# License : GPLv2.0 # copyright (c) 2021 Dave Bailey # Author: Dave Bailey (dbisu, @daveisu) # Nugget Fork: Kody Kinzie @skickar # Now It Runs One Of 4 Payloads! import usb_hid from adafruit_hid.keyboard import Keyboard import board # comment out these lines for non_US keyboards from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS as KeyboardLayout from adafruit_hid.keycode import Keycode from digitalio import DigitalInOut, Pull from adafruit_debouncer import Debouncer from board import * import busio import displayio import adafruit_framebuf import adafruit_displayio_sh1106 import time ## Screen setup and function to change image on the screen displayio.release_displays() WIDTH = 130 # Change these to the right size for your display! HEIGHT = 64 BORDER = 1 i2c = busio.I2C(SCL, SDA) # Create the I2C interface. display_bus = displayio.I2CDisplay(i2c, device_address=0x3c) display = adafruit_displayio_sh1106.SH1106(display_bus, width=WIDTH, height=HEIGHT) # Create the SH1106 OLED class. def NugEyes(IMAGE): ## Make a function to put eyes on the screen bitmap = displayio.OnDiskBitmap(IMAGE) # Setup the file as the bitmap data source tile_grid = displayio.TileGrid(bitmap, pixel_shader=bitmap.pixel_shader) # Create a TileGrid to hold the bitmap group = displayio.Group() # Create a Group to hold the TileGrid group.append(tile_grid) # Add the TileGrid to the Group display.show(group) # Add the Group to the Display NugEyes("/faces/menu.bmp") pins = (board.IO9, board.IO18, board.IO11, board.IO7) buttons = [] # will hold list of Debouncer objects for pin in pins: # set up each pin tmp_pin = DigitalInOut(pin) # defaults to input tmp_pin.pull = Pull.UP # turn on internal pull-up resistor buttons.append( Debouncer(tmp_pin) ) # uncomment these lines for non_US keyboards # replace LANG with appropriate language #from keyboard_layout_win_LANG import KeyboardLayout #from keycode_win_LANG import Keycode duckyCommands = { 'WINDOWS': Keycode.WINDOWS, 'GUI': Keycode.GUI, 'APP': Keycode.APPLICATION, 'MENU': Keycode.APPLICATION, 'SHIFT': Keycode.SHIFT, 'ALT': Keycode.ALT, 'CONTROL': Keycode.CONTROL, 'CTRL': Keycode.CONTROL, 'DOWNARROW': Keycode.DOWN_ARROW, 'DOWN': Keycode.DOWN_ARROW, 'LEFTARROW': Keycode.LEFT_ARROW, 'LEFT': Keycode.LEFT_ARROW, 'RIGHTARROW': Keycode.RIGHT_ARROW, 'RIGHT': Keycode.RIGHT_ARROW, 'UPARROW': Keycode.UP_ARROW, 'UP': Keycode.UP_ARROW, 'BREAK': Keycode.PAUSE, 'PAUSE': Keycode.PAUSE, 'CAPSLOCK': Keycode.CAPS_LOCK, 'DELETE': Keycode.DELETE, 'END': Keycode.END, 'ESC': Keycode.ESCAPE, 'ESCAPE': Keycode.ESCAPE, 'HOME': Keycode.HOME, 'INSERT': Keycode.INSERT, 'NUMLOCK': Keycode.KEYPAD_NUMLOCK, 'PAGEUP': Keycode.PAGE_UP, 'PAGEDOWN': Keycode.PAGE_DOWN, 'PRINTSCREEN': Keycode.PRINT_SCREEN, 'ENTER': Keycode.ENTER, 'SCROLLLOCK': Keycode.SCROLL_LOCK, 'SPACE': Keycode.SPACE, 'TAB': Keycode.TAB, 'A': Keycode.A, 'B': Keycode.B, 'C': Keycode.C, 'D': Keycode.D, 'E': Keycode.E, 'F': Keycode.F, 'G': Keycode.G, 'H': Keycode.H, 'I': Keycode.I, 'J': Keycode.J, 'K': Keycode.K, 'L': Keycode.L, 'M': Keycode.M, 'N': Keycode.N, 'O': Keycode.O, 'P': Keycode.P, 'Q': Keycode.Q, 'R': Keycode.R, 'S': Keycode.S, 'T': Keycode.T, 'U': Keycode.U, 'V': Keycode.V, 'W': Keycode.W, 'X': Keycode.X, 'Y': Keycode.Y, 'Z': Keycode.Z, 'F1': Keycode.F1, 'F2': Keycode.F2, 'F3': Keycode.F3, 'F4': Keycode.F4, 'F5': Keycode.F5, 'F6': Keycode.F6, 'F7': Keycode.F7, 'F8': Keycode.F8, 'F9': Keycode.F9, 'F10': Keycode.F10, 'F11': Keycode.F11, 'F12': Keycode.F12, } def convertLine(line): newline = [] print(line) # loop on each key - the filter removes empty values for key in filter(None, line.split(" ")): key = key.upper() # find the keycode for the command in the list command_keycode = duckyCommands.get(key, None) if command_keycode is not None: # if it exists in the list, use it newline.append(command_keycode) elif hasattr(Keycode, key): # if it's in the Keycode module, use it (allows any valid keycode) newline.append(getattr(Keycode, key)) else: # if it's not a known key name, show the error for diagnosis print(f"Unknown key: <{key}>") print(newline) return newline def runScriptLine(line): for k in line: kbd.press(k) kbd.release_all() def sendString(line): layout.write(line) def parseLine(line): global defaultDelay if(line[0:3] == "REM"): # ignore ducky script comments pass elif(line[0:5] == "DELAY"): time.sleep(float(line[6:])/1000) elif(line[0:6] == "STRING"): sendString(line[7:]) elif(line[0:13] == "DEFAULT_DELAY"): defaultDelay = int(line[14:]) * 10 elif(line[0:12] == "DEFAULTDELAY"): defaultDelay = int(line[13:]) * 10 else: newScriptLine = convertLine(line) runScriptLine(newScriptLine) def injectPayload(payloadNumber): f = open(duckyScriptPath[payloadNumber],"r",encoding='utf-8') print("Running payload.dd") previousLine = "" duckyScript = f.readlines() for line in duckyScript: line = line.rstrip() if(line[0:6] == "REPEAT"): for i in range(int(line[7:])): #repeat the last command parseLine(previousLine) time.sleep(float(defaultDelay)/1000) else: parseLine(line) previousLine = line time.sleep(float(defaultDelay)/1000) print("Done") NugEyes("/faces/menu.bmp") kbd = Keyboard(usb_hid.devices) layout = KeyboardLayout(kbd) duckyScriptPath = ["payload1.dd", "payload2.dd", "payload3.dd", "payload4.dd"] # sleep at the start to allow the device to be recognized by the host computer time.sleep(.5) defaultDelay = 0 progStatus = False progStatusPin = buttons[3] progStatus = not progStatusPin.value defaultDelay = 0 print(progStatus) if(progStatus == True): # not in setup mode, inject the payload print("Attack Mode: Running payload.dd") injectPayload(0) print("Done") else: print("Entering menu") while True: for i in range(len(buttons)): buttons[i].update() if buttons[i].fell: print("button",i,"pressed!") NugEyes("/faces/boingo.bmp") injectPayload(i) if buttons[i].rose: print("button",i,"released!")