A keyboard/mouse USB HID device for the STM32F103 "blue pill" development board, inspired by the USB Rubber Ducky.
Hardware requirements: Any of the ARM Cortex-M3 STM32F103 "minimum development boards" should work, I've tested with this board which can be acquired for ~$1.70: STM32F103C8T6 ARM STM32 Minimum System Development Board Module
Downloads: Prebuilt firmware binaries can be downloaded from CircleCI artifacts, or see the next step for how to build yourself.
Building: Install ARM GCC Embedded Toolchain (if you're on macOS
and have Homebrew, just run brew cask install gcc-arm-embedded) then run make.
Installation: Flash the pill_duck.bin binary file to the blue pill over serial.
Usage: Plug in the device to your PC over USB. It should show up as several device classes, including
a serial port (USB modem), on my system the device node is /dev/cu.usbmodemAB2. Connect to this serial port
e.g. using screen -L /dev/cu.usbmodemAB2 then you can type various commands, if it works:
duck> v
Pill Duck version da646c9-dirty
duck>
Command help reference:
v show firmware version
w<hex> write flash data
d<hex> write compiled DuckyScript flash data
j write mouse jiggler to flash data
r read flash data
@ show current report index
p pause/resume execution
s single step execution
z reset report index to zero
Examples: As a test, you can try installing the built-in mouse jiggler by typing j at the serial prompt.
The mouse should begin moving back at forth, keeping the system awake. To pause, type p. You can write raw HID
packets using the w command, or d to write hex-encoded binary compiled Duckyscript.
Compile the text scripts using duckencoder from the USB-Rubber-Ducky
project, then write it to the Pill Duck flash using the 'd' command, for example:
duck> d00ff00ff00ff00eb0b0208000f000f00120036002c001a00120015000f000700
wrote flash
duck>
will type out "Hello, world". Type p to resume, if execution was previously paused.
Caution: May be buggy, any help welcome!