Flipper Zero can act as a BadUSB device, recognized by computers as a Human Interface Device (HID), such as a keyboard. A BadUSB device can change system settings, open backdoors, retrieve data, initiate reverse shells, or do anything that can be achieved with physical access. It is done by executing a set of commands written in the Rubber Ducky Scripting Language, also known as DuckyScript. This set of commands is also called a payload.
Before using your Flipper Zero as a BadUSB device, you need to write a payload in the .txt format in any common ASCII text editor using the scripting language. Flipper Zero can execute extended Rubber Ducky script syntax. The syntax is compatible with the classic Rubber Ducky Scripting Language 1.0 but provides additional commands and features, such as the ALT+Numpad input method, SysRq command, and more.
Both \n and \r\n line endings are supported. Empty lines are allowed, as well as spaces or tabs for line indentation. The Bad USB application can execute only scripts in the .txt format. No compilation is required.
Below you can find the commands Flipper Zero can execute in addition to the Rubber Ducky Scripting Language 1.0 syntax.
On Windows, you can input characters by pressing the ALT key and entering its code on the Numpad.
Print single character
Print text string using ALT+Numpad method
Same as ALTSTRING, presented in some Ducky Script
Magic SysRq key
On Linux, you can execute commands using the Magic SysRq Key.
To use your Flipper Zero as a BadUSB device, do the following:
If the qFlipper application is running on your computer, close the application.
On your Flipper Zero, go to Main Menu -> Bad USB.
Select the payload and press the %ok%OK button.
Modify the keyboard layout by pressing the %left%LEFT button, if necessary. The default configuration is the US English keyboard layout.
Connect your Flipper Zero to the computer via a USB cable.
Press Run to execute the payload on the computer.