insecurityofthings / jackit

JackIt - Exploit Code for Mousejack
811 stars 145 forks source link

Microsoft Wireless Keyboard 800 Type Unknown? #63

Open bluegizmo83 opened 5 years ago

bluegizmo83 commented 5 years ago

So I just bought a Microsoft Wireless Keyboard 800 to test with JackIt. and JackIt is detecting packets from it, but no matter how many packets it collects the Type is always listed as Unknown.

EDIT: Also, if I use --address *keyboard address* --vendor Microsoft --keylogging I can capture sporadic bunches of keystrokes from the device, but it just will not detect the device type during scans so I can't even begin to try injections. I've also tried the --address --vendor options during scans but that doesn't seem to do anything.

EDIT2: Holy crap I just amazed myself! LOL. I fixed it myself! I really didn't think my Python code skills would be up to the task of finding and fixing an issue like this, but I did it. The issue was the Microsoft_enc.py plugin was looking for a packet length of 19 under the fingerprint section, and with my Microsoft Wireless 800 keyboard it is actually using packets of 8 or 16 length! So I changed the if len(p) == 19 and p[0] == 0x0a line to if len(p) == 8 or len(p) == 16 and p[0] == 0x0a and that allowed the scans to detect the device. Then, to get injections working, I edited the line self.payload_template[4:18] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] and changed it to self.payload_template[4:15] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]. Making these changes also fixed the sporadic keylogging issue. Now it captures every single keystroke during logging (before there would be large gaps of missing keys).