devkitty-io / usb-nugget Goto Github PK

Probably just need to send the right header and uncomment the lines in build_web_ui.sh script

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding

When posting a command to the Nugget via the web interface, there is no response. This causes a nasty crash with Requests when trying to script commands with Python.

It would be much better to respond to the POST request with a status code to indicate if the payload has been received and run or not.

Currently, if the user adds more than 3 folders or payloads, only 3 will ever be visible.

I propose we add logic that maintains the quick-launch layout, but adds a switch for 3+ items that turns the down button into a "page down" scroll.

When loading a folder with more than 3 items, the first 3 items should be mapped to the up, right, and left buttons. The down button goes to the next page, continuing until the last page of 3 items is reached. When the last page is reached, the down button becomes the "back" button as is standard now.

Small problem If you connect the WiFi Nugget to an Android phone, then it tries to copy folders in the Payloads
without Data, it thinks it can Backup the data and tries to make an SD card out of it.

Hi, first of all big fan and just got my hands on my rubber nugget really like its design. On the issues topic

• I'm having a lot of mixed does, donts and what actually applies to my esp32-s2 rubber nugget and the wifi nugget.
• The second topic is on the to up to date flashing process and again is the mixed between the docs and your channel's content. Obviously because when I cant understand something from the documentation I look up for the channels content to see if Im messing something up or didnt actually understood.

Have a nice day, hope to get back from you soon..

Hey hello again everyone,

If you install the awesome Android ADB driver on Windows Then your PC recognizes the Rubbernugget as an Android device , which makes it impossible to connect the WiFi Nugget in the flashing mode.

Thanks for reading your Enzo

Hi! Thank you for the help! So seemingly 3 out of the four buttons are not functioning on my Nugget. I used a jumper cable to test all four buttons and only the bottom button would indicate a button press when jumped. The bottom button works when normally pressed as well.

The MacOS default payload does not work as intended. The GUI and command key are switched and the timing is big wrong.

The correct script is:

DELAY 1000
GUI SPACE
DELAY 1000
STRING terminal
DELAY 1000
ENTER
DELAY 1000
STRING open 'https://www.youtube.com/watch?v=dQw4w9WgXcQ'
ENTER
DELAY 1000
GUI TAB
DELAY 1000
STRING osascript -e 'set volume 7' && killall Terminal
ENTER
DELAY 1500
STRING f

I did the esptool method to update. Step by step via Linux. Last step to unplug and it should update itself was where it went south. Doesn't turn on anymore.

Currently, graphics.h stores char arrays encoding the cat bitmap graphics. For example, the variable high_signal_bits stores this image:

Updating or adding images causes toil; to update an image, you'd need to copy the corresponding char array to a file and save it with the .xbm extension. The file can then be opened in an image editor like gimp. Once saved, the file contents have to be recopied to graphics.h. We can do better!

Instead, let's store each cat graphic as an a seperate .xbm, and include each in graphics.h (yes, you can #include "foobar.xbm"!). Then, the image update process becomes: edit the image in gimp, and then you're done.

https://en.wikipedia.org/wiki/X_BitMap

The RubberNugget-Features.png image shows the version as 1.0 which is incorrect. The version should probably be removed altogether, so we don't have to change it for every release.

Or, we could generate the text on this image using a script -- the imagemagick library comes to mind. But this approach also seems like an unnecessary waste of time.

If fixing this issue, consider resolving #76 at the same time as it's closely related.

We're losing track of software versions across the USB Nugget, which will make it hard to figure out if we're dealing with new bugs as they're being reported by customers. The Nugget interface itself only displays a static "v1.0" graphic, while the web interface refers to v1.0.4 and its unclear if that's the web UI version or the actual USB Nugget software.

We should create a tool that lets us keep track of versions in a single file, and automatically replace instances of the version upon building.

When using the web interface, it's impossible to delete payloads.

On MacOS, this means saving via USB creates hidden files which take up all the slots and can't be deleted via the web interface.

Currently added as git sub-modules, but if they are removed from GitHub we are up a creek without a paddle.

Web interface lacks a configuration page. The menu should allow the user to control:

Set Client or AP mode: Allow connecting to Wi-Fi network for data access/remote control
SSID name: Change the Wi-Fi name of the soft AP the Nugget creates or joins
Password change: Change the password of the soft AP the Nugget creates or joins
Default Script: Select a script to auto-run on start
Hide USB drive: Toggle USB drive to appear or not by default
Neopixel brightness: Select brightness level for neopixel

When using the USB interface, MacOS makes junk files which can't be seen via USB. The nugget reads 1 payload as 4 total files, 3 of which are junk payloads.

Files that start with . should be ignored/deleted

It's not possible to delete them via the web interface either.

This makes it hard to see actual complication errors. For each type of warning, we should either

1. Change build config so these warnings are silenced
2. Actually fix the warnings, then change the build config so that these warnings are marked as errors, meaning the code can't be merged in the first place

Each type of warning should be ignored or converted to an error on a case-by-case basis

On the Nugget packaging, it states the Wi-Fi password to access the web interface is "password123" but in the current binary, it's password.

Update the binary with the right password?

When the nugget is connected to a target and deploys a screen sharing payload, a live control web interface allowing mouse movement and typing would enable realtime access to the target

I have the 2.1 nugget board, which it seems has no ZERO button. I was following the chrome update procedure on an MX Linux lapton. It erased fine, And I used the esp web flasher, which has a banner that says it's not supported anymore. I pressed on anyway, and it seemed to program fine...green bar all the way across, then when finished I noticed the bright green LED turned off, and following instructions, I unplugged it (instead of hitting the disconnect button). When I plugged it back in-nothing. so then I hit the reset button...still nothing. I reran the procedure using esp web flasher, even though the banner directed to go to esptool. same end result as above. So then I tried the ESPtool, which is not only a terminal version, but they now have a web flash version also-so used that. Same end result. Feels like I've bricked this little unit. P.S. the blue led on the espy board blinks on connection and while hitting the reset button, so it's getting power, also when I plug it into either a windows box or linux, still just a dead little cat. ;(

Originally posted by @HeinrichII in #31 (comment)

Currently, you can't use the web interface until a payload is created via USB. This adds complexity to the setup process.

To fix this, we can take one of two actions:

1. Add a create payload option to the web interface, which drops payloads into the proper space
2. Pre-fill the OS folders with payload types and dummy payloads in each one which can be edited via the web interface

Running the default example script does not set LED color when built/flashed from main branch. When flashed from the latest release binary, it does work.

Are there any plans to release a v1.1 release with a .bin?

I'm having some issues connect to the device on my laptop and hoping flashing the device will fix it.

Cheers,
Matt

I've just been trying to use the USB Nugget running v1.1 on my laptop running Fedora, but the devices turns on / off and eventually my machine is disconnect.

DMESG has the following output:

[ 1906.016371] usb 3-1: new full-speed USB device number 12 using xhci_hcd
[ 1906.400484] usb 3-1: device descriptor read/64, error -32
[ 1906.699001] usb 3-1: New USB device found, idVendor=05ac, idProduct=020b, bcdDevice= 1.00
[ 1906.699012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1906.699015] usb 3-1: Product: ESP32 Arduino Device
[ 1906.699018] usb 3-1: Manufacturer: Espressif
[ 1906.699020] usb 3-1: SerialNumber: 1234-5678
[ 1906.703776] usb-storage 3-1:1.0: USB Mass Storage device detected
[ 1906.704410] scsi host0: usb-storage 3-1:1.0
[ 1906.705241] cdc_acm 3-1:1.1: ttyACM0: USB ACM device
[ 1906.706501] input: Espressif ESP32 Arduino Device as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.3/0003:05AC:020B.000D/input/input34
[ 1906.759053] hid-generic 0003:05AC:020B.000D: input,hidraw0: USB HID v1.11 Keyboard [Espressif ESP32 Arduino Device] on usb-0000:00:14.0-1/input3
[ 1907.709174] scsi 0:0:0:0: Direct-Access     ESP32-S2 FLASH            1.0  PQ: 0 ANSI: 2
[ 1907.709690] sd 0:0:0:0: Attached scsi generic sg0 type 0
[ 1907.710016] sd 0:0:0:0: [sda] 744 4096-byte logical blocks: (3.05 MB/2.91 MiB)
[ 1907.710747] sd 0:0:0:0: [sda] Write Protect is off
[ 1907.710751] sd 0:0:0:0: [sda] Mode Sense: 03 00 00 00
[ 1907.711313] sd 0:0:0:0: [sda] No Caching mode page found
[ 1907.711320] sd 0:0:0:0: [sda] Assuming drive cache: write through
[ 1907.719873]  sda:
[ 1907.722952] sd 0:0:0:0: [sda] Attached SCSI removable disk
[ 1907.757417] usb 3-1: USB disconnect, device number 12
[ 1907.757631] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1907.757635] sd 0:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 00 02 d0 00 00 01 00
[ 1907.757636] I/O error, dev sda, sector 5760 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[ 1907.757669] device offline error, dev sda, sector 5760 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1907.757678] Buffer I/O error on dev sda, logical block 720, async page read
[ 1908.427439] usb 3-1: new full-speed USB device number 13 using xhci_hcd
[ 1908.808481] usb 3-1: device descriptor read/64, error -32
[ 1909.312567] usb 3-1: New USB device found, idVendor=05ac, idProduct=020b, bcdDevice= 1.00
[ 1909.312570] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1909.312571] usb 3-1: Product: ESP32 Arduino Device
[ 1909.312571] usb 3-1: Manufacturer: Espressif
[ 1909.312572] usb 3-1: SerialNumber: 1234-5678
[ 1909.315351] usb-storage 3-1:1.0: USB Mass Storage device detected
[ 1909.315979] scsi host0: usb-storage 3-1:1.0
[ 1909.316397] cdc_acm 3-1:1.1: ttyACM0: USB ACM device
[ 1909.317347] input: Espressif ESP32 Arduino Device as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.3/0003:05AC:020B.000E/input/input35
[ 1909.368613] hid-generic 0003:05AC:020B.000E: input,hidraw0: USB HID v1.11 Keyboard [Espressif ESP32 Arduino Device] on usb-0000:00:14.0-1/input3
[ 1910.333289] scsi 0:0:0:0: Direct-Access     ESP32-S2 FLASH            1.0  PQ: 0 ANSI: 2
[ 1910.333490] sd 0:0:0:0: Attached scsi generic sg0 type 0
[ 1910.333791] sd 0:0:0:0: [sda] 744 4096-byte logical blocks: (3.05 MB/2.91 MiB)
[ 1910.334380] sd 0:0:0:0: [sda] Write Protect is off
[ 1910.334387] sd 0:0:0:0: [sda] Mode Sense: 03 00 00 00
[ 1910.334927] sd 0:0:0:0: [sda] No Caching mode page found
[ 1910.334929] sd 0:0:0:0: [sda] Assuming drive cache: write through
[ 1910.341286]  sda:
[ 1910.343305] sd 0:0:0:0: [sda] Attached SCSI removable disk
[ 1910.371247] usb 3-1: USB disconnect, device number 13
[ 1910.371413] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1910.371415] sd 0:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 01 00
[ 1910.371416] I/O error, dev sda, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[ 1910.371435] device offline error, dev sda, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1910.371439] Buffer I/O error on dev sda, logical block 0, async page read
[ 1911.040584] usb 3-1: new full-speed USB device number 14 using xhci_hcd
[ 1911.424567] usb 3-1: device descriptor read/64, error -32
[ 1911.926872] usb 3-1: New USB device found, idVendor=05ac, idProduct=020b, bcdDevice= 1.00
[ 1911.926880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1911.926883] usb 3-1: Product: ESP32 Arduino Device
[ 1911.926886] usb 3-1: Manufacturer: Espressif
[ 1911.926887] usb 3-1: SerialNumber: 1234-5678
[ 1911.930248] usb-storage 3-1:1.0: USB Mass Storage device detected
[ 1911.930544] scsi host0: usb-storage 3-1:1.0
[ 1911.931400] cdc_acm 3-1:1.1: ttyACM0: USB ACM device
[ 1911.932939] input: Espressif ESP32 Arduino Device as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.3/0003:05AC:020B.000F/input/input36
[ 1911.985055] hid-generic 0003:05AC:020B.000F: input,hidraw0: USB HID v1.11 Keyboard [Espressif ESP32 Arduino Device] on usb-0000:00:14.0-1/input3
[ 1912.957201] scsi 0:0:0:0: Direct-Access     ESP32-S2 FLASH            1.0  PQ: 0 ANSI: 2
[ 1912.957583] sd 0:0:0:0: Attached scsi generic sg0 type 0
[ 1912.958165] sd 0:0:0:0: [sda] 744 4096-byte logical blocks: (3.05 MB/2.91 MiB)
[ 1912.958723] sd 0:0:0:0: [sda] Write Protect is off
[ 1912.958726] sd 0:0:0:0: [sda] Mode Sense: 03 00 00 00
[ 1912.959321] sd 0:0:0:0: [sda] No Caching mode page found
[ 1912.959329] sd 0:0:0:0: [sda] Assuming drive cache: write through
[ 1912.966362]  sda:
[ 1912.968729] sd 0:0:0:0: [sda] Attached SCSI removable disk
[ 1912.995308] usb 3-1: USB disconnect, device number 14
[ 1912.995410] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1912.995412] sd 0:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 00 02 d0 00 00 01 00
[ 1912.995413] I/O error, dev sda, sector 5760 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[ 1912.995455] device offline error, dev sda, sector 5760 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1912.995458] Buffer I/O error on dev sda, logical block 720, async page read

I've not been able to find anything for this error beyond folks suggesting this is a memory issue.

Have you encountered this before? If I plug the device into a power supply (i.e. a USB outlet) the device runs fine and I can navigate the UI and run payloads).

The Nugget doesn't have a static or modifiable drive label when plugged into a computer, which makes file exfiltration / copying files from the Nugget's internal drive inconsistent across different devices. ie, if you're trying to use Duckyscript to exfiltrate a file to the Nugget drive, or copy something off of it.

Per @brandonpaiz, it would be ideal for the customer to be able to attach the Nugget to a Wi-Fi AP as a client and download updated scripts from a GitHub Repo.

Sometimes the keystroke injection gets ahead of itself and presses the shift key too early, causing random characters to be capitalized, and others to not be. For example instead of typing testing some colors! in the colors.txt script, it will sometimes type testing some colorS1. I'm not sure if this issue is present for other modifiers like alt or ctrl.

This issue seems to be found across characters that can be typed using the shift modifier like !@#$%^&*() which will sometimes just print as the numeric values.

Set the MAC address to an Apple device and this won't happen, no other issues created by doing this

Run docker ps -all and docker images to see what I mean

Current case design has an issue where tall, black buttons do not fit normally behind the D-pad in snap-fit cases

This is not an issue for standard colored or white buttons, as they sit low. It's not an issue for friction-fit designs, as the loose tolerance prevents binding.

Recommendations are: design a "low" d-pad design to accommodate the extra space needed. Make clear design choices between colors so that the short d-pads can be color coded to match the PCB colors they fit on.

Tall black buttons are on the all-black design, they should not be on purple nuggets.

User suggested - Mode where each button press "Steps through" your script

Each press forward runs the next line, a press back runs the previous Duckyscript command.

How would we trigger this? Web interface, config file, or holding the right button when you run the payload instead of tapping it?

Something that allows us to easily enable/disable logging from specific modules. At the very least, making logs more parsable by module. For example, It Sure Would Be Nice to be able to enable/disable logging for the web server, script parsing, etc. Basically anything is better than nothing.

a how-to guide containing:

• - steps for cloning or downloading & extracting from release page
• - (link to) instructions for installing esptools.py
• - steps for flashing firmware onto nugget

Instant translation into every language: Use arrows to show navigation rather than abbreviated directions like "LT" and "RT"

Ran script with unsaved document open in text editor:

STRING the script is running
DELAY 1000
CTRL S

Expected the save dialog to pop up. Output: the script is runnings. Note the s

I changed the line ending style from unix to dos just to see if that had any effect. I ran the script again and received output the script is running, but still no save dialog.

Best I could find to solve this was to include: Adafruit_TinyUSB.h library with no success.

Arduino: 1.8.19 (Mac OS X), Board: "ESP32S2 Dev Module, Enabled, Enabled, Enabled, Internal USB, Disabled, Default 4MB with spiffs (1.2MB APP/1.5MB SPIFFS), 240MHz (WiFi), QIO, 80MHz, 4MB (32Mb), 921600, None"

In file included from /Users/Choodyp/Downloads/RubberNugget-main/RubberNugget/RubberNugget.ino:4:
RubberNugget.h:6:10: fatal error: cdcusb.h: No such file or directory
#include "cdcusb.h"
^~~~~~~~~~
compilation terminated.
exit status 1
cdcusb.h: No such file or directory

This report would have more information with
"Show verbose output during compilation"
option enabled in File -> Preferences.

The RubberNugget-Features.png image shows the URL "wifinugget.com" nugget. This is misleading as the project is called USBNugget, and is an entirely different product than the Wi-Fi Nugget

If fixing this issue, consider resolving #77 at the same time as it's closely related.

There is no clear upper limit on strings, but the Nugget WILL NOT publish the entire bee movie script. An upper limit needs to be defined or the limit should be mitigated.

Hey hello everyone again(=^ω^=)

today I've sat down again on Windows 10 and just wanted to test a few things. because I mentioned that I'm from Germany and I wondered after one two try why the simplest Rickroll does not want to work. right then I noticed that the Rubbernugget uses the English keyboard layout QWERTY. But we in Germany, for example, the German layout also known as QWERTZ use. that is, for example, the position of special characters or even the Z and Y key are at other places.
the question is how to change the keyboard layout of the Rubbernugget so that you can properly run duckysripts and not for example from Youtube Zoutube.
I hope you could understand me and have a nice day

For some reason, creating a FAT filesystem locally, via mkfs or otherwise, then flashing it to memory doesn't work. The nug really doesn't like it. However, if you allow the nug to format the filesystem itself, then dump the flash memory it works just fine -- you can mount, add files to and then reflash and everything will be fine.

The problem is that generating a release binary requires us to flash the code and overwrite the flash memory, then dump the entirety of the contents. Gross. This also means that we need a physical device to generate the release binary and it can only be partially automated.

The work:

1. Find out why our generated FAT fs aren't well received by the nug
2. Store the default scripts as normal files
3. During build / script flashing, create the FAT fs from these scripts, then generate the final binary in the docker container instead of dumping flash

User requested feature - Loops are missing and would be extremely useful

In stead of

TAB
TAB
TAB
TAB
TAB
TAB

It would be
LOOP 7
TAB
END

Gonna come back to this later, but we should implement full support for DuckyScript classic, including loops and full RGB LED colors, and also make it easy to create custom DuckyScript aliases for things like WiFi Geofencing. This engine should be developed as a separate project rather than parsing DuckyScript commands on the fly in spaghetti code.

We need to make it stupid obvious that the following limitations exist, as they are not intuitive:

1. Each OS folder gets a MAX of 3 category folders
2. Each category folder gets a MAX of 3 payloads
3. Payloads MUST be placed in a payload Category folder (OS folder -> Category Folder -> Payload.txt)
4. Payloads left in the OS folder will not be shown, folders in a payload Category folder will not be shown

We need to either add documentation or guard rails to make it easier to follow these conventions.

I think we should add payload slots, and let the user customize each one from the default label to whatever they want. This creates the default file tree and blank spaces for the user to fill out, while preventing file operations outside our schema.

When adding new payloads, the web interface will sometimes crash hard, and will not come back up until a reboot.

Issue seems possibly related to pasting? Deleting the new folders will sometimes fix the issue, other times it won't.

Issue may be related to multiple payloads with the same name. Comes up when creating payloads in other OS category folders.

Only way to fix is hit reset button or unplug and plug in again.

Symptoms:

1. USB device disconnects (reboot) and neopixel turns off (if it was on)
2. Web request hangs (no response)
3. Rolling back last file operation does not fix the issue
4. Unplug or reset button fixes issue

Noted that another user could connect but the current user could not make a successful web request.

When connected to the web interface, the "Help" menu attempts to redirect to a webpage that needs an internet connection