当前位置:网站首页>buuctf misc USB
buuctf misc USB
2022-07-07 04:13:00 【[mzq]】
USB
题目地址 : https://buuoj.cn/challenges#USB
题目一共两个文件一个233.rar 一个key.ftm 文件,先解压rar文件得到一个flag.txt 来自作者的嘲讽
用010editor 打开发现 rar的文件块应该是74 而不是7A ,把7A修改为74
修复完解压后得到一个 233.png ,用stegsolve打开, 发现二维码
扫码得到
ci{v3erf_0tygidv2_fc0}
在 key.ftm 文件中发现zip文件,提取zip压缩包解压得到key.pcapng
用UsbKeyboardDataHacker 解密usb流量
#!/usr/bin/env python
import sys
import os
DataFileName = "usb.dat"
presses = []
normalKeys = {
"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {
"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
def main():
# check argv
if len(sys.argv) != 2:
print("Usage : ")
print(" python UsbKeyboardHacker.py data.pcap")
print("Tips : ")
print(" To use this python script , you must install the tshark first.")
print(" You can use `sudo apt-get install tshark` to install it")
print("Author : ")
print(" WangYihang <[email protected]>")
print(" If you have any questions , please contact me by email.")
print(" Thank you for using.")
exit(1)
# get argv
pcapFilePath = sys.argv[1]
# get data of pcap
os.system("tshark -r %s -T fields -e usb.capdata 'usb.data_len == 8' > %s" % (pcapFilePath, DataFileName))
# read data
with open(DataFileName, "r") as f:
for line in f:
presses.append(line[0:-1])
# handle
result = ""
for press in presses:
if press == '':
continue
if ':' in press:
Bytes = press.split(":")
else:
Bytes = [press[i:i+2] for i in range(0, len(press), 2)]
if Bytes[0] == "00":
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += normalKeys[Bytes[2]]
elif int(Bytes[0],16) & 0b10 or int(Bytes[0],16) & 0b100000: # shift key is pressed.
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += shiftKeys[Bytes[2]]
else:
print("[-] Unknow Key : %s" % (Bytes[0]))
print("[+] Found : %s" % (result))
# clean the temp data
os.system("rm ./%s" % (DataFileName))
if __name__ == "__main__":
main()
用二维码得到的字符串,进行
Vigenere
解码,key是xinan
Vigenere : https://atomcated.github.io/Vigenere/
然后进行 Railfence解密 栏数为2
边栏推荐
- Outsourcing for four years, abandoned
- ROS2规划系统plansys2简单的例子
- 1140_ SiCp learning notes_ Use Newton's method to solve the square root
- Detailed explanation of neo4j installation process
- UWB learning 1
- Jenkins远程构建项目超时的问题
- 1、 Go knowledge check and remedy + practical course notes youth training camp notes
- Six methods of flattening arrays with JS
- [cloud native] how to give full play to memory advantage of memory database
- JS get all date or time stamps between two time stamps
猜你喜欢
Simple example of ros2 planning system plansys2
2、 Concurrent and test notes youth training camp notes
After 95, Alibaba P7 published the payroll: it's really fragrant to make up this
1089: highest order of factorial
我理想的软件测试人员发展状态
抽絲剝繭C語言(高階)數據的儲存+練習
Wechat applet full stack development practice Chapter 3 Introduction and use of APIs commonly used in wechat applet development -- 3.9 introduction to network interface (IX) extending the request3 met
L'externalisation a duré trois ans.
Outlier detection technology of time series data
Outsourcing for three years, abandoned
随机推荐
Implementing data dictionary with JSP custom tag
How can a 35 year old programmer build a technological moat?
Hidden Markov model (HMM) learning notes
@component(““)
Wx is used in wechat applet Showtoast() for interface interaction
../ And/
抽丝剥茧C语言(高阶)指针的进阶
Stockage et pratique des données en langage C (haut niveau)
Advanced level of C language (high level) pointer
Flexible layout (II)
Simple example of ros2 planning system plansys2
Modify the jupyter notebook file path
gatk4中的interval是什么??
抽丝剥茧C语言(高阶)数据的储存+练习
Leetcode sword finger offer brush questions - day 20
记一个并发规则验证实现
Differences between H5 architecture and native architecture
为什么要了解现货黄金走势?
智联+影音,AITO问界M7想干翻的不止理想One
面试官:你都了解哪些开发模型?