Jump to content
AgentOfPork

HID support

Recommended Posts

Having ordered the Key Croc (of course), I'm wondering about the extent of the HID support.

It obviously works with wireless keyboards, but some users have wireless combos, keyboard and mouse, though a single receiver dongle.
Will this work to pass through the mouse? I see all kinds of possible attack scenarios with this, just wondering what constraints we will have to work around.

Share this post


Link to post
Share on other sites

As it stands today it does not passthrough mouse - however it is something we can look into. Is there a particular target keyboard/mouse combination with wireless receiver we should investigate?

Share this post


Link to post
Share on other sites

The Logitech MK270 combo kit is a popular one with our clients (SMB/SME) up here (Canada). 

Low cost in bulk deployments of front-line workstations (service and parts counters in an auto dealership, for example) and decent reliability.

Retail price about $25USD (around $35-40ish here in the tundra). Amazon pricing seems all over the place right now, BestBuy seems a more reliable gauge. 🤔

No real bells/whistles on the keyboard may make it a good basic platform to test with. 

The idea just struck me watching a manager attach his laptop to his dock, and realizing he had just switched to the same combo, with the receiver in the dock. With the cable mess behind his dock, something like the KC would never be noticed. Evil maid attack has never been so easy, fast, and persistent... 

 

Let me know if there is anything I can contribute to this. I've been out of programming for years, but I can always fire up windows and linux machines (no Macs in our shop, sorry) 

 

Share this post


Link to post
Share on other sites

I totally agree that dongle life has made things easier on the hardware implant front. Rats nests behind docking stations abound. Heck, most monitors include USB hubs in the back – I know I dock my macbook on a Dell U3818DW with a single USB-C and rely on the screen for my peripherals.

Anyway, we'll look into this and see what's possible.

Share this post


Link to post
Share on other sites

Thanks! That's all I can ask! 

Just going to go refresh that order page again...waiting to see when my KC ships...*click*...nope, not yet...*click*...nope...*click*... 

Share this post


Link to post
Share on other sites

Does the female USB host port support anything but keyboards? I understand from above reply nothing but keyboard passthrough to the target, but can you use other devices from the Croc's OS?

I'm thinking flash drives, NICs, audio devices, etc.

Share this post


Link to post
Share on other sites

@Darren Kitchen Also, you've basically created a sweet hardware AutoHotKey device!

I'm thinking an awesome easy feature would be a macro keyboard "payload". Plug an extra keyboard in, even just a num pad, and you could have dedicated hot keys launch apps, or control media editing/playback, or trigger something like frequently used Photoshop key combos.

Share this post


Link to post
Share on other sites

@gigawatts I've been using mine as an AutoHotKey like device - triggering payloads to write canned responses to common emails. Even better since I have the power of bash to be able to use variables. So yes, even outside of pentesting it's a nifty little gadget to have.

In regards to supporting other devices – let me be clear that the intended use cases for this turnkey keylogging pentest implant is first and foremost as a keylogger. That said, and in the hacker spirit, of course it's capable of so much more. Just, please understand that we're a small team and don't have the resources to support every possible device under the sun. If you attach a NIC and it works - great. If it doesn't - sorry, that wasn't within the scope of what we're trying to do here. Will we be helpful and point you in the right direction if we have that ability? Of course. But I just want to set clear expectations that while it can absolutely be used for use cases outside the intended function, we're limited in what we can "officially" support. 

So, with that I might mention that our friend @GlytchTech recently added support for an RTL-SDR dongle so he could pick up Software Defined Radio signals on the Key Croc. It that totally cool? Yes. Is it an absolute hack? Of course - and we love it.

Share this post


Link to post
Share on other sites
16 hours ago, Darren Kitchen said:

@gigawatts I've been using mine as an AutoHotKey like device - triggering payloads to write canned responses to common emails. Even better since I have the power of bash to be able to use variables. So yes, even outside of pentesting it's a nifty little gadget to have.

In regards to supporting other devices – let me be clear that the intended use cases for this turnkey keylogging pentest implant is first and foremost as a keylogger. That said, and in the hacker spirit, of course it's capable of so much more. Just, please understand that we're a small team and don't have the resources to support every possible device under the sun. If you attach a NIC and it works - great. If it doesn't - sorry, that wasn't within the scope of what we're trying to do here. Will we be helpful and point you in the right direction if we have that ability? Of course. But I just want to set clear expectations that while it can absolutely be used for use cases outside the intended function, we're limited in what we can "officially" support. 

So, with that I might mention that our friend @GlytchTech recently added support for an RTL-SDR dongle so he could pick up Software Defined Radio signals on the Key Croc. It that totally cool? Yes. Is it an absolute hack? Of course - and we love it.

Yeah, I realize I'm asking about super unsupported features here, but that's what a good hacker does, right? 😁

I've been using my Pineapple Nano as a "USB Tethering translator", acting as a EasyTether client (with a ET openwrt IPK installed) from my phone, then passing that internet connection on via the USB Eth port back to my PC, so that I don't need to install the EasyTether application on whatever PC I want to share it to.

The Croc looks much more compact, and sounds like it would be a great replacement for my use case (so that I can reclaim the Nano for, you know, WIFI stuff!). Being able to experiment with AutoHotKey style macros is just icing on the cake!

I'll keep a close eye on where @GlytchTech goes with stuff like that.

Super awesome product here folks, I'll be picking one up shortly!

Share this post


Link to post
Share on other sites

Mine just shipped! Can't wait to dig into this one. Running a Debian derivative, I should be able to have some serious fun!

Share this post


Link to post
Share on other sites

I just tested on a Logitech unifying receiver with keyboard and mouse and the mouse entered all kinds of random keyboard commands and mouse movement/clicks.

We definitely will need mouse passthrough for this to work properly in this scenario.

Share this post


Link to post
Share on other sites

Not having any idea how they pulled this one off, and not being a linux kernel-hacker myself, I'm totally just guessing at this one. But I suspect the work is slightly more than trivial. I remember the USB Gadget Driver/Multi-function Composite Driver will let you do HID-anything-you-want-to-define including keyboard/mouse combos, but I'm not a C/C++ programmer, so I'm of little use there.

 

That said, I can't wait for mine to arrive so I can start testing. Payloads are something I can look at, as it's running Debian, and I can do plenty with that...

Share this post


Link to post
Share on other sites

It's definitely not trivial but it shouldn't be impossible either. We have a proof of concept, but it's more of a hard-coded thing that's not ideal. We're investigating a more generic solution. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...