-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathwebkey_usbmon_parse.py
More file actions
executable file
·71 lines (59 loc) · 1.45 KB
/
webkey_usbmon_parse.py
File metadata and controls
executable file
·71 lines (59 loc) · 1.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/env python
# webkey_usbmon_parse.py - Simple script to
# parse usbmon data from USB Webkeys
# emulating USB HID Keyboards
#
# Specifically the one labeled WEB-130C
#
# See http://blog.opensecurityresearch.com/2012/10/hacking-usb-webkeys.html
# for more info
#
# brad.antoniewicz@foundstone.com
#
import sys
# 1 = verbose; 2 = more verbose
verbose=0
# There is definitely a more accurate way to do this,
# but it gets the job done :)
keycodes = {
'00': '',
'02': 'Keyboard Left Shift',
'04': 'Keyboard Left Alt',
'08': 'Keyboard Left GUI',
'15': 'Keyboard r and R',
'28': 'Enter Key',
'2A': 'Backspace',
'47': 'Keyboard Scroll Lock',
'4A': 'Keyboard Home',
'4D': 'Keyboard End',
'53': 'Keypad NumLock',
'59': 'Keypad 1',
'5A': 'Keypad 2',
'5B': 'Keypad 3',
'5C': 'Keypad 4',
'5D': 'Keypad 5',
'5E': 'Keypad 6',
'5F': 'Keypad 7',
'60': 'Keypad 8',
'61': 'Keypad 9',
'62': 'Keypad 0'
}
file = open(sys.argv[1], 'r')
print "[+] Opening file: ",file.name
for line in file:
line.rstrip()
if verbose > 1:
print line
t = line.split(' ')
# Only take lines of an appropriate size
if len(t) == 9:
# Match Callbacks (C) and packets with data fields (=)
if t[2] == 'C' and t[6] == '=':
print t[7]," =\t",
v = t[7].upper()
u = [v[x:x+2] for x in xrange(0,len(t),2)]
if u[0] in keycodes and u[2] in keycodes:
print keycodes[u[0]],"+",keycodes[u[2]]
else:
print "Unknown!"
file.close()