Forensic .pcap

UsbKeyboardDataHacker-master.zipGoogle Docs

git clone https://github.com/WangYihang/UsbKeyboardDataHacker

Step1: Get data

sun@ubuntu:~/UsbKeyboardDataHacker$ tshark -r ./example.pcap -T fields -e usb.capdata
00:00:09:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0f:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:04:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0a:00:00:00:00:00
00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:2f:00:00:00:00:00
...

Step2: decode

sun@ubuntu:~/UsbKeyboardDataHacker$ python UsbKeyboardDataHacker.py ./example.pcap 
[-] Unknow Key : 01
[-] Unknow Key : 01
[+] Found : flag{pr355_0nwards_a2fee6e0}

capinfos LKS-C2.pcapng

File name: LKS-C2.pcapng

File type: Wireshark/... - pcapng

File encapsulation: Linux cooked-mode capture v1

File timestamp precision: nanoseconds (9) Packet size limit: file hdr: (not set) Number of packets: 114 k

File size: 124 MB Data size: 120 MB

Capture duration: 652.997060843 seconds

First packet time: 2023-09-09 16:01:43.018822573

Last packet time: 2023-09-09 16:12:36.015883416

Data byte rate: 184 kBps Data bit rate: 1476 kbps

Average packet size: 1050.42 bytes Average packet rate: 175 packets/s SHA256: bf40f8dbe1e76fd814905cf2492621099dcb1101bf1a3dd4119a5bdd998b4cd0 RIPEMD160: 5c613dd8c09b9a8687e19c4166f8df152bfd80b0 SHA1: d434c27f10297400b1c6ab6712eac515165af944