Top 5 This Week

Related Posts

Building a BadUSB with Raspberry Pi Pico and CircuitPython

Getting your Trinity Audio player ready...

Building a BadUSB with Raspberry Pi Pico and CircuitPython

In this article, we explore the technical construction of a BadUSB device using Raspberry Pi Pico and Adafruit CircuitPython. This tool, resembling a USB Rubber Ducky, can automate keystrokes to execute commands on a target computer.

Hardware Requirements

Software Requirements

  • Adafruit CircuitPython: A Python-based framework for microcontrollers. Official Site | Mirror
  • CircuitPython Library Bundle: Includes necessary libraries for HID (Human Interface Device) functionalities. Official Site | Mirror
  • Pico-Ducky Script: Converts Ducky Script into Python for the Raspberry Pi Pico. Official Site | Mirror
  • Hak5 Rubber Ducky Payloads: A collection of pre-written scripts for the USB Rubber Ducky. Official Site

Step-by-Step Construction Guide

    Security Implications and Ethical Considerations

    Discuss the ethical use of such devices, emphasizing their potential for both security testing and malicious activities.

    Defending Against BadUSB Attacks

    Offer strategies and best practices for protecting systems against BadUSB threats.

    Hardware Requirements:

    Step-by-Step detailed tutorial

    Software Requirements:


    1. connect the Raspberry Pi Pico board to your computer using the Micro USB cable. It will get recognized as a mass storage device with the name: “RPI-RP2”
    2. copy the file “adafruit-circuitpython-raspberry_pi_pico-en_US-6.3.0.uf2” from your computer to the Raspberry Pi Pico board in the root directory. The Raspberry Pi will disconnect and then immediatelly reconnect with a new name: “CircuitPy”
    3. In order to allow the Raspberry Pi Pico board to present itself as a HID (Human Interface Device) device towards the target computer we need to extract the file: “” and browse to “lib” directory and copy the “adafruit_hid” directory to “CircuitPy” under the location “lib”
    4. extract “” and copy the file: “” to the root of the “CircuitPy” mass storage device
    5. inside the “CircuitPy” mass storage device delete the original file: “” and rename the “” into “”
    6. upload to the already prepared badUSB the custom code from hak5darren, choose the desired code, copy it from github and paste it in a txt file and rename it to: payload.dd, then copy the file in the root directory of the “CircuitPy” mass storage device. Done.
    Cogeanu Marius
    Cogeanu Marius
    Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


    Please enter your comment!
    Please enter your name here

    Popular Articles