At SecTor 2021, as part of the IoT Hack Lab, I demoed a new toy I was working on – a Raspberry Pi Pico that would emulate an HID when plugged into a device and issue commands. I called it my poor person’s USB Rubber Ducky. The demo was a hit and numerous people were directed to visit us and see the tool in action. Given the popularity, I’ve spent the past year making the code more modular and flexible – allowing people to customize the device with ease. In this presentation, I will share the project, the code, and details on how to obtain the software and utilize it with your own Raspberry Pi Pico. The presentation will include a live demonstration and custom payload creation. The release of the code on Github will coincide with this presentation.
Attendees will learn how to flash a Pico with Python, which libraries are needed to make the device work, where to find the code for the device, and how to write custom payloads to perform their own keystroke injection.