Jump to content

Key croc unable to ssh and cannot change keyboard layout


Leonardo7447
 Share

Go to solution Solved by Leonardo7447,

Recommended Posts

Hi i recently bought the key croc. But there are some problems. First off i'm not able to change the keyboard layout that the key croc should use. I tried editing the config.txt file but it didn't solve the issue. 

This is my config.txt file if there are any issues with it:

Quote

 

#!/bin/bash
#######################################
#      _-^^-_                         #
#  ---=>====<^^..                     #
#      "    "      Key Croc by Hak5   #
#######################################
#This configuration file is used to set default variables

DUCKY_LANG ch
WIFI_SSID 
WIFI_PASS 
SSH ENABLE

### OPTIONAL CONFIGURATION ###
#
############ NETWORK ############
#
# SSH [DISABLE, ENABLE]
#   (Disabled by default)
#   (Enable to allow SSH access in attack mode)
#
# WIFI_SSID [network name]
#
# WIFI_PASS [network password]
#   (Omit WIFI_PASS for open networks)
#   (Omit both WIFI_SSID and WIFI_PASS to disable)
#
# DNS [address 1] [address 2]
#
#
############ DEVICE CONFIG ############
# NOTE: VID AND PID SHOULD BE SET TOGETHER,
# AND WILL DISABLE AUTO VID/PID CLONING
#
# VID [VID_0X<vid hex>]
#
# PID [PID_0X<pid hex>]
#
# MAN [MAN_label]
#
# PROD [PROD_label]
#
#
############ PROTECTED ARMING MODE ############
# WARNING: MISCONFIGURATIONS BELOW WILL
# LOCK YOU OUT OF YOUR DEVICE.
#
# ARMING_PASS [password]
# Requires [password] to typed on the keyboard attached to the Key Croc to enter arming mode.
#
# ARMING_TIMEOUT [seconds]
# (OPTIONAL WITH ARMING_PASS) Defining this adds a timeout to the protected arming mode listener
#
# EXAMPLE:
# ARMING_PASS hak5croc
# ARMING_TIMEOUT 5
#
# This configuration will give you 5 seconds to press the button after typing hak5croc on the keyboard
# attached to the Key Croc
#
#
# ### ADDITIONAL HELP ###
# https://www.hak5.org/croc-help

 

Then the second problem is i can't connect to ssh. I enable ssh and wrote the passwort and the wifi's name in the config.txt file but it didn't work. Like the key croc managed to connect but i wasn't able to ssh with PuTTY or via cmd. When i tried to connect i got this error message: ssh: connect to host "IP address" port 22: Connection timed out

And i tried to ssh in with the command: "ssh root@"IP address""

Link to comment
Share on other sites

Is the ch.json located in the "languages" directory when the Key Croc is mounted to the target in arming mode (the language file should be there since it's kind of "default", but just to be sure so that it can be copied to the directory where the Croc wants language files to be).

There are other potential issues with the Croc and getting languages to work, but the scenario above is probably the first one to check.

Regarding ssh; are you positive that the Croc is showing up on the network that it has been configured to connect to in the config.txt file? Is the WiFi network (that you are trying to connect the Croc to) a hidden network? Is it possible to ping the Croc from some other device on the same network? Does the ESSID or PSK contain special chars and/or spaces?

Link to comment
Share on other sites

If it's not possible to ping it, I would probably investigate if it's really connected to the network. Both not being able to ping the Croc and that the ssh connection attempts return a message like in the first post makes me suspicious about it being connected at all.

Try connecting to the Croc using serial when in arming mode and make sure it actually has an IP address assigned.

https://docs.hak5.org/key-croc/advanced-usage/serial-console-access

Link to comment
Share on other sites

You can try the following regarding the language issues.

Note that this is a workaround and not a final solution.

Connect to the Croc using serial or ssh and edit the croc.py changing the line 339 (ish) from "us" to "ch".
Not sure right now where the file is located but it's in /usr/local/croc or its subdirs.

self.keymap_path = "/root/udisk/languages/us.json"
to
self.keymap_path = "/root/udisk/languages/ch.json"

Also the QUACK file may need some adjustment to be able to quack the correct language

Change line 263 (ish) in /usr/local/croc/bin/QUACK from
    language = os.getenv("DUCKY_LANG", default="us").lower()
to
    language = os.getenv("DUCKY_LANG", default="ch").lower()

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...