PenTesterSV503 Posted January 26, 2020 Share Posted January 26, 2020 Hello Guys, Do you know why the ATTACKMODE HID is not recognized during the windows boot up. We wan to selec the safe mode with command prompt. But our typing script doesn't work at this time. It works perfectly fine in a windows session. Our script is simply, after we have waited long enough and used the leds to make sure we are typing when this screen is being displayed. Q UP Q UP Q ENTER Link to comment Share on other sites More sharing options...
PenTesterSV503 Posted January 28, 2020 Author Share Posted January 28, 2020 If i undersant well the Bash BUnny is using a usb-hid_gadget. There is a similar android app that works during bios/booloader. https://github.com/pelya/android-keyboard-gadget/blob/master/README.md Is this possible to achieve the same sthing on the bash bunny? MAybe by updating the usb-hid-gadget? Link to comment Share on other sites More sharing options...
PenTesterSV503 Posted February 1, 2020 Author Share Posted February 1, 2020 We have detected the HID Keyboard is Reported with an Interface Descriptor that has a bInterfaceSubClass value of 0, in order to work during the BIOS booting time it needs to be set to 1. configfs is supposed to make possible to modify this value at runtime, but it doesn't look like the bash_bunny has been compiled with this option. HAK5 team, have you tested keyabord during boot time, is it possible that you recompile THe bunny_gadget.ko ? setting in f_hid.c In the code below -> bInterfaceSubClass = 1 AND bInterfaceProtocol = 1 static struct usb_interface_descriptor hidg_interface_desc = { .bLength = sizeof hidg_interface_desc, .bDescriptorType = USB_DT_INTERFACE, /* .bInterfaceNumber = DYNAMIC */ .bAlternateSetting = 0, .bNumEndpoints = 1, .bInterfaceClass = USB_CLASS_HID, /* .bInterfaceSubClass = DYNAMIC */ /* .bInterfaceProtocol = DYNAMIC */ /* .iInterface = DYNAMIC */ }; Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.