ETHICS.md

Ethics & Legal Usage Statement – Auto-Flipper-Tools

Version: 1.0
Last Updated: 2026-06-15
Applies to: Auto-Flipper-Tools (BadUSB classifier, Flipper Zero automation, Ducky Script analysis)
Binding: Use of this project constitutes acceptance of all terms below.

1. Legitimate Use

This toolkit is intended exclusively for:

• Authorized security research on USB keystroke injection attacks.
• Educational demonstrations in controlled, isolated environments (e.g., your own lab).
• Testing your own hardware (Flipper Zero, Rubber Ducky) on devices you own.
• Developing defensive countermeasures against BadUSB attacks.

2. Prohibited Uses – STRICT ZERO TOLERANCE

You must not use this toolkit for:

• Unauthorized keystroke injection on any device you do not own or lack explicit written permission to test.
• Credential theft, privilege escalation, malware deployment, or ransomware.
• Any form of physical or digital attack against individuals, organizations, or government systems.
• Circumventing access controls (e.g., unlocking computers without consent).
• Developing or distributing malicious payloads intended for real‑world attacks.
• Any illegal activity violating computer fraud, privacy, or cybercrime laws (CFAA, GDPR Art. 82, UK CMA, etc.).

3. User Responsibility

• You are solely responsible for ensuring your use complies with all applicable laws.
• The authors and contributors assume no liability for misuse, damages, or legal consequences arising from use of this toolkit.
• You must not upload or share any real‑world malicious payloads generated by this toolkit.

4. Reporting Violations

If you believe this project is being used for malicious purposes, report via GitHub’s private security advisory (repository Settings → Security → Advisories). Do not open a public issue.

5. Changes

This statement may be updated. Continued use implies acceptance.