pico-ducky

Quick Start Guide

Install and have your USB Rubber Ducky working in less than 5 minutes.

1. Download the latest release from the Releases page.

2. Plug the device into a USB port while holding the boot button. It will show up as a removable media device named RPI-RP2.

3. Install CircutlPython on the Pico or Pico W

If using a Pico board:

Copy the adafruit-circuitpython-raspberry_pi_pico-en_US-8.0.0.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.

If using a Pico W board:

Copy the adafruit-circuitpython-raspberry_pi_pico_w-en_US-8.0.0.uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.

4. Copy the lib folder to the root of the CIRCUITPY

5. Copy *.py to the root of the CIRCUITPY

6. Follow the instructions in README.md to enter setup mode

7. Copy your payload as payload.dd to the root of the CIRCUITPY

8. Unplug the device from the USB port and remove the setup jumper.

Enjoy your Pico-Ducky.

Setup mode

To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine. The easiest way to do so is by using a jumper wire between those pins as seen bellow.

USB enable/disable mode

If you need the pico-ducky to not show up as a USB mass storage device for stealth, follow these instructions.

• Enter setup mode.
• Copy your payload script to the pico-ducky.
• Disconnect the pico from your host PC.
• Connect a jumper wire between pin 18 (GND) and pin 20 (GPIO15).
  This will prevent the pico-ducky from showing up as a USB drive when plugged into the target computer.
• Remove the jumper and reconnect to your PC to reprogram.

Pico: The default mode is USB mass storage enabled.
Pico W: The default mode is USB mass storage disabled

Full Install Instructions

Install and have your USB Rubber Ducky working in less than 5 minutes.

1. Clone the repo to get a local copy of the files. git clone https://github.com/dbisu/pico-ducky.git

2. Download CircuitPython for the Raspberry Pi Pico. *Updated to 8.0.0
   Download CircuitPython for the Raspberry Pi Pico W. *Updated to 8.0.0

3. Plug the device into a USB port while holding the boot button. It will show up as a removable media device named RPI-RP2.

4. Copy the downloaded .uf2 file to the root of the Pico (RPI-RP2). The device will reboot and after a second or so, it will reconnect as CIRCUITPY.

5. Download adafruit-circuitpython-bundle-8.x-mpy-YYYYMMDD.zip here and extract it outside the device.

6. Navigate to lib in the recently extracted folder and copy adafruit_hid to the lib folder on your Raspberry Pi Pico.

7. Copy adafruit_debouncer.mpy and adafruit_ticks.mpy to the lib folder on your Raspberry Pi Pico.

8. Copy asyncio to the lib folder on your Pico.

9. Copy adafruit_wsgi to the lib folder on your Pico.

10. Copy boot.py from your clone to the root of your Pico.

11. Copy duckyinpython.py, code.py, webapp.py, wsgiserver.py to the root folder of the Pico.

12. For Pico W Only Create the file secrets.py in the root of the Pico W. This contains the AP name and password to be created by the Pico W.
    secrets = { 'ssid' : "BadAPName", 'password' : "badpassword" }

13. Find a script here or create your own one using Ducky Script and save it as payload.dd in the Pico. Currently, pico-ducky only supports DuckyScript 1.0, not 3.0.

14. Be careful, if your device isn't in setup mode, the device will reboot and after half a second, the script will run.

15. Please note: by default Pico W will not show as a USB drive

Pico W Web Service

The Pico W AP defaults to ip address 192.168.4.1. You should be able to find the webservice at http://192.168.4.1:80

The following endpoints are available on the webservice:

/
/new
/ducky
/edit/<filename>
/write/<filename>
/run/<filename>

API endpoints

/api/run/<filenumber>

Setup mode

To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine. The easiest way to do so is by using a jumper wire between those pins as seen bellow.

USB enable/disable mode

If you need the pico-ducky to not show up as a USB mass storage device for stealth, follow these instructions.

• Enter setup mode.
• Copy your payload script to the pico-ducky.
• Disconnect the pico from your host PC.
• Connect a jumper wire between pin 18 (GND) and pin 20 (GPIO15).
  This will prevent the pico-ducky from showing up as a USB drive when plugged into the target computer.
• Remove the jumper and reconnect to your PC to reprogram.

Pico: The default mode is USB mass storage enabled.
Pico W: The default mode is USB mass storage disabled

Multiple payloads

Multiple payloads can be stored on the Pico and Pico W.
To select a payload, ground one of these pins:

• GP4 - payload.dd
• GP5 - payload2.dd
• GP10 - payload3.dd
• GP11 - payload4.dd

Changing Keyboard Layouts

Copied from Neradoc/Circuitpython_Keyboard_Layouts

How to use one of these layouts with the pico-ducky repository.

Go to the latest release page, look if your language is in the list.

If your language/layout is in the bundle

Download the py zip, named circuitpython-keyboard-layouts-py-XXXXXXXX.zip

NOTE: You can use the mpy version targetting the version of Circuitpython that is on the device, but on Raspberry Pi Pico you don't need it - they only reduce file size and memory use on load, which the pico has plenty of.

If your language/layout is not in the bundle

Try the online generator, it should get you a zip file with the bundles for yout language

https://www.neradoc.me/layouts/

Now you have a zip file

Find your language/layout in the lib directory

For a language LANG, copy the following files from the zip's lib folder to the lib directory of the board.
DO NOT modify the adafruit_hid directory. Your files go directly in lib.
DO NOT change the names or extensions of the files. Just pick the right ones.
Replace LANG with the letters for your language of choice.

• keyboard_layout_win_LANG.py
• keycode_win_LANG.py

Don't forget to get the adafruit_hid library.

This is what it should look like if your language is French for example.

Modify the pico-ducky code to use your language file:

At the start of the file comment out these lines:

from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS as KeyboardLayout
from adafruit_hid.keycode import Keycode

Uncomment these lines:
Replace LANG with the letters for your language of choice. The name must match the file (without the py or mpy extension).

from keyboard_layout_win_LANG import KeyboardLayout
from keycode_win_LANG import Keycode

Example: Set to German Keyboard (WIN_DE)

from keyboard_layout_win_de import KeyboardLayout
from keycode_win_de import Keycode

Copy the files keyboard_layout_win_de.mpy and keycode_win_de.mpy to the /lib folder on the Pico board

adafruit_hid/
keyboard_layout_win_de.mpy
keycode_win_de.mpy

Useful links and resources

How to recover your Pico if it becomes corrupted or doesn't boot.

Reset Instructions

Installation Tool

raspberrydeveloper Created a tool to convert a blank RPi Pico to a ducky.
You can find the tool here

Docs

CircuitPython

CircuitPython HID

Ducky Script

Video tutorials

pico-ducky tutorial by NetworkChuck

USB Rubber Ducky playlist by Hak5

CircuitPython tutorial on the Raspberry Pi Pico by DroneBot Workshop