From 1b18592a45d44a52d1cfef2efa713f10ec489cb6 Mon Sep 17 00:00:00 2001 From: dbisu Date: Sun, 3 Apr 2022 17:42:03 -0500 Subject: [PATCH] Add support to act as a remote for a feathers2-ducky --- code.py | 105 +++++++++++++++++++++++++++++++++++------- faces/remote-menu.bmp | Bin 0 -> 32906 bytes 2 files changed, 89 insertions(+), 16 deletions(-) create mode 100644 faces/remote-menu.bmp diff --git a/code.py b/code.py index ae4fb22..36d49b2 100644 --- a/code.py +++ b/code.py @@ -18,6 +18,10 @@ import displayio import adafruit_framebuf import adafruit_displayio_sh1106 import time +import wifi +import socketpool +import adafruit_requests +import ssl ## Screen setup and function to change image on the screen displayio.release_displays() @@ -37,6 +41,10 @@ def NugEyes(IMAGE): ## Make a function to put eyes on the screen NugEyes("/faces/menu.bmp") +# Button 1 = UP +# Button 2 = DOWN +# Button 3 = LEFT +# Button 4 = RIGHT pins = (board.IO9, board.IO18, board.IO11, board.IO7) buttons = [] # will hold list of Debouncer objects for pin in pins: # set up each pin @@ -136,6 +144,69 @@ def injectPayload(payloadNumber): print("Done") NugEyes("/faces/menu.bmp") +def startWiFi(): + # Get wifi details and more from a secrets.py file + try: + from secrets import secrets + except ImportError: + print("WiFi secrets are kept in secrets.py, please add them there!") + raise + + notConnected = True + while(notConnected == True): + try: + print("Connect wifi") + wifi.radio.connect(secrets['ssid'],secrets['password'], timeout=30) + notConnected = False + #wifi.radio.start_ap(secrets['ssid'],secrets['password']) + HOST = repr(wifi.radio.ipv4_address) + PORT = 80 + print(HOST,PORT) + except ConnectionError: + print("No Wifi Network found, retrying in 5 sec") + time.sleep(5) + +def connectRemote(): + startWiFi() + host = repr(wifi.radio.ipv4_gateway) + + global requests + pool = socketpool.SocketPool(wifi.radio) + requests = adafruit_requests.Session(pool, ssl.create_default_context()) + + readButtons() + + while True: + remoteLoop(host) + +def sendRunPayload(host, buttonNum): + global requests + run_api_url = "http://"+host+"/api/run/"+str(buttonNum) + print("Sending ", run_api_url) + NugEyes("/faces/boingo.bmp") + data = b' ' + r = requests.get(run_api_url,data=data) + +def readButtons(): + buttonNum = -1 + for i in range(len(buttons)): + buttons[i].update() + if buttons[i].fell: + print("button",i,"pressed!") + if buttons[i].rose: + print("button",i,"released!") + buttonNum = i + 1 + return(buttonNum) + +def remoteLoop(host): + buttonNum = readButtons() + #print(buttonNum) + if(buttonNum > 0): + sendRunPayload(host, buttonNum) + + NugEyes("/faces/remote-menu.bmp") + + kbd = Keyboard(usb_hid.devices) layout = KeyboardLayout(kbd) duckyScriptPath = ["payload1.txt", "payload2.txt", "payload3.txt", "payload4.txt", "payload.txt"] @@ -144,27 +215,29 @@ duckyScriptPath = ["payload1.txt", "payload2.txt", "payload3.txt", "payload4.txt time.sleep(.5) defaultDelay = 0 -progStatus = False -progStatusPin = buttons[3] -progStatus = not progStatusPin.value +remoteStatus = False +remoteEnablePin = buttons[3] # Right +remoteStatus = not remoteEnablePin.value defaultDelay = 0 -print(progStatus) +print(remoteStatus) -if(progStatus == True): +readButtons() + +if(remoteStatus == True): # not in setup mode, inject the payload - print("Attack Mode: Running payload.txt") - injectPayload(4) + print("Connecting to remote ducky") + connectRemote() print("Done") else: print("Entering menu") -while True: - for i in range(len(buttons)): - buttons[i].update() - if buttons[i].fell: - print("button",i,"pressed!") - NugEyes("/faces/boingo.bmp") - injectPayload(i) - if buttons[i].rose: - print("button",i,"released!") + while True: + for i in range(len(buttons)): + buttons[i].update() + if buttons[i].fell: + print("button",i,"pressed!") + NugEyes("/faces/boingo.bmp") + injectPayload(i) + if buttons[i].rose: + print("button",i,"released!") diff --git a/faces/remote-menu.bmp b/faces/remote-menu.bmp new file mode 100644 index 0000000000000000000000000000000000000000..71c651d00219c2b8f815dc9e0ebb12e0f36ec69a GIT binary patch literal 32906 zcmeI3XN;D`7RTZ8NfQ%+gbyST;wAC{#Kd4Cv0acFLIhN>fv8_J#zK=suE+-^fJilB zqbNa*3MiIXqG*f-8wt${0Ti&)RX{j*f5ZK64#T`{-51u~ne6kPGpEg&GxeEgw&%cU zlbVGzt>*W?HP57)=RY-1^JX2IwWxs*{@wNHL-uI0X3dWNk+q(Ehm83@qipc6NYc!X zjz*xV#-gd#JJs(SLo8BtfaV`xcgYLFldR;F7fjJb^Dvf&2d&(c z(l1vRxl~!QDd_D3CWSSGmX+;>Wg9a*~OmmyLPK%LhTx%YlXL%a-R07Z3ZQrSNj( zQa*Z{DZXg3A4Bmgg@wxX_GMGD;z1WJg_k4eZA)HIycCp73{$c(t&|RYCE?P6E?SJI zbYhzF9(sG8p2Fov3{$e@&`R0yz6qBO_CjY+1j;h?Uh$vv1gxs*2az{q@&hRV=Atn*QmhpX{lpp0Z0Xz0|I}^2*T0 zbLPykdGqGkV~;&%GiT1U*|TTc!i5WM(V|7xrcE3B{PWKnW@RF;4jnpVD_5?xmtK0w zo_OMk(3h{h_F5Y@Y?uulI<)o~K76=6^w2}LY15|2LgUUJIB>vTfBkj4{PN3f>(;Hd zYuBzY7XJM6Pvc>1Aj7x-ZrQTMmMmFfn>TN6(1H2ttFLU}i{uUfS# z%v-O$_FCw_8#ZjP)vH(A^5x6J_YC?8bHK?=l#lN(zx=Yj_~MJfw{O4w)|i{Ck!aI5 z-+VLF|K^)-whur2&_4R;BYWeGH|KC!pndMk_{)&kano;`co=+UDMpBieSovF*H zQKRg~AAhu8fBn^V@7^8yGCuoQ66-Nz#)LJEzFn=v7-QXJoZWH99bq2*;fEiNDUPxB z^wUp=w&>8ILx7z-ced``yN7w0HOl*bjB*__*rN~N3*%ziv}rbZ^5oDbh~11CGwid^ zJ`3~0Z@>L!KmYu5!11-ArtiQ1-X3}6kr2P@ufN`Iyz$1+AMU*KPJ7^i2f~I^FzCK?F^l2B-WobYu1GQ)58xxTszmCdg`e*V88%dwrrX0*|R4UegFOUhqab* z$6U-l?1md|2=zGk+;hYFTh09mZTkD~zlS{_eS*G$Z{Yu=bolV$FpqEBw#`!G}~# zs!?t=ZBi%JRN8?DoIXxmzxn1H+qiM#ac$2#5c}PWFTU8$Ip>@(M_hK0DB4IKViZIW8YYA zV!nRwz4wg%gFf?)Ps}~1opxH_!GHew=fnK#Wx$!sF1qLUHl$|L6UVb#mRh zbzxu3+IYbQ7X+UM4H{(Y*RPM=X_R^9gXzOJGa=>%-U%CXBDRwz zO**EnyLIbkXPL%wU*u3^8^sZ*zrXU=QPiSrERe#HXFJ2-oC@aD~%+r9VR8`_<{``d57U9atb zGGa@er%s(3>er%0i?H`=)vDDoF;F}f*6a@(b7C&%%uV$bJmr*AYH74T^CNR`eUAN; z6<6x;?z`{WdFP#1TSwKqM~@!1V8Md$?%AhLpKuOzviv+z<+2y%`vzw+%r!t*dI3b#M;Z*fX)ke&*ObfapC-^TIYl( zGq%hF-+lL;O_?$!tOw)9jSF?=oS*j*)`?>Kl9TCsHOnS0?AbZ5;{k6B^M0Y2?cKXK z^nKb}`+wdMb81=T*4KMR(~4fMZH_>WK#o9;K#o9;K#o9;Kx2pi=YyP;urKDj z3GajY{sYb#0e8GeoU4=PJW=P0+%?rX!u#*PUn|2I12*At50Av1MZU|R%bfwvV0!oN z9cY|Qkl>$r=9%ICN})1>U>QH`^YMdklYINj>G%lnPQ-WGUcGvSZ-RUS;$9BtL2>(Y zM#wjP?&)w(nzrR^(I@qhV(rhpJ9N2+#P?s?o4cy?0qFEEQlT<@c`2NGAFsapYPbi* z-4^;(L%-LXs>g|rd8txyGbhj9JJ)AMC{W*Kp_~*_o ziSbTbNLTOS++*a7j&Fe2dgq;Yg1qEpA4nO+5@$TzapHaheT%wbw<(_U6^m2MW3J_# zO!xPmdFGkg@vr#z?c2BZzJ$i+*I$1f;>^6jS-RSvI|uX`bh&$rZSMJT?kZj82>O`D zf873(i_3_8C(k_xL3omtobrMx zx@a-Sc;bN&FiN4o`!7vc>dqPQ+{|_3YRaGTZk{8#21WpBv*{?Wm34eo#Gd>jjkT) z%ATi-7Tc1H_=2&VYzulh(Tc&ioMN(-@Cx~nDo?WFQI2RSyd1gMS8p%orSdAHl%AJM z$$FY_>7?ow`{H%P6HR#!i}AdiaQRZHp7aYrZ#QMz(}YV0o1(?I$`fC(kX$UUd?_ej zy#17p=L`3`p62yMhbDRPl^0CWMT?=g3op*c^5x2;^or4Zxx#_|NtG>G@ltu&Q2EMx zS@Asde2;q>aBoj|ETg=)<8ko|!AfLf8-;YC7vjY>e7-I^UO$CuDa3b$uSW`0;#?mn-LWz{~X|)+?p^ckHIhsw=G_#YMi