Key croc unable to ssh and cannot change keyboard layout

[Leonardo7447]

Hi i recently bought the key croc. But there are some problems. First off i'm not able to change the keyboard layout that the key croc should use. I tried editing the config.txt file but it didn't solve the issue. 

This is my config.txt file if there are any issues with it:

Quote

 

#!/bin/bash
#######################################
#      _-^^-_                         #
#  ---=>====<^^..                     #
#      "    "      Key Croc by Hak5   #
#######################################
#This configuration file is used to set default variables

DUCKY_LANG ch
WIFI_SSID 
WIFI_PASS 
SSH ENABLE

### OPTIONAL CONFIGURATION ###
#
############ NETWORK ############
#
# SSH [DISABLE, ENABLE]
#   (Disabled by default)
#   (Enable to allow SSH access in attack mode)
#
# WIFI_SSID [network name]
#
# WIFI_PASS [network password]
#   (Omit WIFI_PASS for open networks)
#   (Omit both WIFI_SSID and WIFI_PASS to disable)
#
# DNS [address 1] [address 2]
#
#
############ DEVICE CONFIG ############
# NOTE: VID AND PID SHOULD BE SET TOGETHER,
# AND WILL DISABLE AUTO VID/PID CLONING
#
# VID [VID_0X<vid hex>]
#
# PID [PID_0X<pid hex>]
#
# MAN [MAN_label]
#
# PROD [PROD_label]
#
#
############ PROTECTED ARMING MODE ############
# WARNING: MISCONFIGURATIONS BELOW WILL
# LOCK YOU OUT OF YOUR DEVICE.
#
# ARMING_PASS [password]
# Requires [password] to typed on the keyboard attached to the Key Croc to enter arming mode.
#
# ARMING_TIMEOUT [seconds]
# (OPTIONAL WITH ARMING_PASS) Defining this adds a timeout to the protected arming mode listener
#
# EXAMPLE:
# ARMING_PASS hak5croc
# ARMING_TIMEOUT 5
#
# This configuration will give you 5 seconds to press the button after typing hak5croc on the keyboard
# attached to the Key Croc
#
#
# ### ADDITIONAL HELP ###
# https://www.hak5.org/croc-help

 

Then the second problem is i can't connect to ssh. I enable ssh and wrote the passwort and the wifi's name in the config.txt file but it didn't work. Like the key croc managed to connect but i wasn't able to ssh with PuTTY or via cmd. When i tried to connect i got this error message: ssh: connect to host "IP address" port 22: Connection timed out

And i tried to ssh in with the command: "ssh root@"IP address""

[dark_pyrro]

Is the ch.json located in the "languages" directory when the Key Croc is mounted to the target in arming mode (the language file should be there since it's kind of "default", but just to be sure so that it can be copied to the directory where the Croc wants language files to be).

There are other potential issues with the Croc and getting languages to work, but the scenario above is probably the first one to check.

Regarding ssh; are you positive that the Croc is showing up on the network that it has been configured to connect to in the config.txt file? Is the WiFi network (that you are trying to connect the Croc to) a hidden network? Is it possible to ping the Croc from some other device on the same network? Does the ESSID or PSK contain special chars and/or spaces?

[Leonardo7447]

The ch.json file is in the directory.

And the ESSID or PSK does not contain any special chars and/or spaces. It does connect to the wifi but it's not a hidden network. And i'm not able to ping the croc too.

[dark_pyrro]

If it's not possible to ping it, I would probably investigate if it's really connected to the network. Both not being able to ping the Croc and that the ssh connection attempts return a message like in the first post makes me suspicious about it being connected at all.

Try connecting to the Croc using serial when in arming mode and make sure it actually has an IP address assigned.

https://docs.hak5.org/key-croc/advanced-usage/serial-console-access

[dark_pyrro]

And also try to reconnect to WiFi when in arming mode. You could use my script for alternative WiFi configs, but instead just use the default /etc/wpa_supplicant.conf as a parameter to the script.

https://codeberg.org/dark_pyrro/Key-Croc-AP_STA

[Leonardo7447]

Ok i managed to fix it. Only the ssh problem. Me dumbass wasn't connected to the same wifi. But the payload dosen't show me the IP address of the croc. And the keyboard issue is also not solved

[dark_pyrro]

You can try the following regarding the language issues.

Note that this is a workaround and not a final solution.

Connect to the Croc using serial or ssh and edit the croc.py changing the line 339 (ish) from "us" to "ch".
Not sure right now where the file is located but it's in /usr/local/croc or its subdirs.

self.keymap_path = "/root/udisk/languages/us.json"
to
self.keymap_path = "/root/udisk/languages/ch.json"

Also the QUACK file may need some adjustment to be able to quack the correct language

Change line 263 (ish) in /usr/local/croc/bin/QUACK from
    language = os.getenv("DUCKY_LANG", default="us").lower()
to
    language = os.getenv("DUCKY_LANG", default="ch").lower()

[Leonardo7447]

Ok i managed to fix it by myself.

 

So the ssh issue was that i wasn't connected to the same wifi as the key croc.

And the keyboard issue was a bug by the key croc. I fixed it by renaming the ch.json file us.json. There might be a bug in the key croc itself.

[dark_pyrro]

Renaming the language file is for sure the fastest way to create a workaround. I've mentioned the fact that the Croc seems to have issues with non-US languages to Hak5. It will perhaps be fixed in some future firmware update.