Jump to content

Key Croc doesn't save logs in its storage (croc_char.log file) without putting the device in Arming mode before pulling off the Key Croc from the USB port or before the computer shutdown every time.


Orbit007
 Share

Recommended Posts

Recently (November, 2022) I bought a Hak5 Key Croc. I’m having a problem with Hak5 Key Croc. Can anyone from Hak5 or the community member help me to resolve the issue, please?

Here are the details of my device and the problem:

Device Name: Hak5 Key Croc.
Device Firmware: 1.3_513

Problem:

1.      Key Croc records keystrokes from the keyboard but Key Croc doesn’t save the recorded keystroke log in its storage unless I put the device in Arming mode every time. If I disconnect the Key Croc from USB port without putting it in Arming mode then I get no keystroke log saved in my Key Croc loot folder’s croc_char.log file.

2.      If the computer gets turned off (shut down) I won’t find any keystrokes log saved in the Key Croc loot folder’s croc_char.log file.

3.      Basically, Key Croc doesn't save logs in its storage (croc_char.log file) without putting the device in Arming mode before pulling off the Key Croc from the USB port or before the computer shutdown.

Notes: With the help of SSH, I can see that keystrokes are getting recorded but those keystrokes aren’t saved in log file.

Another Problem:

Hak5 Key Croc doesn’t connect with WiFi that has special character in its password.

My WiFi SSID is: mynetwork1
My WiFi Password is: access@

So, I configured Key Croc like below for WiFi access.

WIFI_SSID mynetwork1

WIFI_PASS access\@

However, Key Croc doesn’t connect to the WiFi network unless I make a password which has no Special character(@#$%^). If my WiFi password is just plain text then Hak5 Key Croc can connect with my WiFi network.

 

Link to comment
Share on other sites

9 hours ago, dark_pyrro said:

Regarding the WiFi settings, have you tried editing directly in the /etc/wpa_supplicant.conf file (and not escaping any special characters)? Also, if you try that, then comment out all WiFi settings in the config.txt file.

I just wrote these line :

WIFI_SSID mynetwork1
WIFI_PASS access\@

in config.txt file.

Link to comment
Share on other sites

As I said in my previous post; edit the /etc/wpa_supplicant.conf file and add the ESSID and the PSK as they should look like, not with any escaped special chars. Also make sure it's not overwritten at boot (comment out the WIFI-settings in the config file).

Do it either by connecting to the Shark using SSH or serial into it from arming mode.

You can also create optional wpa_supplicant.conf file (one or many) and activate it manually.

You can use the script I've put together when troubleshooting and try different files/network setups.
https://codeberg.org/dark_pyrro/Key-Croc-AP_STA

The issue is that the croc_framework parses the config file and echoes the PSK along with the escape char (backslash \) which makes the connection fail since it's not the true PSK. Also, if you are trying to connect to a hidden WiFI AP, then another option is needed to be successful.

  • Thanks 1
Link to comment
Share on other sites

I have to correct myself when it comes to the config.txt file. The wlan0 interface isn't brought up (and wpa_supplicant not started) if those lines are commented out. Just try to use the correct PSK in the config file without escaping chars. If failing, then put it in arming mode and serial into the Croc and try my script posted above to manually start the WiFi connection.

  • Thanks 1
Link to comment
Share on other sites

1 minute ago, dark_pyrro said:

I have to correct myself when it comes to the config.txt file. The wlan0 interface isn't brought up (and wpa_supplicant not started) if those lines are commented out. Just try to use the correct PSK in the config file without escaping chars. If failing, then put it in arming mode and serial into the Croc and try my script posted above to manually start the WiFi connection.

Thanks man, you're very helpful. btw what do you mean by "serial into the Croc" how do I configure key croc for hidden SSID. and lastly do you found any solution regarding key croc doesn't save it's log? Thanks again. 

Link to comment
Share on other sites

I know Korben is looking at it (I guess it was you posting about the same thing on Discord). I can't keep myself from looking at it either, but I'm not as proficient as Korben (and not a part of the Hak5 team either) so I guess we have to wait until people with more knowledge are able to look at it.

When connecting to a hidden network you need to add scan_ssid=1 to /etc/wpa_supplicant.conf. However, the croc_framework and the config file doesn't have support for this (although a simple thing to add). I'm actually doing some mods to the croc_framework right now to try to get that implemented. (My own Croc that is, not for all Crocs since it needs a new firmware).

You can serial into the croc when in arming mode. The way you do it depends on the OS. I'm using Linux most of the time and minicom, on Windows you can use PuTTY.

https://docs.hak5.org/key-croc/advanced-usage/serial-console-access

  • Upvote 1
Link to comment
Share on other sites

  • 2 weeks later...

I am having this issue as well, that the keystrokes aren't logged until the device is put into arming mode - I'm assuming this is not the normal way this should work?  

Device Firmware: 1.3_513

I noticed that the 'current' firmware for download is 1.3_510

If the keylogging functions normally with that firmware, is it possible to downgrade the firmware?

Also a small note that the upgrade.html link doesn't point to the new location

thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...