This code allows the Raspberry Pi Pico to function as a USB HID keyboard, capable of executing predefined payloads (commands) on Windows machines through the "Run Command" window (Win+R).
- Stores up to 3 payloads simultaneously.
- Supports both QWERTY and AZERTY keyboard layouts.
- Easy payload customization without re-uploading the code.
The functionality of the Pico Ducky is controlled using the built-in bootsel button on the Raspberry Pi Pico:
- Short Press: Injects payload 1.
- Double Short Press: Injects payload 2.
- Triple Short Press: Injects payload 3.
- Long Press: Switches between QWERTY and AZERTY layouts.
- Short Press followed by Long Press: Enters setup mode, allowing the Pico to appear as a flash drive with a "config.txt" file. Edit and save payloads directly on the Pico. Repeat button strokes to exit setup mode.
- Set up the Earle F. Philhower III Arduino-Pico environment in ArduinoIDE. Details can be found here.
- Clone this repository and open it in ArduinoIDE.
- Navigate to
Tools>Boards>Raspberry Pi Pico/RP2040, then select your Pico. - Choose an appropriate flash size under
Tools>Flash Size(ensure it has FS for filesystem support). - Select
Adafruit Tiny USBas the USB stack underTools. - Upload the sketch to the Pico.
- Upon the first upload, a new USB flash drive will be mounted on your PC (if prompted to format, do so).
- Copy the
.stateandconfig.txtfiles from thedatafolder in this repository to the Pico's USB drive. - [Optional] Rename your Pico USB flash drive if desired.
- Unplug and replug the device to complete the setup.
You're now ready to use your Pico Ducky! Refer to the usage instructions above and have fun experimenting with your new tool.
This project was developed as part of my cybersecurity class project in my second year of computer science engineering degree at ENSI (National School of Computer Science) in Tunisia. The full report of the project, detailing its objectives, methodology, and outcomes, can be found here
This project served as the foundation for a broader cybersecurity project, utilizing the BadUSB functionality to launch a reverse shell attack on any Windows victim machine.
This project was created for educational and learning purposes only. The creators do not condone or support any illegal or unethical use of the information or tools provided. The use of this project to execute unauthorized actions on any system without explicit permission is strictly prohibited. The creators shall not be held responsible for any misuse or consequences resulting from the use of this project.