whitehat Posted April 16, 2012 Share Posted April 16, 2012 (edited) I <3 college booties Edited May 16, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 16, 2012 Share Posted April 16, 2012 I'm going to guess that the hardware keylogger was just a transparent pass through and who only knows what Apple does with their keyboard drivers. For all we know, may be encrypted over the line until it's decrypted by drivers? No clue really but interesting find. Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 16, 2012 Author Share Posted April 16, 2012 · Hidden by whitehat, May 16, 2012 - spammers are stalking me on here Hidden by whitehat, May 16, 2012 - spammers are stalking me on here hmm thanks Mr. Protocol, but if data coming out of the keyboard was encrypted wouldn't that preclude it working when that keyboard is plugged into a PC or older/tower Mac? Because it worked in those scenarios. Also, just for the record, these USB Apple keyboards come with a USB port for your mouse. We tried it with and without the mouse plugged in. The mouse is also not detected when the logger is attached. Link to comment
Mr-Protocol Posted April 16, 2012 Share Posted April 16, 2012 Try taking the mac keyboard to a PC and see if it works like that. May be something with Apple only accepting KB/Mouse with a specific HID number. Quote Link to comment Share on other sites More sharing options...
whitehat Posted April 17, 2012 Author Share Posted April 17, 2012 · Hidden by whitehat, May 16, 2012 - booty Hidden by whitehat, May 16, 2012 - booty I think OP said he did take the mac KB to a PC and it worked. Indeed. It sucks too, bc I got authorized to do a pen test that mostly uses Mac's and I've been having a string of bad luck w/ it. Idk about the HID number theory although I'd be happy to test it if I knew how. The reason I say idk though is that the iMacs will work with any keyboard or HID so it would have to be that they figured out what the HID number of the logger is and blacklisted it, which seems unlikely (especially given that it's not just this one logger based on what Hamiltonian is saying). Link to comment
Mr-Protocol Posted April 17, 2012 Share Posted April 17, 2012 I think OP said he did take the mac KB to a PC and it worked. I had not come across this issue myself, but now that you mention it I can confirm that my iMac also experienced the phenomena with a KL. HID number? Interesting. Any way to test or work around that? I didn't realize these things had a number associated with them? Ah, skimmed the OP :P. Most notably for the rubber ducky to emulate not only a HID (keyboard) but any other type of device. I guess me saying HID was incorrect. Sorry, it's late and too distracted lol. But devices do have an Device ID to let the computer know what it is to a degree. Indeed. It sucks too, bc I got authorized to do a pen test that mostly uses Mac's and I've been having a string of bad luck w/ it. Idk about the HID number theory although I'd be happy to test it if I knew how. The reason I say idk though is that the iMacs will work with any keyboard or HID so it would have to be that they figured out what the HID number of the logger is and blacklisted it, which seems unlikely (especially given that it's not just this one logger based on what Hamiltonian is saying). As I said before, HID was the wrong word for me to use. But that might be something to do with why the rubber ducky freaks out on Macs? I don't hit the rubby ducky thread as hard as I should. For all I know, Apple could have known about the device and blocked it's ID from the OS. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.