Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEAT] Wireshark数据包键盘输入提取 #64

Open
GamerNoTitle opened this issue Jul 28, 2022 · 6 comments
Open

[FEAT] Wireshark数据包键盘输入提取 #64

GamerNoTitle opened this issue Jul 28, 2022 · 6 comments
Assignees
Labels
Milestone

Comments

@GamerNoTitle
Copy link

描述你的诉求
image
如图,是一个Wireshark的数据包,里面是USB数据流的截取,其中键盘的数据流在usb.capdata里面

描述你想要的解决方案
可以利用tshark将数据提取为json文件,然后再根据键去索引到usb.capdata里面,提取出来,去第三节的内容,然后根据键盘码翻译为对应的按键

额外信息(可选)
具体可以参照这个https://github.com/GamerNoTitle/KBE
实在做不了就算了:D

@GamerNoTitle
Copy link
Author

附:json文件(节选)

[
  {
    "_index": "packets-2021-04-29",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "wireshark_extcap1932"
          },
          "frame.encap_type": "152",
          "frame.time": "Apr 29, 2021 10:49:58.396073000 中国标准时间",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1619664598.396073000",
          "frame.time_delta": "0.000000000",
          "frame.time_delta_displayed": "0.000000000",
          "frame.time_relative": "0.000000000",
          "frame.number": "1",
          "frame.len": "35",
          "frame.cap_len": "35",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "usb"
        },
        "usb": {
          "usb.src": "1.7.1",
          "usb.addr": "1.7.1",
          "usb.dst": "host",
          "usb.addr": "host",
          "usb.usbpcap_header_len": "27",
          "usb.irp_id": "0xffffcc885a3cda20",
          "usb.usbd_status": "0x00000000",
          "usb.function": "0x0009",
          "usb.irp_info": "0x01",
          "usb.irp_info_tree": {
            "usb.irp_info.reserved": "0x00",
            "usb.irp_info.direction": "0x01"
          },
          "usb.bus_id": "1",
          "usb.device_address": "7",
          "usb.endpoint_address": "0x81",
          "usb.endpoint_address_tree": {
            "usb.endpoint_address.direction": "1",
            "usb.endpoint_address.number": "1"
          },
          "usb.transfer_type": "0x01",
          "usb.data_len": "8",
          "usb.bInterfaceClass": "0xff"
        },
        "usb.capdata": "00:00:25:00:00:00:00:00"
      }
    }
  },
  {
    "_index": "packets-2021-04-29",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "wireshark_extcap1932"
          },
          "frame.encap_type": "152",
          "frame.time": "Apr 29, 2021 10:49:58.396227000 中国标准时间",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1619664598.396227000",
          "frame.time_delta": "0.000154000",
          "frame.time_delta_displayed": "0.000154000",
          "frame.time_relative": "0.000154000",
          "frame.number": "2",
          "frame.len": "27",
          "frame.cap_len": "27",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "usb"
        },
        "usb": {
          "usb.src": "host",
          "usb.addr": "host",
          "usb.dst": "1.7.1",
          "usb.addr": "1.7.1",
          "usb.usbpcap_header_len": "27",
          "usb.irp_id": "0xffffcc885a3cda20",
          "usb.usbd_status": "0x00000000",
          "usb.function": "0x0009",
          "usb.irp_info": "0x00",
          "usb.irp_info_tree": {
            "usb.irp_info.reserved": "0x00",
            "usb.irp_info.direction": "0x00"
          },
          "usb.bus_id": "1",
          "usb.device_address": "7",
          "usb.endpoint_address": "0x81",
          "usb.endpoint_address_tree": {
            "usb.endpoint_address.direction": "1",
            "usb.endpoint_address.number": "1"
          },
          "usb.transfer_type": "0x01",
          "usb.data_len": "0",
          "usb.bInterfaceClass": "0xff"
        }
      }
    }
  },
  {
    "_index": "packets-2021-04-29",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "wireshark_extcap1932"
          },
          "frame.encap_type": "152",
          "frame.time": "Apr 29, 2021 10:49:58.523096000 中国标准时间",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1619664598.523096000",
          "frame.time_delta": "0.126869000",
          "frame.time_delta_displayed": "0.126869000",
          "frame.time_relative": "0.127023000",
          "frame.number": "3",
          "frame.len": "35",
          "frame.cap_len": "35",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "usb"
        },
        "usb": {
          "usb.src": "1.7.1",
          "usb.addr": "1.7.1",
          "usb.dst": "host",
          "usb.addr": "host",
          "usb.usbpcap_header_len": "27",
          "usb.irp_id": "0xffffcc88529efa20",
          "usb.usbd_status": "0x00000000",
          "usb.function": "0x0009",
          "usb.irp_info": "0x01",
          "usb.irp_info_tree": {
            "usb.irp_info.reserved": "0x00",
            "usb.irp_info.direction": "0x01"
          },
          "usb.bus_id": "1",
          "usb.device_address": "7",
          "usb.endpoint_address": "0x81",
          "usb.endpoint_address_tree": {
            "usb.endpoint_address.direction": "1",
            "usb.endpoint_address.number": "1"
          },
          "usb.transfer_type": "0x01",
          "usb.data_len": "8",
          "usb.bInterfaceClass": "0xff"
        },
        "usb.capdata": "00:00:00:00:00:00:00:00"
      }
    }
  },
  {
    "_index": "packets-2021-04-29",
    "_type": "doc",
    "_score": null,
    "_source": {
      "layers": {
        "frame": {
          "frame.interface_id": "0",
          "frame.interface_id_tree": {
            "frame.interface_name": "wireshark_extcap1932"
          },
          "frame.encap_type": "152",
          "frame.time": "Apr 29, 2021 10:49:58.523235000 中国标准时间",
          "frame.offset_shift": "0.000000000",
          "frame.time_epoch": "1619664598.523235000",
          "frame.time_delta": "0.000139000",
          "frame.time_delta_displayed": "0.000139000",
          "frame.time_relative": "0.127162000",
          "frame.number": "4",
          "frame.len": "27",
          "frame.cap_len": "27",
          "frame.marked": "0",
          "frame.ignored": "0",
          "frame.protocols": "usb"
        },
        "usb": {
          "usb.src": "host",
          "usb.addr": "host",
          "usb.dst": "1.7.1",
          "usb.addr": "1.7.1",
          "usb.usbpcap_header_len": "27",
          "usb.irp_id": "0xffffcc88529efa20",
          "usb.usbd_status": "0x00000000",
          "usb.function": "0x0009",
          "usb.irp_info": "0x00",
          "usb.irp_info_tree": {
            "usb.irp_info.reserved": "0x00",
            "usb.irp_info.direction": "0x00"
          },
          "usb.bus_id": "1",
          "usb.device_address": "7",
          "usb.endpoint_address": "0x81",
          "usb.endpoint_address_tree": {
            "usb.endpoint_address.direction": "1",
            "usb.endpoint_address.number": "1"
          },
          "usb.transfer_type": "0x01",
          "usb.data_len": "0",
          "usb.bInterfaceClass": "0xff"
        }
      }
    }
  }
]

@GamerNoTitle
Copy link
Author

完整的json太大了,237KB,需要的话DD我我再发

@HoshinoSuzumi
Copy link
Member

是否可以直接引用您的 https://github.com/GamerNoTitle/KBE/blob/master/KBE.py 呢?

@GamerNoTitle
Copy link
Author

可以 请随意

@HoshinoSuzumi
Copy link
Member

可以提供一份完整的样本数据包吗?
邮箱:master@uniiem.com

@GamerNoTitle
Copy link
Author

发了 请查收

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Todo
Development

No branches or pull requests

2 participants