Path: blob/master/payloads/library/general/Multi_HID_The-Penny-Drops/Payload.txt
2968 views
REM TITLE The Penny Drops1REM AUTHOR Cribbit2REM DESCRIPTION Little arcade coin drop / pachinko style game3REM VERSION 1.04REM PROPS Darren & Korben5EXTENSION TRANSLATE6REM VERSION 1.078REM This extension acts as a library or collection of helper functions9REM to work with converting variables in your payloads.10REM WHY:11REM Of the many ways to get information about the state of your payload12REM is by injecting static strings effectively as debugging prints13REM However, given the non-static nature of payloads using variables in14REM DuckyScript 3.0 - the ability to decode variables during payload15REM execution and print (inject) representations of their current state16REM can often be a critically helpful development and debugging tool.1718REM Available Functions:19REM TRANSLATE_INT() - var to decimal string - set $INPUT prior to call20REM TRANSLATE_HEX() - var to hexidecimal string - set $INPUT prior to call21REM TRANSLATE_BINARY() - var to binary string - set $INPUT prior to call22REM TRANSLATE_BOOL() - var to boolean string - set $INPUT prior to call2324REM USAGE:25REM set $INPUT to desired var26REM call the correct translate_ function for the expected data type e.g.27REM VAR $myVar = 123428REM $INPUT = $myVar29REM TRANSLATE_INT()30REM REM the above code will inject 12343132REM begin extension variables33DEFINE PRINT_INT 034DEFINE PRINT_HEX 135VAR $DIGIT_PRINT_MODE = PRINT_INT36VAR $D = 037VAR $IN = 038VAR $INPUT = 039VAR $MOD = 040VAR $P = FALSE41VAR $NL = TRUE42REM end extension variables4344REM REQUIRED for INT/HEX - convert int to char45FUNCTION PRINTDIGIT()46IF ($D == 0) THEN47STRING 048ELSE IF ($D == 1) THEN49STRING 150ELSE IF ($D == 2) THEN51STRING 252ELSE IF ($D == 3) THEN53STRING 354ELSE IF ($D == 4) THEN55STRING 456ELSE IF ($D == 5) THEN57STRING 558ELSE IF ($D == 6) THEN59STRING 660ELSE IF ($D == 7) THEN61STRING 762ELSE IF ($D == 8) THEN63STRING 864ELSE IF ($D == 9) THEN65STRING 966ELSE IF ($DIGIT_PRINT_MODE == PRINT_HEX) THEN67IF ($D == 10) THEN68STRING A69ELSE IF ($D == 11) THEN70STRING B71ELSE IF ($D == 12) THEN72STRING C73ELSE IF ($D == 13) THEN74STRING D75ELSE IF ($D == 14) THEN76STRING E77ELSE IF ($D == 15) THEN78STRING F79END_IF80ELSE81STRING ?82END_IF83END_FUNCTION8485REM REQUIRED for INT/HEX- consumes a character / place from the input86FUNCTION CONSUME()87$D = 088WHILE ($INPUT >= $MOD)89$D = ($D + 1)90$INPUT = ($INPUT - $MOD)91END_WHILE92IF (($D > 0) || ($P == TRUE)) THEN93$P = TRUE94PRINTDIGIT()95END_IF96END_FUNCTION9798REM ENDIAN SWAPPER helper, (useful for working with VID/PID)99FUNCTION SWAP_ENDIAN()100$INPUT = ((($INPUT >> 8) & 0x00FF) | (($INPUT << 8) & 0xFF00))101END_FUNCTION102103REM Translates a variable of presumed integer type and attempts to convert104REM and inject a DECIMAL string representation105FUNCTION TRANSLATE_INT()106$DIGIT_PRINT_MODE = PRINT_INT107$P = FALSE108IF ( $INPUT >= 10000) THEN109$MOD = 10000110CONSUME()111END_IF112IF (($INPUT >= 1000) || ($P == TRUE)) THEN113$MOD = 1000114CONSUME()115END_IF116IF (($INPUT >= 100) || ($P == TRUE)) THEN117$MOD = 100118CONSUME()119END_IF120IF (($INPUT >= 10) || ($P == TRUE)) THEN121$MOD = 10122CONSUME()123END_IF()124$D = $INPUT125PRINTDIGIT()126IF $NL THEN127ENTER128END_IF129END_FUNCTION130131REM Translates a variable of presumed boolean type and attempts to convert132REM and inject a BOOLEAN string representation133FUNCTION TRANSLATE_BOOL()134IF $INPUT THEN135STRING TRUE136ELSE137STRING FALSE138END_IF139IF $NL THEN140ENTER141END_IF142END_FUNCTION143144REM Translates a variable of presumed integer type and attempts to convert145REM and inject a HEX string representation146FUNCTION TRANSLATE_HEX()147$DIGIT_PRINT_MODE = PRINT_HEX148VAR $chars = 0149VAR $d1 = 0150VAR $d2 = 0151VAR $d3 = 0152VAR $d4 = 0153WHILE ($INPUT > 0)154IF ($chars == 0) THEN155$d1 = ($INPUT % 16)156ELSE IF ($chars == 1) THEN157$d2 = ($INPUT % 16)158ELSE IF ($chars == 2) THEN159$d3 = ($INPUT % 16)160ELSE IF ($chars == 3) THEN161$d4 = ($INPUT % 16)162END_IF163$chars = ($chars + 1)164$INPUT = ($INPUT / 16)165END_WHILE166VAR $i = 0167STRING 0x168IF ($chars == 0) THEN169STRING 0x0000170ELSE IF ($chars == 1) THEN171STRING 000172$D = $d1173PRINTDIGIT()174ELSE IF ($chars == 2) THEN175STRING 00176$D = $d2177PRINTDIGIT()178$D = $d1179PRINTDIGIT()180ELSE IF ($chars == 3) THEN181STRING 0182$D = $d3183PRINTDIGIT()184$D = $d2185PRINTDIGIT()186$D = $d1187PRINTDIGIT()188ELSE IF ($chars == 4) THEN189STRING 0190$D = $d4191PRINTDIGIT()192$D = $d3193PRINTDIGIT()194$D = $d2195PRINTDIGIT()196$D = $d1197PRINTDIGIT()198END_IF199IF $NL THEN200ENTER201END_IF202END_FUNCTION203204REM Translates a variable of presumed integer type and attempts to convert205REM and inject a BINARY string representation206FUNCTION TRANSLATE_BINARY()207VAR $I = 16208WHILE ( $I > 0 )209$I = ($I - 1)210IF (($INPUT & 0x8000) == 0 ) THEN211STRING 0212ELSE213STRING 1214END_IF215$INPUT = ($INPUT << 1)216END_WHILE217IF $NL THEN218ENTER219END_IF220END_FUNCTION221END_EXTENSION222223ATTACKMODE HID224DELAY 3000225DEFINE GAME_SPEED 500226VAR $SCORE = 0227VAR $COIN = 6228VAR $MAX = 9999229VAR $RUNNING = TRUE230VAR $INPUT = 0231$NL = FALSE232233FUNCTION move()234SHIFT LEFTARROW235SPACE236DOWNARROW237IF (($_RANDOM_INT % 2) == 0) THEN238$COIN = ($COIN + 1)239RIGHTARROW240ELSE241$COIN = ($COIN - 1)242LEFTARROW243END_IF244SHIFT LEFTARROW245STRING 0246END_FUNCTION247248FUNCTION drop()249VAR $A = 4250WHILE ($A > 0)251move()252DELAY GAME_SPEED253$A = ($A - 1)254END_WHILE255SHIFT LEFTARROW256SPACE257DOWNARROW258SHIFT LEFTARROW259STRING 0260DELAY GAME_SPEED261SHIFT LEFTARROW262SPACE263END_FUNCTION264265FUNCTION write_score()266DOWNARROW267DOWNARROW268END269SHIFT HOME270VAR $POINTS = 1271IF ($COIN == 6) THEN272$POINTS = 5273ELSE IF (($COIN == 4) || ($COIN == 8)) THEN274$POINTS = 2275END_IF276277IF ($POINTS > ($MAX - $SCORE)) THEN278$SCORE = ($POINTS - ($MAX - $SCORE))279ELSE280$SCORE = ($SCORE + $POINTS)281END_IF282283STRING SCORE:284$INPUT = $SCORE285TRANSLATE_INT()286END_FUNCTION287288FUNCTION end_game()289LED_R290$RUNNING = FALSE291END_FUNCTION292293FUNCTION reset()294UPARROW295UPARROW296UPARROW297UPARROW298UPARROW299UPARROW300UPARROW301END302LEFTARROW303LEFTARROW304LEFTARROW305LEFTARROW306LEFTARROW307SHIFT LEFTARROW308STRING 0309$COIN = 6310END_FUNCTION311312FUNCTION play_game()313STRINGLN Penny drop / pachinko style game.314STRINGLN Press scroll lock to drop a coin.315ENTER316STRINGLN _(PENNY)_317STRINGLN / 0 \318STRINGLN | . |319STRINGLN | . . |320STRINGLN | . . . |321STRINGLN | . . . . |322STRINGLN | | | | | |323STRINGLN |1|2|5|2|1|324reset()325WAIT_FOR_SCROLL_CHANGE326WHILE ($RUNNING == TRUE)327drop()328write_score()329reset()330WAIT_FOR_SCROLL_CHANGE331END_WHILE332ATTACKMODE HID STORAGE333END_FUNCTION334335BUTTON_DEF336end_game()337END_BUTTON338339play_game()340341342