VakaScript Developer Guide

The GhostKey Wi is an advanced offensive/penetration testing device capable of executing VakaScript routines natively. It is recognized by target systems as a standard USB Keyboard.

• Script Execution: Scripts downloaded from the Auto Compiler (.vs files) must be manually transferred into the device's internal staging volume.
• No Built-in Payloads: By default, the device ships completely blank to comply with legal restrictions. You are entirely responsible for compiling and loading your own routines.

While the GhostKey Wi is used to execute VakaScript routines for penetration testing, the GateKeeper Mini is our dedicated defensive hardware.

• Threat Detection: The GateKeeper Mini is designed to detect, monitor, and block unauthorized USB HID keystroke injections, like those generated by VakaScript.
• Auditing & Defense: When writing and testing your own routines, you can use the GateKeeper Mini to audit your scripts and verify that your network and endpoint defenses are properly configured to intercept rogue USB attacks.
• GateKeeper Portal: Connect to the GateKeeper Portal to monitor real-time attack logs, analyze threat severity, export incident reports, and seamlessly deploy Over-The-Air (OTA) firmware updates to all your defensive endpoints simultaneously.

Firmware is the core operating system of your Hex Recon hardware, completely distinct from VakaScript routines. While GateKeeper Mini devices can receive Over-The-Air (OTA) updates directly via the GateKeeper Portal, GhostKey Wi devices must be flashed manually to maintain air-gapped security. To manually flash either device:

• Download: Navigate to the Firmware Hub and download the latest stable release for your specific device.
• Hardware Provisioning Mode: Trigger the physical Hardware Reset Sequence on your GhostKey or GateKeeper device while connecting it to your workstation.
• Flash: The device will mount as a secure firmware volume (often named HexRecon_BOOT or your device's equivalent ID). Securely transfer the downloaded firmware file onto this volume.
• Completion: The drive will automatically disconnect, and the device will reboot running the new firmware. Your VakaScript payloads directory will remain untouched.

VakaScript relies on a few core commands to simulate keyboard interaction:

• DELAY [ms]
  Pauses the script execution for a specified number of milliseconds. This is crucial for giving the operating system time to open applications before typing. (Example: DELAY 1000 pauses for 1 second).
• STRING [text]
  Types out the text exactly as written. (Example: STRING Hello World).
• ENTER
  Simulates pressing the Enter / Return key.
• REM [text]
  A comment line. The compiler ignores anything after REM. Use this to document your script.

You can trigger special system keys or combinations:

• GUI [key]
  Simulates the Windows key (or Command key on Mac). Used often as GUI r to open the Run dialog.
• ALT, CTRL, SHIFT
  Simulates modifier keys. Can be combined with other keys (e.g., CTRL ESC).
• TAB, SPACE, UP, DOWN, LEFT, RIGHT
  Standard navigation keys.

This benign educational example demonstrates how to open Notepad and type a simple greeting.

REM Open the Run Dialog
DELAY 1000
GUI r
DELAY 500

REM Launch Notepad
STRING notepad
ENTER
DELAY 1000

REM Type the message
STRING Hello, World from VakaScript!
ENTER

Another safe example that simply opens the system calculator app.

DELAY 500
GUI r
DELAY 500
STRING calc
ENTER

• Always use DELAYs: Computers do not react instantly. If you press GUI r and immediately type STRING cmd, the Run dialog might not be open yet and the keystrokes will be lost. Always pad application launches with 500ms - 1000ms delays.
• Test Responsibly: Always test your scripts on your own dedicated testing machines or virtual machines before deploying them to your penetration testing hardware.
• External Generation: Hex Recon does not generate scripts for you. You must write your own or use external AI assistants (like Cursor or ChatGPT) to compile VakaScript logic based on this documentation.