Improvement to web interface, new platform and support for external p…

…lug in modules

Improvement to web interface, new platform and support for external plug in modules

.github/workflows/main.yml

@@ -60,4 +60,13 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: Waveshare-RP2040-GEEK Firmware binaries
-          path: .pio/build/Waveshare-RP2040-GEEK/*.bin
+          path: .pio/build/Waveshare-RP2040-GEEK/*.bin
+
+      - name: Build PlatformIO Project M5-Atom-S3U
+        run: pio run --environment M5-Atom-S3U
+
+      - name: Upload M5-Atom-S3U artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: M5-Atom-S3U Firmware binaries
+          path: .pio/build/M5-Atom-S3U/*.bin

.vscode/settings.json

@@ -70,6 +70,10 @@
         "text_encoding": "cpp",
         "charconv": "cpp",
         "future": "cpp",
-        "variant": "cpp"
-    }
+        "variant": "cpp",
+    },
+    "theme-by-language.themes": {
+        "filename:.*\\.ds$": "LightDuckyScript"
+    },
+    "workbench.colorTheme": "PowerShell ISE"
 }

README.md

@@ -2,7 +2,7 @@
 [![PlatformIO CI](https://github.com/i-am-shodan/USBArmyKnife/actions/workflows/main.yml/badge.svg)](https://github.com/i-am-shodan/USBArmyKnife/actions/workflows/main.yml)
 [![.NET](https://github.com/i-am-shodan/USBArmyKnife/actions/workflows/dotnet.yml/badge.svg)](https://github.com/i-am-shodan/USBArmyKnife/actions/workflows/dotnet.yml)
 <a href="https://twitter.com/intent/follow?screen_name=therealshodan"><img src="https://img.shields.io/twitter/follow/therealshodan?style=social&logo=twitter" alt="Twitter"></a>
-[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/O5O8145AVW)
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/O5O8145AVW)
 <a href="https://www.buymeacoffee.com/therealshodan" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>
 
 # USB Army Knife
@@ -76,6 +76,7 @@ This project implements a variety of attacks based around an easily concealable
 | ------------ | -------------- | -------------- |
 | **LilyGo T-Dongle S3**  (Recommended)![screenshot](./docs/images/t-dongle-s3.png) | The LilyGo T-Dongle S3 is a USB pen drive shaped ESP32-S3 development board. It features a colour LCD screen, physical button, hidden/covert micro SD card adapter (inside the USB-A connector) as well as a SPI adapter. It has 16MB of flash. It is based on the ESP32-S3 chipset which enables it to host a WiFi station as well as support a range of WiFi and Bluetooth attacks. *It is incredibly cheap!* There are two versions of this device with and without the screen. Only the version with the screen has been tested.  | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_DCMq0ZX)</li><li>[Amazon UK](https://amzn.to/3YuNCg3)</li><li>[Amazon US](https://amzn.to/4f4AqUk)</li><li>[eBay UK](https://ebay.us/3TJVed)</li></ul>
 | **Waveshare ESP32-S3 1.47inch** ![screenshot](./docs/images/waveshare-147.png) | This device is similar in design, size and features to the LilyGo T-Dongle S3 and uses the same chipset. It is clearly a dev board as it doesn't come with a case and has exposed circuitry on the underside. Where this device betters the T-Dongle S3 is that it has a very large high quality screen and 8MB of additional RAM. | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_DmlJI3x)</li><li>[eBay UK](https://ebay.us/E4gFr5])</li></ul>
+| **M5Stack AtomS3U** ![screenshot](./docs/images/m5stack-atoms3u.png) | This is an ESP32-S3 development board with two external interface at the rear. It doesn't feature a screen or an SD card, but does have an LED and a button. Instead of an SD card the flash memory is used to store files. Unusually it also contains a digital microphone and IR LED that are not currently supported. To put the device in boot mode hold RESET (the button on the side of the device) until a green LED comes on. | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_EIAUNXX)</li></ul>
 | **ESP32 Udisk** ![screenshot](./docs/images/esp32-udisk.png) | The most basic device that can run the USB Army Knife code is a ESP32-S2 chip connected to a USB port. Often you can find these sold in a very similar enclosures to the T-Dongle S3 and tend to advertised on sites like AliExpress as Playstation 4 jailbreaks under the name 'USB Dongle Udisk for P4'. These devices lack RAM, a screen, SD card, Bluetooth, LEDs and a good hardware button. Instead of an SD card, flash memory is used to store tiny files. These devices are incredibly cheap and are often good at running HID+WiFi payloads (like the rick roll). **Warning** They are too underpowered to run the webserver. When buying these **beware** that they can often be confused with a very similar looking device that includes a CH343P chipset and no reset button. **Make sure the device you buy has a button that can be pushed with a paperclip.** Ensure you flash this device with the Generic-ESP32-S2 configuration.  | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_Dn5wXe5)</li><li>[Amazon UK](https://amzn.to/3Y4hrCE)</li><li>[Amazon US](https://amzn.to/4h98Jf4)</li><li>[eBay UK](https://ebay.us/AVZcK0)</li></ul>
 | **ESP32 Key** ![screenshot](./docs/images/esp32-key.png) | Very similar to the ESP32 UDisk this is an ESP32-S2 on a circuit board. It is probably the cheapest device that can just about run USB Army Knife and has a price point to match. You'll need to hold down the button when you plug it in to get the device into flashing mode. Ensure you flash this device with the Generic-ESP32-S2 configuration. | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_EyliW13)</li></ul>
 | **Waveshare-RP2040-GEEK** ![screenshot](./docs/images/rp2040-geek.jpg) | RP2040-GEEK is a development board designed by Waveshare. It has USB-A, 1.14-inch LCD screen, an SD card and has external ports (SWD, UART and I2C). **This board does not run the ESP32 chipset. USB ethernet (NCM) mode are whole disk SD usage are both currently unsupported. ESP32 Maurader cannot work on this device!** On Windows you may also need to set this device to use a WinUSB driver using [Zadig](https://zadig.akeo.ie/). Hold down the button when you plug it in to get the device into flashing mode. | <ul><li>[AliExpress](https://s.click.aliexpress.com/e/_EvdfVGH)</li><li>[Amazon UK](https://amzn.to/3YZvD1f)</li><li>[Amazon US](https://amzn.to/3YY4Ouy)</li></ul>
@@ -100,6 +101,10 @@ The USB Army Knife may not run correctly with large SD cards or those with newer
 
 **Note** On first run, if an SD card cannot be found with a supported filesystem the device will offer to format it for you. If you use this option the filesystem created on the SD card may not work under Windows. As such it is advised to create a suitable SD card off device.
 
+### Preparing your script file
+
+Beaware that your script file should have Windows style (CRLF) line endings. If your script is terminating on empty lines convert your script using `unix2dos`.
+
 ### Installation
 
 1. Clone the repository:

examples/self_destruct/README.md

@@ -0,0 +1,22 @@
+# Example - Self destruct
+
+This is an example of using an auxillary devices connected to the LILYGO T Dongle S3's QWIIC port to perform motion detection. In this example if the device discovers motion close to it then the SELF_DESTRUCT() function is run. In our example this simply prints a graphic and resets the device. You are free to implement your own.
+
+## Set up
+1. Copy autorun.ds and bomb.png onto the SD card
+1. In the platform.ini configuration file uncomment the line `-D EXT_SENSOR_MOTION_LD2410` this will enable the sensor module to be built
+1. Build and flash the device
+1. Connect a LD2410 to the QWIIC connector of the T Dongle S3. You'll need:
+   * A QWIIC micro cable AKA a 4-pin micro JST connector (1mm).
+   * A [HLK-LD2410C](https://s.click.aliexpress.com/e/_EJ2MAjf) or similar
+   * A 3.3v to 5v DC-DC step up converter. The LD2410 needs 5v - potentially you could get this from the USB connecter. Connect the red cable to IN+ and OUT+ to VCC on the LD2410.
+   * To connect the blue cable to RX
+   * To connect the yellow cable to TX
+   * To connect the black cable to IN- and OUT- to the LD2410 GND pin
+
+**NOTE** In the pictures and video a JST connector cable with different colours is in use.
+
+## Usage
+1. Plug in device
+2. Wait a few seconds for the device to scan the room
+3. Put your hand over the sensor

examples/self_destruct/autorun.ds

@@ -0,0 +1,37 @@
+FUNCTION SELF_DESTRUCT()
+    REM implement your own routine here!
+    DISPLAY_PNG /bomb.png
+    DELAY 3000
+    RESET
+END_FUNCTION
+
+REM wait for device to settle down or for you to retreat
+DELAY 3000
+
+IF (LD2410_CONNECTED() == FALSE)
+    DISPLAY_CLEAR
+    DISPLAY_TEXT 0 0 Error, could not find device
+    DELAY 2000
+    SELF_DESTRUCT()
+END_IF
+
+VAR $UPDATE_COUNT = 0
+
+WHILE (LD2410_CONNECTED())
+    IF (LD2410_DETECTED_MOTION())
+        IF (LD2410_GET_DISTANCE() < 10)
+            SELF_DESTRUCT()
+        END_IF
+    ELSE
+        IF ($UPDATE_COUNT > 10)
+            DISPLAY_CLEAR
+            DISPLAY_TEXT 0 0 Light level #_LD2410_LIGHT_LEVEL_
+            $UPDATE_COUNT = 0
+        ELSE
+            DISPLAY_TEXT $UPDATE_COUNT 50 .
+            $UPDATE_COUNT = ( $UPDATE_COUNT + 1 )
+        END_IF
+    END_IF
+END_WHILE
+
+SELF_DESTRUCT()

platformio.ini

@@ -66,10 +66,10 @@ build_flags =
 	-D CFG_TUD_ENABLED
 	;-D DUCKY_CUSTOM_LOG
 lib_deps_core = 
-	https://github.com/i-am-shodan/DuckScriptInterpreter#962e24e81aa548f64fa38a580717edb3ae65c989
+	https://github.com/i-am-shodan/DuckScriptInterpreter#4a614fd9debf3370cf32ef8eb6929877d8084114
 	bblanchon/ArduinoJson@^7.0.3
-	ivanseidel/[email protected]+sha.dac3874d28
-  https://github.com/i-am-shodan/Uptime-Library
+	ivanseidel/[email protected]+sha.dac3874d28
+	https://github.com/i-am-shodan/Uptime-Library
 
 [core-esp32]
 extends = core
@@ -106,12 +106,13 @@ build_flags =
 	-D ARDUINO_ARCH_ESP32S3
 	-D GENERIC_ESP32 ; ESP32 Maurader
 	-D CONFIG_ASYNC_TCP_QUEUE_SIZE=128
+	-D RX_PIN=44
+	-D TX_PIN=43
 lib_deps = 
     ${core-esp32.lib_deps}
 	h2zero/NimBLE-Arduino@^1.4.2 ; ESP32 Maurader
 	mathertel/OneButton
 	lovyan03/LovyanGFX@^1.1.16
-	https://github.com/pololu/apa102-arduino
 
 [core-pico]
 extends = core
@@ -164,8 +165,11 @@ build_flags =
 	-D LED_DI_PIN=40
 	-D LED_CI_PIN=39
 ;;;;;;;; End of Pin Config ;;;;;;;;
+    ; -D EXT_SENSOR_MOTION_LD2410 ; Uncomment to use the self destruct example
 lib_deps = 
     ${core-esp32-s3.lib_deps}
+	iavorvel/MyLD2410 @ ~1.0.12
+	https://github.com/pololu/apa102-arduino
 
 [env:Waveshare-ESP32-S3-LCD-1_47]
 extends = core-esp32-s3
@@ -206,6 +210,7 @@ build_flags =
 ;;;;;;;; End of Pin Config ;;;;;;;;
 lib_deps = 
     ${core-esp32-s3.lib_deps}
+	https://github.com/pololu/apa102-arduino
 
 [env:Generic-ESP32-S2]
 extends = core-esp32
@@ -225,6 +230,30 @@ build_flags =
 lib_deps = 
     ${core-esp32.lib_deps}
 
+[env:M5-Atom-S3U]
+extends = core-esp32-s3
+board = esp32-s3-devkitc-1
+upload_speed = 1500000
+monitor_speed = 115200
+board_build.f_cpu = 240000000L
+board_build.f_flash = 80000000L
+board_build.flash_mode = dio
+build_flags =
+	${core-esp32-s3.build_flags}
+	-D M5_ATOM_S3U
+	-D NO_TFT
+	-D NO_SD
+	-D USE_SPIFFS_INTERFACE ; ESP32 Maurader
+;;;;;;;;Pin Config for Status LED and Button;;;;;;;;
+	-D BTN_PIN=41
+	-D NUM_LEDS=1
+	-D LED_DI_PIN=35
+;;;;;;;; End of Pin Config ;;;;;;;;
+lib_deps = 
+    ${core-esp32-s3.lib_deps}
+	https://github.com/pololu/apa102-arduino
+	fastled/FastLED
+
 [env:Waveshare-RP2040-GEEK]
 extends = core-pico
 build_flags = 

src/Attacks/Ducky/DuckyPayload.cpp

@@ -56,8 +56,8 @@ static int lastExecutionResult = 0;
 static volatile uint32_t timeToWait = 0; // volatile to try and prevent dirty reads
 static bool firstRun = true;
 static bool requiresReset = false;
-static std::unordered_map<std::string, std::function<int(std::string, std::unordered_map<std::string, std::string>, std::unordered_map<std::string, int>)>> extCommands;
-static std::vector<std::function<std::pair<std::string, std::string>()>> consts;
+static ExtensionCommands extCommands;
+static UserDefinedConstants consts;
 static std::string localCmdLineToExecute;
 static bool wasLastPressLong = false; // For buttons
 static int lastSuccessfullyEvaluatedLine = 0;
@@ -221,6 +221,16 @@ static DuckyInterpreter duckyFileParser = DuckyInterpreter(
 
 #include "Extensions.h"
 
+void DuckyPayload::registerExtension(const std::string& command, std::function<int(const std::string&, const std::unordered_map<std::string, std::string>&, const std::unordered_map<std::string, int>&)> callback)
+{
+    extCommands[command] = callback;
+}
+
+void DuckyPayload::registerDynamicVariable(std::function<std::pair<std::string, std::string>()> func)
+{
+    consts.emplace_back(func);
+}
+
 uint8_t DuckyPayload::getTotalErrors()
 {
     return totalErrors;

src/Attacks/Ducky/DuckyPayload.h

@@ -1,6 +1,7 @@
 #pragma once
 
 #include <string>
+#include <functional>
 
 #include "../../USBArmyKnifeCapability.h"
 
@@ -18,6 +19,8 @@ class DuckyPayload : USBArmyKnifeCapability {
   void setPayload(const std::string& path);
   std::string getPayloadRunningStatus();
   uint8_t getTotalErrors();
+  void registerExtension(const std::string& command, std::function<int(const std::string&, const std::unordered_map<std::string, std::string>&, const std::unordered_map<std::string, int>&)> callback);
+  void registerDynamicVariable(std::function<std::pair<std::string, std::string>()>);
 };
 
 namespace Attacks