BadUSB
Open-source HID security tool, designed and developed in Austria
Industry
IT Security / Pentesting
Microcontroller
ATmega32U4
Interface
USB 2.0 Full Speed
License
GPLv3 Open Source
Form Factor
USB UDP Standard
BYTEBOLT
BYTEBOLT
BYTEBOLT is an Austrian cybersecurity firm specializing in offensive security. Their team of certified ethical hackers conducts professional penetration tests across web applications, mobile apps, and network infrastructure.
In addition to security audits, BYTEBOLT offers realistic phishing simulations to evaluate employee security awareness. All findings are discussed directly with technical stakeholders and delivered with prioritized, actionable recommendations.
What is BadUSB?
BadUSB is an open-source platform designed and developed in Austria. The compact board emulates keyboard and mouse input, supporting authorized security testing, automation tasks, and IT security training.
At its core sits the ATmega32U4 microcontroller, programmed through the Arduino ecosystem. Payloads are written in C, no proprietary scripting language, no vendor lock-in. The entire project (hardware, firmware, and documentation) is released under GPLv3. Developed by Embedded Solutions in cooperation with BYTEBOLT.
What sets BadUSB apart
- Open Source (GPLv3): hardware, firmware, documentation
- ATmega32U4 with Full Speed USB 2.0 and 32 KB Flash
- Arduino Bootloader (Open Source)
- Standardized UDP form factor, compatible with common USB enclosures
- Hardware ID simulation (VID/PID) and unique Fabrication ID per chip
- Write payloads in native C, no proprietary language needed
Ready in just a few lines
minimum.ino
#include <Keyboard.h>
void setup() {
delay(5000);
Keyboard.begin(KeyboardLayout_de_DE);
// ... your code ...
Keyboard.end();
}
void loop() {
}BadUSB uses the Arduino ecosystem with the familiar Keyboard.h and Mouse.h libraries. A simple sketch is all it takes to initialize the board as an HID device.
Supports all official Arduino layouts: DE, EN, FR, IT, ES, PT, SE, DK, HU. Custom layouts can be added via libraries like KeyboardUTF8.
Under the Hood
Arduino Ecosystem
Program via the Arduino IDE or any IDE that supports the ATmega32U4. Uses the standard Keyboard.h and Mouse.h libraries, no proprietary SDK needed.
Keyboard Layouts
Supports all official Arduino layouts: DE, EN, FR, IT, ES, PT, SE, DK, HU. Custom layouts can be added via libraries like KeyboardUTF8.
Unique Fabrication ID
Each ATmega32U4 has a 10-byte fabrication ID in its signature row. Enables identification and tracking of individual boards, e.g. for tracking activations.
Advanced Features
Killswitch via EEPROM (execute payload only x times), mouse automation, hardware ID simulation (VID/PID), and full control over USB descriptors.
Product render (coming soon)
Who is BadUSB for?
Penetration Testers and Red Teams
A compact, programmable security tool for authorized security assessments. Flexibly adaptable for various testing scenarios.
Security Researchers and Educators
Ideal for IT security training and researching USB HID scenarios in controlled environments.
Makers and Developers
A flexible USB HID platform that's completely open. Study it, modify it, share it, no restrictions.
Enterprise and Organizations
Bulk orders, pre-flashed scripts, and custom enclosure designs. Tailored to your specific requirements.
BadUSB for your organization
Want to take your organization's IT security to the next level? BadUSB is the ideal entry point for comprehensive security projects. From awareness training to full penetration testing, we offer everything from a single source.
Disclaimer
BadUSB is a security tool intended exclusively for authorized use: penetration testing engagements with written permission, security research, education, and personal lab environments. Unauthorized use against systems you do not own or have explicit permission to test is illegal in most jurisdictions (e.g. EU Directive 2013/40/EU, Austrian Criminal Code § 118a StGB). By purchasing or using this device you accept full responsibility for ensuring that your activities comply with all applicable laws and regulations. BYTEBOLT and Embedded Solutions assume no liability for misuse.
Interested in BadUSB or a security project?
Whether it's a single order, a bulk purchase with pre-flashed scripts, a custom enclosure design, or a comprehensive security project for your organization: we deliver to your specifications.