From 064bd4b20956adec508c3b37e7c38ef741d5901f Mon Sep 17 00:00:00 2001
From: Pittermanifique <isaac.lestage@gmail.com>
Date: Thu, 25 Sep 2025 18:53:30 +0200
Subject: [PATCH 1/3] Payload

---
 .idea/.gitignore                              |  3 +++
 .idea/inspectionProfiles/Project_Default.xml  | 14 ++++++++++++++
 .../inspectionProfiles/profiles_settings.xml  |  6 ++++++
 .idea/misc.xml                                |  7 +++++++
 .idea/modules.xml                             |  8 ++++++++
 .idea/picoUSB.iml                             | 12 ++++++++++++
 .idea/vcs.xml                                 |  6 ++++++
 src/boot.py                                   | 19 ++++++++++++-------
 src/code.py                                   | 13 +++++++++++++
 src/layout.txt                                |  2 +-
 src/payload/test.bat                          |  1 +
 11 files changed, 83 insertions(+), 8 deletions(-)
 create mode 100644 .idea/.gitignore
 create mode 100644 .idea/inspectionProfiles/Project_Default.xml
 create mode 100644 .idea/inspectionProfiles/profiles_settings.xml
 create mode 100644 .idea/misc.xml
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/picoUSB.iml
 create mode 100644 .idea/vcs.xml
 create mode 100644 src/payload/test.bat

diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..26d3352
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..3e3f093
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,14 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="PyTupleAssignmentBalanceInspection" enabled="false" level="WARNING" enabled_by_default="false" />
+    <inspection_tool class="PyTypeCheckerInspection" enabled="false" level="WARNING" enabled_by_default="false" />
+    <inspection_tool class="PyUnresolvedReferencesInspection" enabled="true" level="WARNING" enabled_by_default="true">
+      <option name="ignoredIdentifiers">
+        <list>
+          <option value="pyqtgraph.widgets.GraphicsLayoutWidget.GraphicsLayoutWidget.*" />
+        </list>
+      </option>
+    </inspection_tool>
+  </profile>
+</component>
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..a6218fe
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="Black">
+    <option name="sdkName" value="Python 3.11" />
+  </component>
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.11" project-jdk-type="Python SDK" />
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..9e2f41a
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/picoUSB.iml" filepath="$PROJECT_DIR$/.idea/picoUSB.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/picoUSB.iml b/.idea/picoUSB.iml
new file mode 100644
index 0000000..b5ad51a
--- /dev/null
+++ b/.idea/picoUSB.iml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="jdk" jdkName="Python 3.11" jdkType="Python SDK" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+  <component name="PyDocumentationSettings">
+    <option name="format" value="PLAIN" />
+    <option name="myDocStringFormat" value="Plain" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/src/boot.py b/src/boot.py
index bbcdf1b..38754f1 100644
--- a/src/boot.py
+++ b/src/boot.py
@@ -29,18 +29,23 @@
 storage.remount("/", readonly=True)
 storage.enable_usb_drive()
 
-time.sleep(0.1) #wait a bit so the button gets pulled up
+flag = microcontroller.nvm[0]
 
-if mode.value:
-    storage.disable_usb_drive()
+time.sleep(0.1) #wait a bit so the button gets pulled up
+if flag:
+    storage.enable_usb_drive()
+    microcontroller.nvm[0] = 0
 else:
-    time.sleep(0.1) #check again after 100ms to see if the button is still pressed
     if mode.value:
         storage.disable_usb_drive()
     else:
-        storage.enable_usb_drive()
-        microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
-        microcontroller.reset()
+        time.sleep(0.1) #check again after 100ms to see if the button is still pressed
+        if mode.value:
+            storage.disable_usb_drive()
+        else:
+            storage.enable_usb_drive()
+            microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
+            microcontroller.reset()
     
 
 # in case you screw up and disable usb drive without the ability to enable it, to enter safe mode write in shell:
diff --git a/src/code.py b/src/code.py
index 64741d6..6d34251 100644
--- a/src/code.py
+++ b/src/code.py
@@ -3,6 +3,7 @@
 import re
 import time
 import board
+import microcontroller
 import storage
 import usb_hid
 import digitalio
@@ -25,6 +26,7 @@
 led.direction = digitalio.Direction.OUTPUT
 led.value = True
 
+flag = microcontroller.nvm[0]
 looping = False
 loop_pos = 0
 
@@ -41,6 +43,17 @@ def execute_command(function, command):
             for idx in range(0, len(command), 1):
                 keys[idx] = getattr(Keycode, command[idx])
             kb.send(*keys)
+    elif function == "PAYLOAD":
+        kb.send(Keycode.WINDOWS,Keycode.R)
+        time.sleep(0.1)
+        layout.write(
+            r'cmd /c "timeout /t 5 >nul & for /f \"tokens=2 delims==\" %i in (\'wmic logicaldisk where \"VolumeName=\'PicoUSB\'\" get DeviceID /value\') do start \"\" \"%i\\payload\\' + command
+        )
+        kb.send(Keycode.ENTER)
+        time.sleep(0.1)
+        microcontroller.nvm[0] = 1
+        microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
+        microcontroller.reset()
     elif function == "WRITE":
         layout.write(command)
     elif function == "HOLD":
diff --git a/src/layout.txt b/src/layout.txt
index 67fec46..8da423e 100644
--- a/src/layout.txt
+++ b/src/layout.txt
@@ -1,4 +1,4 @@
-layout(CRO)
+layout(FR)
 
 # to change layout, edit the country layout in between the brackets. Example: layout(US)
 # layouts generated using Circuitpython_Keyboard_Layouts
diff --git a/src/payload/test.bat b/src/payload/test.bat
new file mode 100644
index 0000000..0f23595
--- /dev/null
+++ b/src/payload/test.bat
@@ -0,0 +1 @@
+msg * "Payload run !"

From a8268d387c7b08644d1d23bcb0bc06766c01f069 Mon Sep 17 00:00:00 2001
From: Pittermanifique <isaac.lestage@gmail.com>
Date: Thu, 25 Sep 2025 22:42:44 +0200
Subject: [PATCH 2/3] Payload test.bat file not fund

---
 src/boot.py      | 28 ++++++++++++++++++----------
 src/code.py      | 12 ++++++++----
 src/pico_usb.txt | 14 +-------------
 3 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/src/boot.py b/src/boot.py
index 38754f1..4580232 100644
--- a/src/boot.py
+++ b/src/boot.py
@@ -29,23 +29,31 @@
 storage.remount("/", readonly=True)
 storage.enable_usb_drive()
 
-flag = microcontroller.nvm[0]
 
 time.sleep(0.1) #wait a bit so the button gets pulled up
-if flag:
-    storage.enable_usb_drive()
-    microcontroller.nvm[0] = 0
+
+if mode.value:
+    if microcontroller.nvm[0] == 1:
+        microcontroller.nvm[0] = 0
+        storage.enable_usb_drive()
+        microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
+        microcontroller.reset()
+    else:
+        storage.disable_usb_drive()
 else:
+    time.sleep(0.1) #check again after 100ms to see if the button is still pressed
     if mode.value:
-        storage.disable_usb_drive()
-    else:
-        time.sleep(0.1) #check again after 100ms to see if the button is still pressed
-        if mode.value:
-            storage.disable_usb_drive()
-        else:
+        if microcontroller.nvm[0] == 1:
+            microcontroller.nvm[0] = 0
             storage.enable_usb_drive()
             microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
             microcontroller.reset()
+        else:
+            storage.disable_usb_drive()
+    else:
+        storage.enable_usb_drive()
+        microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
+        microcontroller.reset()
     
 
 # in case you screw up and disable usb drive without the ability to enable it, to enter safe mode write in shell:
diff --git a/src/code.py b/src/code.py
index 6d34251..7279187 100644
--- a/src/code.py
+++ b/src/code.py
@@ -44,15 +44,19 @@ def execute_command(function, command):
                 keys[idx] = getattr(Keycode, command[idx])
             kb.send(*keys)
     elif function == "PAYLOAD":
-        kb.send(Keycode.WINDOWS,Keycode.R)
+        kb.send(Keycode.WINDOWS, Keycode.R)
         time.sleep(0.1)
-        layout.write(
-            r'cmd /c "timeout /t 5 >nul & for /f \"tokens=2 delims==\" %i in (\'wmic logicaldisk where \"VolumeName=\'PicoUSB\'\" get DeviceID /value\') do start \"\" \"%i\\payload\\' + command
+        volume_label = "PICOUSB"
+        powershell_cmd = (
+            'powershell -NoExit -Command "Start-Sleep 10; '
+            'Get-Volume | Where-Object {$_.FileSystemLabel -eq \'' + volume_label + '\'} | '
+            'ForEach-Object {Start-Process \"$($_.DriveLetter):\\payload\\' + command + '\"}"'
         )
+        layout.write(powershell_cmd)
+        time.sleep(3)
         kb.send(Keycode.ENTER)
         time.sleep(0.1)
         microcontroller.nvm[0] = 1
-        microcontroller.on_next_reset(microcontroller.RunMode.SAFE_MODE)
         microcontroller.reset()
     elif function == "WRITE":
         layout.write(command)
diff --git a/src/pico_usb.txt b/src/pico_usb.txt
index 1c42da4..1bf861f 100644
--- a/src/pico_usb.txt
+++ b/src/pico_usb.txt
@@ -22,16 +22,4 @@
 ######################################################################################
 
 delay(1)
-press(windows + d) # minimizes all windows
-delay(1)
-press(windows + r) # Run window
-delay(2)
-write(notepad)
-press(enter)
-delay(2)
-write(Hello from PicoUSB!)
-delay(1)
-loop()
-write(!)
-move(5, 5)
-delay(0.5)
+payload(test.bat)

From b30c896bd3a1cb7b64c6bb0570758de90ee5c519 Mon Sep 17 00:00:00 2001
From: Pittermanifique <isaac.lestage@gmail.com>
Date: Fri, 26 Sep 2025 21:28:17 +0200
Subject: [PATCH 3/3] Add Payload

---
 .gitignore           |  1 +
 README.md            |  1 +
 src/code.py          |  7 +++----
 src/payload/test.bat |  3 ++-
 src/pico_usb.txt     | 15 ++++++++++++++-
 5 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 900d17e..0dae2f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /.venv
 /typings
+/.idea
diff --git a/README.md b/README.md
index ebb4250..a97325b 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,7 @@ That is it! Modify `pico_usb.txt` to change the functionality. See below to know
 - scroll(x) - scrolls the mouse. Negative number scrolls down, possitive scroll up
 - volume(x) - Modifies the system volume. Negative numbers move the volume slider down by x, possitive move it up by x. min volume = 0. max = 100. `volume(mute)` mutes the speakers.
 - loop() - loops everything before this command
+- payload() - allows you to launch a bat file present on the “picousb” in the “payload” folder, for example `payload(test.bat)` (only on window).
 
 ## Development
 
diff --git a/src/code.py b/src/code.py
index 7279187..927c6ba 100644
--- a/src/code.py
+++ b/src/code.py
@@ -48,12 +48,11 @@ def execute_command(function, command):
         time.sleep(0.1)
         volume_label = "PICOUSB"
         powershell_cmd = (
-            'powershell -NoExit -Command "Start-Sleep 10; '
-            'Get-Volume | Where-Object {$_.FileSystemLabel -eq \'' + volume_label + '\'} | '
-            'ForEach-Object {Start-Process \"$($_.DriveLetter):\\payload\\' + command + '\"}"'
+                'powershell -NoExit -Command "Start-Sleep 3; '
+                'Get-Volume | Where-Object { $_.FileSystemLabel -eq \'' + volume_label + '\' } | '
+                'ForEach-Object { Start-Process (\'{0}:\\payload\\' + command + '\' -f $_.DriveLetter) }"'
         )
         layout.write(powershell_cmd)
-        time.sleep(3)
         kb.send(Keycode.ENTER)
         time.sleep(0.1)
         microcontroller.nvm[0] = 1
diff --git a/src/payload/test.bat b/src/payload/test.bat
index 0f23595..85fe514 100644
--- a/src/payload/test.bat
+++ b/src/payload/test.bat
@@ -1 +1,2 @@
-msg * "Payload run !"
+echo HelloWorld
+pause
diff --git a/src/pico_usb.txt b/src/pico_usb.txt
index 1bf861f..02c740d 100644
--- a/src/pico_usb.txt
+++ b/src/pico_usb.txt
@@ -1,3 +1,4 @@
+
 # PicoUSB Payloads go in this file
 # DO NOT FORGET to change your country keyboard layout in layout.txt!
 ######################################################################################
@@ -22,4 +23,16 @@
 ######################################################################################
 
 delay(1)
-payload(test.bat)
+press(windows + d) # minimizes all windows
+delay(1)
+press(windows + r) # Run window
+delay(2)
+write(notepad)
+press(enter)
+delay(2)
+write(Hello from PicoUSB!)
+delay(1)
+loop()
+write(!)
+move(5, 5)
+delay(0.5)