[Question] System_Power & System_Sleep keys

[DemonicMooCow]

Hi, I've a newbie when it comes to the duck and I've had some success getting some of my scripts to work but I haven't yet been able to make the ducky work with the SYSTEM_POWER of the SYSTEM_SLEEP as defined in the keyboard.properties. Are these command supported by the ducky?

Thanks

[no42]

It might depend on the keyboard, if you have power keys; this will then be dependant on a VID and PID combination.

I dont have once of these special keyboards, and cant comment. If Dnucna is still on here, maybe he can answer the question, as he build that original keyboard.properties file.

[Darren Kitchen]

I do recall when developing duckyscript running into these key combos, but I can't recall the hex values. They weren't incorporated however that isn't to say they couldn't be added. If you open an inject.bin in a hex editor it'll start to make sense - modifier followed by key. 00 is no modifier.

I believe the scancode for sleep is E0 5F or E0 3F.

http://www.quadibloc.com/comp/scan.htm

[DemonicMooCow]

Thanks for the tips guys but I still couldn't get it to work unfortunately.

I tried changing the VID & PID to match a keyboard that I know has a sleep button and I tried the E0 5F and E0 3F scan codes by hexeditting but that didn't work either. The E0 5F and E0 3F scancodes appear to be PS/2 scancodes.

I did come checking up and found this PDF (http://www.hiemalis.org/~keiji/PC/scancode-translate.pdf) and what I noticed is that all the common USB HID scan codes are under the HID Usage Page 07 and that the System Power, System Sleep and System Wake are all under the HID Usage Page 01. Is there a was to instruct the Ducky to use a different HID Usage page?

Thanks again for your help!

[no42]

If you have those keys on a usb keyboard, its easy to use a usb sniffer to capture those keys - then we can look at reversing them and getting them functional within the Ducky code.

[overwraith]

Do media keys like play, stop, forward backward, and audio up and down work the same way? I got a Logitech G15.

[no42]

Honestly, no idea?

Thats why I break out the USB sniffer to find out; but all my keyboards are standard 102/104 - no media keys.

[DemonicMooCow]

Sorry for the delay,

I tried using a software Scancode sniffer in Win 7 but it was unable to sniff the Sleep key. I wonder is a sniffer in Linux would be more affective. Could you suggest one?

I'm really thinking that the USB HID Usage Page may have something to do with it. Does the ducky allow the use of HID Usage pages other than 07 or is that hard coded?

Thanks,

[no42]

Windows: USBlyzer, Busdog

Linux: Wireshark (yes, it has USB support in the later versions >libpcap-1.0.0)

[DemonicMooCow]

Thanks!

I'll try to have the results for tomorrrow.

[DemonicMooCow]

I used USBlyzer

The keyboard shows up as 3 devices but the one that reported the sleep scancode was called "HID-compliant consumer control device".

I tried to attach the CSV file but it says I'm not permitted. Here's the CSV data from USBlyzer (I'm not sure it this is what you need)"

I pressed the sleep button twice. Seq 0002-0003 is for the first time I pressed it and 0004-0007 is for the second time I pressed it.

-----

USBlyzer Report

Capture List

Type,Seq,Time,Elapsed,Duration,Request,Request Details,Raw Data,I/O,C:I:E,Device Object,Device Name,Driver Name,IRP,Status
START,0001,8:28:40.209,,,,,,,,,,,,
URB,0002,8:28:41.910,1.687732 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,
URB,0003,8:28:42.268,2.055734 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,
URB,0004-0002,8:28:47.053,6.840020 s,5.152288 s,Bulk or Interrupt Transfer,Input Report id:2 len:2,02 02,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,Success (Success),02 02
URB,0005,8:28:47.053,6.840039 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,
URB,0006-0003,8:28:47.193,6.984012 s,4.928278 s,Bulk or Interrupt Transfer,Input Report id:2 len:2,02 00,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,Success (Success),02 00
URB,0007,8:28:47.193,6.984018 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,

This report was generated by USBlyzer http://www.usblyzer.com/
------

If you need the .ulz file, please let me know and I'll send it to you.

Thanks again for your help.

[no42]

ok, the raw data for the sleep code is "03 82"

but can you sniff the entire conversation... start sniffer, insert keyboard, push A (5x), then sleep (3x), then stop the sniffer - just want to check the HID report packets (these contain the Page number etc).

Thanks

Snake

[DemonicMooCow]

Thanks,

PM send with updated .ulz

[no42]

right the code is definitely "03 82"

however, its being transmitted on a second endpoint. Its going to take a bit of time, and analysis to figure out this endpoint is setup, it also means a firmware modification and a possible subsequent encoder mod (so the ducky knows it needs to swap endpoints)

What is an endpoint?

Think of it as a port or communication channel, you define EndPoints (EP) for different applications or communication flow; 1xEP = Keyboard (Ducky.hex), 2xEP= Keyboard & Mass Storage (Twin Ducky uses this!)

[DemonicMooCow]

Thanks,

Unfortunately, I'm not a programmer but I could help by scanning the remaining media keys that are on that other endpoint (Volume Up, Volume Down, Mail, Calculator etc) and give you the scancodes.

[no42]

That would be useful thanks

[DemonicMooCow]

Midnite,

I know you're very busy but I was wondering if any progress has been made for this new feature request?

Thanks,

Demonic

[no42]

I've had very little down time :( but its still on my todo list .