Blu3duck

Project

Blu3duck is a project that lets you use your Arduino as a Bluetooth controlled Universal Keyboard/Mouse emulator with spoofable VID/PID.

Normally, using an Arduino UNO or MEGA is kind of impossible for emulating Keyboard/Mouse. In this project I used HoodLoader2 for using the 16u2 chip on Arduino UNO to emulate and use its Keyboard/Mouse functions without losing access to program the 328p.

Parts

You should have 4 parts, and after that, you're all set:

• Any Bluetooth Terminal App: To use the functions of the code.
• Arduino Uno: To create the entire project. You must use one that comes with 16u2, 8u2 or 32u4. CH340G won't work.
• HC-05 Bluetooth Module: To be able to communicate between your Smartphone and Arduino.
• HoodLoader2: Firmware that allows reprogramming of the 16u2 chip. You should visit its Wiki page to understand the basics, Wiki.

Steps

Setting up the Blu3duck project is pretty easy,

1. You should first install HoodLoader2 on your Arduino (due is not supported). Please read the Wiki to understand how it works.
2. After installing the HoodLoader2, you should upload the code for the 328p (or your Chip, shouldn't make a difference). Please pay attention to the Board Selection on Arduino IDE.
3. After uplading the first part of code, you will now upload the second part. This part is going to emulate a Keyboard. We will upload it to the 16u2.
4. Please switch to 16u2 (HoodLoader 16u2 is the board name). Follow the Wiki page to understand how.
5. Once you switch to the 16u2, you should be ready to upload the code for 16u2.
6. Once you upload to the 16u2, you should be ready to use Blu3duck. Do not forget to tip your PIN (just once) before running any command ;).

But, how?

I don't know i you've spotted it, but we used 2 different code to create our own Blu3duck.

One for the 328p and one for 16u2. This is exactly how it works:

1. The code in the 328p listens for any command/text that comes from your Bluetooth Terminal.
2. Spotted a command? 328p filters it and removes any unecessary part from it.
3. Once done with the removing, 328p passes the command to the 16u2 through serial. To learn more, HID Bridge.
4. Once the 16u2 recevies a command, it filters and looks for matches for Special Keys (for example, the Windows Key on the Keyboard).
5. If there is a match, it presses the key and then releases (.releaseAll()).
6. If not, it writes the text that you've sent through your Bluetooth Terminal.