hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

New Payload - The Penny Drops

pull/138/head
cribb-it 2022-09-02 18:31:22 +01:00
parent 2ba0b3e08c
commit 0092291f2e
2 changed files with 371 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

340
payloads/library/general/Multi_HID_The-Penny-Drops/Payload.txt Normal file
View File

@ -0,0 +1,340 @@
REM TITLE The Penny Drops
REM AUTHOR Cribbit
REM DESCRIPTION Little arcade coin drop / pachinko style game
REM VERSION 1.0
REM PROPS Darren & Korben
EXTENSION TRANSLATE
REM VERSION 1.0
REM This extension acts as a library or collection of helper functions
REM to work with converting variables in your payloads.
REM WHY:
REM Of the many ways to get information about the state of your payload
REM is by injecting static strings effectively as debugging prints
REM However, given the non-static nature of payloads using variables in
REM DuckyScript 3.0 - the ability to decode variables during payload
REM execution and print (inject) representations of their current state
REM can often be a critically helpful development and debugging tool.
REM Available Functions:
REM TRANSLATE_INT() - var to decimal string - set $INPUT prior to call
REM TRANSLATE_HEX() - var to hexidecimal string - set $INPUT prior to call
REM TRANSLATE_BINARY() - var to binary string - set $INPUT prior to call
REM TRANSLATE_BOOL() - var to boolean string - set $INPUT prior to call
REM USAGE:
REM set $INPUT to desired var
REM call the correct translate_ function for the expected data type e.g.
REM VAR $myVar = 1234
REM $INPUT = $myVar
REM TRANSLATE_INT()
REM REM the above code will inject 1234
REM begin extension variables
DEFINE PRINT_INT 0
DEFINE PRINT_HEX 1
VAR $DIGIT_PRINT_MODE = PRINT_INT
VAR $D = 0
VAR $IN = 0
VAR $INPUT = 0
VAR $MOD = 0
VAR $P = FALSE
VAR $NL = TRUE
REM end extension variables
REM REQUIRED for INT/HEX - convert int to char
FUNCTION PRINTDIGIT()
IF ($D == 0) THEN
STRING 0
ELSE IF ($D == 1) THEN
STRING 1
ELSE IF ($D == 2) THEN
STRING 2
ELSE IF ($D == 3) THEN
STRING 3
ELSE IF ($D == 4) THEN
STRING 4
ELSE IF ($D == 5) THEN
STRING 5
ELSE IF ($D == 6) THEN
STRING 6
ELSE IF ($D == 7) THEN
STRING 7
ELSE IF ($D == 8) THEN
STRING 8
ELSE IF ($D == 9) THEN
STRING 9
ELSE IF ($DIGIT_PRINT_MODE == PRINT_HEX) THEN
IF ($D == 10) THEN
STRING A
ELSE IF ($D == 11) THEN
STRING B
ELSE IF ($D == 12) THEN
STRING C
ELSE IF ($D == 13) THEN
STRING D
ELSE IF ($D == 14) THEN
STRING E
ELSE IF ($D == 15) THEN
STRING F
END_IF
ELSE
STRING ?
END_IF
END_FUNCTION
REM REQUIRED for INT/HEX- consumes a character / place from the input
FUNCTION CONSUME()
$D = 0
WHILE ($INPUT >= $MOD)
$D = ($D + 1)
$INPUT = ($INPUT - $MOD)
END_WHILE
IF (($D > 0) || ($P == TRUE)) THEN
$P = TRUE
PRINTDIGIT()
END_IF
END_FUNCTION
REM ENDIAN SWAPPER helper, (useful for working with VID/PID)
FUNCTION SWAP_ENDIAN()
$INPUT = ((($INPUT >> 8) & 0x00FF) | (($INPUT << 8) & 0xFF00))
END_FUNCTION
REM Translates a variable of presumed integer type and attempts to convert
REM and inject a DECIMAL string representation
FUNCTION TRANSLATE_INT()
$DIGIT_PRINT_MODE = PRINT_INT
$P = FALSE
IF ( $INPUT >= 10000) THEN
$MOD = 10000
CONSUME()
END_IF
IF (($INPUT >= 1000) || ($P == TRUE)) THEN
$MOD = 1000
CONSUME()
END_IF
IF (($INPUT >= 100) || ($P == TRUE)) THEN
$MOD = 100
CONSUME()
END_IF
IF (($INPUT >= 10) || ($P == TRUE)) THEN
$MOD = 10
CONSUME()
END_IF()
$D = $INPUT
PRINTDIGIT()
IF $NL THEN
ENTER
END_IF
END_FUNCTION
REM Translates a variable of presumed boolean type and attempts to convert
REM and inject a BOOLEAN string representation
FUNCTION TRANSLATE_BOOL()
IF $INPUT THEN
STRING TRUE
ELSE
STRING FALSE
END_IF
IF $NL THEN
ENTER
END_IF
END_FUNCTION
REM Translates a variable of presumed integer type and attempts to convert
REM and inject a HEX string representation
FUNCTION TRANSLATE_HEX()
$DIGIT_PRINT_MODE = PRINT_HEX
VAR $chars = 0
VAR $d1 = 0
VAR $d2 = 0
VAR $d3 = 0
VAR $d4 = 0
WHILE ($INPUT > 0)
IF ($chars == 0) THEN
$d1 = ($INPUT % 16)
ELSE IF ($chars == 1) THEN
$d2 = ($INPUT % 16)
ELSE IF ($chars == 2) THEN
$d3 = ($INPUT % 16)
ELSE IF ($chars == 3) THEN
$d4 = ($INPUT % 16)
END_IF
$chars = ($chars + 1)
$INPUT = ($INPUT / 16)
END_WHILE
VAR $i = 0
STRING 0x
IF ($chars == 0) THEN
STRING 0x0000
ELSE IF ($chars == 1) THEN
STRING 000
$D = $d1
PRINTDIGIT()
ELSE IF ($chars == 2) THEN
STRING 00
$D = $d2
PRINTDIGIT()
$D = $d1
PRINTDIGIT()
ELSE IF ($chars == 3) THEN
STRING 0
$D = $d3
PRINTDIGIT()
$D = $d2
PRINTDIGIT()
$D = $d1
PRINTDIGIT()
ELSE IF ($chars == 4) THEN
STRING 0
$D = $d4
PRINTDIGIT()
$D = $d3
PRINTDIGIT()
$D = $d2
PRINTDIGIT()
$D = $d1
PRINTDIGIT()
END_IF
IF $NL THEN
ENTER
END_IF
END_FUNCTION
REM Translates a variable of presumed integer type and attempts to convert
REM and inject a BINARY string representation
FUNCTION TRANSLATE_BINARY()
VAR $I = 16
WHILE ( $I > 0 )
$I = ($I - 1)
IF (($INPUT & 0x8000) == 0 ) THEN
STRING 0
ELSE
STRING 1
END_IF
$INPUT = ($INPUT << 1)
END_WHILE
IF $NL THEN
ENTER
END_IF
END_FUNCTION
END_EXTENSION
ATTACKMODE HID
DELAY 3000
DEFINE GAME_SPEED 500
VAR $SCORE = 0
VAR $COIN = 6
VAR $MAX = 9999
VAR $RUNNING = TRUE
VAR $INPUT = 0
$NL = FALSE
FUNCTION move()
SHIFT LEFTARROW
SPACE
DOWNARROW
IF (($_RANDOM_INT % 2) == 0) THEN
$COIN = ($COIN + 1)
RIGHTARROW
ELSE
$COIN = ($COIN - 1)
LEFTARROW
END_IF
SHIFT LEFTARROW
STRING 0
END_FUNCTION
FUNCTION drop()
VAR $A = 4
WHILE ($A > 0)
move()
DELAY GAME_SPEED
$A = ($A - 1)
END_WHILE
SHIFT LEFTARROW
SPACE
DOWNARROW
SHIFT LEFTARROW
STRING 0
DELAY GAME_SPEED
SHIFT LEFTARROW
SPACE
END_FUNCTION
FUNCTION write_score()
DOWNARROW
DOWNARROW
END
SHIFT HOME
VAR $POINTS = 1
IF ($COIN == 6) THEN
$POINTS = 5
ELSE IF (($COIN == 4) || ($COIN == 8)) THEN
$POINTS = 2
END_IF
IF ($POINTS > ($MAX - $SCORE)) THEN
$SCORE = ($POINTS - ($MAX - $SCORE))
ELSE
$SCORE = ($SCORE + $POINTS)
END_IF
STRING SCORE:
$INPUT = $SCORE
TRANSLATE_INT()
END_FUNCTION
FUNCTION end_game()
LED_R
$RUNNING = FALSE
END_FUNCTION
FUNCTION reset()
UPARROW
UPARROW
UPARROW
UPARROW
UPARROW
UPARROW
UPARROW
END
LEFTARROW
LEFTARROW
LEFTARROW
LEFTARROW
LEFTARROW
SHIFT LEFTARROW
STRING 0
$COIN = 6
END_FUNCTION
FUNCTION play_game()
STRINGLN Penny drop / pachinko style game.
STRINGLN Press scroll lock to drop a coin.
ENTER
STRINGLN _(PENNY)_
STRINGLN / 0 \
STRINGLN | . |
STRINGLN | . . |
STRINGLN | . . . |
STRINGLN | . . . . |
STRINGLN | | | | | |
STRINGLN |1|2|5|2|1|
reset()
WAIT_FOR_SCROLL_CHANGE
WHILE ($RUNNING == TRUE)
drop()
write_score()
reset()
WAIT_FOR_SCROLL_CHANGE
END_WHILE
ATTACKMODE HID STORAGE
END_FUNCTION
BUTTON_DEF
end_game()
END_BUTTON
play_game()

31
payloads/library/general/Multi_HID_The-Penny-Drops/readme.md Normal file
View File

@ -0,0 +1,31 @@
# The Penny Drops
* Author: Cribbit
* Version: 1.0
* Target: any
* Category: General
* Attackmode: HID
* Props: Darren & Korben
## Change Log
| Version | Changes |
| ------- | ------------------------------|
| 1.0 | Initial release |
## Description
Little arcade coin drop / pachinko style game
```
_(PENNY)_
/ 0 \
| . |
| . . |
| . . . |
| . . . . |
| | | | | |
|1|2|5|2|1|
```
## Getting Started
Open a text editor then insert the ducky.