本文为看雪论坛优秀文章
看雪论坛作者ID:wx_莫克斯
一
前期准备
USB协议规范
l USB UARTl USB HIDl USB Memory
最上面这个就是标准的串口实现,可以通过USB连接STM32或ESP8266这些MCU。
设备描述符中:bDeviceClass, bDeviceSubClass, bDeviceProtocol三个值必须为0。
接口描述符中:bInterfaceClass的值必须时0x03, bInterfaceSubClass的值为0或1, 为1表示HID设备是一个启动设备(Boot Device, 一般对PC机有意义,意思是BIOS启动时能识别您使用的HID设备,切只有标准鼠标或者键盘才能称为Boot Device),为0表示HID设备是操作系统启动厚才能识别使用的设备。bInterfaceProtocol的取值含义如下:
buu的一道赛题
tshark -r key.pcap -T fields -e usb.capdata > usbdata.txt二
切入正题
usb.addr== "2.8.1"usb.addr== "2.10.1"
三
当时走过的弯路
tshark -r ez_usb.pcapng -T fields -e usb.capdata > usbdata.txttshark -r ez_usb.pcapng -T fields -e usbhid.data > usbdata.txt#!/usr/bin/env python#-*- coding: utf-8 -*-info = '''kali下运行:tshark -r usb.pcap -T fields -e usb.capdata > usbdata.txt提取流量包信息然后通过该脚本可以过滤掉空格和其他内容,并且添加冒号'''print(info)f_data = input("请输入带处理txt文件的路径:")shujian = int(input("鼠标流量信息请输入8,键盘流量请输入16:"))f = open(f_data,'r')# 整理到out.txtwith open('out.txt','w') as f_out:for i in f.readlines():s = i.strip()# 鼠标流量长度为8 ,键盘流量长度为16if len(s) == shujian:# 鼠标流量长度为8 ,键盘流量长度为16nsl = [s[j:j+2] for j in range(0,shujian,2)]ns = ":".join(nsl)f_out.write(ns)f_out.write('\n')
//tran.pynormalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i","0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r","16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1","1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0","28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[","30": "]", "31": "\\", "32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/","39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>","40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I","0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R","16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!","1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")","28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "_", "2e": "+", "2f": "{","30": "}", "31": "|", "32": "<NON>", "33": "\"", "34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?","39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>","40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}output = []keys = open('out.txt') #这里是加号冒号的数据for line in keys:try:if line[0]!='0' or (line[1]!='0' and line[1]!='2') or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0' or line[6:8]=="00":continueif line[6:8] in normalKeys.keys():output += [[normalKeys[line[6:8]]],[shiftKeys[line[6:8]]]][line[1]=='2']else:output += ['[unknown]']except:passkeys.close()flag=0print("".join(output))for i in range(len(output)):try:a=output.index('<DEL>')del output[a]del output[a-1]except:passfor i in range(len(output)):try:if output[i]=="<CAP>":flag+=1output.pop(i)if flag==2:flag=0if flag!=0:output[i]=output[i].upper()except:passprint ('output :' + "".join(output))
四
尾声
五
补充
用过的exp
参考过的资料
补充&巩固练习题目
看雪ID:wx_莫克斯
https://bbs.pediy.com/user-home-916399.htm
# 往期推荐
球分享
球点赞
球在看
点击“阅读原文”,了解更多!
文章来源: http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458458944&idx=1&sn=b5cb2b8e633964133d9372af933a3ae7&chksm=b18e2bca86f9a2dc46936508a80e619808a8b665290ca494bafca9b0fdab4f3908032f8be07b#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh