-
-
Save serverwentdown/11b625b16360329db68c58f5c865c7b4 to your computer and use it in GitHub Desktop.
USB HID PCAP parser for HITB GSEC .edu 2018 - VValueCiphered
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from argparse import ArgumentParser | |
| from sys import argv | |
| from collections import OrderedDict | |
| # USB HID Keyboard scan codes | |
| # https://gist.github.com/MightyPork/6da26e382a7ad91b5496ee55fdc73db2 | |
| key_hid = { | |
| 0x00 : ['', ''], # no key pressed | |
| 0x04 : ['a', 'A'], | |
| 0x05 : ['b', 'B'], | |
| 0x06 : ['c', 'C'], | |
| 0x07 : ['d', 'D'], | |
| 0x08 : ['e', 'E'], | |
| 0x09 : ['f', 'F'], | |
| 0x0a : ['g', 'G'], | |
| 0x0b : ['h', 'H'], | |
| 0x0c : ['i', 'I'], | |
| 0x0d : ['j', 'J'], | |
| 0x0e : ['k', 'K'], | |
| 0x0f : ['l', 'L'], | |
| 0x10 : ['m', 'M'], | |
| 0x11 : ['n', 'N'], | |
| 0x12 : ['o', 'O'], | |
| 0x13 : ['p', 'P'], | |
| 0x14 : ['q', 'Q'], | |
| 0x15 : ['r', 'R'], | |
| 0x16 : ['s', 'S'], | |
| 0x17 : ['t', 'T'], | |
| 0x18 : ['u', 'U'], | |
| 0x19 : ['v', 'V'], | |
| 0x1a : ['w', 'W'], | |
| 0x1b : ['x', 'X'], | |
| 0x1c : ['y', 'Y'], | |
| 0x1d : ['z', 'Z'], | |
| 0x1e : ['1', '!'], | |
| 0x1f : ['2', '@'], | |
| 0x20 : ['3', '#'], | |
| 0x21 : ['4', '$'], | |
| 0x22 : ['5', '%'], | |
| 0x23 : ['6', '^'], | |
| 0x24 : ['7', '&'], | |
| 0x25 : ['8', '*'], | |
| 0x26 : ['9', '('], | |
| 0x27 : ['0', ')'], | |
| 0x2d : ['-', '_'], | |
| 0x2e : ['=', '+'], | |
| 0x2f : ['[', '{'], | |
| 0x30 : [']', '}'], | |
| 0x31 : ['\\', '|'], | |
| 0x32 : ['Non-US #', '~'], | |
| 0x33 : [';', ':'], | |
| 0x34 : ["'", '"'], | |
| 0x35 : ['`', '~'], | |
| 0x36 : [',', '<'], | |
| 0x37 : ['.', '>'], | |
| 0x38 : ['/', '?'], | |
| } | |
| def main(): | |
| parser = ArgumentParser(description='Automatically extract ASCII key from capture USBPcap file') | |
| parser.add_argument('-f', '--file', help='USBPcap file', required=True) | |
| if len(argv) == 1: | |
| parser.print_help() | |
| exit() | |
| args = parser.parse_args() | |
| packets = rdpcap(args.file) | |
| flag = "" | |
| for each in packets: | |
| data = str(each) | |
| # https://docs.mbed.com/docs/ble-hid/en/latest/api/md_doc_HID.html#keyboard | |
| input_report = OrderedDict() | |
| input_report['modifier'] = ord(data[-8]) | |
| input_report['reserved'] = ord(data[-7]) | |
| input_report['Key1'] = ord(data[-6]) | |
| input_report['Key2'] = ord(data[-5]) | |
| input_report['Key3'] = ord(data[-4]) | |
| input_report['Key4'] = ord(data[-3]) | |
| input_report['Key5'] = ord(data[-2]) | |
| input_report['Key6'] = ord(data[-1]) | |
| try: | |
| flag += key_hid[input_report['Key1']][ 1 if input_report['modifier']==0x02 else 0 ] | |
| except: | |
| if input_report['Key1'] == 0x2a: | |
| flag = flag[:-1] | |
| elif input_report['Key1'] == 0x2c: | |
| flag += ' ' | |
| else: | |
| print(input_report['Key1']) | |
| print(flag) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment