[Encoder] Internationalization And Multiple Modifiers

[Dnucna]

Hi,

here is my version of the encoder: http://code.google.com/p/ducky-decode/ (2.1)

See this topic for information: http://forums.hak5.org/index.php?/topic/27257-duck-encoder-v20-released-081612/

Cheers,

Dnucna

Edited October 3, 2012 by Dnucna

[cubicbit]

hi,

beautiful work, is so much easier to program

I'm Portuguese I would show you the changes I made the files called "keyboard.properties" and "pt.properties" Portuguese Keyboard 102 keys. I'm not well connected to java programming so when compiling to "inject.bin" has the following output: Error with keyboard.properties!

my changes in keyboard.properties:

//default keys for portuguese 102-key keyboards

MODIFIERKEY_CTRL = 0x01

MODIFIERKEY_SHIFT = 0x02

MODIFIERKEY_ALT = 0x04

MODIFIERKEY_GUI = 0x08

MODIFIERKEY_LEFT_CTRL = 0xE0

MODIFIERKEY_LEFT_SHIFT = 0xE1

MODIFIERKEY_LEFT_ALT = 0xE2

MODIFIERKEY_LEFT_GUI = 0xE3

MODIFIERKEY_RIGHT_CTRL = 0xE4

MODIFIERKEY_RIGHT_SHIFT= 0xE5

MODIFIERKEY_RIGHT_ALT = 0xE6

MODIFIERKEY_RIGHT_GUI = 0xE7

KEY_MEDIA_VOLUME_INC = 0xE9

KEY_MEDIA_VOLUME_DEC = 0xEA

KEY_MEDIA_MUTE = 0xE2

KEY_MEDIA_PLAY_PAUSE = 0xCD

KEY_MEDIA_NEXT_TRACK = 0xB5

KEY_MEDIA_PREV_TRACK = 0xB6

KEY_MEDIA_STOP = 0xB7

KEY_MEDIA_EJECT = 0xB8

KEY_A = 0x04

KEY_B = 0x05

KEY_C = 0x06

KEY_D = 0x07

KEY_E = 0x08

KEY_F = 0x09

KEY_G = 0x0A

KEY_H = 0x0B

KEY_I = 0x0C

KEY_J = 0x0D

KEY_K = 0x0E

KEY_L = 0x0F

KEY_M = 0x10

KEY_N = 0x11

KEY_O = 0x12

KEY_P = 0x13

KEY_Q = 0x14

KEY_R = 0x15

KEY_S = 0x16

KEY_T = 0x17

KEY_U = 0x18

KEY_V = 0x19

KEY_W = 0x1A

KEY_X = 0x1B

KEY_Y = 0x1C

KEY_Z = 0x1D

KEY_1 = 0x1E

KEY_2 = 0x1F

KEY_3 = 0x20

KEY_4 = 0x21

KEY_5 = 0x22

KEY_6 = 0x23

KEY_7 = 0x24

KEY_8 = 0x25

KEY_9 = 0x26

KEY_0 = 0x27

KEY_ENTER = 0x28

KEY_ESC = 0x29

KEY_BACKSPACE = 0x2A

KEY_TAB = 0x2B

KEY_SPACE = 0x2C

KEY_MINUS = 0x2D

KEY_EQUAL = 0x2E

KEY_LEFT_BRACE = 0x2F

KEY_RIGHT_BRACE = 0x30

KEY_BACKSLASH = 0x31

KEY_NON_US_42 = 0x32 // CHAR(~ ^) KEY POSITION 42 (PORTUGUESE KEYBOARD)

KEY_SEMICOLON = 0x33

KEY_QUOTE = 0x34

KEY_TILDE = 0x35 // CHAR("backslash" and "pipe") KEY POSITION 1 (PORTUGUESE KEYBOARD)

KEY_COMMA = 0x36

KEY_PERIOD = 0x37

KEY_SLASH = 0x38

KEY_CAPS_LOCK = 0x39

KEY_F1 = 0x3A

KEY_F2 = 0x3B

KEY_F3 = 0x3C

KEY_F4 = 0x3D

KEY_F5 = 0x3E

KEY_F6 = 0x3F

KEY_F7 = 0x40

KEY_F8 = 0x41

KEY_F9 = 0x42

KEY_F10 = 0x43

KEY_F11 = 0x44

KEY_F12 = 0x45

KEY_PRINTSCREEN = 0x46

KEY_SCROLL_LOCK = 0x47

KEY_PAUSE = 0x48

KEY_INSERT = 0x49

KEY_HOME = 0x4A

KEY_PAGEUP = 0x4B

KEY_DELETE = 0x4C

KEY_END = 0x4D

KEY_PAGEDOWN = 0x4E

KEY_RIGHT = 0x4F

KEY_LEFT = 0x50

KEY_DOWN = 0x51

KEY_UP = 0x52

KEY_NUM_LOCK = 0x53

KEYPAD_SLASH = 0x54

KEYPAD_ASTERIX = 0x55

KEYPAD_MINUS = 0x56

KEYPAD_PLUS = 0x57

KEYPAD_ENTER = 0x58

KEYPAD_1 = 0x59

KEYPAD_2 = 0x5A

KEYPAD_3 = 0x5B

KEYPAD_4 = 0x5C

KEYPAD_5 = 0x5D

KEYPAD_6 = 0x5E

KEYPAD_7 = 0x5F

KEYPAD_8 = 0x60

KEYPAD_9 = 0x61

KEYPAD_0 = 0x62

KEYPAD_PERIOD = 0x63

KEY_NON_US_45 = 0x64 // CHAR(< >) POSITION 45 (PORTUGUESE KEYBOARD)

KEY_APP = 0x65

KEY_SYSTEM_POWER = 0x81

KEY_SYSTEM_SLEEP = 0x82

KEY_SYSTEM_WAKE = 0x83

KEY_LEFT_CTRL = 0xE0

KEY_LEFT_SHIFT = 0xE1

KEY_LEFT_ALT = 0xE2

KEY_LEFT_GUI = 0xE3

KEY_RIGHT_CTRL = 0xE4

KEY_RIGHT_SHIFT= 0xE5

KEY_RIGHT_ALT = 0xE6

KEY_RIGHT_GUI = 0xE7

my changes in pt.properties:

// Portuguese 102-key keyboard layout CHAR MODIFICATIONS

ASCII_7C = KEY_TILDE, MODIFIERKEY_SHIFT // pipe (changed for pt keyboard)

ASCII_21 = KEY_1, MODIFIERKEY_SHIFT // !

ASCII_22 = KEY_2, MODIFIERKEY_SHIFT // " (changed to KEY_2 for pt keyboard)

ASCII_23 = KEY_3, MODIFIERKEY_SHIFT // #

ASCII_24 = KEY_4, MODIFIERKEY_SHIFT // $

ASCII_25 = KEY_5, MODIFIERKEY_SHIFT // %

ASCII_26 = KEY_6, MODIFIERKEY_SHIFT // & (changed to KEY_6 for pt keyboard)

ASCII_2F = KEY_7, MODIFIERKEY_SHIFT // / (changed to KEY_7 and ASCII_2F for pt keyboard)

ASCII_28 = KEY_8, MODIFIERKEY_SHIFT // ( (changed to KEY_8 for pt keyboard)

ASCII_29 = KEY_9, MODIFIERKEY_SHIFT // ) (changed to KEY_9 for pt keyboard)

ASCII_2A = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT // * (changed to KEY_LEFT_BRACE for pt keyboard)

ASCII_2B = KEY_LEFT_BRACE // + (changed to KEY_LEFT_BRACE for pt keyboard)

ASCII_2C = KEY_COMMA // ,

ASCII_2D = KEY_SLASH // - (changed to KEY_SLASH for pt keyboard)

ASCII_2E = KEY_PERIOD // .

ASCII_5C = KEY_TILDE // backslash (Changed to KEY_TILDE and ASCII_5C for pt keyboard)

ASCII_30 = KEY_0 // 0

ASCII_31 = KEY_1 // 1

ASCII_32 = KEY_2 // 2

ASCII_33 = KEY_3 // 3

ASCII_34 = KEY_4 // 4

ASCII_35 = KEY_5 // 5

ASCII_36 = KEY_6 // 6

ASCII_37 = KEY_7 // 7

ASCII_38 = KEY_8 // 8

ASCII_39 = KEY_9 // 9

ASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT // : (changed to KEY_PERIOD for pt keyboard)

ASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT // ; (changed to KEY_COMMA for pt keyboard)

ASCII_3C = KEY_NON_US_45 // < (changed to KEY_NON_US_45 for pt keyborad)

ASCII_3D = KEY_0 // =

ASCII_3E = KEY_NON_US_45, MODIFIERKEY_SHIFT // > (changed to KEY_NON_US_45 for keybord)

ASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT // ? (changed to KEY_MINUS for pt keyboard)

ASCII_40 = KEY_2, MODIFIERKEY_RIGHT_CTRL // @ (changed to MODIFIERKEY_RIGHT_CTRL for pt keyboard)

ASCII_41 = KEY_A, MODIFIERKEY_SHIFT // A

ASCII_42 = KEY_B, MODIFIERKEY_SHIFT // B

ASCII_43 = KEY_C, MODIFIERKEY_SHIFT // C

ASCII_44 = KEY_D, MODIFIERKEY_SHIFT // D

ASCII_45 = KEY_E, MODIFIERKEY_SHIFT // E

ASCII_46 = KEY_F, MODIFIERKEY_SHIFT // F

ASCII_47 = KEY_G, MODIFIERKEY_SHIFT // G

ASCII_48 = KEY_H, MODIFIERKEY_SHIFT // H

ASCII_49 = KEY_I, MODIFIERKEY_SHIFT // I

ASCII_4A = KEY_J, MODIFIERKEY_SHIFT // J

ASCII_4B = KEY_K, MODIFIERKEY_SHIFT // K

ASCII_4C = KEY_L, MODIFIERKEY_SHIFT // L

ASCII_4D = KEY_M, MODIFIERKEY_SHIFT // M

ASCII_4E = KEY_N, MODIFIERKEY_SHIFT // N

ASCII_4F = KEY_O, MODIFIERKEY_SHIFT // O

ASCII_50 = KEY_P, MODIFIERKEY_SHIFT // P

ASCII_51 = KEY_Q, MODIFIERKEY_SHIFT // Q

ASCII_52 = KEY_R, MODIFIERKEY_SHIFT // R

ASCII_53 = KEY_S, MODIFIERKEY_SHIFT // S

ASCII_54 = KEY_T, MODIFIERKEY_SHIFT // T

ASCII_55 = KEY_U, MODIFIERKEY_SHIFT // U

ASCII_56 = KEY_V, MODIFIERKEY_SHIFT // V

ASCII_57 = KEY_W, MODIFIERKEY_SHIFT // W

ASCII_58 = KEY_X, MODIFIERKEY_SHIFT // X

ASCII_59 = KEY_Y, MODIFIERKEY_SHIFT // Y

ASCII_5A = KEY_Z, MODIFIERKEY_SHIFT // Z

ASCII_5B = KEY_8, MODIFIERKEY_RIGHT_CTRL // [ (changed to KEY_8, MODIFIERKEY_RIGHT_CTRL for pt keyboard)

//ASCII_5C = KEY_BACKSLASH // deleted for pt keyboard

ASCII_5D = KEY_9, MODIFIERKEY_RIGHT_CTRL // ] (changed to KEY_9, MODIFIERKEY_RIGHT_CTRL for pt keyboard)

ASCII_5E = KEY_NON_US_42, MODIFIERKEY_SHIFT // ^ (changed to KEY_NON_US_42 for pt keyboard)

ASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT // _ (changed to KEY_SLASH for pt keyboard)

ASCII_60 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT // ` (changed to KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT for pt keyboard)

ASCII_27 = KEY_RIGHT_BRACE // new line non-us-char

ASCII_61 = KEY_A // a

ASCII_62 = KEY_B // b

ASCII_63 = KEY_C // c

ASCII_64 = KEY_D // d

ASCII_65 = KEY_E // e

ASCII_66 = KEY_F // f

ASCII_67 = KEY_G // g

ASCII_68 = KEY_H // h

ASCII_69 = KEY_I // i

ASCII_6A = KEY_J // j

ASCII_6B = KEY_K // k

ASCII_6C = KEY_L // l

ASCII_6D = KEY_M // m

ASCII_6E = KEY_N // n

ASCII_6F = KEY_O // o

ASCII_70 = KEY_P // p

ASCII_71 = KEY_Q // q

ASCII_72 = KEY_R // r

ASCII_73 = KEY_S // s

ASCII_74 = KEY_T // t

ASCII_75 = KEY_U // u

ASCII_76 = KEY_V // v

ASCII_77 = KEY_W // w

ASCII_78 = KEY_X // x

ASCII_79 = KEY_Y // y

ASCII_7A = KEY_Z // z

ASCII_7B = KEY_7, MODIFIERKEY_SHIFT // { (changed to KEY_7 for pt keyboard)

//ASCII_7C = KEY_BACKSLASH, MODIFIERKEY_SHIFT // pipe deleted for pt keyboard

ASCII_7D = KEY_9, MODIFIERKEY_SHIFT // } (changed to KEY_9 for pt keyboard)

ASCII_7E = KEY_NON_US_42 // ~ (changed to KEY_NON_US_45 for keybord

ASCII_7F = KEY_BACKSPACE //

//ASCII_87 = KEY_SEMICOLON // c CEDILLA line added

//ASCII_87 = KEY_SEMICOLON, MODIFIERKEY_SHIFT // C CEDILLA line added

//ASCII_20 = KEY_SPACE // space line added

//ASCII_9C = KEY_3, MODIFIERKEY_RIGHT_CTRL // £ Pound Signal line added

//ASCII_AE = KEY_EQUAL // LEFT-POINTING DOUBLE ANGLE QUOTATION MARK line added

//ASCII_AF = KEY_EQUAL, MODIFIERKEY_SHIFT // RIGTH-POINTING DOUBLE ANGLE QUOTATION MARK line added

//ASCII_15 = KEY_4, MODIFIERKEY_RIGHT_CTRL // § SECTION SIGN line added

//ASCII_A6 = KEY_QUOTE, MODIFIERKEY_SHIFT // Feminine ordinal line added

//ASCII_A7 = KEY_QUOTE // Masculine ordinal line added

//UNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT // € Euro Sign line added

[Dnucna]

Hi cubicbit,

thank you for the feedback.

I give you some advices for your problem:

1) Don't put the comment on the same line as the key. Properties don't strip them (me neither).

// CHAR(~ ^) KEY POSITION 42 (PORTUGUESE KEYBOARD)

KEY_NON_US_42 = 0x32

2) You can put these keys in your pt.properties.

Look at the beginning of my French layout :

// french layout

KEY_NON_US_100 = 100

3) You can use the jar with an external layout

java -jar encoder.jar -i payload.txt -l /path/to/pt.properties

4) If you want compile the code, put the pt.properties en keyboard.properties in a "resources" folder. Look at the zip.

Cheers,

Dnucna

Edited June 25, 2012 by Dnucna

[cubicbit]

hi Dnucna, thanks for the tip!

I now have a output error when compiling the inject.bin file.

the error is:

Error on Line: 15

java.lang.NullPointerException

at Encoder.strToByte (Encoder.java: 335)

at Encoder.encodeToFile (Encoder.java: 203)

at Encoder.main (Encoder.java: 114)

the payload is:

DEFAULT_DELAY 1200

GUI BREAK

CTRL-SHIFT ESC

F1

ALT F4

R GUI

STRING notepad.exe

ENTER

STRING test

ALT SPACE

STRING x

R GUI

STRING cmd

ENTER

CTRL z

cheers

cubicbit

[cubicbit]

the CTRL or CONTROL with string "z" after, is not working.

these combination keys are important for command "copy con", to get strings outputed to a file!

[cubicbit]

I made a hexdump of the payload:

0000000 0848 ff00 ff00 ff00 ff00 b400 0329 ff00

0000010 ff00 ff00 ff00 b400 003a ff00 ff00 ff00

0000020 ff00 b400 043d ff00 ff00 ff00 ff00 b400

0000030 0815 ff00 ff00 ff00 ff00 b400 0011 0012

0000040 0017 0008 0013 0004 0007 0037 0008 001b

0000050 0008 ff00 ff00 ff00 ff00 b400 0028 ff00

0000060 ff00 ff00 ff00 b400 0017 0008 0016 0017

0000070 ff00 ff00 ff00 ff00 b400 042c ff00 ff00

0000080 ff00 ff00 b400 001b ff00 ff00 ff00 ff00

0000090 b400 0815 ff00 ff00 ff00 ff00 b400 0006

00000a0 0010 0007 ff00 ff00 ff00 ff00 b400 0028

00000b0 ff00 ff00 ff00 ff00 b400 001d

00000bb

Edited July 4, 2012 by cubicbit

[Dnucna]

Hi Cubicbit,

Sorry for the delay.

Try to download again my zip file.

I have fixed this bug some times ago if you watch my first post (the edit).

Is the line 203 "file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_CTRL")));" ?

Tell me if it works.

Regards,

Dnucna

[cubicbit]

Hi Dnucna,

I used the last Encoder.java edited with the change in line 203, and got the same output error when compiling to inject.bin!!

Error on Line: 15

java.lang.NullPointerException

at Encoder.strToByte (Encoder.java: 335)

at Encoder.encodeToFile (Encoder.java: 203)

at Encoder.main (Encoder.java: 114)

Regards,

cubicbit

[Dnucna]

Hi,

I send you a private message.

Can you send me your properties files ?

Zip all your folder, I will try to replay the bug.

Dnucna

[HarryT]

Hi Dnucna

This post might be exactly what Im looking for but I was hoping Im understanding this right. You have recompiled the duckencode.jar file to include a number of additional "modifiers" ?

I have been wrestling with CTRL-SHIFT-ENTER in Windows 7 to get CMD as Admin. If this does what it appears to do, it may be exactly what I need to get this working!

Regards

HarryT

[HarryT]

Hi again,

Just tried downloading the Encode.zip file but it looks like the file was taken down. Is there any chance I can get a copy?

Thanks

Harry

[PineDominator]

Hi again,

Just tried downloading the Encode.zip file but it looks like the file was taken down. Is there any chance I can get a copy?

Thanks

Harry

Hey if your looking to run things as admin it has been done before with other Payloads like reverse shell http://avocado.hak5.org

[PineDominator]

ESCAPE
CONTROL ESCAPE
DELAY 400
STRING cmd
DELAY 400
MENU
DELAY 400
STRING a
DELAY 600
LEFTARROW
ENTER
DELAY 400
[/CODE]

[HarryT]

Hi back - thanks for the reply.

Yep - Ive tried this payload portion already. All I get is cmd within the search box and no cmd prompt, Ive tried it a few times.

Thats why when I saw the thread above regarding the development of the SHIFT+CTRL+ENTER (which is needed) I thought that would make it go.

Does this work on your own Windows 7 machine?

Thanks

HarryT

[PineDominator]

Hi back - thanks for the reply.

Yep - Ive tried this payload portion already. All I get is cmd within the search box and no cmd prompt, Ive tried it a few times.

Thats why when I saw the thread above regarding the development of the SHIFT+CTRL+ENTER (which is needed) I thought that would make it go.

Does this work on your own Windows 7 machine?

Thanks

HarryT

It did work last year on my windows 7 64. Have not played with this since. Three button combos would be cool