Jump to content


Photo

[Version 1] Working Reverse Keyboard Led Channel Poc


  • Please log in to reply
2 replies to this topic

#1 jrsmile

jrsmile

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 33 posts
  • Location:Germany, Cologne

Posted 17 February 2012 - 02:26 PM

Hi there,
i have thought about the solution transferring data via the keyboard leds back to the teensy.

first of all its a proove of concept. (so pritty slow)

what you need.
arduino ide
teensydurino addon from pjrc.com
#include <phukdlib.h> from irongeek.com
and for the sending part:
autoit from autoitscript.com

arduino code:
#include <phukdlib.h>
int ascii = 0;
char buf[12];
int changed = 0;

void setup() {
  pinMode(6, OUTPUT);
}

void loop() {

if (IsNumbOn()){
  if (IsScrlOn()){
      // digitalWrite(6, HIGH);
      changed = 1;
    } 
    else {
      if (changed == 1){
          changed = 0;
          ascii += 1;
        }
      // digitalWrite(6,LOW); 
    }
  }
  else {
      if (ascii > 0){
      char thisString = ascii;
      Keyboard.print(thisString);
      ascii = 0;
    }
  }
}
and the counterpart on the pc itself, written in autoit.
Global $speed = 36 ; lesser values for faster transfer, may result in false data...
sendstring("test")

Func sendstring($string)
	Send("{SCROLLLOCK off}")
	Send("{NUMLOCK off}")
	$src = StringSplit($string, "")
	For $i = 1 To $src[0]
		ConsoleWrite($src[$i] & @CRLF)
		sendkey($src[$i])
	Next
EndFunc   ;==>sendstring

Func sendkey($key)
	Send("{NUMLOCK on}")
	For $x = 1 To Asc($key)
		Send("{SCROLLLOCK on}")
		Sleep($speed)
		Send("{SCROLLLOCK off}")
		Sleep($speed)
	Next
	Send("{NUMLOCK off}")
	Sleep($speed)
EndFunc   ;==>sendkey
it uses numlock to activate listening mode and sends the string as ascii codes to the teensy via scrolllock, i took those Keys to be able to type normaly during the transfer process.

i may switch to binary mode when i know more about arduinos capability to use it.
maybe using num as clock and scrolllock as data line.

what i figured out when lowering the send delay below 36ms between led iterations the arduino won't be able to keep up and misses some of the signal switches.

currently i only check for the scrolllock turning of so maybe there is a performance boost hidden in it too.

to see if the arduino has understood the signal correctly i managed to return the send keys as real keys back to the computer.
now i have a hardware keyboard controlable by software on the same machine.
good for anticheating tool workarounds (when it gets faster)...

please make sure you select a keyboard enabled usb type in the arduino ide via "Tools" > "USB-Type"

thats it for now, feel free to contribute or wait. ;)
$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));)''Chr("a")&"HI"
Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

#2 midnitesnake

midnitesnake

    Hak5 Ninja

  • Ducky Moderators
  • PipPipPipPipPipPipPip
  • 814 posts
  • Gender:Male
  • Location:Earth
  • Interests:Ducky, Pineapple

Posted 17 February 2012 - 06:22 PM

ah like the teensy project

http://code.google.c...nsy-dlp-bypass/

DuckyDecode: http://code.google.c.../ducky-decode/

Ducky Definitive Guide: http://goo.gl/XGIw1k


#3 jrsmile

jrsmile

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 33 posts
  • Location:Germany, Cologne

Posted 18 February 2012 - 06:52 AM

ah like the teensy project

http://code.google.c...nsy-dlp-bypass/


indeet ... dammit there is always someone beeing faster and more elegant ;)

anyway:
here the binary converted PC part written in autoit (NOT compatible with the previous arduino code!):
$arr = stringtobase2("Dies ist ein sehr sehr langer Test 0123456789")
sendarray($arr, 40) ; 40 ms pause * 2 *8 = One Character every 640 ms !

Func sendarray($arr,$speed)
	For $i = 1 To UBound($arr) - 1
		ConsoleWrite($arr[$i] & @CRLF)
		$arr2 = StringSplit($arr[$i], "")
		For $x = 1 To $arr2[0]
			If $arr2[$x] = 1 Then
				Send("{SCROLLLOCK on}")
			Else
				Send("{SCROLLLOCK off}")
			EndIf
			Send("{NUMLOCK on}")
			Sleep($speed)
			Send("{NUMLOCK off}")
			Sleep($speed)
		Next
		Send("{SCROLLLOCK off}")
	Next
EndFunc   ;==>sendarray

Func stringtobase2($txt)
	Local $src = StringSplit($txt, "")
	Local $res[UBound($src)]
	For $x = 1 To $src[0]
		$res[$x] = chartobase2($src[$x])
	Next
	Return $res
EndFunc   ;==>stringtobase2

Func chartobase2($chr)
	Local $nr = Asc($chr)
	Local $res = ""
	If BitAND($nr, 128) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 64) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 32) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 16) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 8) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 4) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 2) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	If BitAND($nr, 1) Then
		$res &= "1"
	Else
		$res &= "0"
	EndIf
	Return $res
EndFunc   ;==>chartobase2


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));)''Chr("a")&"HI"
Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users