当前位置:网站首页>buuctf misc USB
buuctf misc USB
2022-07-07 04:13:00 【[mzq]】
USB
题目地址 : https://buuoj.cn/challenges#USB
题目一共两个文件一个233.rar 一个key.ftm 文件,先解压rar文件得到一个flag.txt 来自作者的嘲讽
用010editor 打开发现 rar的文件块应该是74 而不是7A ,把7A修改为74
修复完解压后得到一个 233.png ,用stegsolve打开, 发现二维码
扫码得到
ci{v3erf_0tygidv2_fc0}
在 key.ftm 文件中发现zip文件,提取zip压缩包解压得到key.pcapng
用UsbKeyboardDataHacker 解密usb流量
#!/usr/bin/env python
import sys
import os
DataFileName = "usb.dat"
presses = []
normalKeys = {
"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {
"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
def main():
# check argv
if len(sys.argv) != 2:
print("Usage : ")
print(" python UsbKeyboardHacker.py data.pcap")
print("Tips : ")
print(" To use this python script , you must install the tshark first.")
print(" You can use `sudo apt-get install tshark` to install it")
print("Author : ")
print(" WangYihang <[email protected]>")
print(" If you have any questions , please contact me by email.")
print(" Thank you for using.")
exit(1)
# get argv
pcapFilePath = sys.argv[1]
# get data of pcap
os.system("tshark -r %s -T fields -e usb.capdata 'usb.data_len == 8' > %s" % (pcapFilePath, DataFileName))
# read data
with open(DataFileName, "r") as f:
for line in f:
presses.append(line[0:-1])
# handle
result = ""
for press in presses:
if press == '':
continue
if ':' in press:
Bytes = press.split(":")
else:
Bytes = [press[i:i+2] for i in range(0, len(press), 2)]
if Bytes[0] == "00":
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += normalKeys[Bytes[2]]
elif int(Bytes[0],16) & 0b10 or int(Bytes[0],16) & 0b100000: # shift key is pressed.
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += shiftKeys[Bytes[2]]
else:
print("[-] Unknow Key : %s" % (Bytes[0]))
print("[+] Found : %s" % (result))
# clean the temp data
os.system("rm ./%s" % (DataFileName))
if __name__ == "__main__":
main()
用二维码得到的字符串,进行
Vigenere
解码,key是xinan
Vigenere : https://atomcated.github.io/Vigenere/
然后进行 Railfence解密 栏数为2
边栏推荐
- 深度学习花书+机器学习西瓜书电子版我找到了
- 【Unity】物体做圆周运动的几个思路
- 基于Flask搭建个人网站
- Outsourcing for four years, abandoned
- 机器人技术创新与实践旧版本大纲
- 毕设-基于SSM大学生兼职平台系统
- Deep learning Flower Book + machine learning watermelon book electronic version I found
- [ANSYS] learning experience of APDL finite element analysis
- [semantic segmentation] - multi-scale attention
- 直播平台源码,可折叠式菜单栏
猜你喜欢
Cloud backup project
Advanced level of C language (high level) pointer
Initial experience of teambiion network disk (Alibaba cloud network disk)
Flexible layout (I)
普通测试年薪15w,测试开发年薪30w+,二者差距在哪?
Is the test cycle compressed? Teach you 9 ways to deal with it
科技云报道:从Robot到Cobot,人机共融正在开创一个时代
Detailed explanation of neo4j installation process
4、 High performance go language release optimization and landing practice youth training camp notes
idea添加类注释模板和方法模板
随机推荐
在线直播系统源码,使用ValueAnimator实现view放大缩小动画效果
Sqlmap tutorial (IV) practical skills three: bypass the firewall
Leetcode-206. Reverse Linked List
Causes and solutions of oom (memory overflow)
【Liunx】进程控制和父子进程
IPv4 exercises
1090: integer power (multi instance test)
URP - shaders and materials - simple lit
Wechat applet full stack development practice Chapter 3 Introduction and use of APIs commonly used in wechat applet development -- 3.10 tabbar component (I) how to open and use the default tabbar comp
Modify the jupyter notebook file path
Talk about seven ways to realize asynchronous programming
vus.SSR在asynData函数中请求数据的注意事项
Bindingexception exception (error reporting) processing
身边35岁程序员如何建立起技术护城河?
Fullgc problem analysis and solution summary
[cloud native] how to give full play to memory advantage of memory database
电商常规问题part1
Why is the row of SQL_ The ranking returned by number is 1
微信小程序中的路由跳转
Write CPU yourself -- Chapter 9 -- learning notes