Skip to content

ZeroTrace HID

Day-1 walkthrough — your first authorized injection in 15 minutes

The fastest way to know whether ZeroTrace fits your workflow is to run a real authorized HID injection against a target you control, end-to-end, in a single sitting. This walkthrough is the curated path: fifteen minutes from unboxing to a working scripted injection on your own laptop.

If you finish this and the workflow makes sense, the rest of the docs (every feature, every script primitive) is reference material you can dip into as you need it. If you finish this and something feels off, that signal is what we want — drop a note in the Discord and tell us where the path got rough.

Authorized testing only. The target machine in this walkthrough is your own laptop. ZeroTrace is built for authorized security testing — never run scripts against systems you do not own or have written permission to test.

What you need

  • One ZeroTrace HID device (Ghost or Mini work the same way for this walkthrough)
  • A USB-C cable and a host machine (Windows, macOS, or Linux)
  • The ZeroTrace Companion app installed (see Installation if you have not done this yet)
  • About fifteen uninterrupted minutes

If you do not have the Companion app yet, install it first — every step below assumes it is running.

Step 1 — Connect (2 minutes)

Plug the device into your host machine via USB-C. Open the Companion app. Pair the device — the app surfaces newly-connected devices automatically; click pair.

When pairing succeeds, the device's status indicator confirms connection and the Companion app shows the device on the dashboard with its current firmware variant.

If the device does not show up, see Connect for the troubleshooting matrix; nine times out of ten this is a USB-C cable that is power-only rather than data-capable.

Step 2 — Confirm OS detection (1 minute)

Before any payload runs, ZeroTrace's firmware verifies what it is plugged into. The OS-detection feature confirms the host operating system so the script can branch on it.

In the Companion app, open the device's live view. The detected OS appears at the top of the panel. If you are on Windows, you will see Windows; on macOS, macOS; on Linux, the distribution.

This is your first checkpoint: if OS detection works, the firmware is talking to the host correctly and you are ready to run a script.

Step 3 — Load your first script (3 minutes)

Open the script editor in the Companion app. We will run a simple, harmless demonstration script: open the host's calculator app and type a single line of text.

Paste the following, save, and load it onto the device:

WAIT 1500
GUI SPACE
WAIT 800
STRING calculator
WAIT 500
ENTER
WAIT 2000
STRING 1+1=2 — authorized injection working

This script is intentionally inert — no network calls, no privileged operations, nothing your host would not let any USB keyboard do. It exists to prove the loop: device → host → keystroke injection → visible result.

If you are on Windows, the second line opens the Start menu instead of Spotlight; the script primitives handle this automatically. See Multi-language for keyboard-layout details if you are on a non-English layout.

Step 4 — Trigger and watch (2 minutes)

With the script loaded, click run in the Companion app. The device fires the script. You should see the calculator app open on your host and the demonstration string appear in it.

If you see the result, you have reached first success — the authorized HID injection workflow is working end-to-end on your hardware.

Step 5 — What changed (3 minutes)

Take stock before moving on:

  • The device executed a script you wrote, on a target you authorised, with no telemetry leaving your machine.
  • The Companion app recorded the engagement locally — script content, run time, host metadata. This log lives on your machine; it does not phone home.
  • The device is ready to run a different script as soon as you load one.

This is the unit operation. Every authorized engagement, no matter how complex, is a sequence of these unit operations strung together.

Step 6 — Where to go next (4 minutes)

Now that the loop works, three productive directions to explore:

  1. Scripting reference. Read the scripting language overview. Learn conditionals, variables, repeat blocks. The ZeroTrace script DSL is small and predictable; you can be productive in an hour.
  2. Recon mode. The recon-mode feature lets you gather environment information without taking action — useful when scope is enumeration only.
  3. Wi-Fi controlled deployment. The Wi-Fi controlled feature lets you trigger scripts from your phone or laptop while standing off the target host. This is the workflow most professional operators settle into.

If any of these felt rough, drop a note in Discord — Day-1 walkthroughs are the part of the docs we most want to keep tight, and your friction is what tells us where the path is unclear.

You own this stack. Lifetime firmware updates, no subscriptions on the core, no cloud account that has to stay alive for the device to work. The script you wrote in step 3 will still run the same way in five years.

Command Palette

Search for a command to run...