top of page
Writer's picturekholopmativacor

Bluetooth Keystroke Injector: A Keyboard Emulator That Injects Letters via Bluetooth or SD Card



'Keystroke Injection': A new attack vector for injecting malicious keystrokes into a victim's computer via a wireless mouse dongle, so a victim is not required to be using a wireless keyboard (previously, injection had only been into victim's keyboard dongle).




Inject Keystrokes Any Way You Like With This Bluetooth Keystroke Injector




'Fake Mouse': Tricking the host computer (and the victim, via the manufacturer's software user interface) into believing that a legitimate mouse has been paired, even though the device will actually act as a malicious keyboard and be used to inject keystrokes. One would have expected that a device presenting itself as mouse would only be able to have mouse movement/click transmissions accepted by the target paired dongle, and all other traffic (e.g. keystrokes) would be rejected.


Previous efforts, such as KeyKeriki, and later implementations such as KeySweeper, have been highly successful at showing the weakness in keyboard encryption. That research focused on the vulnerability present in a weak encryption scheme implemented in Microsoft keyboards, and showed very effectively how keystrokes could be sniffed, the encryption key could be calculated, and malicious keystrokes could be injected. Since that time, manufacturers have attempted to implement better encryption schemes, such as AES which is present in newer Microsoft keyboards (mouse traffic remains unencrypted). MouseJack shows that, despite stronger encryption being used, it is possible to circumvent the entire scheme by creating specially-crafted keystroke frames. This is a fundamental flaw in the dongle firmware, separate from whichever encryption scheme is used, and allows an attacker to act as if encryption was not implemented.


Security researcher Marcus Mengs discovered that the flaws are caused by Logitech dongles' outdated firmware and that they allow attackers with physical access to their targets' computers to exploit the bugs and launch keystroke injection attacks, record keystrokes, and take control of compromised systems.


"With the stolen key, the attacker is able to inject arbitrary keystrokes (active), as well as to eavesdrop and live decrypt keyboard input remotely (passive). This applies to all encrypted Unifying devices with keyboard capabilities (f.e. MX Anywhere 2S mouse)," says Mengs.


However, unlike in the case of the other flaws, "physical access is only required one time. Once the data has been collected, arbitrary keystrokes could be injected, when and as often as the attacker likes."


It's also important to note that this vulnerability stems from an incomplete fix for CVE-2016-10761, one of the MouseJack vulnerabilities discovered by Bastille back in 2016 which impact "the vast majority of wireless, non-Bluetooth keyboards and mice" and allowed "injecting unencrypted keystrokes into a target computer."


The vulnerabilities allow attackers to sniff on keyboard traffic, but also inject keystrokes (even into dongles not connected to a wireless keyboard) and take over the computer to which a dongle has been connected.


According to Mengs, this is a vulnerability through which an attacker can inject keystrokes into the encrypted communications stream between a USB dongle and a Logitech device, even without knowing the encryption key.


You can use this method to make the Raspberry Pi Zero act as password filler or use it as a keystroke injection tool. That way you can easily create programs that type hundreds of keystrokes per minute.


You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices---and this time, they can not only inject keystrokes, but also read yours, too.


Dye Sublimation is a process where heat is used to impregnate a material with a dye, resulting in the dye sinking into the plastic. The nice feature to this is due to the dye becoming part of the plastic, it cannot be worn off like in pad printing. This is a much more expensive method of printing keys and must be used in situations where the dye is darker than the material being dyed.


Instead of printing characters onto plastic, double shot injection molding molds the character and underside of the keycap into one piece of plastic with the top part of the keycap molded onto another piece. They are fused together to form a dual-layer keycap with a very high contrast graphic. This is the most expensive, highest quality type of printing possible and results in a key that cannot be worn off as it is part of the keycap. It also limits the printing to two colors per keycap due to the molds and expenses involved. There have been examples of more than two colors using this method, but the price at this point is way too high for most companies to embrace. In fact, even most keyboard companies have abandoned double-shot injection molding based upon its high cost.


The HackyPi is a new version of the iconic, field-proven hotplug attack tool that invented the Keystroke Injection attack. It is a Human Interface Device (HID) that looks and functions like a keyboard, but instead of typing normal text, it can inject keystrokes and execute scripts on connected computers. This allows an attacker to take complete control over a system, even if they do not have physical access to it.


HackyPi can be used for multiple purposes. First, it can be used as a keystroke injection attack tool that can help you unlock passwords and access sensitive data. It can also be used as a means of communication with other systems, or even as a debugging tool.


Using a Universal Spec HackyPi has many advantages. Firstly, it's lightweight and easy to use, so even novice users can utilize it without much effort. Plus, it allows you to perform the keystroke injection attack on any system that supports HID devices.


Even though a spyware removal tool can handle keystroke logger detection, you want to avoid this dangerous type of malware to begin with. That's why it's important to know how a keylogger gets on your device in the first place.


Mason posts on hackster.io an easy way to make a computer USB keystroke injector (commonly called a rubber ducky). This project uses the flexible, affordable Adafruit Circuit Playground Express programmed with your choice of injectables via CircuitPython, the easy to use version of Python for microcontrollers.


The Mosart protocol seems to use some arbitrary values to describe keystrokes. The values provided by this dissectors has been collected empirically and as a consequence, they are probably not complete and they probably include some mistakes.


The DuckyScript is a Domain Specific Language (DSL) allowing to describe a keystroke injection. It has initially been designed in order to control an offensive hardware component called RubberDucky, allowing to perform keystrokes injection attacks.As a consequence, this language is really interesting if you try to perform keystrokes injection attacks against a wireless mouse or keyboard. Mirage includes a simple parser (DuckyScriptParser) allowing to generate a list of packets to inject according to a provided DuckyScript file.


[root@dylantaylor-precision dtaylor]# fwupdmgr get-devicesUnifying Reciever Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1 Guid: cc4cbfa9-bf9d-540b-b92b-172ce31013c1 UniqueID: */*/lvfs/firmware/com.logitech.Unifying.RQR24.firmware/* DeviceID: /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2 Description: A Unifying receiver allows you to connect multiple compatible keyboards and mice to a laptop or desktop computer with a single USB receiver. Updating the firmware on your Unifying receiver improves performance, adds new features and fixes security issues. Plugin: unifying Flags: allow-onlinesupported DeviceVendor: Logitech Version: RQR24.01_B0023 VersionBootloader: BOT03.01_B0008 Created: 2017-05-23 AppstreamId: com.logitech.Unifying.RQR24.firmware Summary: Firmware for the Logitech Unifying receiver UpdateDescription: RQR24.05_B0029:This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.RQR24.03_B0027:This release addresses an unencrypted keystroke injection issue and fake mouse issue known as Bastille security issues #2 and #3. The vulnerabilities are complex to replicate and would require a hacker to be physically close to a target. UpdateVersion: RQR24.05_B0029 UpdateHash: 0e7e9dafeb4dcc144d1434759ebf7bd71ea2a4d7 UpdateChecksumKind: sha1 License: Proprietary UpdateUri: -lvfs.rhcloud.com/downloads/4511b9b0d123bdbe8a2007233318ab215a59dfe6-Logitech-Unifying-RQR24.05_B0029.cab UrlHomepage: -us/software/unifying Vendor: Logitech Trusted: none


Unifying Receiver Guid: 77d843f7-682c-57e8-8e29-584f5b4f52a1 Guid: 9d131a0c-a606-580f-8eda-80587250b8d6 UniqueID: */*/lvfs/firmware/com.logitech.Unifying.RQR12.firmware/* DeviceID: /sys/devices/pci0000:00/0000:00:14.0/usb1/1-1 Description: A Unifying receiver allows you to connect multiple compatible keyboards and mice to a laptop or desktop computer with a single USB receiver. Updating the firmware on your Unifying receiver improves performance, adds new features and fixes security issues. Plugin: unifying Flags: allow-onlinesupported DeviceVendor: Logitech Version: RQR12.01_B0019 VersionBootloader: BOT01.02_B0014 Created: 2017-05-24 AppstreamId: com.logitech.Unifying.RQR12.firmware Summary: Firmware for the Logitech Unifying receiver UpdateDescription: RQR12.07_B0029:This release addresses an unencrypted keystroke injection issue known as Bastille security issue #11. The vulnerability is complex to replicate and would require a hacker to be physically close to a target.RQR12.05_B0028:This release addresses an force pairing issue, an unencrypted keystroke injection issue and fake mouse issue known as Bastille security issues #1, #2 and #3. The vulnerabilities are complex to replicate and would require a hacker to be physically close to a target. UpdateVersion: RQR12.07_B0029 UpdateHash: d0d33e760ab6eeed6f11b9f9bd7e83820b29e970 UpdateChecksumKind: sha1 License: Proprietary UpdateUri: -lvfs.rhcloud.com/downloads/938fec082652c603a1cdafde7cd25d76baadc70d-Logitech-Unifying-RQR12.07_B0029.cab UrlHomepage: -us/software/unifying Vendor: Logitech Trusted: none 2ff7e9595c


0 views0 comments

Recent Posts

See All

goose goose duck baixar

Goose Goose Duck Download: Como jogar este divertido jogo de dedução social no seu PC ou dispositivo móvel Se você está procurando um...

Comments


bottom of page