ATTACKMODE HID DURING WINDOWS STARTUP

[PenTesterSV503]

Hello Guys,

Do you know why the ATTACKMODE HID is not recognized during the windows boot up.

We wan to selec the safe mode with command prompt.

But our typing script doesn't work at this time. It works perfectly fine in a windows session.

 

Our script is simply, after we have waited long enough and used the leds to make sure we are typing when this screen is being displayed.

Q UP

Q UP

Q ENTER

[PenTesterSV503]

If i undersant well the Bash BUnny is using a usb-hid_gadget.

There is a similar android app that works during bios/booloader.

https://github.com/pelya/android-keyboard-gadget/blob/master/README.md

 

Is this possible to achieve the same sthing on the bash bunny? 

MAybe by updating the usb-hid-gadget?

[PenTesterSV503]

We have detected the HID Keyboard is Reported with an Interface Descriptor that has a bInterfaceSubClass value of 0, in order to work during the BIOS booting time it needs to be set to 1.

configfs is supposed to make possible to modify this value at runtime, but it doesn't look like the bash_bunny has been compiled with this option.

 

HAK5 team,  have you tested keyabord during boot time, is it possible that you recompile THe bunny_gadget.ko ?

setting in f_hid.c

In the code below -> bInterfaceSubClass  = 1 AND  bInterfaceProtocol    = 1

static struct usb_interface_descriptor hidg_interface_desc = {
    .bLength        = sizeof hidg_interface_desc,
    .bDescriptorType    = USB_DT_INTERFACE,
    /* .bInterfaceNumber    = DYNAMIC */
    .bAlternateSetting    = 0,
    .bNumEndpoints        = 1,
    .bInterfaceClass    = USB_CLASS_HID,
    /* .bInterfaceSubClass    = DYNAMIC */
    /* .bInterfaceProtocol    = DYNAMIC */
    /* .iInterface        = DYNAMIC */
};