FlipperZero: BadUSB JavaScript (deploys payloads+show exfil data on Flipper)
Vložit
- čas přidán 7. 07. 2024
- In this video we look at an example of JavaScript in the Momentum firmware. We use APIs to copy a file from our SD card into a virtual USB Disk. We use APIs to type PowerShell commands on the PC. Our PowerShell auto-detects the Flipper & copies payloads locally, runs commands and stores results back on the virtual USB Disk. We use APIs to copy the virtual USB Disk results back to the SD card memory. We use APIs to show the file directly on the Flipper (IP addresses of the machine + saved WIFI credentials.)
MAKE SURE YOUR SCRIPT HAS THE PROPER KEYBOARD LAYOUT! USING THE WRONG LAYOUT IS A COMMON CAUSE OF A MISBEHAVING SCRIPT.
The Flipper isn't doing anything "magic". You could manually type all of these commands (or a subset of them) and see the exact same information. Flipper Zero is just automating the process; click run and then see the results a couple minutes later! Remember -- only test on machines you own! (WARNING: BE CAREFUL. Bad-USB does NOT KNOW where it is typing, so if it isn't in the PowerShell window, it could type over important documents or start pressing buttons in your email or other programs!)
Join the discord server (conversations and giveaways): / discord
Support this channel:
Option 1. Like, Subscribe and click the Bell (to get notified)
Option 2. ko-fi.com/codeallnight (donate $3 via PayPal or Venmo)
Option 3. Click the "Thanks" button on CZcams.
Option 4. Purchase a FlipBoard (I get a portion of the sale). github.com/MakeItHackin/FlipB...
You can find the script from this video here:
github.com/jamisonderek/flipp...
Also join momentum Discord server [see the script-sharing channel]:
/ discord
Timeline:
0:00 - Introduction
1:24 - Configuration
3:12 - JavaScript walkthrough
6:12 - Call Flipper native code from JavaScript! (FFI)
7:24 - Summary - Věda a technologie
You need the LATEST dev build to run this script. This script uses the latest features of Momentum (written two days ago) not yet available elsewhere.
If you get... "textbox" module load fail at :23 -- Your firmware is too old
If you get... "file/dir not exist at :71" -- You need to put `demo.mp3` (all lowercase) in `SD Card/apps/Scripts/payloads/demo.mp3`
If you get... "out of memory" -- You need to reboot the Flipper (BACK+LEFT buttons) before running the script.
To install latest firmware... momentum-fw.dev/update/ and choose "Dev" instead of "Release" (Disclaimer: this is not the high-quality product you typically from Momentum "mtm-0001", but a testing area for new features) and click "Flash". My video at czcams.com/video/GAzz-rM99MM/video.html shows you how starting at 3:37 into the video.
If you still have issues, please join my Discord server for assistance... discord.com/invite/NsjCvqwPAd
Thank you so much, very in-depth and well explained tutorial. Can't wait to see what cool things people do!
Also loved the ffi() shoutout, I already know someone is gonna go crazy with that (someone on our discord already has, but having it explained here is perfect)
Thank you for the late-night code & fixes! It's super exciting to see JavaScript evolving on the Flipper. Hopefully it will start to enable more people to develop for the Flipper.
Fantastic. It’s amazing to see how the community is supporting the Flipper Zero and continually expanding its abilities. Just wow.
I really hope that at some point Official firmware adds support for the majority of modules that are in Momentum. Being able to use JavaScript really is a nice development environment for smaller applications & hopefully people find it easier to modify the scripts for their needs.
The beauty of machines is the people who stays behind, dont forget that.
Glad if i could help :) Good job!
Thanks again! Your scripts using ffi helped me understand the core topic (and enabled me to implement features while I'm waiting for them to appear officially). I really appreciate your examples. I found wrapping them in an object to load(...) makes it feel even more intuitive.
@@MrDerekJamison In theory we could adjust the require method and fallback to the file system for loading js files. This would make it feel even more like JS (CommonJS).
Nice ❤💯👍
🤗
Good job boss
Thanks
Thank you for these good videos , but i tried your script on github and give me error that "textbox" module load failed
Thanks for the feedback. I should have been clearer that it only works with the latest dev branch from Momentum. Some of the features used by this script were written this week. I pinned a comment with directions & troubleshooting. Sorry about that.
Hi Derek, what would cause the error message? - "textbox" module load fail:23
Great question. I'll try to mention that in future videos. This script uses the latest features of Momentum (written two days ago) not yet available elsewhere.
momentum-fw.dev/update/ and choose "Dev" instead of "Release" (Disclaimer: this is not the high-quality product you typically from Momentum "mtm-0001", but a testing area for new features) and click "Flash".
If you still have issues, please join my Discord server for assistance...
discord.com/invite/NsjCvqwPAd
good evening, I'm a very noob, but I can't understand why I have to insert the letter "i" in the script to open powershell, on my PC the letter "i" corresponds to system, in fact the script is unable to open powrshell, thanks for the help help.
badusb.press("GUI", "x") does a Windows+X, which should bring up a menu of options (Installed A&pps, Power &Options, ..., Term&inal, etc.) Pressing "i" in that list chooses a non-admin Terminal PowerShell window. You can try manually pressing those keystrokes to see if your system behavior is different, then modify the script to the sequence you need.
An alternative would be: badusb.press("GUI", "r"); delay(500); badusb.println("Powershell"); delay(3000);
This would bring up the Run dialog and type "Powershell" and press enter.
thankyou so much!