diff --git a/README.md b/README.md
index 11969a6..aceaeee 100644
--- a/README.md
+++ b/README.md
@@ -36,14 +36,18 @@ This exploit effects DOCKER containers, but not VMs.
 | Android 16 | 6.1.166-android14-11 | Permission to create socket in busybox not allowed |
 
 ## Files
-check.sh - makes a check to see if the exploitable crypto module is loaded.
+check.sh - makes a check to see if the exploitable crypto module is loaded.  
 mitigate.sh - unloads the exploitable crypto module, chances are you didnt need it anyway.
 
-copy_fail.py - the complete exploit writeup in plain python code.
+copy_fail.py - the complete exploit writeup in plain python code.  
+copy_fail_exp.py - the exploit in pure python for x86 systems.  
+copy_fail_exp_aarch64.py - the exploit in pure python for aarch64 systems.  
 
-
-copy_fail_exp.py - the exploit in pure python for x86 systems.
-copy_fail_exp_aarch64.py - the exploit in pure python for aarch64 systems.
+badusb/ - badusb implementations of CVE to run local privilage escalation. 
+badusb/payload-curl.txt - download and run payload.  
+badusb/payload-typed.txt - use badusb to type payload then run.
+badusb/CVE-2026-31431.txt - payload via curl and payload runs wiping disk.  
+badusb/CVE-2026-31431-typed.txt - payload typed out and payload runs wiping disk.  
 
 
 run to get the file as a non-privilaged user.
@@ -56,3 +60,4 @@ or
 
 ```
 
+
diff --git a/badusb/README.md b/badusb/README.md
new file mode 100644
index 0000000..95b393f
--- /dev/null
+++ b/badusb/README.md
@@ -0,0 +1,7 @@
+# BADUSB using CVE-2026-31431
+
+So the idea is to run the very small python codebase that is required for the CVE-2026-31431 exploit.
+Given that the entire root exploit can be typed in 10 LoC it seemed ideal for a usb injection.
+
+Chained with rm -rf for post elevation damages, it powers off after running and disowns the process for immediate terminal close.
+