Jump to content

[Question] System_Power & System_Sleep keys


Recommended Posts

It might depend on the keyboard, if you have power keys; this will then be dependant on a VID and PID combination.

I dont have once of these special keyboards, and cant comment. If Dnucna is still on here, maybe he can answer the question, as he build that original keyboard.properties file.

Link to comment
Share on other sites

I do recall when developing duckyscript running into these key combos, but I can't recall the hex values. They weren't incorporated however that isn't to say they couldn't be added. If you open an inject.bin in a hex editor it'll start to make sense - modifier followed by key. 00 is no modifier.

I believe the scancode for sleep is E0 5F or E0 3F.

http://www.quadibloc.com/comp/scan.htm

Link to comment
Share on other sites

Thanks for the tips guys but I still couldn't get it to work unfortunately.

I tried changing the VID & PID to match a keyboard that I know has a sleep button and I tried the E0 5F and E0 3F scan codes by hexeditting but that didn't work either. The E0 5F and E0 3F scancodes appear to be PS/2 scancodes.

I did come checking up and found this PDF (http://www.hiemalis.org/~keiji/PC/scancode-translate.pdf) and what I noticed is that all the common USB HID scan codes are under the HID Usage Page 07 and that the System Power, System Sleep and System Wake are all under the HID Usage Page 01. Is there a was to instruct the Ducky to use a different HID Usage page?

Thanks again for your help!

Link to comment
Share on other sites

If you have those keys on a usb keyboard, its easy to use a usb sniffer to capture those keys - then we can look at reversing them and getting them functional within the Ducky code.

Link to comment
Share on other sites

Sorry for the delay,

I tried using a software Scancode sniffer in Win 7 but it was unable to sniff the Sleep key. I wonder is a sniffer in Linux would be more affective. Could you suggest one?

I'm really thinking that the USB HID Usage Page may have something to do with it. Does the ducky allow the use of HID Usage pages other than 07 or is that hard coded?

Thanks,

Link to comment
Share on other sites

I used USBlyzer

The keyboard shows up as 3 devices but the one that reported the sleep scancode was called "HID-compliant consumer control device".

I tried to attach the CSV file but it says I'm not permitted. Here's the CSV data from USBlyzer (I'm not sure it this is what you need)"

I pressed the sleep button twice. Seq 0002-0003 is for the first time I pressed it and 0004-0007 is for the second time I pressed it.

-----

USBlyzer Report

Capture List

Type,Seq,Time,Elapsed,Duration,Request,Request Details,Raw Data,I/O,C:I:E,Device Object,Device Name,Driver Name,IRP,Status
START,0001,8:28:40.209,,,,,,,,,,,,
URB,0002,8:28:41.910,1.687732 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,
URB,0003,8:28:42.268,2.055734 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,
URB,0004-0002,8:28:47.053,6.840020 s,5.152288 s,Bulk or Interrupt Transfer,Input Report id:2 len:2,02 02,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,Success (Success),02 02
URB,0005,8:28:47.053,6.840039 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A6F4A80h,
URB,0006-0003,8:28:47.193,6.984012 s,4.928278 s,Bulk or Interrupt Transfer,Input Report id:2 len:2,02 00,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,Success (Success),02 00
URB,0007,8:28:47.193,6.984018 s,,Bulk or Interrupt Transfer,3 bytes buffer,,in,01:01:82,FFFFFA801A7121B0h,00000104,usbccgp,FFFFFA801A5D4BD0h,

This report was generated by USBlyzer http://www.usblyzer.com/
------

If you need the .ulz file, please let me know and I'll send it to you.

Thanks again for your help.

Link to comment
Share on other sites

ok, the raw data for the sleep code is "03 82"

but can you sniff the entire conversation... start sniffer, insert keyboard, push A (5x), then sleep (3x), then stop the sniffer - just want to check the HID report packets (these contain the Page number etc).

Thanks

Snake

Link to comment
Share on other sites

right the code is definitely "03 82"

however, its being transmitted on a second endpoint. Its going to take a bit of time, and analysis to figure out this endpoint is setup, it also means a firmware modification and a possible subsequent encoder mod (so the ducky knows it needs to swap endpoints)

What is an endpoint?

Think of it as a port or communication channel, you define EndPoints (EP) for different applications or communication flow; 1xEP = Keyboard (Ducky.hex), 2xEP= Keyboard & Mass Storage (Twin Ducky uses this!)

Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...