hacker4711 Posted May 6, 2023 Share Posted May 6, 2023 Hi dark, maybe there is a bug in the key croc because the protected aiming mode doesn't react to the password #Hero123!#Hero123!. Is it possible that he has some issues with the SHIFT for # and 123? At the moment it's not possible to unprotect the aiming mode with the password #Hero123!#Hero123! The config has just the password and no timeout. I need some expert for that issues to unprotect the key croc. Link to comment Share on other sites More sharing options...
Irukandji Posted May 6, 2023 Share Posted May 6, 2023 @Korben Any Idea on this bug? Or it's user error? Link to comment Share on other sites More sharing options...
dark_pyrro Posted May 6, 2023 Share Posted May 6, 2023 8 hours ago, hacker4711 said: The config has just the password and no timeout. Does the Croc only have the protected arming mode in the config.txt file? No WiFi network configured? If WiFi is configured, you could try to access the Croc using ssh and try to disable the protection "mode". Link to comment Share on other sites More sharing options...
hacker4711 Posted May 9, 2023 Author Share Posted May 9, 2023 On 5/6/2023 at 11:22 PM, dark_pyrro said: Does the Croc only have the protected arming mode in the config.txt file? No WiFi network configured? If WiFi is configured, you could try to access the Croc using ssh and try to disable the protection "mode". Hi dark, thanks for your fast answer. I think the problem for the arming mode is the buggy language files in the keycroc. The Wifi is configured and your solution is a good approach to unprotect the device. At the moment we are looking for a valid certificate authority for the ca files on the device. He tries to connect to our side but with let's encrypt (,https flag) and thawte certificates the log files shows "unknown certificate authority". It seems that they are signing with other ca's with are not on the device. Do you know a certificate vendor with works with the default certificate files on the keycroc. That would be the solution when the device connects back. It's a pity that the binary has no ignore certificate flag because the config has port 443 and we can not change the port to 80. Greetings Link to comment Share on other sites More sharing options...
dark_pyrro Posted May 9, 2023 Share Posted May 9, 2023 33 minutes ago, hacker4711 said: It's a pity that the binary has no ignore certificate flag What binary, and why would you want to ignore certificates? 38 minutes ago, hacker4711 said: the config has port 443 and we can not change the port to 80 What does the ports have to do with protected arming mode? 33 minutes ago, hacker4711 said: At the moment we are looking for a valid certificate authority for the ca files on the device. He tries to connect to our side but with let's encrypt (,https flag) and thawte certificates the log files shows "unknown certificate authority" Again, not sure in what way this has anything to do with protected arming mode. What log files are you referring to and what side is "our side"? 33 minutes ago, hacker4711 said: I think the problem for the arming mode is the buggy language files in the keycroc How did you come to this conclusion? What language file(s) are you using that are buggy? The content of this thread looks very similar to the following fairly recently created threads...https://forums.hak5.org/topic/60276-key-croc-doesnt-connect-to-c2-current-deviceconfig-https/https://forums.hak5.org/topic/60280-firmware-13-out-of-the-box-alternative-ca-default-device/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.