Bad USB

﻿
Flipper Zero can act as a BadUSB device, recognized by computers as a Human Interface Device (HID), such as a keyboard or even a mouse. A BadUSB device can change system settings, open backdoors, retrieve data, initiate reverse shells, or basically do anything that can be achieved with physical access. It is done by executing a set of commands written in the Rubber Ducky Scripting Language, also known as DuckyScript. This set of commands is also called a payload.
<div class="warning flipper-callout">
    <div class="callout-header">Insert a microSD card to use the Bad USB app</div>
    Before using the Bad USB app, make sure to update your Flipper Zero firmware with a microSD card inserted since Flipper Zero stores databases on a microSD card. For more information about the update process, visit the <a href="https://docs.flipperzero.one/basics/firmware-update" onclick="next.router.push('https://docs.flipperzero.one/basics/firmware-update')"><u>Firmware update</u> page.  
</div>
<div class="warning flipper-callout">
    <div class="callout-header">Insert a microSD card to use the Bad USB app</div>
    Before using the Bad USB app, make sure to update your Flipper Zero firmware with a microSD card inserted since Flipper Zero stores databases on a microSD card. For more information about the update process, visit the <a href="https://docs.flipperzero.one/basics/firmware-update" onclick="next.router.push('https://docs.flipperzero.one/basics/firmware-update')"><u>Firmware update</u> page.  
</div>
﻿
﻿On this page, you’ll learn about how BadUSB devices work and how to turn your Flipper Zero into one. Note that you can connect Flipper Zero to a computer not only via USB, but also via Bluetooth Low Energy (BLE).﻿
﻿
Flipper Zero scripting language
Before using your Flipper Zero as a BadUSB device, you need to write a payload in the .txt format in any common ASCII text editor using the scripting language. Flipper Zero can execute extended Rubber Ducky script syntax. The syntax is compatible with the classic Rubber Ducky Scripting Language 1.0 but provides additional commands and features, such as the ALT+Numpad input method, SysRq command, and more.
<div class="info flipper-callout">
    <div class="callout-header"></div>
    To learn more about the Flipper Zero scripting language, see <a href="https://developer.flipper.net/flipperzero/doxygen/badusb_file_format.html" onclick="next.router.push('https://developer.flipper.net/flipperzero/doxygen/badusb_file_format.html')"><u>this page</u>.
</div>
<div class="info flipper-callout">
    <div class="callout-header"></div>
    To learn more about the Flipper Zero scripting language, see <a href="https://developer.flipper.net/flipperzero/doxygen/badusb_file_format.html" onclick="next.router.push('https://developer.flipper.net/flipperzero/doxygen/badusb_file_format.html')"><u>this page</u>.
</div>
﻿
﻿
Uploading new payloads to Flipper Zero
Once the payload is created, you can upload it to your Flipper Zero via qFlipper or Flipper Mobile App to the SD Card/badusb/ folder. The new payloads will be available in the Bad USB application.
<video
    autoplay muted loop playsinline style="width: 90%; margin: auto !important;"
    src="https://cdn.flipperzero.one/qflipper_file_manager.mp4"
></video>
<video
    autoplay muted loop playsinline style="width: 90%; margin: auto !important;"
    src="https://cdn.flipperzero.one/qflipper_file_manager.mp4"
></video>
﻿
<div class="info flipper-callout">
    <div class="callout-header"></div>
    When uploading, files with the same names will be overwritten without warning.
</div>
<div class="info flipper-callout">
    <div class="callout-header"></div>
    When uploading, files with the same names will be overwritten without warning.
</div>
﻿
﻿
Using your Flipper Zero as a BadUSB device
Via USB connection
To turn your Flipper Zero into a BadUSB device using USB, do the following:
1
If qFlipper is running on your computer, close it.
2
On your Flipper Zero, go to Main Menu -> Bad USB.
3
Select the payload.
4
Make sure the Bad USB app is in USB mode — you should see a USB logo (as shown below).
To switch to USB mode, press %right%USB.
The Bad USB app in USB mode
﻿
5
If needed, you can modify the keyboard layout (US English is default) by pressing %left%Layout and selecting from the list of layouts.
6
Connect your Flipper Zero to the computer via a USB cable.
7
Press %ok%Run to execute the payload on the computer.
<video
    autoplay muted loop playsinline style="width: 100%; margin: auto !important;"
    src="https://cdn.flipperzero.one/bad_usb_compressed.mp4"
></video>
<div class="text-center mt-2.5 text-gray-400 pb-5">
    Run your payloads with the help of Flipper Zero
</div>
<video
    autoplay muted loop playsinline style="width: 100%; margin: auto !important;"
    src="https://cdn.flipperzero.one/bad_usb_compressed.mp4"
></video>
<div class="text-center mt-2.5 text-gray-400 pb-5">
    Run your payloads with the help of Flipper Zero
</div>
﻿
﻿Via BLE сonnection﻿
To turn your Flipper Zero into a BadUSB device using BLE, do the following:
1
Activate Bluetooth on your Flipper Zero by going to Main Menu -> Settings -> Bluetooth.
2
If qFlipper is running on your computer, close it.
3
On your Flipper Zero, go to Main Menu -> Bad USB.
4
Select the payload.
5
Make sure the Bad USB app is in BLE mode — you should see a Bluetooth logo (as shown below).
To switch to BLE mode, press %right%BLE.
The Bad USB app in BLE mode
﻿
6
If needed, you can modify the keyboard layout (US English is default) by pressing %left%Config and selecting from the list of layouts.
7
On your computer, go to Bluetooth settings and connect to the detected wireless BadUSB device.
8
Confirm connection both on your computer and Flipper Zero (by selecting OK on both devices).
9
On your Flipper Zero, press Run to execute the payload on the computer.
10
To unpair your Flipper Zero, go to %left%Config and select Remove Pairing.
﻿
﻿
﻿Bad USB application source code﻿
﻿