攻防世界_misc_m0_01
环境
m0_01,USB流量分析,云影密码
flag{THISISFLAG}
wp
发现是键盘流量,为8字节,鼠标的话是4字节
用wireshark自带的命令行工具tshark,默认在wireshark安装根目录
tshark.exe -r D:\用户\下载\12.pcapng -T fields -e usb.capdata >D:\用户\下载\1.txt
删除多余的空行
def preprocess_data(input_file, output_file):
"""
预处理数据:将原始USB数据文件转换为格式化数据
:param input_file: 输入文件路径
:param output_file: 输出文件路径
"""
with open(input_file, 'r') as f, open(output_file, 'w') as fi:
while True:
line = f.readline().strip()
if not line:
break
if len(line) == 16: # 如果是键盘数据,长度为16;鼠标数据为8
formatted_line = ':'.join([line[i:i + 2] for i in range(0, len(line), 2)])
fi.write(formatted_line + '\n')
def parse_keyboard_data(output_file):
"""
解析键盘数据并转换为可读文本
:param output_file: 格式化后的数据文件路径
:return: 解析后的键盘输入列表
"""
# 定义键盘映射
normal_keys = {
"04": "a", "05": "b", "06": "c", "07": "d", "08": "e",
"09": "f", "0a": "g", "0b": "h", "0c": "i", "0d": "j",
"0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o",
"13": "p", "14": "q", "15": "r", "16": "s", "17": "t",
"18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y",
"1d": "z", "1e": "1", "1f": "2", "20": "3", "21": "4",
"22": "5", "23": "6", "24": "7", "25": "8", "26": "9",
"27": "0", "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t",
"2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[", "30": "]", "31": "\\",
"32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".",
"38": "/", "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>",
"3e": "<F5>", "3f": "<F6>", "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>",
"44": "<F11>", "45": "<F12>"
}
shift_keys = {
"04": "A", "05": "B", "06": "C", "07": "D", "08": "E",
"09": "F", "0a": "G", "0b": "H", "0c": "I", "0d": "J",
"0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O",
"13": "P", "14": "Q", "15": "R", "16": "S", "17": "T",
"18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y",
"1d": "Z", "1e": "!", "1f": "@", "20": "#", "21": "$",
"22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")",
"28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>",
"2d": "_", "2e": "+", "2f": "{", "30": "}", "31": "|", "32": "<NON>", "33": "\"",
"34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?", "39": "<CAP>", "3a": "<F1>",
"3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>", "40": "<F7>",
"41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"
}
output = []
with open(output_file, 'r') as keys:
for line in keys:
# 过滤无效行
if not (line[0] == '0' and (line[1] in ('0', '2')) and line[3] == '0' and line[4] == '0' and
line[6:8] != "00" and line[9] == '0' and line[10] == '0' and line[12] == '0' and
line[13] == '0' and line[15] == '0' and line[16] == '0' and line[18] == '0' and
line[19] == '0' and line[21] == '0' and line[22] == '0'):
continue
# 解析按键
key_code = line[6:8]
if key_code in normal_keys:
output.append(shift_keys[key_code] if line[1] == '2' else normal_keys[key_code])
else:
output.append('[unknown]')
return output
def handle_special_keys(output):
"""
处理特殊按键(如删除键和大写锁定键)
:param output: 解析后的键盘输入列表
:return: 处理后的最终输出
"""
# 处理删除键
while '<DEL>' in output:
index = output.index('<DEL>')
if index > 0:
del output[index]
del output[index - 1]
# 处理大写锁定键
caps_flag = False
for i in range(len(output)):
if output[i] == "<CAP>":
caps_flag = not caps_flag
output[i] = ''
elif caps_flag:
output[i] = output[i].upper()
# 移除空字符串
output = [char for char in output if char]
return ''.join(output)
def main():
input_file = '1.txt'
output_file = 'out.txt'
# 数据预处理
preprocess_data(input_file, output_file)
# 解析键盘数据
parsed_output = parse_keyboard_data(output_file)
# 处理特殊按键
final_output = handle_special_keys(parsed_output)
# 输出结果
print("Final Output:", final_output)
if __name__ == "__main__":
main()
得到884080810882108108821042084010421只有01248,云影密码解密即可
浙公网安备 33010602011771号