Jump to content

Struggling with simple payloads for IP address


Recommended Posts

I have two Key Crocs, both are updated to firmware 1.3_510

I've tried two different Windows 10 machines with two different keyboards.

The hello world! example works as expected but when I try the croc-info payload I get very strange results on the screen.  The Key Croc is connected to the wifi access point correctly and I can SSH into it after obtaining the IP from the router and all is good.  But when then script runs I don't get what I expect.  I have also tried crocctl-ipinfo and that doesn't work either.  

My config.txt contains these lines;

WIFI_SSID ********
WIFI_PASS ********


This is what Notepad or Notepad++ look like once the payload has executed;

hello  world!

DNS:nameserver rocinfo...




SSH:ssh root"


I've tried removing most of the code to just obtain the IP address but it's just the same.  If i copy the command into SSH it works as expected.  I'm completely baffled, I'm sure it will be something very simple.

Thanks for any help.




Link to comment
Share on other sites

The keyboards that you have tried so far, are they of the exact same model or are they different models? The Croc can be picky sometimes when it comes to keyboards, but it doesn't seem like that is the issue here. However, if you have more keyboards to test with, you can try that and see if there are any other results.

Is the Croc-info payload exactly the same as the one on GitHub or have you altered it in some way? How many payload files do you have stored in the payload directory (not that it should matter really)? Explain the process when you trigger the payload (i.e. 1: start Notepad, 2: type crocinfo, 3: waiting to get the expected output from the payload... or such). What happens if you add some DELAY lines in the payload? What's the content of /etc/resolv.conf on the Croc? Does it show any nameservers on line/row 4 and 5? (I'm too lazy at the moment to get mine started and armed).

Link to comment
Share on other sites

I got the Croc out of the box and executed the payload and it runs pretty OK for me. No "encrypted" output like the one you seem to get. NumLock has no effect on it, I have mine off and I get the output that I expect. There are some shortcomings in the payload though. For example the nameservers. The payload just reads out some of the content in resolv.conf so that part could be implemented in a more robust way if important to get an accurate output that represents the true content of resolv.conf. The QUACK UNLOCK didn't work either so the keyboard remained locked after the payload had finished executing. I added a delay at the end and that seem to have cured that illness. Another thing is that the payload tries to insert a space after each static title/label that is used for the different kinds of information that is echoed out from the Croc, that doesn't work though. The space in the string isn't treated like space, it's treated like nothing. Adding a QUACK SPACE fixes that though. For example:
QUACK STRING "MODE: " doesn't add a space after MODE:
This does however:

Finally, it didn't print the @ char on the ssh line, but that has most likely nothing to do with how the payload is implemented, it's rather linked to some flaw in the language file used. I added some delays in the start as well to let the payload breathe for a bit before starting to do the work.

Link to comment
Share on other sites

Thanks for the replies.  I've done some more testing.  The keyboards are both different but I will try a third.  There is a thread on here about the problem, seems to be an issue with the language files and the way the croc reads them.  I'm using GB, I'm going to try and alter it to see if I can force the croc to use numbers instead of the cursor keys on the keypad.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...