When i first bought my raspberry pi pico and wanted to make it a bad usb, I tried to look up tutorials, youtube videos, even some github repositories. Sadly, none of them worked and I saw people in the comments having same problem as me, it just didnt work. Thats why I decided to create this project, which simplifies transformation of raspberry pi pico into bad usb.
Because you are on this page you probably know what it is, but let me explain just for clarification Bad usb is usb device, which looks like normal usb, but isnt. In every a bit complex piece of electronics are little computer called microcontrollers. Theese microcontrollers do small operation to make sure, entire device works. For example you can find microcontrollers in microwaves, TV remotes or even you keyboard or mouse. When connecting microcontrollers to PC, you either use specific cable to connect to it, for example HDMI, ethernet, etc... but when you connect standard usb device, it can be many things. In modern age, electronics are starting to use usb ports a lot more than before, so there wont be need for special ports. When usb is connected to the computer, it send a signal about what it is going to be. Is it going to be mouse, keyboard, headhpones, microphone, mass storage, etc...? This information is send be microcontroller from inside our electronics and here is where bad usb was created. Bad usb is simple microcontroller, usually packed in usb-like case, but when connected to the computer, it doesnt send signal about being mass storage, but a HID (Human Interface Device). This allows our bad usb to act as keyboar, mouse or even game controller, all thoose are also identified as HID. And you probably already know where this is going. Our bad usb is going to act as a keyboard. With theese capabilities, you can preprogramm simple script into your microcontroller which after connecting to computer will execute and start typing. Using this you can troll someone, for example open Rickroll on their device, simply shut it down, write secret message to desktop or even start typing CMD command by which you can get reverse shell into device withing few second.
Have your bad usb working in 5-10 minutes
- Clone the repository to get a local copy of the files, which you will be needing later
git clone https://github.com/dbisu/pico-ducky.git - Download CircuitPython version 8.* or 9.*, for easy setup just download first one on top
- Plug the device into a USB port while holding the boot button. It will show up as a removable media device named
RPI-RP2 - Copy downloaded
.uf2file to the root of the Pico (RPI-RP2). Device should disconnect and connect back after few seconds asCIRCUITPYTHON - Install adafruit package
adafruit-circuitpython-bundle-8/9.x-mpy-YYYYMMDD.zip, which will allow Pico to identify as HID from here withversioncorresponding to version of your CircuitPython and extract files outside of Pico - Navigate to
libfolder of recently extracted package and copyadafruit_hidtolibfolder on your Pico device - Choose ducky script you want from here or create your own, you can inspier yourself by this tutorial and save somewhere, recommended to save in cloned git repository
- Now just convert ducky script file into raspberry pi pico python script using tool
main.pywhich is located in cloned repository (this one) using commandpython main.py -i <DuckyScriptPath>for examplepython main.py -i payload.ds - You should see file
code.pyappear inside cloned repository. Now just copy this file into Pico root. As soon as file is coppied, script will start executing. It executes every time change is made to it and every time Pico connects to computer - Thats it, you should have by now working bad usb made from Pico, amazing
Pico is in default mode of storage, but what if you want to change it?
○ Pico: The default mode is USB mass storage enabled
○ Pico W: The default mode is USB mass storage disabled
Its very practical, to be able to switch mass storage mode, either if you want to edit files or want to be more stealthy by not acting as HID and mass storage at once (which can also disrupt ducky script if not waited long enough for PC to load mass storage)
To do this:
- Copy
boot.pyfrom cloned repository into the root of Pico - Connect jumper wire between pin 24 (
GP18) and pin 23 (GND) to switch default mode, so Pico will have mass storagedisabledand Pico w will have mass storageenabled - Thats it, next time you connect Pico it will have its default mode switched
Optionally what I recommed is soldering simple switch into ports 24, 23, 22, so you can simply turn on, off storage mode
Well, thats it, i hope this tutorial helped. Later (probably) i will add bigger ducky script support. Like other tutorials, i havent programmed program, which runs ducky script at runtime but program which basicly translates ducky script into python script runnable by Pico. I choose this, because i believe it can be time saving, just a little bit, but if you want to use this thing in serious stuff, every moment matters.
How to reset Pico in case of corruption or doesnt boot here