DocRock3r/pico-ducky
1
0
Fork 0
mirror of https://github.com/dbisu/pico-ducky.git synced 2026-01-21 09:15:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: DocRock3r:5ac23fdaf0f5a4846d2c8dde6b786e9888626f39
Branches Tags
DocRock3r:main DocRock3r:delay-refactor DocRock3r:board-design DocRock3r:nugget_remote DocRock3r:no_mouse DocRock3r:kronos
DocRock3r:v4.0 DocRock3r:v3.2 DocRock3r:v3.1 DocRock3r:v3.0 DocRock3r:v2.0 DocRock3r:v1.4 DocRock3r:v1.3 DocRock3r:v1.2 DocRock3r:v1.1
..
compare: DocRock3r:main
Branches Tags
DocRock3r:main DocRock3r:delay-refactor DocRock3r:board-design DocRock3r:nugget_remote DocRock3r:no_mouse DocRock3r:kronos
DocRock3r:v4.0 DocRock3r:v3.2 DocRock3r:v3.1 DocRock3r:v3.0 DocRock3r:v2.0 DocRock3r:v1.4 DocRock3r:v1.3 DocRock3r:v1.2 DocRock3r:v1.1

6 Commits
5ac23fdaf0 ... main

Author SHA1 Message Date
Dave
58875cd1b6 Update for CircuitPython 10.x support 2026-01-10 15:40:24 -06:00
XtramCZ
04eeacac09 Small improvements (#195) 
* fixed crashes on one-line scripts, auto .dd

* Delete button

* Additional crash fix

* Disable read-only

---------

Co-authored-by: Dave <dbisu@users.noreply.github.com>
 2026-01-10 12:17:16 -06:00
IDoNotHaveAUsernam3
c3184a5390 Fix "The next four lines" to replace four with five (#338) 2026-01-10 12:01:10 -06:00
Tzur Soffer
fb55875e3c Variable and expression bugfixes (#325) 
* Fix evaluating with Booleans

* replaced re with a function (this feature of re is not supported on circutpython)

* Fixed internalVar in expression + allows for +=, *=, etc in variable math

* Removed added +=, *=, etc operations as they are not in the official language

Removed added +=, *=, etc operations as they are not in the official language. I added them in a previous commit and removed them in this one.

* Fix duplicate lines
 2026-01-10 12:00:15 -06:00
Linusx
986c919616 Update webapp.py / web ui (#144) 
* Update webapp.py

PS: Font will work on most devices (preinstalled), else it doesn't really matter

* Update webapp.py
 2026-01-10 11:57:08 -06:00
Dave
10bc8b9489 Moved pin definitions into pins.py to help support different board form factors 2026-01-10 11:11:19 -06:00
7 changed files with 122 additions and 82 deletions
Expand all files Collapse all files

23
README.md
View File

@@ -27,19 +27,19 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
If using a Pico board:
Copy the adafruit-circuitpython-raspberry_pi_pico-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
Copy the adafruit-circuitpython-raspberry_pi_pico-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
If using a Pico W board:
Copy the adafruit-circuitpython-raspberry_pi_pico_w-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
Copy the adafruit-circuitpython-raspberry_pi_pico_w-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
If using a Pico 2 board:
Copy the adafruit-circuitpython-raspberry_pi_pico2-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
Copy the adafruit-circuitpython-raspberry_pi_pico2-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
If using a Pico 2W board:
Copy the adafruit-circuitpython-raspberry_pi_pico2_w-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
Copy the adafruit-circuitpython-raspberry_pi_pico2_w-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
4. Copy the lib folder to the root of the CIRCUITPY
@@ -84,16 +84,16 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
1. Clone the repo to get a local copy of the files. `git clone https://github.com/dbisu/pico-ducky.git`
2. Download [CircuitPython for the Raspberry Pi Pico](https://circuitpython.org/board/raspberry_pi_pico/). *Updated to 9.2.1
Download [CircuitPython for the Raspberry Pi Pico W](https://circuitpython.org/board/raspberry_pi_pico_w/). *Updated to 9.2.1
Download [CircuitPython for the Raspberry Pi Pico 2](https://circuitpython.org/board/raspberry_pi_pico2/). *Updated to 9.2.1
Download [CircuitPython for the Raspberry Pi Pico 2W](https://circuitpython.org/board/raspberry_pi_pico2_w/). *Updated to 9.2.1
2. Download [CircuitPython for the Raspberry Pi Pico](https://circuitpython.org/board/raspberry_pi_pico/). *Updated to 10.0.3
Download [CircuitPython for the Raspberry Pi Pico W](https://circuitpython.org/board/raspberry_pi_pico_w/). *Updated to 10.0.3
Download [CircuitPython for the Raspberry Pi Pico 2](https://circuitpython.org/board/raspberry_pi_pico2/). *Updated to 10.0.3
Download [CircuitPython for the Raspberry Pi Pico 2W](https://circuitpython.org/board/raspberry_pi_pico2_w/). *Updated to 10.0.3
3. Plug the device into a USB port while holding the boot button. It will show up as a removable media device named `RPI-RP2`.
4. Copy the downloaded `.uf2` file to the root of the Pico (`RPI-RP2`). The device will reboot and after a second or so, it will reconnect as `CIRCUITPY`.
5. Download `adafruit-circuitpython-bundle-9.x-mpy-YYYYMMDD.zip` [here](https://github.com/adafruit/Adafruit_CircuitPython_Bundle/releases/latest) and extract it outside the device.
5. Download `adafruit-circuitpython-bundle-10.x-mpy-YYYYMMDD.zip` [here](https://github.com/adafruit/Adafruit_CircuitPython_Bundle/releases/latest) and extract it outside the device.
6. Navigate to `lib` in the recently extracted folder and copy `adafruit_hid` to the `lib` folder on your Raspberry Pi Pico.
@@ -105,7 +105,7 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
10. Copy `boot.py` from your clone to the root of your Pico.
11. Copy `duckyinpython.py`, `code.py`, `webapp.py`, `wsgiserver.py` to the root folder of the Pico.
11. Copy `duckyinpython.py`, `code.py`, `pins.py`, `webapp.py`, `wsgiserver.py` to the root folder of the Pico.
12. *For Pico W Only* Create the file `secrets.py` in the root of the Pico W. This contains the AP name and password to be created by the Pico W.
`secrets = { 'ssid' : "BadAPName", 'password' : "badpassword" }`
@@ -248,7 +248,7 @@ You can find the tool [here](https://github.com/ryo-yamada/PicoDuckyBuilder)
### Docs
[CircuitPython](https://circuitpython.readthedocs.io/en/6.3.x/README.html)
[CircuitPython](https://docs.circuitpython.org/en/latest/README.html)
[CircuitPython HID](https://learn.adafruit.com/circuitpython-essentials/circuitpython-hid-keyboard-and-mouse)
@@ -266,4 +266,3 @@ You can find the tool [here](https://github.com/ryo-yamada/PicoDuckyBuilder)
## Related Projects
[Defcon31-ducky](https://github.com/iot-pwn/defcon31-ducky)
There are still a few of these available to purchase, US only.

1
build_scripts/create_release_bundle.py
View File

@@ -28,6 +28,7 @@ supported_boards = ["raspberry_pi_pico",
files_to_bundle = ["boot.py",
"code.py",
"duckyinpython.py",
"pins.py",
"wsgiserver.py",
"webapp.py",
"secrets.py",

2
code.py
View File

@@ -66,6 +66,8 @@ async def run_payload_on_startup():
led_state = False
async def main_loop():
global led,button1

37
duckyinpython.py
View File

@@ -18,6 +18,7 @@ import usb_hid
from adafruit_hid.keyboard import Keyboard
from adafruit_hid.consumer_control import ConsumerControl
from adafruit_hid.consumer_control_code import ConsumerControlCode
from pins import *
# comment out these lines for non_US keyboards
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS as KeyboardLayout
@@ -188,10 +189,18 @@ def _getCodeBlock(linesIter):
code.append(line)
return code
def replaceBooleans(text): #< fix capitalization mistakes in true and false (for evaluating with booleans)
# Replace any letter-by-letter match for "true" with the proper "True"
text = re.sub(r'[Tt][Rr][Uu][Ee]', 'True', text)
# Replace any letter-by-letter match for "false" with the proper "False"
text = re.sub(r'[Ff][Aa][Ll][Ss][Ee]', 'False', text)
return text
def evaluateExpression(expression):
"""Evaluates an expression with variables and returns the result."""
# Replace variables (e.g., $FOO) in the expression with their values
expression = re.sub(r"\$(\w+)", lambda m: str(variables.get(f"${m.group(1)}", 0)), expression)
expression = replaceVariables(expression)
expression = replaceBooleans(expression) #< Cant use re due its limitation in circutpython
print(expression)
expression = expression.replace("^", "**") #< Replace ^ with ** for exponentiation
expression = expression.replace("&&", "and")
@@ -367,6 +376,7 @@ async def parseLine(line, script_lines):
expression = match.group(2)
value = evaluateExpression(expression)
variables[varName] = value
else:
raise SyntaxError(f"Invalid variable update, declare variable first: {line}")
elif line.startswith("DEFINE"):
@@ -389,13 +399,12 @@ async def parseLine(line, script_lines):
loopCode = list(_getCodeBlock(script_lines))
while evaluateExpression(condition) == True:
currentIterCode = deepcopy(loopCode)
print(loopCode)
# print(loopCode)
while currentIterCode:
loopLine = currentIterCode.pop(0)
currentIterCode = list(parseLine(loopLine, iter(currentIterCode))) #< very inefficient, should be replaced later.
elif line.upper().startswith("IF"):
# print("ENTER IF")
script_lines, ret = IF(_getIfCondition(line), script_lines).runIf()
print(f"IF returned {ret} code")
elif line.upper().startswith("END_IF"):
@@ -459,26 +468,10 @@ kbd = Keyboard(usb_hid.devices)
consumerControl = ConsumerControl(usb_hid.devices)
layout = KeyboardLayout(kbd)
#init button
button1_pin = DigitalInOut(GP22) # defaults to input
button1_pin.pull = Pull.UP # turn on internal pull-up resistor
button1 = Debouncer(button1_pin)
#init payload selection switch
payload1Pin = digitalio.DigitalInOut(GP4)
payload1Pin.switch_to_input(pull=digitalio.Pull.UP)
payload2Pin = digitalio.DigitalInOut(GP5)
payload2Pin.switch_to_input(pull=digitalio.Pull.UP)
payload3Pin = digitalio.DigitalInOut(GP10)
payload3Pin.switch_to_input(pull=digitalio.Pull.UP)
payload4Pin = digitalio.DigitalInOut(GP11)
payload4Pin.switch_to_input(pull=digitalio.Pull.UP)
def getProgrammingStatus():
# check GP0 for setup mode
# see setup mode for instructions
progStatusPin = digitalio.DigitalInOut(GP0)
progStatusPin.switch_to_input(pull=digitalio.Pull.UP)
progStatus = not progStatusPin.value
return(progStatus)
@@ -520,10 +513,6 @@ def selectPayload():
global payload1Pin, payload2Pin, payload3Pin, payload4Pin
payload = "payload.dd"
# check switch status
# payload1 = GPIO4 to GND
# payload2 = GPIO5 to GND
# payload3 = GPIO10 to GND
# payload4 = GPIO11 to GND
payload1State = not payload1Pin.value
payload2State = not payload2Pin.value
payload3State = not payload3Pin.value

2
payload.dd
View File

@@ -1,4 +1,4 @@
REM The next four lines open Notepad in Windows and type "Hello World!"
REM The next five lines open Notepad in Windows and type "Hello World!"
GUI r
STRING notepad
ENTER

29
pins.py Normal file
View File

@@ -0,0 +1,29 @@
import digitalio
from digitalio import DigitalInOut, Pull
from board import *
from adafruit_debouncer import Debouncer
#init button
button1_pin = DigitalInOut(GP22) # defaults to input
button1_pin.pull = Pull.UP # turn on internal pull-up resistor
button1 = Debouncer(button1_pin)
# payload1 = GPIO4 to GND
# payload2 = GPIO5 to GND
# payload3 = GPIO10 to GND
# payload4 = GPIO11 to GND
#init payload selection switch
payload1Pin = digitalio.DigitalInOut(GP4)
payload1Pin.switch_to_input(pull=digitalio.Pull.UP)
payload2Pin = digitalio.DigitalInOut(GP5)
payload2Pin.switch_to_input(pull=digitalio.Pull.UP)
payload3Pin = digitalio.DigitalInOut(GP10)
payload3Pin.switch_to_input(pull=digitalio.Pull.UP)
payload4Pin = digitalio.DigitalInOut(GP11)
payload4Pin.switch_to_input(pull=digitalio.Pull.UP)
# check GP0 for setup mode
progStatusPin = digitalio.DigitalInOut(GP0)
progStatusPin.switch_to_input(pull=digitalio.Pull.UP)

76
webapp.py
View File

@@ -14,13 +14,16 @@ import wifi
from duckyinpython import *
payload_html = """<!DOCTYPE html>
<html>
<head> <title>Pico W Ducky</title> </head>
<body> <h1>Pico W Ducky</h1>
<table border="1"> <tr><th>Payload</th><th>Actions</th></tr> {} </table>
<br>
<a href="/new">New Script</a>
payload_html = """<html>
<head>
<title>Pico W Ducky</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>button{{margin:0.2em}}html{{font-family:'Open Sans', sans-serif;margin:2%}}table{{width:30%;max-width:20vh;margin-bottom:1em;border-collapse:collapse}}</style>
</head>
<body>
<h1>Pico W Ducky</h1>
<table border="1"><tr><th>Payload</th><th>Actions</th></tr>{}</table><br>
<a href="/new"><button>New Script</button></a>
</body>
</html>
"""
@@ -29,15 +32,16 @@ edit_html = """<!DOCTYPE html>
<html>
<head>
<title>Script Editor</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>button{{margin-top:1em}}.main{{font-family:'Open Sans', sans-serif;margin:2%}}textarea{{width:100%;max-width:80vh;margin-bottom:1em;height:50vh}}</style>
</head>
<body>
<form action="/write/{}" method="POST">
<textarea rows="5" cols="60" name="scriptData">{}</textarea>
<br/>
<textarea rows="5" name="scriptData">{}</textarea><br/>
<input type="submit" value="submit"/>
</form>
<br>
<a href="/ducky">Home</a>
<a href="/ducky"><button>Home</button></a>
</body>
</html>
"""
@@ -46,34 +50,39 @@ new_html = """<!DOCTYPE html>
<html>
<head>
<title>New Script</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>button{margin-top:1em}.main{font-family:'Open Sans', sans-serif;margin:2%}textarea{width:100%;max-width:80vh;margin-bottom:1em}#ducky-input{height:50vh}</style>
</head>
<body>
<div class="main">
<form action="/new" method="POST">
Script Name<br>
<textarea rows="1" cols="60" name="scriptName"></textarea>
Script<br>
<textarea rows="5" cols="60" name="scriptData"></textarea>
<br/>
<input type="submit" value="submit"/>
<p>New Script:</p>
<textarea rows="1" name="scriptName" placeholder="script name"></textarea><br>
<textarea id="ducky-input" rows="5" name="scriptData" placeholder="script"></textarea>
<br><input type="submit" value="Submit"/>
</form>
<br>
<a href="/ducky">Home</a>
<a href="/ducky"><button>Go Back</button></a>
</div>
</body>
</html>
"""
response_html = """<!DOCTYPE html>
<html>
<head> <title>Pico W Ducky</title> </head>
<body> <h1>Pico W Ducky</h1>
<head>
<title>Pico W Ducky</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>button{{margin-top:1em}}body{{font-family:'Open Sans', sans-serif;margin:2%}}</style>
</head>
<body>
<h1>Pico W Ducky</h1>
{}
<br>
<a href="/ducky">Home</a>
<br><a href="/ducky"><button>Home</button></a>
</body>
</html>
"""
newrow_html = "<tr><td>{}</td><td><a href='/edit/{}'>Edit</a> / <a href='/run/{}'>Run</a></tr>"
newrow_html = "<tr><td>{}</td><td><a href='/edit/{}'>Edit</a> / <a href='/delete/{}'>Delete</a> / <a href='/run/{}'>Run</a></tr>"
def setPayload(payload_number):
if(payload_number == 1):
@@ -94,7 +103,7 @@ def ducky_main(request):
for f in files:
if ('.dd' in f) == True:
payloads.append(f)
newrow = newrow_html.format(f,f,f)
newrow = newrow_html.format(f,f,f,f)
#print(newrow)
rows = rows + newrow
@@ -172,8 +181,8 @@ def write_script(request, filename):
textbuffer = form_data['scriptData']
textbuffer = cleanup_text(textbuffer)
#print(textbuffer)
for line in textbuffer:
f.write(line)
for line in textbuffer.splitlines():
f.write(line + '\n')
f.close()
storage.remount("/",readonly=True)
response = response_html.format("Wrote script " + filename)
@@ -193,17 +202,28 @@ def write_new_script(request):
form_data[key] = value
#print(form_data)
filename = form_data['scriptName']
if ".dd" not in filename:
filename = filename + ".dd"
textbuffer = form_data['scriptData']
textbuffer = cleanup_text(textbuffer)
storage.remount("/",readonly=False)
f = open(filename,"w",encoding='utf-8')
for line in textbuffer:
f.write(line)
for line in textbuffer.splitlines():
f.write(line + '\n')
f.close()
storage.remount("/",readonly=True)
response = response_html.format("Wrote script " + filename)
return("200 OK",[('Content-Type', 'text/html')], response)
@web_app.route("/delete/<filename>")
def delete(request, filename):
print("Deleting ", filename)
storage.remount("/",readonly=False)
os.remove(filename)
response = response_html.format("Deleted script " + filename)
storage.remount("/",readonly=True)
return("200 OK",[('Content-Type', 'text/html')], response)
@web_app.route("/run/<filename>")
def run_script(request, filename):
print("run_script ", filename)