From 148e5e49ff94cd9628500bf2a1e587d09e8b65ca Mon Sep 17 00:00:00 2001 From: joon Date: Fri, 6 Jan 2023 00:13:13 -0800 Subject: [PATCH] Piano player payload generator --- .../library/general/Piano_Player/README.md | 112 ++ .../examples/game_of_thrones_notes.txt | 233 +++ .../examples/game_of_thrones_payload.txt | 1177 +++++++++++++ .../examples/super_mario_notes.txt | 295 ++++ .../examples/super_mario_payload.txt | 1523 +++++++++++++++++ .../general/Piano_Player/piano_player.py | 94 + 6 files changed, 3434 insertions(+) create mode 100644 payloads/library/general/Piano_Player/README.md create mode 100644 payloads/library/general/Piano_Player/examples/game_of_thrones_notes.txt create mode 100644 payloads/library/general/Piano_Player/examples/game_of_thrones_payload.txt create mode 100644 payloads/library/general/Piano_Player/examples/super_mario_notes.txt create mode 100644 payloads/library/general/Piano_Player/examples/super_mario_payload.txt create mode 100644 payloads/library/general/Piano_Player/piano_player.py diff --git a/payloads/library/general/Piano_Player/README.md b/payloads/library/general/Piano_Player/README.md new file mode 100644 index 0000000..fc269e7 --- /dev/null +++ b/payloads/library/general/Piano_Player/README.md @@ -0,0 +1,112 @@ +# Hak5 USB Rubber Ducky Piano Player + +Script that converts music notation written in tracker-like style into payload code for the Hak5 USB Rubber Ducky + +* **[Demo video!](https://hachyderm.io/@pirx/109641159141747124)** + + +## Usage + +Runs on Python 3.x. + +``` +usage: piano_player.py [-h] [-p] NOTES_FILE PAYLOAD_FILE + +positional arguments: + NOTES_FILE Path to notes file + PAYLOAD_FILE Save payload code to this file + +optional arguments: + -h, --help show this help message and exit + -p, --press-mode Deploy with press mode +``` + +Example: + +``` +$ python3 piano_player.py notes.txt payload.txt +``` + +First, create the notes file. Then run the tool which creates the payload code file. You can then copy and paste that code into the HAK5 [payload encoder](https://encoder.hak5.org). + +See example notes and payload files in the [examples](./examples/) directory. + + +## Notes file format + +The notes file looks like this: + +``` +50ms +https://www.onlinepianist.com/virtual-piano +c-3=q c#3=2 d-3=w d#3=3 e-3=e f-3=r f#3=5 g-3=t g#3=6 a-3=y a#3=7 b-3=u c-4=i c#4=9 d-4=o d#4=0 e-4=p f-4=z f#4=s g-4=x g#4=d a-4=c a#4=f b-4=v c-5=b c#5=h d-5=n d#5=j e-5=m f-5=, f#5=l g-5=. g#5=; a-5=/ a#5=' + +d-3 f#3 e-5 +d-3 f#3 e-5 +--- --- --- +d-3 f#3 e-5 +--- --- --- +d-3 f#3 c-5 +d-3 f#3 e-5 +--- --- --- +g-3 b-3 g-5 +--- --- --- +--- --- --- +--- --- --- +g-3 --- g-4 +``` + +* Line 1: Tick duration (more on this later) +* Line 2: URL of the piano (or other virtual instrument) app +* Line 3: Space-separated note maps. Left hand side is the actual note, right hand is the corresponding keyboard keypress +* Line 4: Leave blank +* Line 5 until end: Notes and rests in tracker-like notation + + +### About the tracker-like notation + +I thought an easy way to write music is something reminiscent of [tracker interface](https://en.wikipedia.org/wiki/Music_tracker) where notes are played by rows. All notes in the same row are played "simultaneously" (or in this case, gives the illusion that it is). + +Each row plays at approximately the tick duration (there will be some accumulated delay depending on number of keys held at the same time, etc.). + +You would typically make one row equivalent to the duration of a 16th note in your piece, but this is by no means the rule. + +The tracker can have one or more columns ("tracks"), but I have only tested it with up to three. Four or more might introduce significant enough delays to make the tempo unstable. + +Each element in the tracker is three characters long. A natural note looks like `d-3` and a sharp `d#3`. Flats can be used too as long as it's declared in the note maps. + +A rest is represented as `---`. + +There should always be **two spaces** between notes or rests in the same row. + +For a very simple example, this is the first two bars of _Twinkle, Twinkle, Little Star_: + +``` +c-4 +c-4 +g-4 +g-4 +a-4 +a-4 +g-4 +--- +``` + +In this case each row is equivalent to a quarter note. + + +## Payload Behavior + +### Press mode OFF (default) + +By default, the generated payload works as such: + +1. Insert rubber ducky into USB port +2. Default browser is opened and navigates to the piano webapp URL specified in the notes file +3. Rubber ducky plays the piano + +### Press mode ON + +When press mode is enabled (`-p` or `--press-mode` flag), the rubber ducky does not open a browser nor go to the piano webapp URL automatically upon insertion. Instead, the note sequence starts playing only when the rubber ducky button is pressed. + +The linked demo video above is operating in press mode. \ No newline at end of file diff --git a/payloads/library/general/Piano_Player/examples/game_of_thrones_notes.txt b/payloads/library/general/Piano_Player/examples/game_of_thrones_notes.txt new file mode 100644 index 0000000..57f8086 --- /dev/null +++ b/payloads/library/general/Piano_Player/examples/game_of_thrones_notes.txt @@ -0,0 +1,233 @@ +65ms +https://www.onlinepianist.com/virtual-piano +c-3=q c#3=2 d-3=w d#3=3 e-3=e f-3=r f#3=5 g-3=t g#3=6 a-3=y a#3=7 b-3=u c-4=i c#4=9 d-4=o d#4=0 e-4=p f-4=z f#4=s g-4=x g#4=d a-4=c a#4=f b-4=v c-5=b c#5=h d-5=n d#5=j e-5=m f-5=, f#5=l g-5=. g#5=; a-5=/ a#5=' + +c-3 g-3 g-5 +--- --- --- +--- --- c-5 +--- --- --- +--- --- d#5 +--- --- f-5 +c-3 g-3 g-5 +--- --- --- +--- --- c-5 +--- --- --- +--- --- e-5 +--- --- f-5 +c-3 g-3 g-5 +--- --- --- +--- --- c-5 +--- --- --- +--- --- e-5 +--- --- f-5 +c-3 g-3 g-5 +--- --- --- +--- --- c-5 +--- --- --- +--- --- e-5 +--- --- f-5 +c-3 g-3 g-4 +--- --- --- +--- --- --- +--- --- --- +--- --- --- +--- --- --- +c-3 g-3 c-4 +--- --- --- +--- --- --- +--- --- --- +--- --- --- +--- --- --- +c-3 g-3 d#4 +--- --- f-4 +--- --- g-4 +--- --- --- +--- --- --- +--- --- --- +c-3 g-3 c-4 +--- --- --- +--- --- --- +--- --- --- +--- --- d#4 +--- --- f-4 +d-3 g-3 d-5 +--- --- --- +--- --- g-4 +--- --- --- +--- --- a#4 +--- --- c-5 +d-3 g-3 d-5 +--- --- --- +--- --- g-4 +--- --- --- +--- --- a#4 +--- --- c-5 +d-3 g-3 d-5 +--- --- --- +--- --- g-4 +--- --- --- +--- --- a#4 +--- --- c-5 +d-3 g-3 d-5 +--- --- --- +d-3 g-3 g-4 +--- --- --- +d-3 g-3 a#4 +--- --- --- +f-3 a#3 f-4 +--- --- --- +--- --- --- +--- --- --- +--- --- --- +--- --- --- +d-3 f-3 a#3 +--- --- --- +--- --- --- +--- --- --- +--- --- --- +--- --- --- +f-3 a#3 d#4 +--- --- d-4 +--- --- f-4 +--- --- --- +--- --- --- +--- --- --- +d-3 f-3 a#3 +--- --- --- +--- --- --- +--- --- --- +--- --- d#4 +--- --- d-4 +c-3 f-3 c-5 +--- --- --- +--- --- f-4 +--- --- --- +--- --- g#4 +--- --- a#4 +c-3 f-3 c-5 +--- --- --- +--- --- f-4 +--- --- --- +--- --- g#4 +--- --- a#4 +c-3 f-3 c-5 +--- --- --- +--- --- f-4 +--- --- --- +--- --- g#4 +--- --- a#4 +c-3 f-3 c-5 +--- --- --- +c-3 f-3 f-4 +--- --- --- +c-3 f-3 g#4 +--- --- --- +d#3 g#3 c-5 +--- --- --- +--- --- d#4 +--- --- --- +d#3 g#3 g#4 +--- --- a#4 +d#3 g#3 c-5 +--- --- --- +--- --- d#4 +--- --- --- +d#3 g#3 a#4 +--- --- c-5 +d#3 a#3 a#4 +--- --- --- +--- --- d#4 +--- --- --- +d#3 a#3 g-4 +--- --- g#4 +d#3 a#3 a#4 +--- --- --- +--- --- d#4 +--- --- --- +d#3 a#3 g#4 +--- --- a#4 +c-3 f-3 g#4 +--- --- --- +--- --- c-4 +--- --- --- +c-3 f-3 f-4 +--- --- g-4 +c-3 f-3 g#4 +--- --- --- +--- --- c-4 +--- --- --- +c-3 f-3 g-4 +--- --- g#4 +c-3 g-3 g-4 +--- --- --- +--- --- c-4 +--- --- --- +c-3 g-3 d#4 +--- --- f-4 +c-3 g-3 g-4 +--- --- --- +--- --- c-4 +--- --- --- +c-3 g-3 d#4 +--- --- f-4 +d#3 g#3 d#5 +--- --- --- +--- --- g#4 +--- --- --- +d#3 g#3 c-5 +--- --- d-5 +d#3 g#3 d#5 +--- --- --- +--- --- g#4 +--- --- --- +d#3 g#3 c-5 +--- --- d#5 +d-3 g-3 d-5 +--- --- --- +--- --- g-4 +--- --- --- +d-3 g-3 a#4 +--- --- --- +d-3 g-3 d-5 +--- --- --- +--- --- d-5 +--- --- --- +d-3 g-3 a#4 +--- --- --- +c-3 g-3 c-5 +--- --- --- +--- --- g-4 +--- --- --- +c-3 g-3 g#4 +--- --- a#4 +c-3 g-3 c-5 +--- --- --- +--- --- g-4 +--- --- --- +c-3 g-3 g#4 +--- --- a#4 +c-3 g-3 c-5 +--- --- --- +--- --- g-4 +--- --- --- +c-3 g-3 g#4 +--- --- a#4 +c-3 g-3 c-5 +--- --- --- +c-3 g-3 g-4 +--- --- --- +c-3 g-3 g#4 +--- --- a#4 +--- --- c-5 +--- --- --- +--- --- g-4 +--- --- --- +--- --- g#4 +--- --- a#4 +--- --- c-5 +--- --- --- +--- --- g-4 +--- --- --- +--- --- g#4 +--- --- a#4 +--- --- c-5 diff --git a/payloads/library/general/Piano_Player/examples/game_of_thrones_payload.txt b/payloads/library/general/Piano_Player/examples/game_of_thrones_payload.txt new file mode 100644 index 0000000..1efa4a4 --- /dev/null +++ b/payloads/library/general/Piano_Player/examples/game_of_thrones_payload.txt @@ -0,0 +1,1177 @@ +EXTENSION OS_DETECTION + REM VERSION 1.0 + + REM USB Rubber Ducky Host OS Detection + REM Generic OS detection at a high view is a moving target + REM results may vary greatly depending + REM on a combination of many variables: + REM - number of testing stages + REM - specific devices and versions tested against + REM - number of systems testing for (scope) + REM - detection techniques (passive/invisible/active/hybrid) + REM - overall speed + REM - overall accuracy + + REM TARGET: + REM DEFAULT - Windows, Mac, Linux + REM ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android + + REM USAGE: + REM Uncomment the function call below to run this extension inline (here) + REM or call DETECT_OS() anywhere in your payload after the extension + REM Place this extension and the DETECT_OS() before + REM you would like to first reference $_OS to execute payload code conditionally + + REM DEPLOYMENT: + REM Plug Ducky into host + + REM begin extension options + DEFINE VERBOSE FALSE + DEFINE ADVANCED_DETECTION FALSE + DEFINE STARTUP_DELAY 1500 + DEFINE RESTART_WAIT 1000 + DEFINE OS_DETECT_MODE HID + DEFINE OS_DETECT_VID VID_05AC + DEFINE OS_DETECT_PID PID_021E + DEFINE WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE HOST_RESPONSE_TIMEOUT 1000 + REM end extension options + + FUNCTION DETECT_OS() + $_HOST_CONFIGURATION_REQUEST_COUNT = 0 + ATTACKMODE OS_DETECT_MODE OS_DETECT_VID OS_DETECT_PID + DELAY STARTUP_DELAY + SAVE_HOST_KEYBOARD_LOCK_STATE + + IF VERBOSE THEN + IF ADVANCED_DETECTION THEN + STRING ADVANCED OS DETECT + ELSE + STRING OS DETECT + END_IF + + ENTER + STRING test caps + END_IF + + IF ($_CAPSLOCK_ON == FALSE) THEN + LED_R + CAPSLOCK + DELAY HOST_RESPONSE_TIMEOUT + END_IF + LED_OFF + + IF VERBOSE THEN + ENTER + STRING test done + END_IF + + IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN + IF VERBOSE THEN + ENTER + STRING received led response + END_IF + LED_G + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN + IF VERBOSE THEN + ENTER + STRING prediction: Windows + END_IF + $_OS = WINDOWS + ELSE + IF VERBOSE THEN + ENTER + STRING prediction: Linux + END_IF + $_OS = LINUX + END_IF + ELSE + IF VERBOSE THEN + ENTER + STRING no led response + ENTER + STRING prediciton: MacOS + END_IF + $_OS = MACOS + END_IF + + IF ADVANCED_DETECTION THEN + IF ( $_OS == LINUX ) THEN + IF VERBOSE THEN + ENTER + STRING soft reconnect + END_IF + ATTACKMODE OFF + DELAY RESTART_WAIT + ATTACKMODE OS_DETECT_MODE OS_DETECT_VID OS_DETECT_PID + DELAY CONNECT_WAIT + IF VERBOSE THEN + ENTER + STRING reconnected + END_IF + IF ($_CAPSLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING caps led on + ENTER + STRING test numlock + END_IF + NUMLOCK + DELAY HOST_RESPONSE_TIMEOUT + IF VERBOSE THEN + ENTER + STRING test done + END_IF + IF ($_NUMLOCK_ON == FALSE) THEN + IF VERBOSE THEN + ENTER + STRING no numlock led + ENTER + STRING prediciton: ChromeOS + END_IF + $_OS = CHROMEOS + ELSE + IF VERBOSE THEN + ENTER + STRING numlock led on + ENTER + STRING testing scrolllock + END_IF + SCROLLLOCK + DELAY HOST_RESPONSE_TIMEOUT + IF VERBOSE THEN + ENTER + STRING test done + END_IF + IF ($_SCROLLLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING scrolllock led on + ENTER + STRING prediciton: Android + END_IF + $_OS = ANDROID + ELSE + IF VERBOSE THEN + ENTER + STRING no scrolllock reply + ENTER + STRING prediction: Linux + END_IF + $_OS = LINUX + END_IF + END_IF + END_IF + ELSE IF ($_OS == MACOS) THEN + IF ($_CAPSLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING caps led on + ENTER + STRING prediction: iOS + END_IF + $_OS = IOS + ELSE + IF VERBOSE THEN + ENTER + STRING no caps reply + ENTER + STRING prediction: MacOS + END_IF + $_OS = MACOS + END_IF + ELSE IF ($_OS == WINDOWS) THEN + IF VERBOSE THEN + ENTER + STRING Confident Windows Prediction + END_IF + $_OS = WINDOWS + END_IF + END_IF + + RESTORE_HOST_KEYBOARD_LOCK_STATE + + IF VERBOSE THEN + ENTER + STRING OS_DETECT complete + ENTER + END_IF + END_FUNCTION + + REM Uncomment the function call below to run this extension inline (here) + REM or call DETECT_OS() anywhere in your payload after the extension + + DETECT_OS() +END_EXTENSION + +IF ($_OS == WINDOWS) THEN + GUI r +ELSE IF ($_OS == MACOS) THEN + COMMAND SPACE +ELSE IF ($_OS == LINUX) THEN + CONTROL ESCAPE +ELSE + GUI +END_IF + +DELAY 1000 +STRING https://www.onlinepianist.com/virtual-piano +ENTER +DELAY 2000 + +FUNCTION tick() + DELAY 45 +END_FUNCTION + +HOLD q +HOLD t +HOLD . +DELAY 20 +RELEASE q +RELEASE t +RELEASE . +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD j +DELAY 20 +RELEASE j +tick() +HOLD , +DELAY 20 +RELEASE , +tick() +HOLD q +HOLD t +HOLD . +DELAY 20 +RELEASE q +RELEASE t +RELEASE . +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD m +DELAY 20 +RELEASE m +tick() +HOLD , +DELAY 20 +RELEASE , +tick() +HOLD q +HOLD t +HOLD . +DELAY 20 +RELEASE q +RELEASE t +RELEASE . +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD m +DELAY 20 +RELEASE m +tick() +HOLD , +DELAY 20 +RELEASE , +tick() +HOLD q +HOLD t +HOLD . +DELAY 20 +RELEASE q +RELEASE t +RELEASE . +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD m +DELAY 20 +RELEASE m +tick() +HOLD , +DELAY 20 +RELEASE , +tick() +HOLD q +HOLD t +HOLD x +DELAY 20 +RELEASE q +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD i +DELAY 20 +RELEASE q +RELEASE t +RELEASE i +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD 0 +DELAY 20 +RELEASE q +RELEASE t +RELEASE 0 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD i +DELAY 20 +RELEASE q +RELEASE t +RELEASE i +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD w +HOLD t +HOLD x +DELAY 20 +RELEASE w +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +HOLD w +HOLD t +HOLD f +DELAY 20 +RELEASE w +RELEASE t +RELEASE f +tick() +DELAY 20 +tick() +HOLD r +HOLD 7 +HOLD z +DELAY 20 +RELEASE r +RELEASE 7 +RELEASE z +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD w +HOLD r +HOLD 7 +DELAY 20 +RELEASE w +RELEASE r +RELEASE 7 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD r +HOLD 7 +HOLD 0 +DELAY 20 +RELEASE r +RELEASE 7 +RELEASE 0 +tick() +HOLD o +DELAY 20 +RELEASE o +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD w +HOLD r +HOLD 7 +DELAY 20 +RELEASE w +RELEASE r +RELEASE 7 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +HOLD o +DELAY 20 +RELEASE o +tick() +HOLD q +HOLD r +HOLD b +DELAY 20 +RELEASE q +RELEASE r +RELEASE b +tick() +DELAY 20 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD r +HOLD b +DELAY 20 +RELEASE q +RELEASE r +RELEASE b +tick() +DELAY 20 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD r +HOLD b +DELAY 20 +RELEASE q +RELEASE r +RELEASE b +tick() +DELAY 20 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD r +HOLD b +DELAY 20 +RELEASE q +RELEASE r +RELEASE b +tick() +DELAY 20 +tick() +HOLD q +HOLD r +HOLD z +DELAY 20 +RELEASE q +RELEASE r +RELEASE z +tick() +DELAY 20 +tick() +HOLD q +HOLD r +HOLD d +DELAY 20 +RELEASE q +RELEASE r +RELEASE d +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 6 +HOLD b +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE b +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 6 +HOLD d +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD 3 +HOLD 6 +HOLD b +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE b +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 6 +HOLD f +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD 3 +HOLD 7 +HOLD f +DELAY 20 +RELEASE 3 +RELEASE 7 +RELEASE f +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 7 +HOLD x +DELAY 20 +RELEASE 3 +RELEASE 7 +RELEASE x +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD 3 +HOLD 7 +HOLD f +DELAY 20 +RELEASE 3 +RELEASE 7 +RELEASE f +tick() +DELAY 20 +tick() +HOLD 0 +DELAY 20 +RELEASE 0 +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 7 +HOLD d +DELAY 20 +RELEASE 3 +RELEASE 7 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD r +HOLD d +DELAY 20 +RELEASE q +RELEASE r +RELEASE d +tick() +DELAY 20 +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +DELAY 20 +tick() +HOLD q +HOLD r +HOLD z +DELAY 20 +RELEASE q +RELEASE r +RELEASE z +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +HOLD q +HOLD r +HOLD d +DELAY 20 +RELEASE q +RELEASE r +RELEASE d +tick() +DELAY 20 +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +DELAY 20 +tick() +HOLD q +HOLD r +HOLD x +DELAY 20 +RELEASE q +RELEASE r +RELEASE x +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD q +HOLD t +HOLD x +DELAY 20 +RELEASE q +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD 0 +DELAY 20 +RELEASE q +RELEASE t +RELEASE 0 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +HOLD q +HOLD t +HOLD x +DELAY 20 +RELEASE q +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD 0 +DELAY 20 +RELEASE q +RELEASE t +RELEASE 0 +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +HOLD 3 +HOLD 6 +HOLD j +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE j +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 6 +HOLD b +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE b +tick() +HOLD n +DELAY 20 +RELEASE n +tick() +HOLD 3 +HOLD 6 +HOLD j +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE j +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +DELAY 20 +tick() +HOLD 3 +HOLD 6 +HOLD b +DELAY 20 +RELEASE 3 +RELEASE 6 +RELEASE b +tick() +HOLD j +DELAY 20 +RELEASE j +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD w +HOLD t +HOLD f +DELAY 20 +RELEASE w +RELEASE t +RELEASE f +tick() +DELAY 20 +tick() +HOLD w +HOLD t +HOLD n +DELAY 20 +RELEASE w +RELEASE t +RELEASE n +tick() +DELAY 20 +tick() +HOLD n +DELAY 20 +RELEASE n +tick() +DELAY 20 +tick() +HOLD w +HOLD t +HOLD f +DELAY 20 +RELEASE w +RELEASE t +RELEASE f +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD b +DELAY 20 +RELEASE q +RELEASE t +RELEASE b +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD d +DELAY 20 +RELEASE q +RELEASE t +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD t +HOLD b +DELAY 20 +RELEASE q +RELEASE t +RELEASE b +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD d +DELAY 20 +RELEASE q +RELEASE t +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD t +HOLD b +DELAY 20 +RELEASE q +RELEASE t +RELEASE b +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD d +DELAY 20 +RELEASE q +RELEASE t +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD q +HOLD t +HOLD b +DELAY 20 +RELEASE q +RELEASE t +RELEASE b +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD x +DELAY 20 +RELEASE q +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +HOLD q +HOLD t +HOLD d +DELAY 20 +RELEASE q +RELEASE t +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD d +DELAY 20 +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +HOLD b +DELAY 20 +RELEASE b +tick() diff --git a/payloads/library/general/Piano_Player/examples/super_mario_notes.txt b/payloads/library/general/Piano_Player/examples/super_mario_notes.txt new file mode 100644 index 0000000..c36d549 --- /dev/null +++ b/payloads/library/general/Piano_Player/examples/super_mario_notes.txt @@ -0,0 +1,295 @@ +50ms +https://www.onlinepianist.com/virtual-piano +c-3=q c#3=2 d-3=w d#3=3 e-3=e f-3=r f#3=5 g-3=t g#3=6 a-3=y a#3=7 b-3=u c-4=i c#4=9 d-4=o d#4=0 e-4=p f-4=z f#4=s g-4=x g#4=d a-4=c a#4=f b-4=v c-5=b c#5=h d-5=n d#5=j e-5=m f-5=, f#5=l g-5=. g#5=; a-5=/ a#5=' + +d-3 f#3 e-5 +d-3 f#3 e-5 +--- --- --- +d-3 f#3 e-5 +--- --- --- +d-3 f#3 c-5 +d-3 f#3 e-5 +--- --- --- +g-3 b-3 g-5 +--- --- --- +--- --- --- +--- --- --- +g-3 --- g-4 +--- --- --- +--- --- --- +--- --- --- +g-3 e-4 c-5 +--- --- --- +--- --- --- +e-3 --- g-4 +--- --- --- +--- --- --- +c-3 --- e-4 +--- --- --- +--- --- --- +f-3 --- a-4 +--- --- --- +g-3 --- b-4 +--- --- --- +f#3 --- a#4 +f-3 --- a-4 +--- --- --- +e-3 --- g-4 +c-4 --- e-5 +--- --- --- +e-4 --- g-5 +f-4 --- a-5 +--- --- --- +d-4 --- f-5 +e-4 --- g-5 +--- --- --- +c-4 --- e-5 +--- --- --- +a-3 --- c-5 +b-3 --- d-5 +g-3 --- b-4 +--- --- --- +--- --- --- +g-3 e-4 c-5 +--- --- --- +--- --- --- +e-3 --- g-4 +--- --- --- +--- --- --- +c-3 --- e-4 +--- --- --- +--- --- --- +f-3 --- a-4 +--- --- --- +g-3 --- b-4 +--- --- --- +f#3 --- a#4 +f-3 --- a-4 +--- --- --- +e-3 --- g-4 +c-4 --- e-5 +--- --- --- +e-4 --- g-5 +f-4 --- a-5 +--- --- --- +d-4 --- f-5 +e-4 --- g-5 +--- --- --- +c-4 --- e-5 +--- --- --- +a-3 --- c-5 +b-3 --- d-5 +g-3 --- b-4 +--- --- --- +--- --- --- +c-3 --- --- +--- --- --- +--- e-5 g-5 +e-3 --- f#5 +--- d-5 f-5 +--- b-4 d-5 +c-4 --- --- +--- c-5 e-5 +f-3 --- --- +--- e-4 g#4 +--- f-4 a-4 +c-4 --- c-5 +--- --- --- +--- c-4 a-4 +f-4 --- c-5 +--- f-4 d-5 +c-3 --- --- +--- --- --- +--- e-5 g-5 +e-3 --- f#5 +--- d-5 f-5 +--- b-4 d-5 +g-3 --- --- +c-4 --- e-5 +--- --- --- +c-5 f-5 g-5 +--- --- --- +c-5 f-5 g-5 +c-5 f-5 g-5 +--- --- --- +g-3 --- --- +--- --- --- +c-3 --- --- +--- --- --- +--- e-5 g-5 +e-3 --- f#5 +--- d-5 f-5 +--- b-4 d-5 +c-4 --- --- +--- c-5 e-5 +f-3 --- --- +--- e-4 g#4 +--- f-4 a-4 +c-4 --- c-5 +--- --- --- +--- c-4 a-4 +f-4 --- c-5 +--- f-4 d-5 +c-3 --- --- +--- --- --- +g#3 g#4 d#5 +--- --- --- +--- --- --- +a#3 f-4 d-5 +--- --- --- +--- --- --- +c-4 e-4 c-5 +--- --- --- +--- --- --- +g-3 --- --- +g-3 --- --- +--- --- --- +c-3 --- --- +--- --- --- +g#3 g#4 c-5 +--- g#4 c-5 +--- --- --- +d#3 g#4 c-5 +--- --- --- +--- --- c-5 +g#3 --- d-5 +--- --- --- +g-3 g-4 e-5 +--- --- c-5 +--- --- --- +c-3 --- a-4 +--- --- g-4 +--- --- --- +g-3 --- --- +--- --- --- +g#3 g#4 c-5 +--- g#4 c-5 +--- --- --- +d#3 g#4 c-5 +--- --- --- +--- --- c-5 +g#3 --- d-5 +--- g-4 e-5 +g-3 --- --- +--- --- --- +--- --- --- +c-3 --- --- +--- --- --- +--- --- --- +g-3 --- --- +--- --- --- +g#3 g#4 c-5 +--- g#4 c-5 +--- --- --- +d#3 g#4 c-5 +--- --- --- +--- --- c-5 +g#3 --- d-5 +--- --- --- +g-3 g-4 e-5 +--- --- c-5 +--- --- --- +c-3 --- a-4 +--- --- g-4 +--- --- --- +g-3 --- --- +--- --- --- +d-3 f#3 e-5 +d-3 f#3 e-5 +--- --- --- +d-3 f#3 e-5 +--- --- --- +d-3 f#3 c-5 +d-3 f#3 e-5 +--- --- --- +g-3 b-3 g-5 +--- --- --- +--- --- --- +--- --- --- +g-3 --- g-4 +--- --- --- +--- --- --- +--- --- --- +c-3 --- e-5 +--- a-4 c-5 +--- --- --- +g-3 e-4 g-4 +--- --- --- +--- --- --- +c-4 --- g#4 +--- --- --- +f-3 --- a-4 +--- c-5 f-5 +f-3 --- --- +--- c-5 f-5 +c-4 --- a-4 +c-4 --- --- +f-3 --- --- +--- --- --- +d-3 --- b-4 +--- f-5 a-5 +--- --- --- +g-3 f-5 a-5 +--- f-5 a-5 +--- --- --- +b-3 --- g-5 +--- d-5 f-5 +g-3 --- e-5 +--- a-4 c-5 +g-3 --- --- +--- f-4 a-4 +c-4 --- g-4 +c-4 --- --- +g-3 --- --- +--- --- --- +c-3 --- e-5 +--- a-4 c-5 +--- --- --- +g-3 e-4 g-4 +--- --- --- +--- --- --- +c-4 --- g#4 +--- --- --- +f-3 --- a-4 +--- c-5 f-5 +f-3 --- --- +--- c-5 f-5 +c-4 --- a-4 +c-4 --- --- +f-3 --- --- +--- --- --- +g-3 --- b-4 +--- d-5 f-5 +--- --- --- +g-3 d-5 f-5 +g-3 --- f-5 +--- --- --- +a-3 --- e-5 +b-3 b-4 d-5 +c-4 g-4 c-5 +--- e-4 --- +g-3 --- --- +--- e-4 --- +c-3 --- c-4 +--- --- --- +--- --- --- +--- --- --- +g-3 e-4 c-5 +--- --- --- +--- --- --- +e-3 --- g-4 +--- --- --- +--- --- --- +c-3 --- e-4 +--- --- --- +f-3 --- a-4 +--- --- b-4 +--- --- --- +--- --- a-4 +c#3 f-4 g#4 +--- --- a#4 +--- --- --- +--- --- a-4 +c-3 e-4 g-4 +--- --- f-4 +c-3 e-4 g-4 diff --git a/payloads/library/general/Piano_Player/examples/super_mario_payload.txt b/payloads/library/general/Piano_Player/examples/super_mario_payload.txt new file mode 100644 index 0000000..1f1999a --- /dev/null +++ b/payloads/library/general/Piano_Player/examples/super_mario_payload.txt @@ -0,0 +1,1523 @@ +EXTENSION OS_DETECTION + REM VERSION 1.0 + + REM USB Rubber Ducky Host OS Detection + REM Generic OS detection at a high view is a moving target + REM results may vary greatly depending + REM on a combination of many variables: + REM - number of testing stages + REM - specific devices and versions tested against + REM - number of systems testing for (scope) + REM - detection techniques (passive/invisible/active/hybrid) + REM - overall speed + REM - overall accuracy + + REM TARGET: + REM DEFAULT - Windows, Mac, Linux + REM ADVANCED_DETECTION - Windows, Mac, Linux, iOS, ChromeOS, Android + + REM USAGE: + REM Uncomment the function call below to run this extension inline (here) + REM or call DETECT_OS() anywhere in your payload after the extension + REM Place this extension and the DETECT_OS() before + REM you would like to first reference $_OS to execute payload code conditionally + + REM DEPLOYMENT: + REM Plug Ducky into host + + REM begin extension options + DEFINE VERBOSE FALSE + DEFINE ADVANCED_DETECTION FALSE + DEFINE STARTUP_DELAY 1500 + DEFINE RESTART_WAIT 1000 + DEFINE OS_DETECT_MODE HID + DEFINE OS_DETECT_VID VID_05AC + DEFINE OS_DETECT_PID PID_021E + DEFINE WINDOWS_HOST_REQUEST_COUNT 2 + DEFINE HOST_RESPONSE_TIMEOUT 1000 + REM end extension options + + FUNCTION DETECT_OS() + $_HOST_CONFIGURATION_REQUEST_COUNT = 0 + ATTACKMODE OS_DETECT_MODE OS_DETECT_VID OS_DETECT_PID + DELAY STARTUP_DELAY + SAVE_HOST_KEYBOARD_LOCK_STATE + + IF VERBOSE THEN + IF ADVANCED_DETECTION THEN + STRING ADVANCED OS DETECT + ELSE + STRING OS DETECT + END_IF + + ENTER + STRING test caps + END_IF + + IF ($_CAPSLOCK_ON == FALSE) THEN + LED_R + CAPSLOCK + DELAY HOST_RESPONSE_TIMEOUT + END_IF + LED_OFF + + IF VERBOSE THEN + ENTER + STRING test done + END_IF + + IF $_RECEIVED_HOST_LOCK_LED_REPLY THEN + IF VERBOSE THEN + ENTER + STRING received led response + END_IF + LED_G + IF ($_HOST_CONFIGURATION_REQUEST_COUNT > WINDOWS_HOST_REQUEST_COUNT) THEN + IF VERBOSE THEN + ENTER + STRING prediction: Windows + END_IF + $_OS = WINDOWS + ELSE + IF VERBOSE THEN + ENTER + STRING prediction: Linux + END_IF + $_OS = LINUX + END_IF + ELSE + IF VERBOSE THEN + ENTER + STRING no led response + ENTER + STRING prediciton: MacOS + END_IF + $_OS = MACOS + END_IF + + IF ADVANCED_DETECTION THEN + IF ( $_OS == LINUX ) THEN + IF VERBOSE THEN + ENTER + STRING soft reconnect + END_IF + ATTACKMODE OFF + DELAY RESTART_WAIT + ATTACKMODE OS_DETECT_MODE OS_DETECT_VID OS_DETECT_PID + DELAY CONNECT_WAIT + IF VERBOSE THEN + ENTER + STRING reconnected + END_IF + IF ($_CAPSLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING caps led on + ENTER + STRING test numlock + END_IF + NUMLOCK + DELAY HOST_RESPONSE_TIMEOUT + IF VERBOSE THEN + ENTER + STRING test done + END_IF + IF ($_NUMLOCK_ON == FALSE) THEN + IF VERBOSE THEN + ENTER + STRING no numlock led + ENTER + STRING prediciton: ChromeOS + END_IF + $_OS = CHROMEOS + ELSE + IF VERBOSE THEN + ENTER + STRING numlock led on + ENTER + STRING testing scrolllock + END_IF + SCROLLLOCK + DELAY HOST_RESPONSE_TIMEOUT + IF VERBOSE THEN + ENTER + STRING test done + END_IF + IF ($_SCROLLLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING scrolllock led on + ENTER + STRING prediciton: Android + END_IF + $_OS = ANDROID + ELSE + IF VERBOSE THEN + ENTER + STRING no scrolllock reply + ENTER + STRING prediction: Linux + END_IF + $_OS = LINUX + END_IF + END_IF + END_IF + ELSE IF ($_OS == MACOS) THEN + IF ($_CAPSLOCK_ON == TRUE) THEN + IF VERBOSE THEN + ENTER + STRING caps led on + ENTER + STRING prediction: iOS + END_IF + $_OS = IOS + ELSE + IF VERBOSE THEN + ENTER + STRING no caps reply + ENTER + STRING prediction: MacOS + END_IF + $_OS = MACOS + END_IF + ELSE IF ($_OS == WINDOWS) THEN + IF VERBOSE THEN + ENTER + STRING Confident Windows Prediction + END_IF + $_OS = WINDOWS + END_IF + END_IF + + RESTORE_HOST_KEYBOARD_LOCK_STATE + + IF VERBOSE THEN + ENTER + STRING OS_DETECT complete + ENTER + END_IF + END_FUNCTION + + REM Uncomment the function call below to run this extension inline (here) + REM or call DETECT_OS() anywhere in your payload after the extension + + DETECT_OS() +END_EXTENSION + +IF ($_OS == WINDOWS) THEN + GUI r +ELSE IF ($_OS == MACOS) THEN + COMMAND SPACE +ELSE IF ($_OS == LINUX) THEN + CONTROL ESCAPE +ELSE + GUI +END_IF + +DELAY 1000 +STRING https://www.onlinepianist.com/virtual-piano +ENTER +DELAY 2000 + +FUNCTION tick() + DELAY 30 +END_FUNCTION + +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD w +HOLD 5 +HOLD b +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE b +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD t +HOLD u +HOLD . +DELAY 20 +RELEASE t +RELEASE u +RELEASE . +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +HOLD x +DELAY 20 +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +HOLD p +HOLD b +DELAY 20 +RELEASE t +RELEASE p +RELEASE b +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD e +HOLD x +DELAY 20 +RELEASE e +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD p +DELAY 20 +RELEASE q +RELEASE p +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +DELAY 20 +tick() +HOLD t +HOLD v +DELAY 20 +RELEASE t +RELEASE v +tick() +DELAY 20 +tick() +HOLD 5 +HOLD f +DELAY 20 +RELEASE 5 +RELEASE f +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +DELAY 20 +tick() +HOLD e +HOLD x +DELAY 20 +RELEASE e +RELEASE x +tick() +HOLD i +HOLD m +DELAY 20 +RELEASE i +RELEASE m +tick() +DELAY 20 +tick() +HOLD p +HOLD . +DELAY 20 +RELEASE p +RELEASE . +tick() +HOLD z +HOLD / +DELAY 20 +RELEASE z +RELEASE / +tick() +DELAY 20 +tick() +HOLD o +HOLD , +DELAY 20 +RELEASE o +RELEASE , +tick() +HOLD p +HOLD . +DELAY 20 +RELEASE p +RELEASE . +tick() +DELAY 20 +tick() +HOLD i +HOLD m +DELAY 20 +RELEASE i +RELEASE m +tick() +DELAY 20 +tick() +HOLD y +HOLD b +DELAY 20 +RELEASE y +RELEASE b +tick() +HOLD u +HOLD n +DELAY 20 +RELEASE u +RELEASE n +tick() +HOLD t +HOLD v +DELAY 20 +RELEASE t +RELEASE v +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +HOLD p +HOLD b +DELAY 20 +RELEASE t +RELEASE p +RELEASE b +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD e +HOLD x +DELAY 20 +RELEASE e +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD p +DELAY 20 +RELEASE q +RELEASE p +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +DELAY 20 +tick() +HOLD t +HOLD v +DELAY 20 +RELEASE t +RELEASE v +tick() +DELAY 20 +tick() +HOLD 5 +HOLD f +DELAY 20 +RELEASE 5 +RELEASE f +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +DELAY 20 +tick() +HOLD e +HOLD x +DELAY 20 +RELEASE e +RELEASE x +tick() +HOLD i +HOLD m +DELAY 20 +RELEASE i +RELEASE m +tick() +DELAY 20 +tick() +HOLD p +HOLD . +DELAY 20 +RELEASE p +RELEASE . +tick() +HOLD z +HOLD / +DELAY 20 +RELEASE z +RELEASE / +tick() +DELAY 20 +tick() +HOLD o +HOLD , +DELAY 20 +RELEASE o +RELEASE , +tick() +HOLD p +HOLD . +DELAY 20 +RELEASE p +RELEASE . +tick() +DELAY 20 +tick() +HOLD i +HOLD m +DELAY 20 +RELEASE i +RELEASE m +tick() +DELAY 20 +tick() +HOLD y +HOLD b +DELAY 20 +RELEASE y +RELEASE b +tick() +HOLD u +HOLD n +DELAY 20 +RELEASE u +RELEASE n +tick() +HOLD t +HOLD v +DELAY 20 +RELEASE t +RELEASE v +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +HOLD m +HOLD . +DELAY 20 +RELEASE m +RELEASE . +tick() +HOLD e +HOLD l +DELAY 20 +RELEASE e +RELEASE l +tick() +HOLD n +HOLD , +DELAY 20 +RELEASE n +RELEASE , +tick() +HOLD v +HOLD n +DELAY 20 +RELEASE v +RELEASE n +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +HOLD b +HOLD m +DELAY 20 +RELEASE b +RELEASE m +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +HOLD p +HOLD d +DELAY 20 +RELEASE p +RELEASE d +tick() +HOLD z +HOLD c +DELAY 20 +RELEASE z +RELEASE c +tick() +HOLD i +HOLD b +DELAY 20 +RELEASE i +RELEASE b +tick() +DELAY 20 +tick() +HOLD i +HOLD c +DELAY 20 +RELEASE i +RELEASE c +tick() +HOLD z +HOLD b +DELAY 20 +RELEASE z +RELEASE b +tick() +HOLD z +HOLD n +DELAY 20 +RELEASE z +RELEASE n +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +HOLD m +HOLD . +DELAY 20 +RELEASE m +RELEASE . +tick() +HOLD e +HOLD l +DELAY 20 +RELEASE e +RELEASE l +tick() +HOLD n +HOLD , +DELAY 20 +RELEASE n +RELEASE , +tick() +HOLD v +HOLD n +DELAY 20 +RELEASE v +RELEASE n +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +HOLD i +HOLD m +DELAY 20 +RELEASE i +RELEASE m +tick() +DELAY 20 +tick() +HOLD b +HOLD , +HOLD . +DELAY 20 +RELEASE b +RELEASE , +RELEASE . +tick() +DELAY 20 +tick() +HOLD b +HOLD , +HOLD . +DELAY 20 +RELEASE b +RELEASE , +RELEASE . +tick() +HOLD b +HOLD , +HOLD . +DELAY 20 +RELEASE b +RELEASE , +RELEASE . +tick() +DELAY 20 +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +HOLD m +HOLD . +DELAY 20 +RELEASE m +RELEASE . +tick() +HOLD e +HOLD l +DELAY 20 +RELEASE e +RELEASE l +tick() +HOLD n +HOLD , +DELAY 20 +RELEASE n +RELEASE , +tick() +HOLD v +HOLD n +DELAY 20 +RELEASE v +RELEASE n +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +HOLD b +HOLD m +DELAY 20 +RELEASE b +RELEASE m +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +HOLD p +HOLD d +DELAY 20 +RELEASE p +RELEASE d +tick() +HOLD z +HOLD c +DELAY 20 +RELEASE z +RELEASE c +tick() +HOLD i +HOLD b +DELAY 20 +RELEASE i +RELEASE b +tick() +DELAY 20 +tick() +HOLD i +HOLD c +DELAY 20 +RELEASE i +RELEASE c +tick() +HOLD z +HOLD b +DELAY 20 +RELEASE z +RELEASE b +tick() +HOLD z +HOLD n +DELAY 20 +RELEASE z +RELEASE n +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +HOLD 6 +HOLD d +HOLD j +DELAY 20 +RELEASE 6 +RELEASE d +RELEASE j +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD 7 +HOLD z +HOLD n +DELAY 20 +RELEASE 7 +RELEASE z +RELEASE n +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD i +HOLD p +HOLD b +DELAY 20 +RELEASE i +RELEASE p +RELEASE b +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +HOLD 6 +HOLD d +HOLD b +DELAY 20 +RELEASE 6 +RELEASE d +RELEASE b +tick() +HOLD d +HOLD b +DELAY 20 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD 3 +HOLD d +HOLD b +DELAY 20 +RELEASE 3 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD 6 +HOLD n +DELAY 20 +RELEASE 6 +RELEASE n +tick() +DELAY 20 +tick() +HOLD t +HOLD x +HOLD m +DELAY 20 +RELEASE t +RELEASE x +RELEASE m +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD q +HOLD c +DELAY 20 +RELEASE q +RELEASE c +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD 6 +HOLD d +HOLD b +DELAY 20 +RELEASE 6 +RELEASE d +RELEASE b +tick() +HOLD d +HOLD b +DELAY 20 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD 3 +HOLD d +HOLD b +DELAY 20 +RELEASE 3 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD 6 +HOLD n +DELAY 20 +RELEASE 6 +RELEASE n +tick() +HOLD x +HOLD m +DELAY 20 +RELEASE x +RELEASE m +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +DELAY 20 +RELEASE q +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD 6 +HOLD d +HOLD b +DELAY 20 +RELEASE 6 +RELEASE d +RELEASE b +tick() +HOLD d +HOLD b +DELAY 20 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD 3 +HOLD d +HOLD b +DELAY 20 +RELEASE 3 +RELEASE d +RELEASE b +tick() +DELAY 20 +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +HOLD 6 +HOLD n +DELAY 20 +RELEASE 6 +RELEASE n +tick() +DELAY 20 +tick() +HOLD t +HOLD x +HOLD m +DELAY 20 +RELEASE t +RELEASE x +RELEASE m +tick() +HOLD b +DELAY 20 +RELEASE b +tick() +DELAY 20 +tick() +HOLD q +HOLD c +DELAY 20 +RELEASE q +RELEASE c +tick() +HOLD x +DELAY 20 +RELEASE x +tick() +DELAY 20 +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD w +HOLD 5 +HOLD b +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE b +tick() +HOLD w +HOLD 5 +HOLD m +DELAY 20 +RELEASE w +RELEASE 5 +RELEASE m +tick() +DELAY 20 +tick() +HOLD t +HOLD u +HOLD . +DELAY 20 +RELEASE t +RELEASE u +RELEASE . +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +HOLD x +DELAY 20 +RELEASE t +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD m +DELAY 20 +RELEASE q +RELEASE m +tick() +HOLD c +HOLD b +DELAY 20 +RELEASE c +RELEASE b +tick() +DELAY 20 +tick() +HOLD t +HOLD p +HOLD x +DELAY 20 +RELEASE t +RELEASE p +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD i +HOLD d +DELAY 20 +RELEASE i +RELEASE d +tick() +DELAY 20 +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +HOLD b +HOLD , +DELAY 20 +RELEASE b +RELEASE , +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +HOLD b +HOLD , +DELAY 20 +RELEASE b +RELEASE , +tick() +HOLD i +HOLD c +DELAY 20 +RELEASE i +RELEASE c +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +DELAY 20 +tick() +HOLD w +HOLD v +DELAY 20 +RELEASE w +RELEASE v +tick() +HOLD , +HOLD / +DELAY 20 +RELEASE , +RELEASE / +tick() +DELAY 20 +tick() +HOLD t +HOLD , +HOLD / +DELAY 20 +RELEASE t +RELEASE , +RELEASE / +tick() +HOLD , +HOLD / +DELAY 20 +RELEASE , +RELEASE / +tick() +DELAY 20 +tick() +HOLD u +HOLD . +DELAY 20 +RELEASE u +RELEASE . +tick() +HOLD n +HOLD , +DELAY 20 +RELEASE n +RELEASE , +tick() +HOLD t +HOLD m +DELAY 20 +RELEASE t +RELEASE m +tick() +HOLD c +HOLD b +DELAY 20 +RELEASE c +RELEASE b +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +HOLD z +HOLD c +DELAY 20 +RELEASE z +RELEASE c +tick() +HOLD i +HOLD x +DELAY 20 +RELEASE i +RELEASE x +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +DELAY 20 +tick() +HOLD q +HOLD m +DELAY 20 +RELEASE q +RELEASE m +tick() +HOLD c +HOLD b +DELAY 20 +RELEASE c +RELEASE b +tick() +DELAY 20 +tick() +HOLD t +HOLD p +HOLD x +DELAY 20 +RELEASE t +RELEASE p +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD i +HOLD d +DELAY 20 +RELEASE i +RELEASE d +tick() +DELAY 20 +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +HOLD b +HOLD , +DELAY 20 +RELEASE b +RELEASE , +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +HOLD b +HOLD , +DELAY 20 +RELEASE b +RELEASE , +tick() +HOLD i +HOLD c +DELAY 20 +RELEASE i +RELEASE c +tick() +HOLD i +DELAY 20 +RELEASE i +tick() +HOLD r +DELAY 20 +RELEASE r +tick() +DELAY 20 +tick() +HOLD t +HOLD v +DELAY 20 +RELEASE t +RELEASE v +tick() +HOLD n +HOLD , +DELAY 20 +RELEASE n +RELEASE , +tick() +DELAY 20 +tick() +HOLD t +HOLD n +HOLD , +DELAY 20 +RELEASE t +RELEASE n +RELEASE , +tick() +HOLD t +HOLD , +DELAY 20 +RELEASE t +RELEASE , +tick() +DELAY 20 +tick() +HOLD y +HOLD m +DELAY 20 +RELEASE y +RELEASE m +tick() +HOLD u +HOLD v +HOLD n +DELAY 20 +RELEASE u +RELEASE v +RELEASE n +tick() +HOLD i +HOLD x +HOLD b +DELAY 20 +RELEASE i +RELEASE x +RELEASE b +tick() +HOLD p +DELAY 20 +RELEASE p +tick() +HOLD t +DELAY 20 +RELEASE t +tick() +HOLD p +DELAY 20 +RELEASE p +tick() +HOLD q +HOLD i +DELAY 20 +RELEASE q +RELEASE i +tick() +DELAY 20 +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD t +HOLD p +HOLD b +DELAY 20 +RELEASE t +RELEASE p +RELEASE b +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD e +HOLD x +DELAY 20 +RELEASE e +RELEASE x +tick() +DELAY 20 +tick() +DELAY 20 +tick() +HOLD q +HOLD p +DELAY 20 +RELEASE q +RELEASE p +tick() +DELAY 20 +tick() +HOLD r +HOLD c +DELAY 20 +RELEASE r +RELEASE c +tick() +HOLD v +DELAY 20 +RELEASE v +tick() +DELAY 20 +tick() +HOLD c +DELAY 20 +RELEASE c +tick() +HOLD 2 +HOLD z +HOLD d +DELAY 20 +RELEASE 2 +RELEASE z +RELEASE d +tick() +HOLD f +DELAY 20 +RELEASE f +tick() +DELAY 20 +tick() +HOLD c +DELAY 20 +RELEASE c +tick() +HOLD q +HOLD p +HOLD x +DELAY 20 +RELEASE q +RELEASE p +RELEASE x +tick() +HOLD z +DELAY 20 +RELEASE z +tick() +HOLD q +HOLD p +HOLD x +DELAY 20 +RELEASE q +RELEASE p +RELEASE x +tick() diff --git a/payloads/library/general/Piano_Player/piano_player.py b/payloads/library/general/Piano_Player/piano_player.py new file mode 100644 index 0000000..acbb9ee --- /dev/null +++ b/payloads/library/general/Piano_Player/piano_player.py @@ -0,0 +1,94 @@ +import argparse +from pathlib import Path + + +OS_DETECT_EXTENSION = Path(__file__).resolve().parents[4] / "payloads" / "extensions" / "os_detect.txt" + + +def parse_args(): + parser = argparse.ArgumentParser() + parser.add_argument("notes", metavar="NOTES_FILE", help="Path to notes file") + parser.add_argument("payload", metavar="PAYLOAD_FILE", help="Save payload code to this file") + parser.add_argument("-p", "--press-mode", help="Deploy with press mode", action="store_true") + return parser.parse_args() + + +def generate_keymap(maps: str) -> dict: + keymap = {} + for exp in maps.split(" "): + note, key = exp.split("=") + keymap[note] = key + return keymap + + +def notes_to_code(roll: list, keymap: dict, tick: int, url: str, press_mode: bool) -> str: + # Adjust tick to account for note held duration + adjusted_tick = tick - 20 + if adjusted_tick < 20: + raise Exception(f"tick ({tick}) is too low! Must be at least 40ms.") + + code = "" + indent = "" + # Head + if not press_mode: + with open(OS_DETECT_EXTENSION) as f: + code += f.read() + "\n" + code += f"""IF ($_OS == WINDOWS) THEN + GUI r +ELSE IF ($_OS == MACOS) THEN + COMMAND SPACE +ELSE IF ($_OS == LINUX) THEN + CONTROL ESCAPE +ELSE + GUI +END_IF + +DELAY 1000 +STRING {url} +ENTER +DELAY 2000\n +""" + else: + indent = " " + code += "ATTACKMODE HID STORAGE\n\n" + + # Function (common) + code += f"""FUNCTION tick() + DELAY {adjusted_tick} +END_FUNCTION\n +""" + + if press_mode: + code += """WHILE TRUE + WAIT_FOR_BUTTON_PRESS +""" + + # Each row is one or more note press, or a rest. Notes and rests are + # held for 20ms (not configurable), but the total interval between rows is + # approx. the specified tick time. + for row in roll: + notes = [n for n in row.split(" ") if n != "---"] + for note in notes: + code += f"{indent}HOLD {keymap[note]}\n" + code += f"{indent}DELAY 20\n" + for note in notes: + code += f"{indent}RELEASE {keymap[note]}\n" + code += f"{indent}tick()\n" + if press_mode: + code += "END_WHILE" + + return code + + +if __name__ == "__main__": + args = parse_args() + with open(args.notes) as f: + notes = [line.strip() for line in f.readlines()] + + tick = int(notes[0].split("ms")[0]) + url = notes[1] + keymap = generate_keymap(notes[2]) + roll = notes[4:] + + with open(args.payload, "w") as f: + f.write(notes_to_code(roll, keymap, tick, url, args.press_mode))