├── LICENSE ├── README.md ├── ducky.js ├── img └── logo.png ├── index.html └── stile.css /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 47LeCoste 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # flipperducky-badUSB-payload-generator 2 | GUI (Graphic user interface) in HTML, CSS, JavaScript, to make easyer and faster to create payload (.txt) for you Flipper Zero's bad-USB function. 3 | --- 4 | ## From this gist 5 | https://gist.github.com/methanoliver/efebfe8f4008e167417d4ab96e5e3cac 6 | 7 | # DuckyScript commands supported by Flipper's BadUSB 8 | 9 | Explanations are only given for commands not present in the original DuckyScript, for everything else refer to [DuckyScript documentation](https://docs.hak5.org/hak5-usb-rubber-ducky/). 10 | 11 | ## Keys 12 | 13 | These mean exactly what one would expect and should need no further explanation. 14 | 15 | + Modifiers: `CTRL`, `CONTROL`, `SHIFT`, `ALT`, `GUI`, `WINDOWS` 16 | + Combos: `CTRL-ALT`, `CTRL-SHIFT`, `ALT-SHIFT`, `ALT-GUI`, `GUI-SHIFT` 17 | + Cursor: `DOWNARROW`, `DOWN`, `LEFTARROW`, `LEFT`, `RIGHTARROW`, `RIGHT`, `UPARROW`, `UP` 18 | + Control and navigation: `ENTER`, `BREAK`, `PAUSE`, `CAPSLOCK`, `DELETE`, `BACKSPACE`, `END`, `ESC`, `ESCAPE`, `HOME`, `INSERT`, `NUMLOCK`, `PAGEUP`, `PAGEDOWN`, `PRINTSCREEN`, `SCROLLOCK`, `SPACE`, `TAB`, `MENU`, `APP`, `SYSRQ` 19 | + Function: `F1`, `F2`, `F3`, `F4`, `F5`, `F6`, `F7`, `F8`, `F9`, `F10`, `F11`, `F12` 20 | 21 | ## Input 22 | 23 | + `STRING` 24 | + `ALTSTRING `, `ALTCODE ` -- Not present in DuckyScript, these are the equivalent of `STRING`, as if the string was typed in by holding Alt and entering the unicode code of every character, [as described in Windows documentation](https://support.microsoft.com/en-us/office/insert-ascii-or-unicode-latin-based-symbols-and-characters-d13f58d3-7bcb-44a7-a4d5-972ee12e50e0). This is the way to get around the fact that there are no standard ways to switch input keyboard language and important in parts of the world where default keyboard has no Latin characters on it at all. This only works on Windows. 25 | + `ALTCHAR ` -- Altstring is internally a sequence of `ALTCHAR` invocations. 26 | 27 | There is *no* support for `STRINGLN`. 28 | 29 | ## Structural 30 | 31 | + `REM` 32 | + `ID ` - Equivalent to certain features of DuckyScript's `ATTACKMODE`. executed in preload phase, sets USB id of the keyboard device. For example, `ID 04d9:1702` is an AJAZZ keyboard. 33 | + `DELAY` 34 | + `DEFAULT_DELAY`, `DEFAULTDELAY` 35 | + `REPEAT` 36 | + `DUCKY_LANG` - ignored, recognized as a command purely for compatibility with existing scripts. 37 | 38 | ----- 39 | 40 | # Official documentation 41 | https://github.com/DarkFlippers/unleashed-firmware/blob/dev/documentation/file_formats/BadUsbScriptFormat.md 42 | 43 | # Command syntax 44 | BadUsb app uses extended Duckyscript syntax. It is compatible with classic USB Rubber Ducky 1.0 scripts, but provides some additional commands and features, such as custom USB ID, ALT+Numpad input method, SYSRQ command and more functional keys. 45 | # Script file format 46 | BadUsb app can execute only text scrips from .txt files, no compilation is required. Both `\n` and `\r\n` line endings are supported. Empty lines are allowed. You can use spaces ore tabs for line indentation. 47 | # Command set 48 | ## Comment line 49 | Just a single comment line. All text after REM command will be ignored by interpreter 50 | |Command|Parameters|Notes| 51 | |-|-|-| 52 | |REM|Comment text|| 53 | 54 | ## Delay 55 | Pause script execution by defined time 56 | |Command|Parameters|Notes| 57 | |-|-|-| 58 | |DELAY|Delay value in ms|Single delay| 59 | |DEFAULT_DELAY|Delay value in ms|Add delay before every next command| 60 | |DEFAULTDELAY|Delay value in ms|Same as DEFAULT_DELAY| 61 | 62 | ## Special keys 63 | |Command|Notes| 64 | |-|-| 65 | |DOWNARROW / DOWN|| 66 | |LEFTARROW / LEFT|| 67 | |RIGHTARROW / RIGHT|| 68 | |UPARROW / UP|| 69 | |ENTER|| 70 | |DELETE|| 71 | |BACKSPACE|| 72 | |END|| 73 | |HOME|| 74 | |ESCAPE / ESC|| 75 | |INSERT|| 76 | |PAGEUP|| 77 | |PAGEDOWN|| 78 | |CAPSLOCK|| 79 | |NUMLOCK|| 80 | |SCROLLLOCK|| 81 | |PRINTSCREEN|| 82 | |BREAK|Pause/Break key| 83 | |PAUSE|Pause/Break key| 84 | |SPACE|| 85 | |TAB|| 86 | |MENU|Context menu key| 87 | |APP|Same as MENU| 88 | |Fx|F1-F12 keys| 89 | 90 | ## Modifier keys 91 | Can be combined with special key command or single character 92 | |Command|Notes| 93 | |-|-| 94 | |CONTROL / CTRL|| 95 | |SHIFT|| 96 | |ALT|| 97 | |WINDOWS / GUI|| 98 | |CTRL-ALT|CTRL+ALT| 99 | |CTRL-SHIFT|CTRL+SHIFT| 100 | |ALT-SHIFT|ALT+SHIFT| 101 | |ALT-GUI|ALT+WIN| 102 | |GUI-SHIFT|WIN+SHIFT| 103 | ## String 104 | |Command|Parameters|Notes| 105 | |-|-|-| 106 | |STRING|Text string|Print text string| 107 | ## Repeat 108 | |Command|Parameters|Notes| 109 | |-|-|-| 110 | |REPEAT|Number of additional repeats|Repeat previous command| 111 | ## ALT+Numpad input 112 | On Windows and some Linux systems you can print character by pressing ALT key and entering its code on numpad 113 | |Command|Parameters|Notes| 114 | |-|-|-| 115 | |ALTCHAR|Character code|Print single character| 116 | |ALTSTRING|Text string|Print text string using ALT+Numpad method| 117 | |ALTCODE|Text string|Same as ALTSTRING, presents in some Duckyscript implementations| 118 | ## SysRq 119 | Send [SysRq command](https://en.wikipedia.org/wiki/Magic_SysRq_key) 120 | |Command|Parameters|Notes| 121 | |-|-|-| 122 | |SYSRQ|Single character|| 123 | ## USB device ID 124 | You can set custom ID of Flipper USB HID device. ID command should be in the **first line** of script, it is executed before script run. 125 | 126 | |Command|Parameters|Notes| 127 | |-|-|-| 128 | |ID|VID:PID Manufacturer:Product|| 129 | 130 | Example: 131 | `ID 1234:abcd Flipper Devices:Flipper Zero` 132 | 133 | VID and PID are hex codes and are mandatory, Manufacturer and Product are text strings and are optional. 134 | 135 | ----- 136 | 137 | ## DTK user script downloader 138 | https://github.com/cribb-it/DTKDownloader 139 | The DTK(ducktoolkit user script https://ducktoolkit.com/userscripts) downloader doesn't work for me. So if you get it to work send in a PR and I will add the resulting dump here. 140 | 141 | ----- 142 | 143 | # Helpful hints 144 | 145 | Here are a bunch of cheatsheets for use in building your scripts [here](https://github.com/FalsePhilosopher/BadUSB-Playground/tree/main/Misc/Cheat_Sheets) 146 | 147 | Shorten your payloads as much as possible by stringing multiple commands together with variables like `&&` and `;;`, read more into each OS/shell you are targeting and how to achieve this. 148 | 149 | RTFM for CMD 150 | https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd 151 | 152 | RTFM for powershell 153 | https://learn.microsoft.com/en-us/powershell/scripting/learn/ps101/04-pipelines?view=powershell-7.3 154 | 155 | Other ducky scripts can be found here 156 | http://www.theatomheart.net/post/rubber-ducky-payloads/ 157 | -------------------------------------------------------------------------------- /ducky.js: -------------------------------------------------------------------------------- 1 | document.getElementById('bottoneString').addEventListener('click', stringAte); 2 | document.getElementById('bottoneAltcode').addEventListener('click', altcodeAte); 3 | document.getElementById('bottoneRemark').addEventListener('click', remarkAte); 4 | document.getElementById('bottoneAltchar').addEventListener('click', insertChar); 5 | document.getElementById('tastoSalva').addEventListener('click', saveOutput); 6 | 7 | function stringAte() { 8 | const input = document.getElementById('inputz'); 9 | const output = document.getElementById('output'); 10 | let translatedInput = ''; 11 | 12 | const lines = input.value.split('\n'); 13 | for (let i = 0; i < lines.length; i++) { 14 | const line = lines[i].trim(); 15 | 16 | if (line === '') { 17 | continue; 18 | } else { 19 | translatedInput += `STRING ${line}\n`; 20 | } 21 | } 22 | 23 | if (input.value[input.value.length - 1] !== '\n') { 24 | translatedInput += '\n'; 25 | } 26 | 27 | output.value += translatedInput.trim() + '\n'; 28 | input.value = ''; 29 | } 30 | 31 | function altcodeAte() { 32 | const input = document.getElementById('inputz'); 33 | const output = document.getElementById('output'); 34 | let translatedInput = ''; 35 | 36 | const lines = input.value.split('\n'); 37 | for (let i = 0; i < lines.length; i++) { 38 | const line = lines[i].trim(); 39 | 40 | if (line === '') { 41 | continue; 42 | } else { 43 | translatedInput += `ALTCODE ${line}\n`; 44 | } 45 | } 46 | 47 | if (input.value[input.value.length - 1] !== '\n') { 48 | translatedInput += '\n'; 49 | } 50 | 51 | output.value += translatedInput.trim() + '\n'; 52 | input.value = ''; 53 | } 54 | 55 | function remarkAte() { 56 | const input = document.getElementById('input'); 57 | const output = document.getElementById('output'); 58 | let translatedInput = ''; 59 | 60 | const lines = input.value.split('\n'); 61 | for (let i = 0; i < lines.length; i++) { 62 | const line = lines[i].trim(); 63 | 64 | if (line === '') { 65 | continue; 66 | } else { 67 | translatedInput += `REM ${line}\n`; 68 | } 69 | } 70 | 71 | if (input.value[input.value.length - 1] !== '\n') { 72 | translatedInput += '\n'; 73 | } 74 | 75 | output.value += translatedInput.trim() + '\n'; 76 | input.value = ''; 77 | } 78 | 79 | function inserisciEVai(value) { 80 | const output = document.getElementById('output'); 81 | output.value += value + '\n'; 82 | } 83 | 84 | function insertChar() { 85 | const input = document.getElementById('charInput'); 86 | const output = document.getElementById('output'); 87 | let translatedInput = ''; 88 | 89 | const lines = input.value.split('\n'); 90 | for (let i = 0; i < lines.length; i++) { 91 | const line = lines[i].trim(); 92 | 93 | if (line === '') { 94 | continue; 95 | } else { 96 | translatedInput += `ALTCHAR ${line}\n`; 97 | } 98 | } 99 | 100 | if (input.value[input.value.length - 1] !== '\n') { 101 | translatedInput += '\n'; 102 | } 103 | 104 | output.value += translatedInput.trim() + '\n'; 105 | input.value = ''; 106 | } 107 | 108 | function saveOutput() { 109 | const output = document.getElementById('output'); 110 | const filename = prompt("Enter the payload name", "payload.txt"); 111 | const blob = new Blob([output.value], { type: 'text/plain' }); 112 | const anchor = document.createElement('a'); 113 | anchor.download = filename || 'payload.txt'; 114 | anchor.href = window.URL.createObjectURL(blob); 115 | anchor.click(); 116 | anchor.remove(); 117 | } 118 | -------------------------------------------------------------------------------- /img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grugnoymeme/flipperducky-badUSB-payload-generator/0896dbd3c26f2cca193282113b4ae67870df391a/img/logo.png -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Create DuckyScript Payload 6 | 7 | 8 | 9 |
10 | Output:
11 | Your badUSB payload will be here. At the end of the process, click "Save", and the download will automatically start. You can also edit manually the script before download. 12 | 13 |
14 | 15 |
16 |
17 |
18 |

19 |
20 |
21 |
22 |
23 | Change ID (VID/PID):
24 |
25 |
26 | VendorID an ProductID are codes used to identify your keyboard. ONLY if you are targeting a macOS, remember to insert the ID command, to change VID / PID, at the top of your code. 27 |
28 |
29 | 30 |
31 |
32 | * You can set custom ID of Flipper USB HID device. ID command should be in the first line of script, it is executed before script run. Unless your target is a macOS (which requires to specify it at the first line of the payload), VID and PID are hex codes and are mandatory, Manufacturer and Product are text strings and are optional. 33 |
34 |
35 |
36 | 37 | 38 | 56 | 76 | 77 |
39 | Remark (REM):
40 | REM is short for Remark and adds a comment to the payload, like a title, the target OS, the functioning of a command or the author's name. 41 |
42 | 43 |
44 |
45 | 46 | 47 | 50 | 52 | 53 |
48 | 49 | 51 |
54 |
55 | 		57 | String (STRING/ALTCODE):
58 | STRING injects keystrokes, or "types", the given characters (a-z, 0-9, punctuation & specials).
59 | ALTCODE is used instead of STRING, to print text string using "ALT+Numpad" method. It works even if non-US keyboard layout is selected 60 |
61 | 62 |
63 |
64 | 65 | 66 | 69 | 72 | 73 |
67 | 68 | 70 | 71 |
74 |
75 |
78 |
79 |
80 | 81 | 82 | 98 | 112 | 125 | 126 |
83 | Delays:
84 | DELAY is expressed in milliseconds (1 sec. = 1000 ms.). The minimum is 100 (0.1 sec.). It increases/decreases by 100 milliseconds each click.
85 | DEFAULT_DELAY / DEFAULTDELAY add delay before every nex command. 86 |
87 | 88 | 89 |
90 |
91 | 92 | 93 |
94 |
95 | 96 |
97 | 		99 | Misc. Commands:
100 | REPEAT is used to repeat the previous command. It expects the number of additional repeats as parameter.
101 | ALTCHAR is to display single ALT+Numpad Keys (on Windows), or ALT(ALT+SHIFT) Keys (on macOS).
102 | Click 103 | HERE for a complete list of available codes for ALT characters. 104 |
105 | 106 |
107 |
108 | 109 | 110 |
111 | 		113 | Modifier Keys:
114 | GUI is used for both: the WINDOWS(⊞) key on Windows, and the CMD(⌘) key on macOS. (Targeting Windows, you can use WINDOWS key or GUI key to get the same result). CONTROL and CTRL as well. If you need to use more than one "modifier key" at once, use the preloaded "Keys Combos", which you'll find just below these Modifier keys. 115 |
116 | 117 | 118 |
119 |
120 | 121 | 122 | 123 |
124 |
127 |
128 |
129 | 130 | 131 | 144 | 162 | 163 |
132 | Combos Keys:
133 | ONLY on Windows: CTRL-ALT is the same as to type ALTgr (ALT Graphic) and you can use both ALT-WINDOWS or ALT-GUI, and WINDOWS-SHIFT or GUI-SHIFT to get the exact same result. 134 |
135 | 136 | 137 | 138 |
139 |
140 | 141 | 142 |
143 | 		145 | Arrow Keys / Cursor:
146 | UP is the same as UPARROW. DOWN is the same ad DOWNARROW. LEFT is the same as LEFTARROW. RIGHT is the same as RIGHTARROW. 147 |
148 | 149 | 150 | 151 | 152 | 153 | 154 |
155 |
156 |
157 | 158 | 159 | 160 |
161 |
164 |
165 |
166 | Main Control Keys: 167 |
168 | 169 | 170 | 171 |
172 |
173 | 174 | 175 | 176 |
177 |
178 |
179 | Others Control Keys:
180 | * The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem. (Wikipedia) 181 |
182 | 183 | 184 | 185 | 186 | 187 |
188 |
189 | 190 | 191 | 192 | 193 | 194 |
195 |
196 | 197 | 198 | 199 | 200 | 201 |
202 |
203 |
204 | Function Keys: 205 |
206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 |
219 |
220 |
221 | 222 |
223 |
224 | 225 | 226 | 227 | 228 | -------------------------------------------------------------------------------- /stile.css: -------------------------------------------------------------------------------- 1 | * { 2 | box-sizing: border-box; 3 | } 4 | 5 | body { 6 | font-family: Arial, sans-serif; 7 | padding: 10px; 8 | background-color: #F8F8F8; 9 | } 10 | 11 | mark { 12 | font-weight: bold; 13 | background-color: #B5B5B5; 14 | } 15 | 16 | h1 { 17 | text-align: center; 18 | margin-bottom: 20px; 19 | } 20 | 21 | h2, h3 { 22 | margin-top: 10px; 23 | } 24 | 25 | a:link { 26 | font-weight: bold; 27 | text-decoration: none; 28 | color: #00aced; 29 | } 30 | 31 | a:hover { 32 | font-weight: bold; 33 | text-decoration: none; 34 | color: #cc3211; 35 | } 36 | 37 | a:active { 38 | font-weight: bold; 39 | text-decoration: none; 40 | color: #d6f907; 41 | } 42 | 43 | a:visited { 44 | font-weight: bold; 45 | text-decoration: none; 46 | color: #0084b4; 47 | } 48 | 49 | textarea { 50 | width: 100%; 51 | padding: 10px; 52 | border: 1px solid #00aced; 53 | border-radius: 20px; 54 | resize: vertical; 55 | } 56 | 57 | .blocco { 58 | margin-bottom: 20px; 59 | } 60 | 61 | .blocchetto { 62 | display: grid; 63 | grid-template-columns: repeat(auto-fit, minmax(15px, 1fr)); 64 | gap: 5px; 65 | } 66 | 67 | .blocco.fondo { 68 | padding-bottom: 150px; 69 | } 70 | 71 | .blocchetto.arrows { 72 | padding-top: 20px; 73 | } 74 | 75 | .blocchetto.btn { 76 | padding-top: 3px; 77 | } 78 | 79 | .blocchetto button { 80 | width: 100%; 81 | height: 40px; 82 | font-size: 12px; 83 | font-weight: bold; 84 | border: none; 85 | background-color: #00aced; 86 | color: white; 87 | cursor: pointer; 88 | border-radius: 20px; 89 | box-shadow: 2px 2px 2px 2px rgba(0, 0, 0, 0.25); 90 | } 91 | 92 | .blocchetto button:hover { 93 | background-color: #0084b4; 94 | color: white; 95 | } 96 | 97 | .blocchetto input[type="number"], 98 | .blocchetto input[type="text"] { 99 | width: 100%; 100 | padding: 10px; 101 | border: 1px solid #00aced; 102 | border-radius: 20px; 103 | } 104 | 105 | #bottoneString, 106 | #bottoneAltcode, 107 | #bottoneRemark, 108 | #bottoneAltchar; 109 | #tastoSalva { 110 | padding: 10px; 111 | border: none; 112 | background-color: #00aced; 113 | color: white; 114 | font-size: 16px; 115 | font-weight: bold; 116 | cursor: pointer; 117 | border-radius: 20px; 118 | } 119 | 120 | #bottoneString:hover, 121 | #bottoneAltcode:hover, 122 | #bottoneRemark:hover, 123 | #bottoneAltchar:hover; 124 | #tastoSalva:hover { 125 | background-color: #0084b4; 126 | color: white; 127 | } 128 | 129 | .blocchetto > input[type="number"], 130 | .blocchetto > input[type="text"], 131 | .blocchetto > button { 132 | display: block; 133 | width: 100%; 134 | margin-bottom: 5px; 135 | } 136 | 137 | .blocchetto .bigButtON { 138 | width: 100%; 139 | white-space: normal; 140 | line-height: 1.2; 141 | border-radius: 20px; 142 | } 143 | 144 | .fixed-header { 145 | position: fixed; 146 | bottom: 0; 147 | left: 0; 148 | width: 100%; 149 | background-color: white; 150 | padding: 10px; 151 | box-shadow: -2px -14px 24px -8px rgba(0, 0, 0, 0.75); 152 | z-index: 9999; 153 | } 154 | 155 | .tasto-save { 156 | font-family: Arial, sans-serif; 157 | font-size: 12px; 158 | } --------------------------------------------------------------------------------