Update for CircuitPython 10.x support

* fixed crashes on one-line scripts, auto .dd

* Delete button

* Additional crash fix

* Disable read-only

---------

Co-authored-by: Dave <dbisu@users.noreply.github.com>

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

README.md

@@ -27,19 +27,19 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
 
 If using a Pico board:
 
-Copy the adafruit-circuitpython-raspberry_pi_pico-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
+Copy the adafruit-circuitpython-raspberry_pi_pico-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
 
 If using a Pico W board:
 
-Copy the adafruit-circuitpython-raspberry_pi_pico_w-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.  
+Copy the adafruit-circuitpython-raspberry_pi_pico_w-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.  
 
 If using a Pico 2 board:
 
-Copy the adafruit-circuitpython-raspberry_pi_pico2-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
+Copy the adafruit-circuitpython-raspberry_pi_pico2-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
 
 If using a Pico 2W board:
 
-Copy the adafruit-circuitpython-raspberry_pi_pico2_w-en_US-9.2.1.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
+Copy the adafruit-circuitpython-raspberry_pi_pico2_w-en_US-10.0.3.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.
 
 4. Copy the lib folder to the root of the CIRCUITPY
 
@@ -84,16 +84,16 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
 
 1. Clone the repo to get a local copy of the files. `git clone https://github.com/dbisu/pico-ducky.git`
 
-2. Download [CircuitPython for the Raspberry Pi Pico](https://circuitpython.org/board/raspberry_pi_pico/). *Updated to 9.2.1  
+2. Download [CircuitPython for the Raspberry Pi Pico](https://circuitpython.org/board/raspberry_pi_pico/). *Updated to 10.0.3  
-   Download [CircuitPython for the Raspberry Pi Pico W](https://circuitpython.org/board/raspberry_pi_pico_w/). *Updated to 9.2.1
+   Download [CircuitPython for the Raspberry Pi Pico W](https://circuitpython.org/board/raspberry_pi_pico_w/). *Updated to 10.0.3  
-   Download [CircuitPython for the Raspberry Pi Pico 2](https://circuitpython.org/board/raspberry_pi_pico2/). *Updated to 9.2.1  
+   Download [CircuitPython for the Raspberry Pi Pico 2](https://circuitpython.org/board/raspberry_pi_pico2/). *Updated to 10.0.3  
-   Download [CircuitPython for the Raspberry Pi Pico 2W](https://circuitpython.org/board/raspberry_pi_pico2_w/). *Updated to 9.2.1
+   Download [CircuitPython for the Raspberry Pi Pico 2W](https://circuitpython.org/board/raspberry_pi_pico2_w/). *Updated to 10.0.3  
 
 3. Plug the device into a USB port while holding the boot button. It will show up as a removable media device named `RPI-RP2`.
 
 4. Copy the downloaded `.uf2` file to the root of the Pico (`RPI-RP2`). The device will reboot and after a second or so, it will reconnect as `CIRCUITPY`.
 
-5. Download `adafruit-circuitpython-bundle-9.x-mpy-YYYYMMDD.zip` [here](https://github.com/adafruit/Adafruit_CircuitPython_Bundle/releases/latest) and extract it outside the device.
+5. Download `adafruit-circuitpython-bundle-10.x-mpy-YYYYMMDD.zip` [here](https://github.com/adafruit/Adafruit_CircuitPython_Bundle/releases/latest) and extract it outside the device.
 
 6. Navigate to `lib` in the recently extracted folder and copy `adafruit_hid` to the `lib` folder on your Raspberry Pi Pico.
 
@@ -105,7 +105,7 @@ Install and have your USB Rubber Ducky working in less than 5 minutes.
 
 10. Copy `boot.py` from your clone to the root of your Pico.
 
-11. Copy `duckyinpython.py`, `code.py`, `webapp.py`, `wsgiserver.py` to the root folder of the Pico.
+11. Copy `duckyinpython.py`, `code.py`, `pins.py`, `webapp.py`, `wsgiserver.py` to the root folder of the Pico.
 
 12. *For Pico W Only* Create the file `secrets.py` in the root of the Pico W. This contains the AP name and password to be created by the Pico W.  
 `secrets = { 'ssid' : "BadAPName", 'password' : "badpassword" }`
@@ -243,12 +243,12 @@ keycode_win_de.mpy
 
 ### Installation Tool
 
-[raspberrydeveloper](https://github.com/raspberrydeveloper) Created a tool to convert a blank RPi Pico to a ducky.  
+[ryo-yamada](https://github.com/ryo-yamada) Created a tool to convert a blank RPi Pico to a ducky.  
-You can find the tool [here](https://github.com/raspberrydeveloper/pyducky)
+You can find the tool [here](https://github.com/ryo-yamada/PicoDuckyBuilder)
 
 ### Docs
 
-[CircuitPython](https://circuitpython.readthedocs.io/en/6.3.x/README.html)
+[CircuitPython](https://docs.circuitpython.org/en/latest/README.html)
 
 [CircuitPython HID](https://learn.adafruit.com/circuitpython-essentials/circuitpython-hid-keyboard-and-mouse)
 
@@ -266,4 +266,3 @@ You can find the tool [here](https://github.com/raspberrydeveloper/pyducky)
 ## Related Projects
 
 [Defcon31-ducky](https://github.com/iot-pwn/defcon31-ducky)  
-There are still a few of these available to purchase, US only.

boot.py

@@ -7,7 +7,20 @@ from board import *
 import board
 import digitalio
 import storage
+import os
 
+def is_exfil_enabled(payload_path="payload.dd"):
+    try:
+        with open(payload_path, "r") as f:
+            for line in f:
+                if "$_EXFIL_MODE_ENABLED" in line and "TRUE" in line.upper():
+                    return True
+    except OSError:
+        pass
+    return False
+
+exfil_enabled = is_exfil_enabled()
+loot_exists = "loot.bin" in os.listdir("/")
 noStorage = False
 noStoragePin = digitalio.DigitalInOut(GP15)
 noStoragePin.switch_to_input(pull=digitalio.Pull.UP)
@@ -23,7 +36,9 @@ noStorageStatus = noStoragePin.value
 # Pico W:
 #   GP15 not connected == USB NOT visible
 #   GP15 connected to GND == USB visible
-
+if exfil_enabled:
+    if not loot_exists:
+        storage.disable_usb_drive()
 if(board.board_id == 'raspberry_pi_pico' or board.board_id == 'raspberry_pi_pico2'):
     # On Pi Pico, default to USB visible
     noStorage = not noStorageStatus
@@ -39,3 +54,5 @@ if(noStorage == True):
 else:
     # normal boot
     print("USB drive enabled")
+
+

build_scripts/create_release_bundle.py

@@ -28,6 +28,7 @@ supported_boards = ["raspberry_pi_pico",
 files_to_bundle = ["boot.py",
                    "code.py",
                    "duckyinpython.py",
+                   "pins.py",
                    "wsgiserver.py",
                    "webapp.py",
                    "secrets.py",
@@ -114,7 +115,7 @@ def main(argv):
         replacements = {
             "#from keyboard_layout_win_LANG": "from keyboard_layout_"+dest_dir.lower(),
             "#from keycode_win_LANG": "from keycode_"+dest_dir.lower(),
-            "from adafruit_hid.keyboard": "#from adafruit_hid.keyboard",
+            "from adafruit_hid.keyboard_": "#from adafruit_hid.keyboard_",
             "from adafruit_hid.keycode": "#from adafruit_hid.keycode"
         }
 

code.py

@@ -5,8 +5,8 @@
 
 
 import supervisor
-
+import os
-
+import pwmio
 import time
 import digitalio
 from board import *
@@ -47,36 +47,42 @@ elif(board.board_id == 'raspberry_pi_pico_w' or board.board_id == 'raspberry_pi_
     led = digitalio.DigitalInOut(board.LED)
     led.switch_to_output()
 
+async def run_payload_on_startup():
+    progStatus = False
+    progStatus = getProgrammingStatus()
+    print("progStatus", progStatus)
+    if(progStatus == False):
+        print("Finding payload")
+        if "loot.bin" in os.listdir("/"):
+            print("loot.bin exists, skipping payload execution.")
+        else:
+            payload = selectPayload()
+            await asyncio.sleep(0.1)
+            print("Running")
+            await runScript(payload)
+    else:
+        print("Done")
 
-progStatus = False
-progStatus = getProgrammingStatus()
-print("progStatus", progStatus)
-if(progStatus == False):
-    print("Finding payload")
-    # not in setup mode, inject the payload
-    payload = selectPayload()
-    print("Running ", payload)
-    runScript(payload)
-
-    print("Done")
-else:
-    print("Update your payload")
 
 led_state = False
 
+
+
 async def main_loop():
     global led,button1
 
     button_task = asyncio.create_task(monitor_buttons(button1))
+    payload_task = asyncio.create_task(run_payload_on_startup())
+    led_task = asyncio.create_task(monitor_led_changes())
     if(board.board_id == 'raspberry_pi_pico_w' or board.board_id == 'raspberry_pi_pico2_w'):
         pico_led_task = asyncio.create_task(blink_pico_w_led(led))
         print("Starting Wifi")
         startWiFi()
         print("Starting Web Service")
         webservice_task = asyncio.create_task(startWebService())
-        await asyncio.gather(pico_led_task, button_task, webservice_task)
+        await asyncio.gather(pico_led_task, button_task, webservice_task, payload_task, led_task)
     else:
         pico_led_task = asyncio.create_task(blink_pico_led(led))
-        await asyncio.gather(pico_led_task, button_task)
+        await asyncio.gather(pico_led_task, button_task, payload_task, led_task )
 
 asyncio.run(main_loop())

duckyinpython.py

@@ -1,18 +1,24 @@
 # License : GPLv2.0
 # copyright (c) 2023  Dave Bailey
 # Author: Dave Bailey (dbisu, @daveisu)
-
+#
+#  TODO: ADD support for the following:
+# Add jitter
+# Add LED functionality
 import re
 import time
+import random
 import digitalio
 from digitalio import DigitalInOut, Pull
 from adafruit_debouncer import Debouncer
 import board
 from board import *
-import pwmio
 import asyncio
 import usb_hid
 from adafruit_hid.keyboard import Keyboard
+from adafruit_hid.consumer_control import ConsumerControl
+from adafruit_hid.consumer_control_code import ConsumerControlCode
+from pins import *
 
 # comment out these lines for non_US keyboards
 from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS as KeyboardLayout
@@ -23,10 +29,37 @@ from adafruit_hid.keycode import Keycode
 #from keyboard_layout_win_LANG import KeyboardLayout as KeyboardLayout
 #from keycode_win_LANG import Keycode
 
-duckyCommands = {
+def _capsOn():
-    'WINDOWS': Keycode.WINDOWS, 'GUI': Keycode.GUI,
+    return kbd.led_on(Keyboard.LED_CAPS_LOCK)
-    'APP': Keycode.APPLICATION, 'MENU': Keycode.APPLICATION, 'SHIFT': Keycode.SHIFT,
+
-    'ALT': Keycode.ALT, 'CONTROL': Keycode.CONTROL, 'CTRL': Keycode.CONTROL,
+def _numOn():
+    return kbd.led_on(Keyboard.LED_NUM_LOCK)
+
+def _scrollOn():
+    return kbd.led_on(Keyboard.LED_SCROLL_LOCK)
+
+def pressLock(key):
+    kbd.press(key)
+    kbd.release(key)
+
+def SaveKeyboardLedState():
+    variables["$_INITIAL_SCROLLLOCK"] = _scrollOn()
+    variables["$_INITIAL_NUMLOCK"] = _numOn()
+    variables   ["$_INITIAL_CAPSLOCK"] = _capsOn()
+
+
+def RestoreKeyboardLedState():
+    if(variables["$_INITIAL_CAPSLOCK"] != _capsOn()):
+        pressLock(Keycode.CAPS_LOCK)
+    if(variables["$_INITIAL_NUMLOCK"] != _numOn()):
+        pressLock(Keycode.NUM_LOCK)
+    if(variables["$_INITIAL_SCROLLLOCK"] != _scrollOn()):
+        pressLock(Keycode.SCROLL_LOCK)
+
+duckyKeys = {
+    'WINDOWS': Keycode.GUI, 'RWINDOWS': Keycode.RIGHT_GUI, 'GUI': Keycode.GUI, 'RGUI': Keycode.RIGHT_GUI, 'COMMAND': Keycode.GUI, 'RCOMMAND': Keycode.RIGHT_GUI,
+    'APP': Keycode.APPLICATION, 'MENU': Keycode.APPLICATION, 'SHIFT': Keycode.SHIFT, 'RSHIFT': Keycode.RIGHT_SHIFT,
+    'ALT': Keycode.ALT, 'RALT': Keycode.RIGHT_ALT, 'OPTION': Keycode.ALT, 'ROPTION': Keycode.RIGHT_ALT, 'CONTROL': Keycode.CONTROL, 'CTRL': Keycode.CONTROL, 'RCTRL': Keycode.RIGHT_CONTROL,
     'DOWNARROW': Keycode.DOWN_ARROW, 'DOWN': Keycode.DOWN_ARROW, 'LEFTARROW': Keycode.LEFT_ARROW,
     'LEFT': Keycode.LEFT_ARROW, 'RIGHTARROW': Keycode.RIGHT_ARROW, 'RIGHT': Keycode.RIGHT_ARROW,
     'UPARROW': Keycode.UP_ARROW, 'UP': Keycode.UP_ARROW, 'BREAK': Keycode.PAUSE,
@@ -44,54 +77,255 @@ duckyCommands = {
     'Z': Keycode.Z, 'F1': Keycode.F1, 'F2': Keycode.F2, 'F3': Keycode.F3,
     'F4': Keycode.F4, 'F5': Keycode.F5, 'F6': Keycode.F6, 'F7': Keycode.F7,
     'F8': Keycode.F8, 'F9': Keycode.F9, 'F10': Keycode.F10, 'F11': Keycode.F11,
-    'F12': Keycode.F12,
+    'F12': Keycode.F12, 'F13': Keycode.F13, 'F14': Keycode.F14, 'F15': Keycode.F15,
-
+    'F16': Keycode.F16, 'F17': Keycode.F17, 'F18': Keycode.F18, 'F19': Keycode.F19,
+    'F20': Keycode.F20, 'F21': Keycode.F21, 'F22': Keycode.F22, 'F23': Keycode.F23,
+    'F24': Keycode.F24
+}
+duckyConsumerKeys = {
+    'MK_VOLUP': ConsumerControlCode.VOLUME_INCREMENT, 'MK_VOLDOWN': ConsumerControlCode.VOLUME_DECREMENT, 'MK_MUTE': ConsumerControlCode.MUTE,
+    'MK_NEXT': ConsumerControlCode.SCAN_NEXT_TRACK, 'MK_PREV': ConsumerControlCode.SCAN_PREVIOUS_TRACK,
+    'MK_PP': ConsumerControlCode.PLAY_PAUSE, 'MK_STOP': ConsumerControlCode.STOP
 }
 
-variables = {}
+variables = {"$_RANDOM_MIN": 0, "$_RANDOM_MAX": 65535,"$_EXFIL_MODE_ENABLED": False,"$_EXFIL_LEDS_ENABLED": False,"$_INITIAL_SCROLLLOCK": False, "$_INITIAL_NUMLOCK": False, "$_INITIAL_CAPSLOCK": False}
+internalVariables = {"$_CAPSLOCK_ON": _capsOn, "$_NUMLOCK_ON": _numOn, "$_SCROLLLOCK_ON": _scrollOn}
+defines = {}
 functions = {}
 
+letters = "abcdefghijklmnopqrstuvwxyz"
+numbers = "0123456789"
+specialChars = "!@#$%^&*()"
+
+class IF:
+    def __init__(self, condition, codeIter):
+        self.condition = condition
+        self.codeIter = list(codeIter)
+        self.lastIfResult = None
+    
+    def _exitIf(self):
+        _depth = 0
+        for line in self.codeIter:
+            line = self.codeIter.pop(0)
+            line = line.strip()
+            if line.upper().startswith("END_IF"):
+                _depth -= 1
+            elif line.upper().startswith("IF"):
+                _depth += 1
+            if _depth < 0:
+                print("No else, exiting" + str(list(self.codeIter)))
+                break
+        return(self.codeIter)
+
+    def runIf(self):
+        if isinstance(self.condition, str):
+            self.lastIfResult = evaluateExpression(self.condition)
+        elif isinstance(self.condition, bool):
+            self.lastIfResult = self.condition
+        else:
+            raise ValueError("Invalid condition type")
+
+        # print(f"condition {self.condition} result is {self.lastIfResult} since \"$VAR\" is {variables["$VAR"]}, code is {self.codeIter}")
+        depth = 0
+        for line in self.codeIter:
+            line = self.codeIter.pop(0)
+            line = line.strip()
+            if line == "":
+                continue
+            # print(line)
+
+            if line.startswith("IF"):
+                depth += 1
+            elif line.startswith("END_IF"):
+                if depth == 0:
+                    return(self.codeIter, -1)
+                depth -=1
+
+            elif line.startswith("ELSE") and depth == 0:
+                # print(f"ELSE LINE {line}, lastIfResult: {self.lastIfResult}")
+                if self.lastIfResult is False:
+                    line = line[4:].strip()  # Remove 'ELSE' and strip whitespace
+                    if line.startswith("IF"):
+                        nestedCondition = _getIfCondition(line)
+                        # print(f"nested IF {nestedCondition}")
+                        self.codeIter, self.lastIfResult = IF(nestedCondition, self.codeIter).runIf()
+                        if self.lastIfResult == -1 or self.lastIfResult == True:
+                            # print(f"self.lastIfResult {self.lastIfResult}")
+                            return(self.codeIter, True)
+                    else:
+                        return IF(True, self.codeIter).runIf()                        #< Regular ELSE block
+                else:
+                    self._exitIf()
+                    break
+
+            # Process regular lines
+            elif self.lastIfResult:
+                # print(f"running line {line}")
+                self.codeIter = list(parseLine(line, self.codeIter))
+        # print("end of if")
+        return(self.codeIter, self.lastIfResult)
+
+def _getIfCondition(line):
+    return str(line)[2:-4].strip()
+
+def _isCodeBlock(line):
+    line = line.upper().strip()
+    if line.startswith("IF") or line.startswith("WHILE"):
+        return True
+    return False
+
+def _getCodeBlock(linesIter):
+    """Returns the code block starting at the given line."""
+    code = []
+    depth = 1
+    for line in linesIter:
+        line = line.strip()
+        if line.upper().startswith("END_"):
+            depth -= 1
+        elif _isCodeBlock(line):
+            depth += 1
+        if depth <= 0:
+            break
+        code.append(line)
+    return code
+
+def replaceBooleans(text):                             #< fix capitalization mistakes in true and false (for evaluating with booleans)
+    # Replace any letter-by-letter match for "true" with the proper "True"
+    text = re.sub(r'[Tt][Rr][Uu][Ee]', 'True', text)
+    # Replace any letter-by-letter match for "false" with the proper "False"
+    text = re.sub(r'[Ff][Aa][Ll][Ss][Ee]', 'False', text)
+    return text
+
+def evaluateExpression(expression):
+    """Evaluates an expression with variables and returns the result."""
+    expression = replaceVariables(expression)
+    expression = replaceBooleans(expression)       #< Cant use re due its limitation in circutpython
+    print(expression)
+
+    expression = expression.replace("^", "**")     #< Replace ^ with ** for exponentiation
+    expression = expression.replace("&&", "and")
+    expression = expression.replace("||", "or")
+
+    expression = expression.replace("TRUE", "True")
+    expression = expression.replace("FALSE", "False")
+
+    return eval(expression, {}, variables)
+
+def deepcopy(List):
+    return(List[:])
+
 def convertLine(line):
-    newline = []
+    commands = []
     # print(line)
     # loop on each key - the filter removes empty values
     for key in filter(None, line.split(" ")):
         key = key.upper()
         # find the keycode for the command in the list
-        command_keycode = duckyCommands.get(key, None)
+        command_keycode = duckyKeys.get(key, None)
+        command_consumer_keycode = duckyConsumerKeys.get(key, None)
         if command_keycode is not None:
             # if it exists in the list, use it
-            newline.append(command_keycode)
+            commands.append(command_keycode)
+        elif command_consumer_keycode is not None:
+            # if it exists in the list, use it
+            commands.append(1000+command_consumer_keycode)
         elif hasattr(Keycode, key):
             # if it's in the Keycode module, use it (allows any valid keycode)
-            newline.append(getattr(Keycode, key))
+            commands.append(getattr(Keycode, key))
         else:
             # if it's not a known key name, show the error for diagnosis
             print(f"Unknown key: <{key}>")
-    # print(newline)
+    # print(commands)
-    return newline
+    return commands
 
 def runScriptLine(line):
-    if isinstance(line, str):
+    keys = convertLine(line)
-        line = convertLine(line)
+    for k in keys:
-    for k in line:
+        if k > 1000:
-        kbd.press(k)
+            consumerControl.press(int(k-1000))
-    kbd.release_all()
+        else:
+            kbd.press(k)
+    for k in reversed(keys):
+        if k > 1000:
+            consumerControl.release()
+        else:
+            kbd.release(k)
+
 def sendString(line):
     layout.write(line)
 
-def parseLine(line, script_lines):
+def replaceVariables(line):
-    global defaultDelay, variables, functions
+    for var in variables:
+        line = line.replace(var, str(variables[var]))
+    for var in internalVariables:
+        line = line.replace(var, str(internalVariables[var]()))
+    return line
+
+def replaceDefines(line):
+    for define, value in defines.items():
+        line = line.replace(define, value)
+    return line
+
+async def parseLine(line, script_lines):
+    global defaultDelay, variables, functions, defines
     line = line.strip()
-    if(line[0:3] == "REM"):
+    line = line.replace("$_RANDOM_INT", str(random.randint(int(variables.get("$_RANDOM_MIN", 0)), int(variables.get("$_RANDOM_MAX", 65535)))))
-        # ignore ducky script comments
+    line = replaceDefines(line)
+    if line[:10] == "INJECT_MOD":
+        line = line[11:]
+    elif line.startswith("REM_BLOCK"):
+        while line.startswith("END_REM") == False:
+            line = next(script_lines).strip()
+            # print(line)
+    elif(line[0:3] == "REM"):
         pass
+    elif line.startswith("HOLD"):
+        # HOLD command to press and hold a key
+        key = line[5:].strip().upper()
+        commandKeycode = duckyKeys.get(key, None)
+        if commandKeycode:
+            kbd.press(commandKeycode)
+
+        else:
+            print(f"Unknown key to HOLD: <{key}>")
+    elif line.startswith("RELEASE"):
+        # RELEASE command to release a held key
+        key = line[8:].strip().upper()
+        commandKeycode = duckyKeys.get(key, None)
+        if commandKeycode:
+            kbd.release(commandKeycode)
+        else:
+            print(f"Unknown key to RELEASE: <{key}>")
     elif(line[0:5] == "DELAY"):
+        line = replaceVariables(line)
         time.sleep(float(line[6:])/1000)
+    elif line == "STRINGLN":               #< stringLN block
+        line = next(script_lines).strip()
+        line = replaceVariables(line)
+        while line.startswith("END_STRINGLN") == False:
+            sendString(line)
+            kbd.press(Keycode.ENTER)
+            kbd.release(Keycode.ENTER)
+            line = next(script_lines).strip()
+            line = replaceVariables(line)
+            line = replaceDefines(line)
+    elif(line[0:8] == "STRINGLN"):
+        sendString(replaceVariables(line[9:]))
+        kbd.press(Keycode.ENTER)
+        kbd.release(Keycode.ENTER)
+    elif line == "STRING":                 #< string block
+        line = next(script_lines).strip()
+        line = replaceVariables(line)
+        while line.startswith("END_STRING") == False:
+            sendString(line)
+            line = next(script_lines).strip()
+            line = replaceVariables(line)
+            line = replaceDefines(line)
     elif(line[0:6] == "STRING"):
-        sendString(line[7:])
+        sendString(replaceVariables(line[7:]))
     elif(line[0:5] == "PRINT"):
-        print("[SCRIPT]: " + line[6:])
+        line = replaceVariables(line[6:])
+        print("[SCRIPT]: " + line)
     elif(line[0:6] == "IMPORT"):
         runScript(line[7:])
     elif(line[0:13] == "DEFAULT_DELAY"):
@@ -103,6 +337,17 @@ def parseLine(line, script_lines):
             led.value = False
         else:
             led.value = True
+    elif(line[0:3] == "LED"):
+        if(led.value == True):
+            led.value = False
+        else:
+            led.value = True
+    elif(line[:7] == "LED_OFF"):
+        led.value = False
+    elif(line[:5] == "LED_R"):
+        led.value = True
+    elif(line[:5] == "LED_G"):
+        led.value = True
     elif(line[0:21] == "WAIT_FOR_BUTTON_PRESS"):
         button_pressed = False
         # NOTE: we don't use assincio in this case because we want to block code execution
@@ -117,9 +362,31 @@ def parseLine(line, script_lines):
                 print("Button 1 pushed")
                 button_pressed = True
     elif line.startswith("VAR"):
-        _, var, _, value = line.split()
+        match = re.match(r"VAR\s+\$(\w+)\s*=\s*(.+)", line)
-        variables[var] = int(value)
+        if match:
+            varName = f"${match.group(1)}"
+            value = evaluateExpression(match.group(2))
+            variables[varName] = value
+        else:
+            raise SyntaxError(f"Invalid variable declaration: {line}")
+    elif line.startswith("$"):
+        match = re.match(r"\$(\w+)\s*=\s*(.+)", line)
+        if match:
+            varName = f"${match.group(1)}"
+            expression = match.group(2)
+            value = evaluateExpression(expression)
+            variables[varName] = value
+
+        else:
+            raise SyntaxError(f"Invalid variable update, declare variable first: {line}")
+    elif line.startswith("DEFINE"):
+        defineLocation = line.find(" ")
+        valueLocation = line.find(" ", defineLocation + 1)
+        defineName = line[defineLocation+1:valueLocation]
+        defineValue = line[valueLocation+1:]
+        defines[defineName] = defineValue
     elif line.startswith("FUNCTION"):
+        # print("ENTER FUNCTION")
         func_name = line.split()[1]
         functions[func_name] = []
         line = next(script_lines).strip()
@@ -127,19 +394,55 @@ def parseLine(line, script_lines):
             functions[func_name].append(line)
             line = next(script_lines).strip()
     elif line.startswith("WHILE"):
-        condition = re.search(r'\((.*?)\)', line).group(1)
+        # print("ENTER WHILE LOOP")
-        var_name, _, condition_value = condition.split()
+        condition = line[5:].strip()
-        condition_value = int(condition_value)
+        loopCode = list(_getCodeBlock(script_lines))
-        loop_code = []
+        while evaluateExpression(condition) == True:
-        line = next(script_lines).strip()
+            currentIterCode = deepcopy(loopCode)
-        while line != "END_WHILE":
+            # print(loopCode)
-            if not (line.startswith("WHILE")):
+            while currentIterCode:
-                loop_code.append(line)
+                loopLine = currentIterCode.pop(0)
-            line = next(script_lines).strip()
+                currentIterCode = list(parseLine(loopLine, iter(currentIterCode)))      #< very inefficient, should be replaced later.
-        while variables[var_name] > condition_value:
+
-            for loop_line in loop_code:
+    elif line.upper().startswith("IF"):
-                parseLine(loop_line, {})
+        script_lines, ret = IF(_getIfCondition(line), script_lines).runIf()
-            variables[var_name] -= 1
+        print(f"IF returned {ret} code")
+    elif line.upper().startswith("END_IF"):
+        pass
+    elif line == "RANDOM_LOWERCASE_LETTER":
+        sendString(random.choice(letters))
+    elif line == "RANDOM_UPPERCASE_LETTER":
+        sendString(random.choice(letters.upper()))
+    elif line == "RANDOM_LETTER":
+        sendString(random.choice(letters + letters.upper()))
+    elif line == "RANDOM_NUMBER":
+        sendString(random.choice(numbers))
+    elif line == "RANDOM_SPECIAL":
+        sendString(random.choice(specialChars))
+    elif line == "RANDOM_CHAR":
+        sendString(random.choice(letters + letters.upper() + numbers + specialChars))
+    elif line == "VID_RANDOM" or line == "PID_RANDOM":
+        for _ in range(4):
+            sendString(random.choice("0123456789ABCDEF"))
+    elif line == "MAN_RANDOM" or line == "PROD_RANDOM":
+        for _ in range(12):
+            sendString(random.choice(letters + letters.upper() + numbers))
+    elif line == "SERIAL_RANDOM":
+        for _ in range(12):
+            sendString(random.choice(letters + letters.upper() + numbers + specialChars))
+    elif line == "RESET":
+        kbd.release_all()
+    elif line == "SAVE_HOST_KEYBOARD_LOCK_STATE":
+        SaveKeyboardLedState()
+    elif line == "RESTORE_HOST_KEYBOARD_LOCK_STATE":
+        RestoreKeyboardLedState()
+    elif line == "WAIT_FOR_SCROLL_CHANGE":
+        last_scroll_state = _scrollOn()
+        while True: 
+            current_scroll_state = _scrollOn()
+            if current_scroll_state != last_scroll_state:
+                break
+            await asyncio.sleep(0.01)
     elif line in functions:
         updated_lines = []
         inside_while_block = False
@@ -157,61 +460,52 @@ def parseLine(line, script_lines):
             elif not (func_line.startswith("END_WHILE") or func_line.startswith("WHILE")):
                 parseLine(func_line, iter(functions[line]))
     else:
-        newScriptLine = convertLine(line)
+        runScriptLine(line)
-        runScriptLine(newScriptLine)
+    
+    return(script_lines)
 
 kbd = Keyboard(usb_hid.devices)
+consumerControl = ConsumerControl(usb_hid.devices)
 layout = KeyboardLayout(kbd)
 
 
 
-
-#init button
-button1_pin = DigitalInOut(GP22) # defaults to input
-button1_pin.pull = Pull.UP      # turn on internal pull-up resistor
-button1 =  Debouncer(button1_pin)
-
-#init payload selection switch
-payload1Pin = digitalio.DigitalInOut(GP4)
-payload1Pin.switch_to_input(pull=digitalio.Pull.UP)
-payload2Pin = digitalio.DigitalInOut(GP5)
-payload2Pin.switch_to_input(pull=digitalio.Pull.UP)
-payload3Pin = digitalio.DigitalInOut(GP10)
-payload3Pin.switch_to_input(pull=digitalio.Pull.UP)
-payload4Pin = digitalio.DigitalInOut(GP11)
-payload4Pin.switch_to_input(pull=digitalio.Pull.UP)
-
 def getProgrammingStatus():
-    # check GP0 for setup mode
     # see setup mode for instructions
-    progStatusPin = digitalio.DigitalInOut(GP0)
-    progStatusPin.switch_to_input(pull=digitalio.Pull.UP)
     progStatus = not progStatusPin.value
     return(progStatus)
 
 
 defaultDelay = 0
 
-def runScript(file):
+async def runScript(file):
     global defaultDelay
 
     duckyScriptPath = file
+    restart = True
     try:
-        with open(duckyScriptPath, "r", encoding='utf-8') as f:
+        while restart:
-            script_lines = iter(f.readlines())
+            restart = False
-            previousLine = ""
+            with open(duckyScriptPath, "r", encoding='utf-8') as f:
-            for line in script_lines:
+                script_lines = iter(f.readlines())
-                print(f"runScript: {line}")
+                previousLine = ""
-
+                for line in script_lines:
-                if(line[0:6] == "REPEAT"):
+                    print(f"runScript: {line}")
-                    for i in range(int(line[7:])):
+                    if(line[0:6] == "REPEAT"):
-                        #repeat the last command
+                        for i in range(int(line[7:])):
-                        parseLine(previousLine, script_lines)
+                            #repeat the last command
-                        time.sleep(float(defaultDelay) / 1000)
+                            parseLine(previousLine, script_lines)
-                else:
+                            time.sleep(float(defaultDelay) / 1000)
-                    parseLine(line, script_lines)
+                    elif line.startswith("RESTART_PAYLOAD"):
-                    previousLine = line
+                        restart = True
-                time.sleep(float(defaultDelay) / 1000)
+                        break
+                    elif line.startswith("STOP_PAYLOAD"):
+                        restart = False
+                        break
+                    else:
+                        await parseLine(line, script_lines)
+                        previousLine = line
+                    time.sleep(float(defaultDelay) / 1000)
     except OSError as e:
         print("Unable to open file", file)
 
@@ -219,10 +513,6 @@ def selectPayload():
     global payload1Pin, payload2Pin, payload3Pin, payload4Pin
     payload = "payload.dd"
     # check switch status
-    # payload1 = GPIO4 to GND
-    # payload2 = GPIO5 to GND
-    # payload3 = GPIO10 to GND
-    # payload4 = GPIO11 to GND
     payload1State = not payload1Pin.value
     payload2State = not payload2Pin.value
     payload3State = not payload3Pin.value
@@ -254,45 +544,53 @@ async def blink_led(led):
     elif(board.board_id == 'raspberry_pi_pico_w' or board.board_id == 'raspberry_pi_pico2_w'):
         blink_pico_w_led(led)
 
+
 async def blink_pico_led(led):
     print("starting blink_pico_led")
     led_state = False
     while True:
-        if led_state:
+        if(variables.get("$_EXFIL_LEDS_ENABLED")):
-            #led_pwm_up(led)
+            led.duty_cycle = 65535
-            #print("led up")
-            for i in range(100):
-                # PWM LED up and down
-                if i < 50:
-                    led.duty_cycle = int(i * 2 * 65535 / 100)  # Up
-                await asyncio.sleep(0.01)
-            led_state = False
         else:
-            #led_pwm_down(led)
+            if led_state:
-            #print("led down")
+                #led_pwm_up(led)
-            for i in range(100):
+                #print("led up")
-                # PWM LED up and down
+                for i in range(100):
-                if i >= 50:
+                    # PWM LED up and down
-                    led.duty_cycle = 65535 - int((i - 50) * 2 * 65535 / 100)  # Down
+                    if i < 50:
-                await asyncio.sleep(0.01)
+                        led.duty_cycle = int(i * 2 * 65535 / 100)  # Up
-            led_state = True
+                    await asyncio.sleep(0.01)
+                led_state = False
+            else:
+                #led_pwm_down(led)
+                #print("led down")
+                for i in range(100):
+                    # PWM LED up and down
+                    if i >= 50:
+                        led.duty_cycle = 65535 - int((i - 50) * 2 * 65535 / 100)  # Down
+                    await asyncio.sleep(0.01)
+                led_state = True
         await asyncio.sleep(0)
 
 async def blink_pico_w_led(led):
     print("starting blink_pico_w_led")
     led_state = False
     while True:
-        if led_state:
+        if(variables.get("$_EXFIL_LEDS_ENABLED")):
-            #print("led on")
             led.value = 1
+        else: 
+            if led_state:
+                #print("led on")
+                led.value = 1
+                await asyncio.sleep(0.5)
+                led_state = False
+            else:
+                #print("led off")
+                led.value = 0
+                await asyncio.sleep(0.5)
+                led_state = True
             await asyncio.sleep(0.5)
-            led_state = False
+
-        else:
-            #print("led off")
-            led.value = 0
-            await asyncio.sleep(0.5)
-            led_state = True
-        await asyncio.sleep(0.5)
 
 async def monitor_buttons(button1):
     global inBlinkeyMode, inMenu, enableRandomBeep, enableSirenMode,pixel
@@ -318,8 +616,51 @@ async def monitor_buttons(button1):
                 # Run selected payload
                 payload = selectPayload()
                 print("Running ", payload)
-                runScript(payload)
+                await runScript(payload)
                 print("Done")
             button1Down = False
 
         await asyncio.sleep(0)
+
+async def monitor_led_changes():
+    print("starting monitor_led_changes")
+
+    while True:
+        if variables.get("$_EXFIL_MODE_ENABLED"):
+            try:
+                bit_list = []
+                last_caps_state = _capsOn()
+                last_num_state = _numOn()
+                last_scroll_state = _scrollOn()
+
+                with open("loot.bin", "ab") as file:
+                    while variables.get("$_EXFIL_MODE_ENABLED"):
+                        caps_state = _capsOn()
+                        num_state = _numOn()
+                        scroll_state = _scrollOn()
+
+                        if caps_state != last_caps_state:
+                            bit_list.append(0)
+                            last_caps_state = caps_state 
+
+                        elif num_state != last_num_state:
+                            bit_list.append(1)
+                            last_num_state = num_state
+
+                        if len(bit_list) == 8:
+                            byte = 0
+                            for b in bit_list:
+                                byte = (byte << 1) | b
+                            file.write(bytes([byte]))
+                            bit_list = []
+
+                        if scroll_state != last_scroll_state:
+                            variables["$_EXFIL_LEDS_ENABLED"] = False
+                            break            
+                        
+                        await asyncio.sleep(0.001)
+            except Exception as e:
+                print(f"Error occurred: {e}")
+
+        await asyncio.sleep(0.0)
+

payload.dd

@@ -1,6 +1,6 @@
-REM The next four lines open Notepad in Windows and type "Hello World!"
+REM The next five lines open Notepad in Windows and type "Hello World!"
 GUI r
 STRING notepad
 ENTER
 DELAY 250
-STRING Hello World!
+STRING Hello World!

pins.py

@@ -0,0 +1,29 @@
+import digitalio
+from digitalio import DigitalInOut, Pull
+from board import *
+from adafruit_debouncer import Debouncer
+
+#init button
+button1_pin = DigitalInOut(GP22) # defaults to input
+button1_pin.pull = Pull.UP      # turn on internal pull-up resistor
+button1 =  Debouncer(button1_pin)
+
+
+# payload1 = GPIO4 to GND
+# payload2 = GPIO5 to GND
+# payload3 = GPIO10 to GND
+# payload4 = GPIO11 to GND
+
+#init payload selection switch
+payload1Pin = digitalio.DigitalInOut(GP4)
+payload1Pin.switch_to_input(pull=digitalio.Pull.UP)
+payload2Pin = digitalio.DigitalInOut(GP5)
+payload2Pin.switch_to_input(pull=digitalio.Pull.UP)
+payload3Pin = digitalio.DigitalInOut(GP10)
+payload3Pin.switch_to_input(pull=digitalio.Pull.UP)
+payload4Pin = digitalio.DigitalInOut(GP11)
+payload4Pin.switch_to_input(pull=digitalio.Pull.UP)
+
+# check GP0 for setup mode
+progStatusPin = digitalio.DigitalInOut(GP0)
+progStatusPin.switch_to_input(pull=digitalio.Pull.UP)

webapp.py

@@ -14,66 +14,75 @@ import wifi
 
 from duckyinpython import *
 
-payload_html = """<!DOCTYPE html>
+payload_html = """<html>
-<html>
+    <head>
-    <head> <title>Pico W Ducky</title> </head>
+        <title>Pico W Ducky</title>
-    <body> <h1>Pico W Ducky</h1>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-        <table border="1"> <tr><th>Payload</th><th>Actions</th></tr> {} </table>
+        <style>button{{margin:0.2em}}html{{font-family:'Open Sans', sans-serif;margin:2%}}table{{width:30%;max-width:20vh;margin-bottom:1em;border-collapse:collapse}}</style>
-        <br>
+    </head>
-        <a href="/new">New Script</a>
+    <body>
+        <h1>Pico W Ducky</h1>
+        <table border="1"><tr><th>Payload</th><th>Actions</th></tr>{}</table><br>
+        <a href="/new"><button>New Script</button></a>
     </body>
 </html>
 """
 
 edit_html = """<!DOCTYPE html>
 <html>
-  <head>
+    <head>
-    <title>Script Editor</title>
+        <title>Script Editor</title>
-  </head>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <body>
+        <style>button{{margin-top:1em}}.main{{font-family:'Open Sans', sans-serif;margin:2%}}textarea{{width:100%;max-width:80vh;margin-bottom:1em;height:50vh}}</style>
-    <form action="/write/{}" method="POST">
+    </head>
-      <textarea rows="5" cols="60" name="scriptData">{}</textarea>
+    <body>
-      <br/>
+        <form action="/write/{}" method="POST">
-      <input type="submit" value="submit"/>
+            <textarea rows="5" name="scriptData">{}</textarea><br/>
-    </form>
+            <input type="submit" value="submit"/>
-    <br>
+        </form>
-    <a href="/ducky">Home</a>
+        <br>
-  </body>
+        <a href="/ducky"><button>Home</button></a>
+    </body>
 </html>
 """
 
 new_html = """<!DOCTYPE html>
 <html>
-  <head>
+    <head>
-    <title>New Script</title>
+        <title>New Script</title>
-  </head>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <body>
+        <style>button{margin-top:1em}.main{font-family:'Open Sans', sans-serif;margin:2%}textarea{width:100%;max-width:80vh;margin-bottom:1em}#ducky-input{height:50vh}</style>
-    <form action="/new" method="POST">
+    </head>
-      Script Name<br>
+    <body>
-      <textarea rows="1" cols="60" name="scriptName"></textarea>
+        <div class="main">
-      Script<br>
+            <form action="/new" method="POST">
-      <textarea rows="5" cols="60" name="scriptData"></textarea>
+                <p>New Script:</p>
-      <br/>
+                <textarea rows="1" name="scriptName" placeholder="script name"></textarea><br>
-      <input type="submit" value="submit"/>
+                <textarea id="ducky-input" rows="5" name="scriptData" placeholder="script"></textarea>
-    </form>
+                <br><input type="submit" value="Submit"/>
-    <br>
+            </form>
-    <a href="/ducky">Home</a>
+            <a href="/ducky"><button>Go Back</button></a>
-  </body>
+        </div>
+    </body>
 </html>
 """
 
 response_html = """<!DOCTYPE html>
 <html>
-    <head> <title>Pico W Ducky</title> </head>
+    <head>
-    <body> <h1>Pico W Ducky</h1>
+        <title>Pico W Ducky</title>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <style>button{{margin-top:1em}}body{{font-family:'Open Sans', sans-serif;margin:2%}}</style>
+    </head>
+    <body>
+        <h1>Pico W Ducky</h1>
         {}
-        <br>
+        <br><a href="/ducky"><button>Home</button></a>
-        <a href="/ducky">Home</a>
     </body>
 </html>
 """
 
-newrow_html = "<tr><td>{}</td><td><a href='/edit/{}'>Edit</a> / <a href='/run/{}'>Run</a></tr>"
+newrow_html = "<tr><td>{}</td><td><a href='/edit/{}'>Edit</a> / <a href='/delete/{}'>Delete</a> / <a href='/run/{}'>Run</a></tr>"
 
 def setPayload(payload_number):
     if(payload_number == 1):
@@ -94,7 +103,7 @@ def ducky_main(request):
     for f in files:
         if ('.dd' in f) == True:
             payloads.append(f)
-            newrow = newrow_html.format(f,f,f)
+            newrow = newrow_html.format(f,f,f,f)
             #print(newrow)
             rows = rows + newrow
 
@@ -172,8 +181,8 @@ def write_script(request, filename):
     textbuffer = form_data['scriptData']
     textbuffer = cleanup_text(textbuffer)
     #print(textbuffer)
-    for line in textbuffer:
+    for line in textbuffer.splitlines():
-        f.write(line)
+        f.write(line + '\n')
     f.close()
     storage.remount("/",readonly=True)
     response = response_html.format("Wrote script " + filename)
@@ -193,17 +202,28 @@ def write_new_script(request):
             form_data[key] = value
         #print(form_data)
         filename = form_data['scriptName']
+        if ".dd" not in filename:
+            filename = filename + ".dd"
         textbuffer = form_data['scriptData']
         textbuffer = cleanup_text(textbuffer)
         storage.remount("/",readonly=False)
         f = open(filename,"w",encoding='utf-8')
-        for line in textbuffer:
+        for line in textbuffer.splitlines():
-            f.write(line)
+            f.write(line + '\n')
         f.close()
         storage.remount("/",readonly=True)
         response = response_html.format("Wrote script " + filename)
     return("200 OK",[('Content-Type', 'text/html')], response)
 
+@web_app.route("/delete/<filename>")
+def delete(request, filename):
+    print("Deleting ", filename)
+    storage.remount("/",readonly=False)
+    os.remove(filename)
+    response = response_html.format("Deleted script " + filename)
+    storage.remount("/",readonly=True)
+    return("200 OK",[('Content-Type', 'text/html')], response)
+
 @web_app.route("/run/<filename>")
 def run_script(request, filename):
     print("run_script ", filename)