HID support

[AgentOfPork]

Having ordered the Key Croc (of course), I'm wondering about the extent of the HID support.

It obviously works with wireless keyboards, but some users have wireless combos, keyboard and mouse, though a single receiver dongle.
Will this work to pass through the mouse? I see all kinds of possible attack scenarios with this, just wondering what constraints we will have to work around.

[Darren Kitchen]

As it stands today it does not passthrough mouse - however it is something we can look into. Is there a particular target keyboard/mouse combination with wireless receiver we should investigate?

[AgentOfPork]

The Logitech MK270 combo kit is a popular one with our clients (SMB/SME) up here (Canada). 

Low cost in bulk deployments of front-line workstations (service and parts counters in an auto dealership, for example) and decent reliability.

Retail price about $25USD (around $35-40ish here in the tundra). Amazon pricing seems all over the place right now, BestBuy seems a more reliable gauge. 🤔

No real bells/whistles on the keyboard may make it a good basic platform to test with. 

The idea just struck me watching a manager attach his laptop to his dock, and realizing he had just switched to the same combo, with the receiver in the dock. With the cable mess behind his dock, something like the KC would never be noticed. Evil maid attack has never been so easy, fast, and persistent... 

 

Let me know if there is anything I can contribute to this. I've been out of programming for years, but I can always fire up windows and linux machines (no Macs in our shop, sorry) 

 

[Darren Kitchen]

I totally agree that dongle life has made things easier on the hardware implant front. Rats nests behind docking stations abound. Heck, most monitors include USB hubs in the back – I know I dock my macbook on a Dell U3818DW with a single USB-C and rely on the screen for my peripherals.

Anyway, we'll look into this and see what's possible.

[AgentOfPork]

Thanks! That's all I can ask! 

Just going to go refresh that order page again...waiting to see when my KC ships...*click*...nope, not yet...*click*...nope...*click*... 

[gigawatts]

Does the female USB host port support anything but keyboards? I understand from above reply nothing but keyboard passthrough to the target, but can you use other devices from the Croc's OS?

I'm thinking flash drives, NICs, audio devices, etc.

[gigawatts]

@Darren Kitchen Also, you've basically created a sweet hardware AutoHotKey device!

I'm thinking an awesome easy feature would be a macro keyboard "payload". Plug an extra keyboard in, even just a num pad, and you could have dedicated hot keys launch apps, or control media editing/playback, or trigger something like frequently used Photoshop key combos.

[Darren Kitchen]

@gigawatts I've been using mine as an AutoHotKey like device - triggering payloads to write canned responses to common emails. Even better since I have the power of bash to be able to use variables. So yes, even outside of pentesting it's a nifty little gadget to have.

In regards to supporting other devices – let me be clear that the intended use cases for this turnkey keylogging pentest implant is first and foremost as a keylogger. That said, and in the hacker spirit, of course it's capable of so much more. Just, please understand that we're a small team and don't have the resources to support every possible device under the sun. If you attach a NIC and it works - great. If it doesn't - sorry, that wasn't within the scope of what we're trying to do here. Will we be helpful and point you in the right direction if we have that ability? Of course. But I just want to set clear expectations that while it can absolutely be used for use cases outside the intended function, we're limited in what we can "officially" support. 

So, with that I might mention that our friend @GlytchTech recently added support for an RTL-SDR dongle so he could pick up Software Defined Radio signals on the Key Croc. It that totally cool? Yes. Is it an absolute hack? Of course - and we love it.

[gigawatts]

16 hours ago, Darren Kitchen said:

@gigawatts I've been using mine as an AutoHotKey like device - triggering payloads to write canned responses to common emails. Even better since I have the power of bash to be able to use variables. So yes, even outside of pentesting it's a nifty little gadget to have.

In regards to supporting other devices – let me be clear that the intended use cases for this turnkey keylogging pentest implant is first and foremost as a keylogger. That said, and in the hacker spirit, of course it's capable of so much more. Just, please understand that we're a small team and don't have the resources to support every possible device under the sun. If you attach a NIC and it works - great. If it doesn't - sorry, that wasn't within the scope of what we're trying to do here. Will we be helpful and point you in the right direction if we have that ability? Of course. But I just want to set clear expectations that while it can absolutely be used for use cases outside the intended function, we're limited in what we can "officially" support. 

So, with that I might mention that our friend @GlytchTech recently added support for an RTL-SDR dongle so he could pick up Software Defined Radio signals on the Key Croc. It that totally cool? Yes. Is it an absolute hack? Of course - and we love it.

Yeah, I realize I'm asking about super unsupported features here, but that's what a good hacker does, right? 😁

I've been using my Pineapple Nano as a "USB Tethering translator", acting as a EasyTether client (with a ET openwrt IPK installed) from my phone, then passing that internet connection on via the USB Eth port back to my PC, so that I don't need to install the EasyTether application on whatever PC I want to share it to.

The Croc looks much more compact, and sounds like it would be a great replacement for my use case (so that I can reclaim the Nano for, you know, WIFI stuff!). Being able to experiment with AutoHotKey style macros is just icing on the cake!

I'll keep a close eye on where @GlytchTech goes with stuff like that.

Super awesome product here folks, I'll be picking one up shortly!

[AgentOfPork]

Mine just shipped! Can't wait to dig into this one. Running a Debian derivative, I should be able to have some serious fun!

[NakedEye]

I just tested on a Logitech unifying receiver with keyboard and mouse and the mouse entered all kinds of random keyboard commands and mouse movement/clicks.

We definitely will need mouse passthrough for this to work properly in this scenario.

[AgentOfPork]

Not having any idea how they pulled this one off, and not being a linux kernel-hacker myself, I'm totally just guessing at this one. But I suspect the work is slightly more than trivial. I remember the USB Gadget Driver/Multi-function Composite Driver will let you do HID-anything-you-want-to-define including keyboard/mouse combos, but I'm not a C/C++ programmer, so I'm of little use there.

 

That said, I can't wait for mine to arrive so I can start testing. Payloads are something I can look at, as it's running Debian, and I can do plenty with that...

[Darren Kitchen]

It's definitely not trivial but it shouldn't be impossible either. We have a proof of concept, but it's more of a hard-coded thing that's not ideal. We're investigating a more generic solution. 

[Omar01]

On 5/14/2020 at 3:46 PM, gigawatts said:

Yeah, I realize I'm asking about super unsupported features here, but that's what a good hacker does, right? 😁

I've been using my Pineapple Nano as a "USB Tethering translator", acting as a EasyTether client (with a ET openwrt IPK installed) from my phone, then passing that internet connection on via the USB Eth port back to my PC, so that I don't need to install the EasyTether application on whatever PC I want to share it to.

The Croc looks much more compact, and sounds like it would be a great replacement for my use case (so that I can reclaim the Nano for, you know, WIFI stuff!). Being able to experiment with AutoHotKey style macros is just icing on the cake!

I'll keep a close eye on where @GlytchTech goes with stuff like that.

Super awesome product here folks, I'll be picking one up shortly!

I have the need to save more than 2gb of client data, I am trying to mount a usbSticks I suppose it is only necessary to find the required .ko module to be able to mount the device locally. If anyone knows how to do it I would appreciate your help

[Quaid]

Hi ya'll, has there been any progress on allowing key croc to work with a combo wireless kb $ mouss. I am working with a logitech kb k520 & mouse m310

Maybe not possible with the k520?

[oldjamey]

I would also like to know if this has still actively being worked on.  No mouse passthrough is kind of a dealbreaker.

[Br00k7of9]

Darren,

This is an alarming design limitation given the market share and prevalence of wireless keyboard/mouse combinations. This reduces the application of the KeyCroc to lab environment and even further limits practical forward deployment. Even more concerning is your knowledge of this limitation for over 2 years. I understand and accept that you are a small team however, in the 26 months since being reported, it has been met without any meaningful progress. I am a newcomer to Hak5’s line of products but this changes my approach to future product purchases. Indeed, at this stage I would flatly not recommend the KeyCroc given this design limitation and I would emphasize that any future product be met with cautious and careful consideration for similarly situated technical oversight.

[Br00k7of9]

On 6/29/2022 at 9:34 AM, oldjamey said:

I would also like to know if this has still actively being worked on.  No mouse passthrough is kind of a dealbreaker.

I just received my KeyCroc and I can confirm there is no mouse passthrough.

[Uber-hackers]

7 minutes ago, Br00k7of9 said:

I just received my KeyCroc and I can confirm there is no mouse passthrough.

Sometimes you get a pass they but it’s like a touch screen, very weird. You think with it being a Linux box u could use a generic mouse driver.

[Br00k7of9]

On 7/18/2022 at 3:33 PM, Uber-hackers said:

Sometimes you get a pass they but it’s like a touch screen, very weird. You think with it being a Linux box u could use a generic mouse driver.

Unfortunately, my keyboard-mouse combination isn’t forgiving. It’s an older combo mk 710/mk 705 and initially, I was taken by surprise that such a basic feature was left out of the design. If this was disclosed on the product page, I would’ve changed my mind before dropping $119.00 on largely a lab-only/educational device.

These kind of logic-defying device limitations are a trend; considering the WiFi Pineapple VII lacked 5-GHz despite there being a significant market share of 5-GHz routers/APs. Hak5’s response was to offer another adapter at $59.99. I’m certain this is a trend with each and every device they offer.

Just trying to help the next person make a more informed purchase decision.