Tindie Blog | PicoUSB: RP2040-based Pentesting Tool

Pentesters and security researchers have all sorts of neat gadgets for practicing their trade. A popular tool are USB dongles that can quickly enter text and mouse movements at a completely inhuman rate. This can be used to exploit security holes during a physical pentest, or it can be used for totally innocuous purposes. The PicoUSB is an inexpensive, Pico-based version of the original device, called the Rubber Ducky.

While the PicoUSB is based on the concept of the Rubber Ducky, it uses a slightly different syntax for its scripts. Make sure to check out the GitHub repo to see some example code and a list of the supported commands. We’re hoping to see the implementation grow in the future — and because it’s open-source, you can contribute and/or fork your own custom version if you want!

The PicoUSB uses the flash storage chip to store scripts. Because they are just text files, the amount of space required is very small. There’s all sorts of mischief you can get up to — just remember, it’s unethical and likely illegal to use these on computers that you don’t own without explicit permission! This is VoltMake’s first product on Tindie, so let’s give them a warm welcome!