MISC-data-0
煤矿路口西 Lv4

DATA[0]


1:USB流量分析

UsbKeyboardDataHacker

tshark -r ./example.pcap -T fields -e usb.capdata
python UsbKeyboardDataHacker.py ./example.pcap 
#!/usr/bin/env python
# -*- coding:utf-8 -*-
usb_codes = {
0x04: "aA", 0x05: "bB", 0x06: "cC", 0x07: "dD", 0x08: "eE", 0x09: "fF",
0x0A: "gG", 0x0B: "hH", 0x0C: "iI", 0x0D: "jJ", 0x0E: "kK", 0x0F: "lL",
0x10: "mM", 0x11: "nN", 0x12: "oO", 0x13: "pP", 0x14: "qQ", 0x15: "rR",
0x16: "sS", 0x17: "tT", 0x18: "uU", 0x19: "vV", 0x1A: "wW", 0x1B: "xX",
0x1C: "yY", 0x1D: "zZ", 0x1E: "1!", 0x1F: "2@", 0x20: "3#", 0x21: "4$",
0x22: "5%", 0x23: "6^", 0x24: "7&", 0x25: "8*", 0x26: "9(", 0x27: "0)",
0x29: "*",# <ESC>
0x2C: " ", 0x2D: "-_", 0x2E: "=+", 0x2F: "[{", 0x30: "]}", 0x32: "#~",
0x33: ";:", 0x34: "'\"", 0x36: ",<", 0x37: ".>", 0x38: "/?", 0x39: "<CAP><CAP>",
0x3a: "<F1><F1>", 0x3b: "<F4><F4>", 0x3e: "<F5><F5>", 0x3f: "<F6><F6>",
0x40: "<F7><F7>", 0x41: "<F8><F8>", 0x42: "<F9><F9>", 0x43: "<F10><F10>",
0x44: "<F11><F11>", 0x45: "<F12><F12>"
}
data = ''
for x in open("uuu.txt", "r").readlines():
code = int(x[4:6], 16) # 有冒号时提取数据的[6:8],无冒号时数据在[4:6]
# print(x[4:6])
if code == 0:
continue
if code == 0x28:
print('ENTER!')
print(data)
data = ''
continue
upper = 0
if int(x[0:2], 16) == 0x02 or int(x[0:2], 16) == 0x20:
upper = 1
data += usb_codes[code][upper]
print(data)


上述脚本与常规不同之处在于0x29: “*”,# ,对0x29进行了处理,暂且用*代替

为解决题目中模拟vim编辑的情况。

  • 本文标题:MISC-data-0
  • 本文作者:煤矿路口西
  • 创建时间:2021-04-30 20:09:36
  • 本文链接:http://www.mklkx.xyz/2021/04/30/MISC-data-0/
  • 版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!