"Like a Rubber Ducky, but with barcodes"
The humble barcode scanner is used in virtually every industry that deals with physical products. While it may look simple, these devices actually have a surprising amount of features and complexity hidden inside. Using esoteric programming barcodes, one can instruct a scanner to type special keys and gain keyboard-like access to a machine. This allows one to execute attacks like running commands in a shell, manipulating system objects, or even editing/creating files on disk.
This tool, barcOwned (pronounced "barc-owned" or "bar-coned") provides a simple web tool to program a barcode scanner with certain rules, or "setup scripts", that can be used to deliver a payload. The tool is easy to customize with a minimal amount of Javascript knowledge and pull requests are welcome. Different manufacturers and models of barcode scanners use different programming barcodes, but after the baseline work of adding a new model is complete, existing scripts can be ported easily.
All the docs are currently super out of date because we were busy preparing for the DEF CON 26 talk. Give us a week or two to fix them up.
Tweet @t3hub3rk1tten if it's taking too long or you need help!
Open source under the MIT License.