This is the updated script from https://github.com/TeamRocketIst/ctf-usb-keyboard-parser
python usbkeyboard.py <usb-hex-commands.txt>#Run this
tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata
#If you don't get an output like:
00:00:24:00:00:00:00:00
00:00:00:00:00:00:00:00
...
#You need to run:
tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2'Save the output from the previous command in a file an source it to the python script:
python usbkeyboard.py <usb-hex-commands.txt>Packet description:
Bluetooth Attribute Protocol
Opcode: Handle Value Notification (0x1b)
Handle: 0x002c (Human Interface Device: Report)
$ tshark -r ./example.bsnoop -Y 'btatt.opcode == 0x1b && btatt.handle == 0x002c && btatt.value != 00:00:00:00:00:00:00' -T fields -e btatt.value | sed 's/.*:00/00:&/'
00:00:1c:00:00:00:00:00
00:00:12:00:00:00:00:00
...The key mapping is based on https://usb.org/sites/default/files/documents/hut1_12v2.pdf (table 12, page 53) if for some reason the link is dead you may find a new one at https://www.usb.org/document-library/hid-usage-tables-112