with data, the O.MG Elite device should automatically drop its speed. But if you see any problems, disabling USB Overclocking is just as easy as enabling it.
Firstly, mobile payloads are "hard mode". You should familiarize yourself with payload creation and execution on desktop environments before you jump into mobile payloads. If you start with mobile payloads, you are going to have a very hard time.
If your O.MG Device includes USB-C Smartphone & Tablet Keystroke Injection (O.MG Devices with an active USB-C connector), then deploying payloads against a smartphone or tablet is easy. Plug only the active USB-C end into a smartphone or tablet. No other steps are needed, the payload delivery will automatically work just like with host attacks. Check out the video and payload for Android Reverse Shell if you are looking for ideas on how to experiment with mobile payloads.
If you do not have an O.MG Device with an active USB-C end, or your target mobile device does not have a USB-C socket, you may be able to experiment with using an OTG adapter between the active end of the O.MG Device and your target device. Ex: For targeting devices with Lightning sockets, many users have found this adapter to work, but your results may vary. Elite model O.MG Devices typically have a larger chance of success in targeting mobile devices