Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BadUSB: Mouse control #4004

Draft
wants to merge 15 commits into
base: dev
Choose a base branch
from
Draft

Conversation

jetrp1
Copy link

@jetrp1 jetrp1 commented Nov 15, 2024

BadUSB: Mouse Control

I often found myself automating various functionality and wanting to be able to trigger a mouse click. This PR will add basic mouse functionality to the BadUSB App. Additionally this makes mouse movement more accessible for research on how this type of movement can be used in a security sensitive enviroment.

What's new

Several new mouse commands:

  • LEFTCLICK
  • RIGHTCLICK
  • MOUSEMOVE
  • MOUSE SCROLL

Documentation also updated to reflect the changes

Additionally I implemented functionality for the Middle click (often the mouse wheel button) but in my testing it seemed to only work some of the time.

Verification

I found the easiest way to visualize the mouse movements was to use minecraft as that will show the movements very easily. My script here includes the MIDDLECLICK function, but as you see that does not work yet. If I get some more time int he future I'll look into why that does not work as expected and create an PR for that.

I used the following BadUSB script:

REM Testing Mouse Functions

DEFAULT_DELAY 1000

STRING t
STRING LEFTCLICK
ENTER
DELAY 1500
LEFTCLICK

STRING t
STRING RIGHTCLICK
ENTER
DELAY 1500
RIGHTCLICK

STRING t
STRING MIDDLECLICK - has been mapped to select slot 5 on game hotbar
ENTER
DELAY 1500
MIDDLECLICK

STRING t
STRING MOUSESCROLL
ENTER
MOUSESCROLL 1
REPEAT 4
MOUSESCROLL -1
REPEAT 4

STRING t
STRING MOUSE_SCROLL
ENTER
MOUSE_SCROLL 2
MOUSE_SCROLL -2

STRING t
STRING MOUSEMOVE
ENTER 
MOUSEMOVE 50 0
REPEAT 8
MOUSEMOVE 0 50
REPEAT 8
MOUSEMOVE -50 -50
REPEAT 8

STRING t
STRING MOUSE_MOVE
ENTER 
MOUSE_MOVE 50 0
REPEAT 8
MOUSE_MOVE 0 50
REPEAT 8
MOUSE_MOVE -50 -50
REPEAT 8


STRING t
STRING HOLD LEFT_CLICK
ENTER
HOLD LEFT_CLICK
DELAY 5000
RELEASE LEFT_CLICK

MOUSEMOVE 500 -100

STRING t
STRING REPEAT
ENTER
STRING 2
RIGHT_CLICK
REPEAT 3

STRING t
STRING TESTING DONE
ENTER

A Short video of running this script:

https://youtu.be/hi02vP7v6do

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

@Willy-JL
Copy link
Contributor

i wanted to implement something like this for a while and had it on my todo list, happy to see its becoming a reality! great work! 💯

@jetrp1
Copy link
Author

jetrp1 commented Nov 24, 2024

Thank you!


line = &line[ducky_get_command_len(line) + 1];

// Handle Keyboard keys here
uint16_t key = ducky_get_keycode(bad_usb, line, true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You will get valid key code here (first symbol of argument will become one).

bad_usb->key_hold_nb++;
if(bad_usb->key_hold_nb > (HID_KB_MAX_KEYS - 1)) {
return ducky_error(bad_usb, "Too many keys are hold");
}

if(isMouse) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it will be ignored because of this condition.

uint16_t key = ducky_get_keycode(bad_usb, line, true);
if(key == HID_KEYBOARD_NONE) {
return ducky_error(bad_usb, "No keycode defined for %s", line);
}

// Handle Mouse Keys here
key = ducky_get_mouse_keycode_by_name(line);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that badusb code is not the best example, but I got feeling that what you doing here makes it even more difficult to read.

Do you mind to try to refactor keycode parsing and handling in more explicit way? In a way where if you started mouse branch then you do mouse branch and there is no places where keyboard and mouse collide?

@skotopes skotopes marked this pull request as draft December 23, 2024 04:07
@skotopes
Copy link
Member

Un-draft when ready and let me know if you need any help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants