Why do I keep a hacking tool in my backpack? Mostly for fun and shenanigans, but it also has some legitimate uses.

In the driest desert in the world, far away from civilization, there's a copper mine with a couple of robots I know very well. One day, the mine decided to change the way those robots log data, which required me to intervene on that MSSQL server. Normally, this wouldn't be an issue with a standard connection, but the internet connection to that mine travels through microwaves, copper, and fiber between the mine and the closest city. Meanwhile, I'm on another continent.

So, the connection is far from ideal, and the remote desktop client only allows keyboard and mouse inputs. I can’t send or receive files, and I can’t even take a screenshot. Creating the query and testing on my local machine took a reasonable amount of time. I’ve done similar queries before, and I have a similar enough database for development. But typing the query by hand wasn’t an option; it's 573 lines long, and most of them are wider than the screen resolution can display. This is a big problem considering that a single error could break the query or, worse yet, pass unnoticed and change the production statistics of my client.

Enter the Flipper Zero, infamous among those who don't understand its technology, but very popular among certain groups of tech enthusiasts—you know who you are 😉. The Flipper can emulate the behavior of a normal USB keyboard. The computer can’t tell that it’s being controlled by a machine unless serious effort has been made to prevent that type of attack. So, I created a script to encapsulate my SQL query into DuckyScript, a programming language used in some hacker tools, which my Flipper can read and execute. I ran some experiments, writing on the SQL Server notepad app, and tuned the script so the delay between keystrokes was as fast as the connection allowed.

Uploading the code took 12 minutes—perfect for a cup of tea—and running the query took just 4. The query worked on the first try, the client was happy, and I got a cool tool to add to my inventory. Here it is for anyone to use:

https://github.com/jonavarro22/Spellbook-W/blob/main/Text2Ducky.cmd