KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
I'm not sure if you'd be interested in making any updates to keysweeper, but I'll post this here anyway. Might be useful for other people trying to get it to work.
The dongle for my Microsoft Sculpt keyboard/numpad/mouse combo broke and I'm trying to see if I could replace it with keysweeper (though if it works I'm not sure I want to keep using a keyboard you can sniff so easily).
keysweeper wasn't able to find my keyboard initially, but after doing some debugging it seems this line was the problem:
if (p[4] == 0xCD) { ....
It seems the first part of the MS Sculpt keyboard's MAC is oxC8 instead, 0x98 for its numpad and 0x68 for the mouse). After changing this in the script I can reliably find all three devices.
The keyboard seems to be recognized as an encrypted one, pretty much always outputting 8: 08 38 84 01 C9 BB E0 14, so that's another puzzle though. Interesting thing here is that the numpad and mouse do return different data with every event, so it seems those might not be encrypted?
edit: the actual keypresses are detected OK (the event, not the contents) but I do get a lot of false positives for 'potential keyboard found' which leads me to think the values are not actually the MAC value. Also, it wouldn't make sense for the three devices to have different starting MAC addresses, as that value is supposed to be the vendor ID I believe? So perhaps they might be using a different message format altogether.
I'm not sure if you'd be interested in making any updates to keysweeper, but I'll post this here anyway. Might be useful for other people trying to get it to work.
The dongle for my Microsoft Sculpt keyboard/numpad/mouse combo broke and I'm trying to see if I could replace it with keysweeper (though if it works I'm not sure I want to keep using a keyboard you can sniff so easily).
keysweeper wasn't able to find my keyboard initially, but after doing some debugging it seems this line was the problem:
It seems the first part of the MS Sculpt keyboard's MAC is
oxC8
instead,0x98
for its numpad and0x68
for the mouse). After changing this in the script I can reliably find all three devices.The keyboard seems to be recognized as an encrypted one, pretty much always outputting
8: 08 38 84 01 C9 BB E0 14
, so that's another puzzle though. Interesting thing here is that the numpad and mouse do return different data with every event, so it seems those might not be encrypted?edit: the actual keypresses are detected OK (the event, not the contents) but I do get a lot of false positives for 'potential keyboard found' which leads me to think the values are not actually the MAC value. Also, it wouldn't make sense for the three devices to have different starting MAC addresses, as that value is supposed to be the vendor ID I believe? So perhaps they might be using a different message format altogether.