jdogherman Posted October 17, 2011 Share Posted October 17, 2011 Does anyone know how the keyboard lock works? I wonder if we could use the keyboard caps lock as a trigger to tell the duck when the OS has enabled the HID device. maybe the code would be turn on & turn off caps lock until the os sends the signal back that it accepts the change... The duck can load its payload. Does this make sense to anyone? Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted October 18, 2011 Share Posted October 18, 2011 Well, it could be tricky because the USBRD is a separate keyboard to any PS/2 or USB keyboards you may have connected to your PC as well. Also, seeing as they are both HID devices they communicate one-way to the PC. So the USBRD wouldn't be able to acknowledge any change in caps lock from another HID device. (As far as I am aware). You could do a similar thing by soldering a button(s) to the ducky and then adding your own code to the firmware to execute Inject1.bin, Inject2.bin, Inject3.bin, etc depending on how many times the button was pressed in sequence (over a 3 second time stop, for example). However, you would need to wait for firmware to be released on the wiki... Quote Link to comment Share on other sites More sharing options...
jdogherman Posted October 18, 2011 Author Share Posted October 18, 2011 So the duck does not have a way to see the NUMLock status like other physical keyboards can? Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted October 19, 2011 Share Posted October 19, 2011 The Duck is a different keyboard to what is connected, not an addon to it. For Example, If you have two keyboards plugged into a machine, if you push num lock on one of them, it will only activate the num lock for THAT one, not the second one... Quote Link to comment Share on other sites More sharing options...
jdogherman Posted October 19, 2011 Author Share Posted October 19, 2011 I just tested this and when using NUMLOCK it affected the Number lock on my keyboard this is the code I used. DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK DELAY 50 NUMLOCK The Number lock flashed on my keyboard. My question is there a way for the Duck to read that the number lock is toggled? If so then it could be used as a communication vector. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted October 20, 2011 Share Posted October 20, 2011 Well, it appears that windows stores the numlock toggle, not the keyboard. All the same, a HID is incapable of receiving information... (AFAIA) Quote Link to comment Share on other sites More sharing options...
jdogherman Posted October 20, 2011 Author Share Posted October 20, 2011 If a HID is not able to receive data then how does the LED get lit on a physical USB Keyboard? Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted October 21, 2011 Share Posted October 21, 2011 The same way that any Microcontroller can light up. A piece of code waits for the num lock button to be pressed, and then turns the light on. Once the light is on, it appears that it also toggles something in Windows as well. I think this is right, because according to your post above, the num lock function in a ducky script activates on a physical keyboard as well.. Also, may I ask, is your physical keyboard USB or PS/2? Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted October 21, 2011 Share Posted October 21, 2011 Actually all of this has been suggested before: http://forums.hak5.org/index.php?showtopic=21125 For the lazy people, Boingo already done some researched and posted this link in the above thread: http://www.beyondlogic.org/keyboard/keybrd.htm Wich got a section to write data to a keyboard. So it should be possible Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.