A Pico Ducky is a USB rubber ducky, defined on the internet as - "USB Rubber ducky is an HID device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim's computers."
If you want to skip to the Github Repository here is the link.
.uf2file from CircuitPython for the Raspberry Pi Pico
Plug the device into a USB port while holding the boot button. It will show up as a removable media device named
Copy the downloaded
.uf2file to the root of the Pico (
RPI-RP2). The device will reboot and after a second or so, it will reconnect as
adafruit-circuitpython-bundle-7.x-mpy-YYYYMMDD.zipfrom here and extract it on your main device (not the Pico).
libin the recently extracted folder and copy
libfolder in your Raspberry Pi Pico.
Click here, press CTRL + S and save the file as
code.pyin the root of the Raspberry Pi Pico, overwriting the previous file.
Before the next step, let us enter setup mode. To enter setup mode by connecting the pin 1 (
GP0) to pin 3 (
GND), this will stop the pico-ducky from injecting the payload in your own machine. The easiest way to so is by using a jumper wire between those pins as seen bellow.
Be careful, if your device isn't in setup mode, the device will reboot and after half a second, the script will run.
Enable Disable Mode
If you need the pico-ducky to not show up as a USB mass storage device for stealth, follow these instructions.
- Enter setup mode.
- Copy boot.py to the root of the pico-ducky.
- Copy your payload script to the pico-ducky.
- Disconnect the pico from your host PC.
- Connect a jumper wire between pin 18 (
GND) and pin 20 (
- This will prevent the pico-ducky from showing up as a USB drive when plugged into the target computer.
- Remove the jumper and reconnect to your PC to reprogram.
- The default mode is USB mass storage enabled.