Darren Kitchen Posted June 26, 2020 Share Posted June 26, 2020 Thank you all for the incredible feedback on the Key Croc – especially the 1.3 beta. We knew in development that we were on to something game changing, so to hear the enthusiasm from you all directly is truly rewarding. The amount of creativity shown in such a short period of time since initial release is encouraging. We hope that with this Key Croc firmware 1.3 we can further that creativity. As always we welcome your feedback here on the forums and of course on our Discord channel. Thanks for your support and happy hacking! Huge thanks to our team – @Korben for his work on this firmware with the support of @Foxtrot and everyone including 0xdade for feature inspiration. Changelog: General (optional) Password Protected Arming Mode built into framework/parser ARMING_PASS and (optional) ARMING_TIMEOUT can be defined in config.txt (Credits: 0xdade) Fix croc being shutdown by host machine going to sleep C2 notifications added to relevant event handlers iProduct can now be defined with PROD_ when calling ATTACKMODE, and defined in config.txt as PROD iManufacturer can be defined in config.txt as MAN Croc now waits for keyboard to enter ATTACKMODE HID Increase output log write speeds Fixed $LOOT ATTACKMODE now automatically populates /tmp/vid /tmp/pid /tmp/man /tmp/prod along with /tmp/mode Fixed payload validation at boot and added payload validation to RELOAD_PAYLOADS Payloads / Tools Add SAVEKEYS [path] UNTIL [regex] syntax support to payloads (Credits:0xdade) SAVEKEYS NEXT/UNTIL now also produce .filtered logs handling backspaces and removing control characters/modifiers. Ported GET extension script from Bash Bunny Added GET_VARS script giving your payload access to the following live data VID PID MAN PROD HOST_IP TARGET_IP TARGET_HOSTNAME Added the following helper scripts QUACKFILE (alias QFILE) ENABLE_PAYLOAD DISABLE PAYLOAD WAIT_FOR_KEYBOARD_ACTIVITY WAIT_FOR_KEYBOARD_INACTIVITY WAIT_FOR_LOOT Framework functions exported MOUNT_UDISK UNMOUNT_UDISK UPDATE_LANGUAGES ENABLE_WIFI ENABLE_INTERFACE START_WLAN_DHCP CLEAR_WIFI_CONFIG CONFIG_PSK_WIFI CONFIG_OPEN_WIFI ENABLE_SSH DISABLE_SSH Added the following scripts WAIT_FOR_ARMING_MODE WAIT_FOR_BUTTON_PRESS ARMING_MODE GET_HELPERS Misc Added get_payloads.html to udisk Fixed language file consistency, example: CONTROL/CTRL Moved examples into library/examples Debug logs moved to /root/loot so they will be automatically moved to udisk for easier debugging access DEBUG ON in config.txt now enables parser and framework debug logs at boot Download from https://downloads.hak5.org/croc Documentation from https://docs.hak5.org/ Flashing Instructions from https://docs.hak5.org/hc/en-us/articles/360048015333-Updating-the-Key-Croc 1 Quote Link to comment Share on other sites More sharing options...
BadWolf Posted July 1, 2020 Share Posted July 1, 2020 Good Morning, System = Dell XPS15 9530 (old laptop) Win 10 Pro64 Key Croc Updated from shipping version to 1.3_510 easy, but now it does net see my Raspberry Pi Keyboard. Yes it boots and see it's HD, but led stayed white with Pi keyboard plugged in. Plug in the Logitech K400r (wireless) from days past that is what I am typing on. M Quote Link to comment Share on other sites More sharing options...
Struthian Posted July 20, 2020 Share Posted July 20, 2020 (edited) My keycroc worked just fine with a mac keyboard (a pretty old one) but a USB keyboard. After the update, which I did today, the same day I got the Croc, it didn't work. The croc behaved as if there was no keyboard connected. The keyboard just fine without the croc. Next I tried a Logitech wireless keyboard, which shares a receiver with a mouse. The Croc worked with that keyboard as expected. HOWEVER - when I moved the mouse, it's movements came out as jumbled text in the computer. I would have to say that with such a keyboard, this would not be a good thing. Finally I tried a very old dell keyboard (which is old enough to drink), has a DIN connector. I happen to have a DIN to USB adapter. That worked exactly as advertised with Version 1.3. I think 1.3 needs some more work. To summarize, that which worked before does not work in 1.3. MAC keyboard on a PC is admittedly unlikely in the real world. Logitech wireless keyboard + mouse is a bit more likely. Geoff Edited July 20, 2020 by Struthian Quote Link to comment Share on other sites More sharing options...
Struthian Posted July 21, 2020 Share Posted July 21, 2020 Further experimenting. It appears that if one disconnects a "good" keyboard and then reconnects it - that works. However, if one disconnects a good one and then connects one of the ones that seem to not work, then goes back to the good one - it doesn't work. Can someone confirm this? If so it appears that keyboards that won't log cause some internal error that prevents further function. Quote Link to comment Share on other sites More sharing options...
RootJunky Posted October 20, 2020 Share Posted October 20, 2020 I would love to have some more explanation of that this commands all do. ENABLE_WIFI ENABLE_INTERFACE START_WLAN_DHCP CLEAR_WIFI_CONFIG CONFIG_PSK_WIFI CONFIG_OPEN_WIFI I see that CLEAR_WIFI_CONFIG will rm /etc/wpa_supplicant.conf but I cant seem to get any of the other commands in my payload to work like ENABLE_WIFI 'SSID' 'PASSWORD' will not edit the /etc/wpa_supplicant.conf or the config.txt file so i am not sure what these commands do. Maybe they are broken. Please help. Quote Link to comment Share on other sites More sharing options...
heck5 Posted October 22, 2020 Share Posted October 22, 2020 On 10/20/2020 at 4:29 AM, RootJunky said: I would love to have some more explanation of that this commands all do. ENABLE_WIFI ENABLE_INTERFACE START_WLAN_DHCP CLEAR_WIFI_CONFIG CONFIG_PSK_WIFI CONFIG_OPEN_WIFI I see that CLEAR_WIFI_CONFIG will rm /etc/wpa_supplicant.conf but I cant seem to get any of the other commands in my payload to work like ENABLE_WIFI 'SSID' 'PASSWORD' will not edit the /etc/wpa_supplicant.conf or the config.txt file so i am not sure what these commands do. Maybe they are broken. Please help. Well, I am not sure you can call these "commands" and I don't really see why you'd make a payload for that as you can simply edit the config file. Can you explain what you're trying to do with more details? Quote Link to comment Share on other sites More sharing options...
RootJunky Posted October 22, 2020 Share Posted October 22, 2020 21 minutes ago, heck5 said: Well, I am not sure you can call these "commands" and I don't really see why you'd make a payload for that as you can simply edit the config file. Can you explain what you're trying to do with more details? I just want to know what what they do. you can leave it up to me to figure out if i want to use them. Quote Link to comment Share on other sites More sharing options...
heck5 Posted October 22, 2020 Share Posted October 22, 2020 (edited) Quote I just want to know what what they do. you can leave it up to me to figure out if i want to use them. It's just on basic config file.. you don't need to enter these in your payload. See the documentation below https://docs.hak5.org/hc/en-us/articles/360047380574-Key-Croc-Basics https://docs.hak5.org/hc/en-us/articles/360048015093-Getting-the-Key-Croc-Online So you need to boot in arming mode to edit the config file which is at the root of the disk... Then if for example you enter a ssid, a password, and enable ssh, all you need is to reboot in arming mode and it will connect to that access point and you will be able to ssh into it. You can see what other options are there for in the above documentation I hope it answered your questions Edited October 22, 2020 by heck5 Quote Link to comment Share on other sites More sharing options...
RootJunky Posted October 23, 2020 Share Posted October 23, 2020 4 hours ago, heck5 said: It's just on basic config file.. you don't need to enter these in your payload. See the documentation below https://docs.hak5.org/hc/en-us/articles/360047380574-Key-Croc-Basics https://docs.hak5.org/hc/en-us/articles/360048015093-Getting-the-Key-Croc-Online So you need to boot in arming mode to edit the config file which is at the root of the disk... Then if for example you enter a ssid, a password, and enable ssh, all you need is to reboot in arming mode and it will connect to that access point and you will be able to ssh into it. You can see what other options are there for in the above documentation I hope it answered your questions I know how to edit the config file as seen here https://github.com/rootjunky/keycroc-payloads/blob/master/library/examples/wifispot.txt that is not what i am asking. I want to know what these do. Framework helpers https://docs.hak5.org/hc/en-us/articles/360048190473-Helpful-Payload-Snippets Run GET_HELPERS on your keycroc. Quote Link to comment Share on other sites More sharing options...
lartsch Posted June 3, 2022 Share Posted June 3, 2022 @Darren Kitchen It has been 2 years since the last update and many (known) issues are not fixed. In August 2021 you wrote me, that you guys are working on a release. Nothing has happened since then... which is a little disappointing and reduces the value of the product. If no update is in sight, please make the source code in /usr/local/croc/bin public at least, please. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.