Key Croc protected aiming mode doesn't work

[hacker4711]

Hi dark,

maybe there is a bug in the key croc because the protected aiming mode doesn't react to the password #Hero123!#Hero123!.

Is it possible that he has some issues with the SHIFT for # and 123?

At the moment it's not possible to unprotect the aiming mode with the password #Hero123!#Hero123!

The config has just the password and no timeout.

I need some expert for that issues to unprotect the key croc.

[Irukandji]

@Korben Any Idea on this bug? Or it's user error?

[dark_pyrro]

8 hours ago, hacker4711 said:

The config has just the password and no timeout.

Does the Croc only have the protected arming mode in the config.txt file? No WiFi network configured? If WiFi is configured, you could try to access the Croc using ssh and try to disable the protection "mode".

[hacker4711]

On 5/6/2023 at 11:22 PM, dark_pyrro said:

Does the Croc only have the protected arming mode in the config.txt file? No WiFi network configured? If WiFi is configured, you could try to access the Croc using ssh and try to disable the protection "mode".

Hi dark,

thanks for your fast answer. I think the problem for the arming mode is the buggy language files in the keycroc. The Wifi is configured and your solution is a good approach to unprotect the device.

At the moment we are looking for a valid certificate authority for the ca files on the device.

He tries to connect to our side but with let's encrypt (,https flag) and thawte certificates the log files shows "unknown certificate authority".

It seems that they are signing with other ca's with are not on the device.

Do you know a certificate vendor with works with the default certificate files on the keycroc.

That would be the solution when the device connects back.

It's a pity that the binary has no ignore certificate flag because the config has port 443 and we can not change the port to 80.

Greetings

 

 

[dark_pyrro]

33 minutes ago, hacker4711 said:

It's a pity that the binary has no ignore certificate flag

What binary, and why would you want to ignore certificates?

 

38 minutes ago, hacker4711 said:

the config has port 443 and we can not change the port to 80

What does the ports have to do with protected arming mode?

 

33 minutes ago, hacker4711 said:

At the moment we are looking for a valid certificate authority for the ca files on the device.

He tries to connect to our side but with let's encrypt (,https flag) and thawte certificates the log files shows "unknown certificate authority"

Again, not sure in what way this has anything to do with protected arming mode. What log files are you referring to and what side is "our side"?

 

33 minutes ago, hacker4711 said:

I think the problem for the arming mode is the buggy language files in the keycroc

How did you come to this conclusion? What language file(s) are you using that are buggy?

 

The content of this thread looks very similar to the following fairly recently created threads...
https://forums.hak5.org/topic/60276-key-croc-doesnt-connect-to-c2-current-deviceconfig-https/
https://forums.hak5.org/topic/60280-firmware-13-out-of-the-box-alternative-ca-default-device/