#!/bin/zsh
mount -o offset=512 keys.img /mnt
if [ -f /mnt/keys.bin -o -f /mnt/keys.txt ];then
export init=0
else
export init=1
fi
umount /mnt
while true;do
if echo $init|grep -qw 1;then
umount /mnt
rm keys.img
dd if=/dev/zero of=keys.img count=2000 > /dev/null 2>/dev/null
fdisk keys.img > /dev/null 2>/dev/null<<EOF
o
y
n




t
07
w
y
EOF
losetup -P /dev/loop0 keys.img > /dev/null 2>/dev/null
mkdosfs -n copypayload /dev/loop0p1 > /dev/null 2>/dev/null
losetup -D > /dev/null 2>/dev/null
mount -o offset=512 keys.img /mnt
cat > /mnt/readme.txt<<EOF
DO NOT SAVE ANY DATA TO THIS DRIVE!
Two formats of data are accepted. 
1: keys.bin, if present, should contain propperly formed raw HID reports. The contents of this file are sent to the /dev/hidg0 device exposed on next connection.
2: keys.txt can contain data in text format that is converted into hid reports before being sent to /dev/hidg0
The following special characters are accepted in the input, echo them using the -en opperands in most unix shells:
\\01: sends enter
\\02: sends windows r, opens run dialog
\\03: sends command shift u to open utilities folder in OSX finder
\\04: sends command o to trigger opening selected application in OSX Finder
\\n: waits the duration of one keypress, around 250 milliseconds
EOF
umount /mnt
losetup -D > /dev/null 2>/dev/null
usbmgr rm g1
usbmgr init g1 1d6b 0124 linux 1234567890 ducky-on-steroids-copy-payload storage keys.img
sleep .5
export init=0
else
if grep -iqw configured /sys/class/udc/`ls /sys/class/udc|head -n 1`/state;then
sleep .5
else
mount -o offset=512 keys.img /mnt
if [ -f /mnt/keys.bin ];then
usbmgr rm g1
usbmgr init g1 1d6b 0124 linux 1234567890 ducky-on-steroids hid
sleep .5
cat /mnt/keys.bin > /dev/hidg0
fi
if [ -f /mnt/keys.txt ];then
usbmgr rm g1
usbmgr init g1 1d6b 0124 linux 1234567890 ducky-on-steroids hid
sleep .5
hidsend /mnt/keys.txt > /tmp/keys.bin
cp /tmp/keys.bin /dev/hidg0
rm /tmp/keys.bin
fi
rm /mnt/keys.txt
export init=1
fi
fi
done
