Jump to content
Sign in to follow this  
Darren Kitchen

[RELEASE] Key Croc Firmware 1.3

Recommended Posts

Thank you all for the incredible feedback on the Key Croc – especially the 1.3 beta. We knew in development that we were on to something game changing, so to hear the enthusiasm from you all directly is truly rewarding. The amount of creativity shown in such a short period of time since initial release is encouraging.

We hope that with this Key Croc firmware 1.3 we can further that creativity. As always we welcome your feedback here on the forums and of course on our Discord channel.

Thanks for your support and happy hacking!

Huge thanks to our team – @Korben for his work on this firmware with the support of @Foxtrot and everyone including 0xdade for feature inspiration.



  • General
    • (optional) Password Protected Arming Mode built into framework/parser
      • ARMING_PASS and (optional) ARMING_TIMEOUT can be defined in config.txt (Credits: 0xdade)
    • Fix croc being shutdown by host machine going to sleep
    • C2 notifications added to relevant event handlers
    • iProduct can now be defined with PROD_ when calling ATTACKMODE, and defined in config.txt as PROD
    • iManufacturer can be defined in config.txt as MAN
    • Croc now waits for keyboard to enter ATTACKMODE HID
    • Increase output log write speeds
    • Fixed $LOOT
    • ATTACKMODE now automatically populates /tmp/vid /tmp/pid /tmp/man /tmp/prod along with /tmp/mode
    • Fixed payload validation at boot and added payload validation to RELOAD_PAYLOADS

  • Payloads / Tools
    • Add SAVEKEYS [path] UNTIL [regex] syntax support to payloads (Credits:0xdade)
    • SAVEKEYS NEXT/UNTIL now also produce .filtered logs handling backspaces and removing control characters/modifiers.
    • Ported GET extension script from Bash Bunny
    • Added GET_VARS script giving your payload access to the following live data
      • VID
      • PID
      • MAN
      • PROD
      • HOST_IP
      • TARGET_IP
    • Added the following helper scripts
      • QUACKFILE (alias QFILE)
    • Framework functions exported
      • ENABLE_SSH
    • Added the following scripts

  • Misc
    • Added get_payloads.html to udisk
    • Fixed language file consistency, example: CONTROL/CTRL
    • Moved examples into library/examples
    • Debug logs moved to /root/loot so they will be automatically moved to udisk for easier debugging access
    • DEBUG ON in config.txt now enables parser and framework debug logs at boot


Download from https://downloads.hak5.org/croc

Documentation from https://docs.hak5.org/

Flashing Instructions from https://docs.hak5.org/hc/en-us/articles/360048015333-Updating-the-Key-Croc

Share this post

Link to post
Share on other sites

Good Morning,

System = Dell XPS15 9530 (old laptop) Win 10 Pro64 Key Croc

Updated from shipping version to 1.3_510 easy, but now it does net see my Raspberry Pi Keyboard.

Yes it boots and see it's HD, but led stayed white with Pi keyboard plugged in.  Plug in the Logitech K400r (wireless) from days past that is what I am typing on.


Share this post

Link to post
Share on other sites
Posted (edited)

My keycroc worked just fine with a mac keyboard (a pretty old one) but a USB keyboard.  After the update, which I did today, the same day I got the Croc, it didn't work.  The croc behaved as if there was no keyboard connected.  The keyboard just fine without the croc.

Next I tried a Logitech wireless keyboard, which shares a receiver with a mouse.  The Croc worked with that keyboard as expected.  HOWEVER - when I moved the mouse, it's movements came out as jumbled text in the computer.  I would have to say that with such a keyboard, this would not be a good thing.

Finally I tried a very old dell keyboard (which is old enough to drink), has a DIN connector.  I happen to have a DIN to USB adapter.  That worked exactly as advertised with Version 1.3.

I think 1.3 needs some more work.  To summarize, that which worked before does not work in 1.3.  MAC keyboard on a PC is admittedly unlikely in the real world. Logitech wireless keyboard + mouse is a bit more likely.



Edited by Struthian

Share this post

Link to post
Share on other sites

Further experimenting.  It appears that if one disconnects a "good" keyboard and then reconnects it - that works.  However, if one disconnects a good one and then connects one of the ones that seem to not work, then goes back to the good one - it doesn't work.  Can someone confirm this?  If so it appears that keyboards that won't log cause some internal error that prevents further function.


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...