Dnucna Posted June 19, 2012 Share Posted June 19, 2012 (edited) Hi, here is my version of the encoder: http://code.google.com/p/ducky-decode/ (2.1) See this topic for information: http://forums.hak5.org/index.php?/topic/27257-duck-encoder-v20-released-081612/ Cheers, Dnucna Edited October 3, 2012 by Dnucna Quote Link to comment Share on other sites More sharing options...
cubicbit Posted June 24, 2012 Share Posted June 24, 2012 hi, beautiful work, is so much easier to program I'm Portuguese I would show you the changes I made the files called "keyboard.properties" and "pt.properties" Portuguese Keyboard 102 keys. I'm not well connected to java programming so when compiling to "inject.bin" has the following output: Error with keyboard.properties! my changes in keyboard.properties: //default keys for portuguese 102-key keyboards MODIFIERKEY_CTRL = 0x01 MODIFIERKEY_SHIFT = 0x02 MODIFIERKEY_ALT = 0x04 MODIFIERKEY_GUI = 0x08 MODIFIERKEY_LEFT_CTRL = 0xE0 MODIFIERKEY_LEFT_SHIFT = 0xE1 MODIFIERKEY_LEFT_ALT = 0xE2 MODIFIERKEY_LEFT_GUI = 0xE3 MODIFIERKEY_RIGHT_CTRL = 0xE4 MODIFIERKEY_RIGHT_SHIFT= 0xE5 MODIFIERKEY_RIGHT_ALT = 0xE6 MODIFIERKEY_RIGHT_GUI = 0xE7 KEY_MEDIA_VOLUME_INC = 0xE9 KEY_MEDIA_VOLUME_DEC = 0xEA KEY_MEDIA_MUTE = 0xE2 KEY_MEDIA_PLAY_PAUSE = 0xCD KEY_MEDIA_NEXT_TRACK = 0xB5 KEY_MEDIA_PREV_TRACK = 0xB6 KEY_MEDIA_STOP = 0xB7 KEY_MEDIA_EJECT = 0xB8 KEY_A = 0x04 KEY_B = 0x05 KEY_C = 0x06 KEY_D = 0x07 KEY_E = 0x08 KEY_F = 0x09 KEY_G = 0x0A KEY_H = 0x0B KEY_I = 0x0C KEY_J = 0x0D KEY_K = 0x0E KEY_L = 0x0F KEY_M = 0x10 KEY_N = 0x11 KEY_O = 0x12 KEY_P = 0x13 KEY_Q = 0x14 KEY_R = 0x15 KEY_S = 0x16 KEY_T = 0x17 KEY_U = 0x18 KEY_V = 0x19 KEY_W = 0x1A KEY_X = 0x1B KEY_Y = 0x1C KEY_Z = 0x1D KEY_1 = 0x1E KEY_2 = 0x1F KEY_3 = 0x20 KEY_4 = 0x21 KEY_5 = 0x22 KEY_6 = 0x23 KEY_7 = 0x24 KEY_8 = 0x25 KEY_9 = 0x26 KEY_0 = 0x27 KEY_ENTER = 0x28 KEY_ESC = 0x29 KEY_BACKSPACE = 0x2A KEY_TAB = 0x2B KEY_SPACE = 0x2C KEY_MINUS = 0x2D KEY_EQUAL = 0x2E KEY_LEFT_BRACE = 0x2F KEY_RIGHT_BRACE = 0x30 KEY_BACKSLASH = 0x31 KEY_NON_US_42 = 0x32 // CHAR(~ ^) KEY POSITION 42 (PORTUGUESE KEYBOARD) KEY_SEMICOLON = 0x33 KEY_QUOTE = 0x34 KEY_TILDE = 0x35 // CHAR("backslash" and "pipe") KEY POSITION 1 (PORTUGUESE KEYBOARD) KEY_COMMA = 0x36 KEY_PERIOD = 0x37 KEY_SLASH = 0x38 KEY_CAPS_LOCK = 0x39 KEY_F1 = 0x3A KEY_F2 = 0x3B KEY_F3 = 0x3C KEY_F4 = 0x3D KEY_F5 = 0x3E KEY_F6 = 0x3F KEY_F7 = 0x40 KEY_F8 = 0x41 KEY_F9 = 0x42 KEY_F10 = 0x43 KEY_F11 = 0x44 KEY_F12 = 0x45 KEY_PRINTSCREEN = 0x46 KEY_SCROLL_LOCK = 0x47 KEY_PAUSE = 0x48 KEY_INSERT = 0x49 KEY_HOME = 0x4A KEY_PAGEUP = 0x4B KEY_DELETE = 0x4C KEY_END = 0x4D KEY_PAGEDOWN = 0x4E KEY_RIGHT = 0x4F KEY_LEFT = 0x50 KEY_DOWN = 0x51 KEY_UP = 0x52 KEY_NUM_LOCK = 0x53 KEYPAD_SLASH = 0x54 KEYPAD_ASTERIX = 0x55 KEYPAD_MINUS = 0x56 KEYPAD_PLUS = 0x57 KEYPAD_ENTER = 0x58 KEYPAD_1 = 0x59 KEYPAD_2 = 0x5A KEYPAD_3 = 0x5B KEYPAD_4 = 0x5C KEYPAD_5 = 0x5D KEYPAD_6 = 0x5E KEYPAD_7 = 0x5F KEYPAD_8 = 0x60 KEYPAD_9 = 0x61 KEYPAD_0 = 0x62 KEYPAD_PERIOD = 0x63 KEY_NON_US_45 = 0x64 // CHAR(< >) POSITION 45 (PORTUGUESE KEYBOARD) KEY_APP = 0x65 KEY_SYSTEM_POWER = 0x81 KEY_SYSTEM_SLEEP = 0x82 KEY_SYSTEM_WAKE = 0x83 KEY_LEFT_CTRL = 0xE0 KEY_LEFT_SHIFT = 0xE1 KEY_LEFT_ALT = 0xE2 KEY_LEFT_GUI = 0xE3 KEY_RIGHT_CTRL = 0xE4 KEY_RIGHT_SHIFT= 0xE5 KEY_RIGHT_ALT = 0xE6 KEY_RIGHT_GUI = 0xE7 my changes in pt.properties: // Portuguese 102-key keyboard layout CHAR MODIFICATIONS ASCII_7C = KEY_TILDE, MODIFIERKEY_SHIFT // pipe (changed for pt keyboard) ASCII_21 = KEY_1, MODIFIERKEY_SHIFT // ! ASCII_22 = KEY_2, MODIFIERKEY_SHIFT // " (changed to KEY_2 for pt keyboard) ASCII_23 = KEY_3, MODIFIERKEY_SHIFT // # ASCII_24 = KEY_4, MODIFIERKEY_SHIFT // $ ASCII_25 = KEY_5, MODIFIERKEY_SHIFT // % ASCII_26 = KEY_6, MODIFIERKEY_SHIFT // & (changed to KEY_6 for pt keyboard) ASCII_2F = KEY_7, MODIFIERKEY_SHIFT // / (changed to KEY_7 and ASCII_2F for pt keyboard) ASCII_28 = KEY_8, MODIFIERKEY_SHIFT // ( (changed to KEY_8 for pt keyboard) ASCII_29 = KEY_9, MODIFIERKEY_SHIFT // ) (changed to KEY_9 for pt keyboard) ASCII_2A = KEY_LEFT_BRACE, MODIFIERKEY_SHIFT // * (changed to KEY_LEFT_BRACE for pt keyboard) ASCII_2B = KEY_LEFT_BRACE // + (changed to KEY_LEFT_BRACE for pt keyboard) ASCII_2C = KEY_COMMA // , ASCII_2D = KEY_SLASH // - (changed to KEY_SLASH for pt keyboard) ASCII_2E = KEY_PERIOD // . ASCII_5C = KEY_TILDE // backslash (Changed to KEY_TILDE and ASCII_5C for pt keyboard) ASCII_30 = KEY_0 // 0 ASCII_31 = KEY_1 // 1 ASCII_32 = KEY_2 // 2 ASCII_33 = KEY_3 // 3 ASCII_34 = KEY_4 // 4 ASCII_35 = KEY_5 // 5 ASCII_36 = KEY_6 // 6 ASCII_37 = KEY_7 // 7 ASCII_38 = KEY_8 // 8 ASCII_39 = KEY_9 // 9 ASCII_3A = KEY_PERIOD, MODIFIERKEY_SHIFT // : (changed to KEY_PERIOD for pt keyboard) ASCII_3B = KEY_COMMA, MODIFIERKEY_SHIFT // ; (changed to KEY_COMMA for pt keyboard) ASCII_3C = KEY_NON_US_45 // < (changed to KEY_NON_US_45 for pt keyborad) ASCII_3D = KEY_0 // = ASCII_3E = KEY_NON_US_45, MODIFIERKEY_SHIFT // > (changed to KEY_NON_US_45 for keybord) ASCII_3F = KEY_MINUS, MODIFIERKEY_SHIFT // ? (changed to KEY_MINUS for pt keyboard) ASCII_40 = KEY_2, MODIFIERKEY_RIGHT_CTRL // @ (changed to MODIFIERKEY_RIGHT_CTRL for pt keyboard) ASCII_41 = KEY_A, MODIFIERKEY_SHIFT // A ASCII_42 = KEY_B, MODIFIERKEY_SHIFT // B ASCII_43 = KEY_C, MODIFIERKEY_SHIFT // C ASCII_44 = KEY_D, MODIFIERKEY_SHIFT // D ASCII_45 = KEY_E, MODIFIERKEY_SHIFT // E ASCII_46 = KEY_F, MODIFIERKEY_SHIFT // F ASCII_47 = KEY_G, MODIFIERKEY_SHIFT // G ASCII_48 = KEY_H, MODIFIERKEY_SHIFT // H ASCII_49 = KEY_I, MODIFIERKEY_SHIFT // I ASCII_4A = KEY_J, MODIFIERKEY_SHIFT // J ASCII_4B = KEY_K, MODIFIERKEY_SHIFT // K ASCII_4C = KEY_L, MODIFIERKEY_SHIFT // L ASCII_4D = KEY_M, MODIFIERKEY_SHIFT // M ASCII_4E = KEY_N, MODIFIERKEY_SHIFT // N ASCII_4F = KEY_O, MODIFIERKEY_SHIFT // O ASCII_50 = KEY_P, MODIFIERKEY_SHIFT // P ASCII_51 = KEY_Q, MODIFIERKEY_SHIFT // Q ASCII_52 = KEY_R, MODIFIERKEY_SHIFT // R ASCII_53 = KEY_S, MODIFIERKEY_SHIFT // S ASCII_54 = KEY_T, MODIFIERKEY_SHIFT // T ASCII_55 = KEY_U, MODIFIERKEY_SHIFT // U ASCII_56 = KEY_V, MODIFIERKEY_SHIFT // V ASCII_57 = KEY_W, MODIFIERKEY_SHIFT // W ASCII_58 = KEY_X, MODIFIERKEY_SHIFT // X ASCII_59 = KEY_Y, MODIFIERKEY_SHIFT // Y ASCII_5A = KEY_Z, MODIFIERKEY_SHIFT // Z ASCII_5B = KEY_8, MODIFIERKEY_RIGHT_CTRL // [ (changed to KEY_8, MODIFIERKEY_RIGHT_CTRL for pt keyboard) //ASCII_5C = KEY_BACKSLASH // deleted for pt keyboard ASCII_5D = KEY_9, MODIFIERKEY_RIGHT_CTRL // ] (changed to KEY_9, MODIFIERKEY_RIGHT_CTRL for pt keyboard) ASCII_5E = KEY_NON_US_42, MODIFIERKEY_SHIFT // ^ (changed to KEY_NON_US_42 for pt keyboard) ASCII_5F = KEY_SLASH, MODIFIERKEY_SHIFT // _ (changed to KEY_SLASH for pt keyboard) ASCII_60 = KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT // ` (changed to KEY_RIGHT_BRACE, MODIFIERKEY_SHIFT for pt keyboard) ASCII_27 = KEY_RIGHT_BRACE // new line non-us-char ASCII_61 = KEY_A // a ASCII_62 = KEY_B // b ASCII_63 = KEY_C // c ASCII_64 = KEY_D // d ASCII_65 = KEY_E // e ASCII_66 = KEY_F // f ASCII_67 = KEY_G // g ASCII_68 = KEY_H // h ASCII_69 = KEY_I // i ASCII_6A = KEY_J // j ASCII_6B = KEY_K // k ASCII_6C = KEY_L // l ASCII_6D = KEY_M // m ASCII_6E = KEY_N // n ASCII_6F = KEY_O // o ASCII_70 = KEY_P // p ASCII_71 = KEY_Q // q ASCII_72 = KEY_R // r ASCII_73 = KEY_S // s ASCII_74 = KEY_T // t ASCII_75 = KEY_U // u ASCII_76 = KEY_V // v ASCII_77 = KEY_W // w ASCII_78 = KEY_X // x ASCII_79 = KEY_Y // y ASCII_7A = KEY_Z // z ASCII_7B = KEY_7, MODIFIERKEY_SHIFT // { (changed to KEY_7 for pt keyboard) //ASCII_7C = KEY_BACKSLASH, MODIFIERKEY_SHIFT // pipe deleted for pt keyboard ASCII_7D = KEY_9, MODIFIERKEY_SHIFT // } (changed to KEY_9 for pt keyboard) ASCII_7E = KEY_NON_US_42 // ~ (changed to KEY_NON_US_45 for keybord ASCII_7F = KEY_BACKSPACE // //ASCII_87 = KEY_SEMICOLON // c CEDILLA line added //ASCII_87 = KEY_SEMICOLON, MODIFIERKEY_SHIFT // C CEDILLA line added //ASCII_20 = KEY_SPACE // space line added //ASCII_9C = KEY_3, MODIFIERKEY_RIGHT_CTRL // £ Pound Signal line added //ASCII_AE = KEY_EQUAL // LEFT-POINTING DOUBLE ANGLE QUOTATION MARK line added //ASCII_AF = KEY_EQUAL, MODIFIERKEY_SHIFT // RIGTH-POINTING DOUBLE ANGLE QUOTATION MARK line added //ASCII_15 = KEY_4, MODIFIERKEY_RIGHT_CTRL // § SECTION SIGN line added //ASCII_A6 = KEY_QUOTE, MODIFIERKEY_SHIFT // Feminine ordinal line added //ASCII_A7 = KEY_QUOTE // Masculine ordinal line added //UNICODE_20AC = KEY_E, MODIFIERKEY_RIGHT_ALT // € Euro Sign line added Quote Link to comment Share on other sites More sharing options...
Dnucna Posted June 25, 2012 Author Share Posted June 25, 2012 (edited) Hi cubicbit, thank you for the feedback. I give you some advices for your problem: 1) Don't put the comment on the same line as the key. Properties don't strip them (me neither). // CHAR(~ ^) KEY POSITION 42 (PORTUGUESE KEYBOARD) KEY_NON_US_42 = 0x32 2) You can put these keys in your pt.properties. Look at the beginning of my French layout : // french layout KEY_NON_US_100 = 100 3) You can use the jar with an external layout java -jar encoder.jar -i payload.txt -l /path/to/pt.properties 4) If you want compile the code, put the pt.properties en keyboard.properties in a "resources" folder. Look at the zip. Cheers, Dnucna Edited June 25, 2012 by Dnucna Quote Link to comment Share on other sites More sharing options...
cubicbit Posted July 3, 2012 Share Posted July 3, 2012 hi Dnucna, thanks for the tip! I now have a output error when compiling the inject.bin file. the error is: Error on Line: 15 java.lang.NullPointerException at Encoder.strToByte (Encoder.java: 335) at Encoder.encodeToFile (Encoder.java: 203) at Encoder.main (Encoder.java: 114) the payload is: DEFAULT_DELAY 1200 GUI BREAK CTRL-SHIFT ESC F1 ALT F4 R GUI STRING notepad.exe ENTER STRING test ALT SPACE STRING x R GUI STRING cmd ENTER CTRL z cheers cubicbit Quote Link to comment Share on other sites More sharing options...
cubicbit Posted July 3, 2012 Share Posted July 3, 2012 the CTRL or CONTROL with string "z" after, is not working. these combination keys are important for command "copy con", to get strings outputed to a file! Quote Link to comment Share on other sites More sharing options...
cubicbit Posted July 4, 2012 Share Posted July 4, 2012 (edited) I made a hexdump of the payload: 0000000 0848 ff00 ff00 ff00 ff00 b400 0329 ff00 0000010 ff00 ff00 ff00 b400 003a ff00 ff00 ff00 0000020 ff00 b400 043d ff00 ff00 ff00 ff00 b400 0000030 0815 ff00 ff00 ff00 ff00 b400 0011 0012 0000040 0017 0008 0013 0004 0007 0037 0008 001b 0000050 0008 ff00 ff00 ff00 ff00 b400 0028 ff00 0000060 ff00 ff00 ff00 b400 0017 0008 0016 0017 0000070 ff00 ff00 ff00 ff00 b400 042c ff00 ff00 0000080 ff00 ff00 b400 001b ff00 ff00 ff00 ff00 0000090 b400 0815 ff00 ff00 ff00 ff00 b400 0006 00000a0 0010 0007 ff00 ff00 ff00 ff00 b400 0028 00000b0 ff00 ff00 ff00 ff00 b400 001d 00000bb Edited July 4, 2012 by cubicbit Quote Link to comment Share on other sites More sharing options...
Dnucna Posted July 9, 2012 Author Share Posted July 9, 2012 Hi Cubicbit, Sorry for the delay. Try to download again my zip file. I have fixed this bug some times ago if you watch my first post (the edit). Is the line 203 "file.add(strToByte(keyboardProps.getProperty("MODIFIERKEY_CTRL")));" ? Tell me if it works. Regards, Dnucna Quote Link to comment Share on other sites More sharing options...
cubicbit Posted July 13, 2012 Share Posted July 13, 2012 Hi Dnucna, I used the last Encoder.java edited with the change in line 203, and got the same output error when compiling to inject.bin!! Error on Line: 15 java.lang.NullPointerException at Encoder.strToByte (Encoder.java: 335) at Encoder.encodeToFile (Encoder.java: 203) at Encoder.main (Encoder.java: 114) Regards, cubicbit Quote Link to comment Share on other sites More sharing options...
Dnucna Posted July 17, 2012 Author Share Posted July 17, 2012 Hi, I send you a private message. Can you send me your properties files ? Zip all your folder, I will try to replay the bug. Dnucna Quote Link to comment Share on other sites More sharing options...
HarryT Posted October 1, 2012 Share Posted October 1, 2012 Hi Dnucna This post might be exactly what Im looking for but I was hoping Im understanding this right. You have recompiled the duckencode.jar file to include a number of additional "modifiers" ? I have been wrestling with CTRL-SHIFT-ENTER in Windows 7 to get CMD as Admin. If this does what it appears to do, it may be exactly what I need to get this working! Regards HarryT Quote Link to comment Share on other sites More sharing options...
HarryT Posted October 1, 2012 Share Posted October 1, 2012 Hi again, Just tried downloading the Encode.zip file but it looks like the file was taken down. Is there any chance I can get a copy? Thanks Harry Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 2, 2012 Share Posted October 2, 2012 Hi again, Just tried downloading the Encode.zip file but it looks like the file was taken down. Is there any chance I can get a copy? Thanks Harry Hey if your looking to run things as admin it has been done before with other Payloads like reverse shell http://avocado.hak5.org Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 2, 2012 Share Posted October 2, 2012 ESCAPECONTROL ESCAPEDELAY 400STRING cmdDELAY 400MENUDELAY 400STRING aDELAY 600LEFTARROWENTERDELAY 400[/CODE] Quote Link to comment Share on other sites More sharing options...
HarryT Posted October 2, 2012 Share Posted October 2, 2012 Hi back - thanks for the reply. Yep - Ive tried this payload portion already. All I get is cmd within the search box and no cmd prompt, Ive tried it a few times. Thats why when I saw the thread above regarding the development of the SHIFT+CTRL+ENTER (which is needed) I thought that would make it go. Does this work on your own Windows 7 machine? Thanks HarryT Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 3, 2012 Share Posted October 3, 2012 Hi back - thanks for the reply. Yep - Ive tried this payload portion already. All I get is cmd within the search box and no cmd prompt, Ive tried it a few times. Thats why when I saw the thread above regarding the development of the SHIFT+CTRL+ENTER (which is needed) I thought that would make it go. Does this work on your own Windows 7 machine? Thanks HarryT It did work last year on my windows 7 64. Have not played with this since. Three button combos would be cool Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.