flipperducky-badUSB-payload-generator
GUI (Graphic user interface) in HTML, CSS, JavaScript, to make easyer and faster to create payload (.txt) for you Flipper Zero's bad-USB function.
https://gist.github.com/methanoliver/efebfe8f4008e167417d4ab96e5e3cac
Explanations are only given for commands not present in the original DuckyScript, for everything else refer to DuckyScript documentation.
These mean exactly what one would expect and should need no further explanation.
- Modifiers:
CTRL
,CONTROL
,SHIFT
,ALT
,GUI
,WINDOWS
- Combos:
CTRL-ALT
,CTRL-SHIFT
,ALT-SHIFT
,ALT-GUI
,GUI-SHIFT
- Cursor:
DOWNARROW
,DOWN
,LEFTARROW
,LEFT
,RIGHTARROW
,RIGHT
,UPARROW
,UP
- Control and navigation:
ENTER
,BREAK
,PAUSE
,CAPSLOCK
,DELETE
,BACKSPACE
,END
,ESC
,ESCAPE
,HOME
,INSERT
,NUMLOCK
,PAGEUP
,PAGEDOWN
,PRINTSCREEN
,SCROLLOCK
,SPACE
,TAB
,MENU
,APP
,SYSRQ
- Function:
F1
,F2
,F3
,F4
,F5
,F6
,F7
,F8
,F9
,F10
,F11
,F12
STRING
ALTSTRING <string>
,ALTCODE <string>
-- Not present in DuckyScript, these are the equivalent ofSTRING
, as if the string was typed in by holding Alt and entering the unicode code of every character, as described in Windows documentation. This is the way to get around the fact that there are no standard ways to switch input keyboard language and important in parts of the world where default keyboard has no Latin characters on it at all. This only works on Windows.ALTCHAR <code>
-- Altstring is internally a sequence ofALTCHAR
invocations.
There is no support for STRINGLN
.
REM
ID <vendor:id>
- Equivalent to certain features of DuckyScript'sATTACKMODE
. executed in preload phase, sets USB id of the keyboard device. For example,ID 04d9:1702
is an AJAZZ keyboard.DELAY
DEFAULT_DELAY
,DEFAULTDELAY
REPEAT
DUCKY_LANG
- ignored, recognized as a command purely for compatibility with existing scripts.
BadUsb app uses extended Duckyscript syntax. It is compatible with classic USB Rubber Ducky 1.0 scripts, but provides some additional commands and features, such as custom USB ID, ALT+Numpad input method, SYSRQ command and more functional keys.
BadUsb app can execute only text scrips from .txt files, no compilation is required. Both \n
and \r\n
line endings are supported. Empty lines are allowed. You can use spaces ore tabs for line indentation.
Just a single comment line. All text after REM command will be ignored by interpreter
Command | Parameters | Notes |
---|---|---|
REM | Comment text |
Pause script execution by defined time
Command | Parameters | Notes |
---|---|---|
DELAY | Delay value in ms | Single delay |
DEFAULT_DELAY | Delay value in ms | Add delay before every next command |
DEFAULTDELAY | Delay value in ms | Same as DEFAULT_DELAY |
Command | Notes |
---|---|
DOWNARROW / DOWN | |
LEFTARROW / LEFT | |
RIGHTARROW / RIGHT | |
UPARROW / UP | |
ENTER | |
DELETE | |
BACKSPACE | |
END | |
HOME | |
ESCAPE / ESC | |
INSERT | |
PAGEUP | |
PAGEDOWN | |
CAPSLOCK | |
NUMLOCK | |
SCROLLLOCK | |
PRINTSCREEN | |
BREAK | Pause/Break key |
PAUSE | Pause/Break key |
SPACE | |
TAB | |
MENU | Context menu key |
APP | Same as MENU |
Fx | F1-F12 keys |
Can be combined with special key command or single character
Command | Notes |
---|---|
CONTROL / CTRL | |
SHIFT | |
ALT | |
WINDOWS / GUI | |
CTRL-ALT | CTRL+ALT |
CTRL-SHIFT | CTRL+SHIFT |
ALT-SHIFT | ALT+SHIFT |
ALT-GUI | ALT+WIN |
GUI-SHIFT | WIN+SHIFT |
Command | Parameters | Notes |
---|---|---|
STRING | Text string | Print text string |
Command | Parameters | Notes |
---|---|---|
REPEAT | Number of additional repeats | Repeat previous command |
On Windows and some Linux systems you can print character by pressing ALT key and entering its code on numpad
Command | Parameters | Notes |
---|---|---|
ALTCHAR | Character code | Print single character |
ALTSTRING | Text string | Print text string using ALT+Numpad method |
ALTCODE | Text string | Same as ALTSTRING, presents in some Duckyscript implementations |
Send SysRq command
Command | Parameters | Notes |
---|---|---|
SYSRQ | Single character |
You can set custom ID of Flipper USB HID device. ID command should be in the first line of script, it is executed before script run.
Command | Parameters | Notes |
---|---|---|
ID | VID:PID Manufacturer:Product |
Example:
ID 1234:abcd Flipper Devices:Flipper Zero
VID and PID are hex codes and are mandatory, Manufacturer and Product are text strings and are optional.
https://github.com/cribb-it/DTKDownloader The DTK(ducktoolkit user script https://ducktoolkit.com/userscripts) downloader doesn't work for me. So if you get it to work send in a PR and I will add the resulting dump here.
Here are a bunch of cheatsheets for use in building your scripts here
Shorten your payloads as much as possible by stringing multiple commands together with variables like &&
and ;;
, read more into each OS/shell you are targeting and how to achieve this.
RTFM for CMD https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd
RTFM for powershell https://learn.microsoft.com/en-us/powershell/scripting/learn/ps101/04-pipelines?view=powershell-7.3
Other ducky scripts can be found here http://www.theatomheart.net/post/rubber-ducky-payloads/