jamisonderek
BadUSB in JS - Momentum MNTM-009 - Error on "Copy-Item" in Powershell
Hi Derek. I am encountering an issue with BadUSB in JS mode. After modifying only the keyboard layout (switching to fr-FR), I received this error (see screenshot below).
As mentioned in the documentation and stated in the script, I have correctly placed a 'demo.mp3' file in the 'payloads/' directory, which is located in the same directory as the JS script ; the "Demo_4MB.img" file was created correctly, and when mounted from another script, the demo.mp3 file there.
However, the error indicates that the 'F:' drive no longer exists at the time of the copy (see the "Copy-Item" call), and other errors suggest that the image has been prematurely ejected (as the F drive is no longer available).
In addition to crashing the PowerShell script, the Flipper also crashed. I am running MOMENTUM firmware (MNTM-009 / 23 JAN 2025). Thank you in advance for your suggestions ! Jeff
I used the Wifi board with BlackMagic and a USB cable to get access to the messages sent to the console. Same error just after rebooting the FlipperZero with the <RIGHT> and <BACK> button Here's a screenshot the debug messages
It seems like the Flipper Zero ran out of memory. I'm not really sure of any good workarounds. Maybe try reducing the size of the demo.mp3 file? Or maybe try reducing the size of the image file.
I can try to take a look later.
I looked more closely at the problem.
- The image has a size of 4MB and the mp3 file is 141KB (looks ok to me - the SDCard is FAT32 formatted)
- When reducing to an image of 1MB size, the problem is still present.
By enabling the "TRACE" level in the logs, I notice that the crash occurs effectively during a memory allocation operation. While the first packets sent are of a size of 8192 bytes (if I understand correctly), there is a sudden increase (see "StateWriteData 65536" in the logs followed by the message "growing buf 8102 -> 65024").
Looking at the code in the Momentum firmware, looks like the malloc located at line 189 in mass_storage_usb.c may be the culprit...
Are you able to reproduce the problem on your end ?
I mounted the IMG and copied the file using "Copy-Item F:\demo.mp3" from a Powershell prompt : It worked perfectly... Strange.
You are just on the edge of Memory, so the 64K allocation fails.
Repro:
- Copy disk.js.txt to "apps\scripts\disk.js"
- Reboot Flipper Zero (Back+Left)
- In qFlipper choose "Apps", "Scripts" then "Disk".
- A drive should appear.
- Copy your .\momentum-fw\dist\f7-C\flipper-z-f7-full-mntm-009.dfu to the drive (or any large file 800KB+)
- Flipper crashes with "out of memory".
NOTE: The actual script I need to run uses "badusb" to type, uses "storage" to mount the image, and uses "text_box" to display results. The memory consumed by these modules is part of the repro.
I opened ticket-0297, but I think only I have permission to read it. https://discord.com/channels/1211622338198765599/1338260313136431146
My guess is you can edit mass_storage_usb.c to make the max 32K instead of 64K, but I'm not sure what the side-effects are: // #define USB_MSC_BUF_MAX (0x10000UL - SCSI_BLOCK_SIZE) #define USB_MSC_BUF_MAX (0x8000UL - SCSI_BLOCK_SIZE)
Using your script and a 140KB file, I was able to reproduce the bug and crash the Flipper. Definitively, using "badusb" and "storage" in the same mjs script make the Flipper crash when initiating a file transfert to a mounted image. Thanks for opening the ticket to have this problem investigated by the Momentum team.